Date: Tue, 3 Oct 2017 17:33:40 +0200 From: Greg KH <greg@...ah.com> To: oss-security@...ts.openwall.com Subject: Re: Linux kernel CVEs not mentioned on oss-security On Tue, Oct 03, 2017 at 09:00:38AM -0600, Kurt Seifried wrote: > On Tue, Oct 3, 2017 at 5:27 AM, Greg KH <greg@...ah.com> wrote: > > > > > > > Yeah, this one keeps trying to get re-introduced as a "fix", when it > > really isn't (see the archives of the stable@...r mailing list for > > details. > > > > I don't know how you can "reject" a CVE, is there a proceedure > > somewhere? There's lots of CVEs out there that people create against > > the kernel that just aren't issues at all, but I've been ignoring them > > as it makes people happy to assign and track them for no reason. > > > > Is there some way a project can get them rejected? > > > > As mentioned before, there is the cveform page at https://cveform.mitre.org/ > which can be used to update CVEs, including asking for REJECT. Simply chose > "Request an update to an existing CVE entry" then in "Type of update > requested" please choose "Rejection". > > AN EASY WAY TO INTERACT WITH CVE TO UPDATE/REJECT/ETC PLEASE IS TO USE THE > CVEFORM. > > CVEFORM URL: https://cveform.mitre.org/ Well, it's not as easy as using email, but ok, I've attempted to submit a "reject this CVE" for the above mentioned one, let's see what happens :) thanks, greg k-h
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ