Date: Thu, 14 Mar 2013 21:18:45 -0400 From: Michael Gilbert <mgilbert@...ian.org> To: oss-security@...ts.openwall.com, coley@...re.org Subject: Re: CVE abstraction choices and the Linux kernel On Fri, Mar 8, 2013 at 9:57 AM, Steven M. Christey wrote: > Considering the Krause kernel info-leaks as an example, this might > suggest about 11 CVEs for crypto, xfrm_user, net (including net/tun), > ipvs, dccp, llc, l2tp, Bluetooth, atm, udf, and isofs. There might > be additional SPLITs based on bug type. > > What do people think? To the distro maintainers: given that CVE > cannot support per-bug IDs for the reasons I've already described, > are per-subsystem SPLITs workable? Speaking only for myself, I think this is a quite reasonable way to draw a line. Best wishes, Mike
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.