Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 15 Mar 2017 16:05:20 -0400
From: Leo Famulari <>
Subject: Re: Dealing with CVEs that apply to unspecified
 package versions

On Wed, Mar 15, 2017 at 12:27:47PM -0700, Seth Arnold wrote:
> I suspect the solution is for people who rely upon these scanning tools to
> do the leg work themselves on the packages they care about. (i.e., the
> packages that annoy them the most.)

I think those of us who find these tools useful should work to improve
the CVE database by adding the "fixed-in-version" information as it
becomes available.

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ