Date: Wed, 15 Mar 2017 16:05:20 -0400 From: Leo Famulari <leo@...ulari.name> To: oss-security@...ts.openwall.com Subject: Re: Dealing with CVEs that apply to unspecified package versions On Wed, Mar 15, 2017 at 12:27:47PM -0700, Seth Arnold wrote: > I suspect the solution is for people who rely upon these scanning tools to > do the leg work themselves on the packages they care about. (i.e., the > packages that annoy them the most.) I think those of us who find these tools useful should work to improve the CVE database by adding the "fixed-in-version" information as it becomes available. [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ