Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 3 Oct 2017 17:33:40 +0200
From: Greg KH <greg@...ah.com>
To: oss-security@...ts.openwall.com
Subject: Re: Linux kernel CVEs not mentioned on oss-security

On Tue, Oct 03, 2017 at 09:00:38AM -0600, Kurt Seifried wrote:
> On Tue, Oct 3, 2017 at 5:27 AM, Greg KH <greg@...ah.com> wrote:
> 
> >
> >
> > Yeah, this one keeps trying to get re-introduced as a "fix", when it
> > really isn't (see the archives of the stable@...r mailing list for
> > details.
> >
> > I don't know how you can "reject" a CVE, is there a proceedure
> > somewhere?  There's lots of CVEs out there that people create against
> > the kernel that just aren't issues at all, but I've been ignoring them
> > as it makes people happy to assign and track them for no reason.
> 
> 
> > Is there some way a project can get them rejected?
> >
> 
> As mentioned before, there is the cveform page at https://cveform.mitre.org/
> which can be used to update CVEs, including asking for REJECT. Simply chose
> "Request an update to an existing CVE entry" then in "Type of update
> requested" please choose "Rejection".
> 
> AN EASY WAY TO INTERACT WITH CVE TO UPDATE/REJECT/ETC PLEASE IS TO USE THE
> CVEFORM.
> 
> CVEFORM URL: https://cveform.mitre.org/

Well, it's not as easy as using email, but ok, I've attempted to submit
a "reject this CVE" for the above mentioned one, let's see what happens
:)

thanks,

greg k-h

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ