Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZlZ8nCsZUZxhKwCf@codewreck.org>
Date: Wed, 29 May 2024 09:53:48 +0900
From: Dominique Martinet <asmadeus@...ewreck.org>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: oss-security@...ts.openwall.com
Subject: List linux CVEs for a given stable release?

Hi Greg,

(Cc-ing oss-security because I think more people there might be
interested than people subscribed to cve@...nel.org and I didn't want to
cross-post to multiple lists)


Up until last month someone had been managing a linuxkernelcves[1][2]
site, but it's somehow gone without a trace (DNS emptied, no message I
could see announcing it anywhere)

[1] https://www.linuxkernelcves.com
[2] https://github.com/nluedtke/linux_kernel_cves


With the new vulns[3] repo I thought I could do similar search there,
but while there are scripts to search by commit ID or by CVE I don't see
anything allowing search for issues affecting a given stable release.

[3] https://git.kernel.org/pub/scm/linux/security/vulns.git/

My motivation here is double:
- We notify our users of notable CVEs fixed on every update to encourage
them to upgrade every time (it's sad, but in the embedded world not
updating is still the norm despite our efforts to make upgrades as
painless as possible... New regulations are coming so hopefully that
will slowly improve, but as of now such motivations help)
- I'm currently not watching patches entering newer stable branches as
closely, so if there are any new CVEs not fixed in the latest 5.10 I'd
like to check if some impact us and will help with backports as possible
(we're a small company so my time is limited, but might as well give
back when I can)


The information is there in the json files, so it's just a matter of
writing some scripts to check them, but I can't believe there's none so
I probably have missed something.

Does someone have such a script that'd list the latest CVEs for a given
tree?

Thanks,
-- 
Dominique Martinet | Asmadeus

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.