Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 14 Mar 2013 21:18:45 -0400
From: Michael Gilbert <mgilbert@...ian.org>
To: oss-security@...ts.openwall.com, coley@...re.org
Subject: Re: CVE abstraction choices and the Linux kernel

On Fri, Mar 8, 2013 at 9:57 AM, Steven M. Christey wrote:
> Considering the Krause kernel info-leaks as an example, this might
> suggest about 11 CVEs for crypto, xfrm_user, net (including net/tun),
> ipvs, dccp, llc, l2tp, Bluetooth, atm, udf, and isofs.  There might
> be additional SPLITs based on bug type.
>
> What do people think?  To the distro maintainers: given that CVE
> cannot support per-bug IDs for the reasons I've already described,
> are per-subsystem SPLITs workable?

Speaking only for myself, I think this is a quite reasonable way to draw a line.

Best wishes,
Mike

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.