Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20170926070110.kf2vyzd7gsormsd5@pisco.westfalen.local>
Date: Tue, 26 Sep 2017 09:01:10 +0200
From: Moritz Muehlenhoff <jmm@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Re: Linux kernel CVEs not mentioned on oss-security

Priedhorsky, Reid wrote:
> 1. Is oss-security’s coverage of security issues in open-source software intended to be comprehensive? If so, this appears not to be true for the Linux kernel.

No, it's not. oss-security is just another mailing list to report security vulnerabilities,
and not a canonical source.

> 2. Is there another source of comprehensive coverage of vulnerabilities in the Linux kernel, including but not necessarily limited to all CVEs issued for it?

This Debian repo has data on all public kernel vulnerabilities affecting
the mainline Linux kernel: https://anonscm.debian.org/viewvc/kernel-sec/

Cheers,
        Moritz
  

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.