Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID:
 <SY0P300MB070750218502B4E0475E5025EECBA@SY0P300MB0707.AUSP300.PROD.OUTLOOK.COM>
Date: Sat, 15 Nov 2025 04:49:19 +0000
From: Peter Gutmann <pgut001@...auckland.ac.nz>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: Re: Questionable CVE's reported against dnsmasq

Jeffrey Walton <noloader@...il.com> writes:

>The CVE folks told the Crypto++ library that the behavior should have been
>documented.

OK, that one definitely qualifies as a bogus CVE.  How would you document all
the ways people can use your code incorrectly?  Will the docs end up with
statements equivalent to the apocryphal "Do not hold the screwdriver in your
hand with the blade facing upwards and run with it and trip and poke it into
your eye, since this may void the warranty"?  Or this sort of thing:

https://www.rd.com/list/funny-warning-labels/

My favourite on there is the fire-risk warning on a box of firewood, but the
rest are pretty good too.

Peter.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.