Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 26 Sep 2017 21:07:37 +0200
From: Agostino Sarubbo <ago@...too.org>
To: oss-security@...ts.openwall.com
Cc: Kurt Seifried <kseifried@...hat.com>
Subject: Re: Linux kernel CVEs not mentioned on oss-security

On martedì 26 settembre 2017 20:18:38 CEST Kurt Seifried wrote:
> You can check the CVE Database? There is the official MITRE one:
> cve.mitre.org and the DWF for Open Source (and yes, I lag in submissions to
> MITRE) at https://github.com/distributedweaknessfiling/DWF-CVE-Database/ in
> both cases the CVEs will have reference link(s) that ideally point to the
> upstream making it easy to match up.

As pointed out in the past (maybe spender?) the real issue is when there is a 
silent fix of a vulnerability where the commit message does not clearly state 
about the security implication. Afaik it happens frequently.

-- 
Agostino Sarubbo
Gentoo Linux Developer

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.