Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 11 Feb 2017 09:20:55 -0600 (CST)
From: Bob Friesenhahn <>
Subject: Re: MITRE is adding data intake to its CVE ID

On Sat, 11 Feb 2017, Moritz Muehlenhoff wrote:
> Having CVEs assigned is of lesser importance, this was never primarily
> why we posted security vulnerabilities here. Obtaining CVE IDs caused
> little overhead on our side, but if that changes (and the announced
> changes sound like that), then there will simply be less CVE coverage
> I'm afraid.

In my perhaps limited experience, Debian package maintainers do not 
take action to correct a security issue in stable distributions unless 
a CVE is assigned.  They do not usually act merely based on the 
upstream package developer/maintainer reporting that they discovered 
and fixed a security issue.  If it is more challenging to get a CVE 
assigned, then many more security issues in stable distributions will 
remain unfixed.

Bob Friesenhahn,
GraphicsMagick Maintainer,

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ