Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE abstraction choices and the Linux kernel
From: Michael Gilbert <mgilbert () debian org>
Date: Thu, 14 Mar 2013 21:18:45 -0400

On Fri, Mar 8, 2013 at 9:57 AM, Steven M. Christey wrote:
Considering the Krause kernel info-leaks as an example, this might
suggest about 11 CVEs for crypto, xfrm_user, net (including net/tun),
ipvs, dccp, llc, l2tp, Bluetooth, atm, udf, and isofs.  There might
be additional SPLITs based on bug type.

What do people think?  To the distro maintainers: given that CVE
cannot support per-bug IDs for the reasons I've already described,
are per-subsystem SPLITs workable?

Speaking only for myself, I think this is a quite reasonable way to draw a line.

Best wishes,

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]