|
Message-ID: <4174873.rEhhimjYuO@wanheda> Date: Tue, 26 Sep 2017 21:07:37 +0200 From: Agostino Sarubbo <ago@...too.org> To: oss-security@...ts.openwall.com Cc: Kurt Seifried <kseifried@...hat.com> Subject: Re: Linux kernel CVEs not mentioned on oss-security On martedì 26 settembre 2017 20:18:38 CEST Kurt Seifried wrote: > You can check the CVE Database? There is the official MITRE one: > cve.mitre.org and the DWF for Open Source (and yes, I lag in submissions to > MITRE) at https://github.com/distributedweaknessfiling/DWF-CVE-Database/ in > both cases the CVEs will have reference link(s) that ideally point to the > upstream making it easy to match up. As pointed out in the past (maybe spender?) the real issue is when there is a silent fix of a vulnerability where the commit message does not clearly state about the security implication. Afaik it happens frequently. -- Agostino Sarubbo Gentoo Linux Developer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.