Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 14 Dec 2016 08:19:09 +0000
From: Sona Sarmadi <>
To: "" <>
CC: "" <>
Subject: vulnerable version: 4.8.12 and previous versions but xml file says:

Hi all,

It seems that nvd.xml files (e.g. nvdcve-2.0-2016.xml) does not list vulnerable versions correctly. One example is the following CVE. Vulnerable versions are according to the link below "linux kernel 4.8.12 and previous versions": 

      Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 ..

Vulnerable software and versions
+ Configuration 1
* OR
* cpe:/o:linux:linux_kernel:4.8.12 and previous versions

While in the xml file it just mention "cpe:/o:linux:linux_kernel:4.8.12"

<entry id="CVE-2016-9919">
    <vuln:vulnerable-configuration id="">
      <cpe-lang:logical-test operator="OR" negate="false">
        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:4.8.12"/>  


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ