Date: Thu, 9 Jan 2014 16:52:57 +0530 (IST) From: P J P <ppandit@...hat.com> To: cve-assign@...re.org cc: oss security list <oss-security@...ts.openwall.com> Subject: Re: CVE split and a missed file +-- On Wed, 8 Jan 2014, cve-assign@...re.org wrote --+ | The CVEs are about vulnerability fixes, and don't necessarily capture | all of the information that would be used in integrating the patches | into one's own kernel build tree. For example, a file can be changed | in order to be compatible with a vulnerability fix that affects | interaction between functions, or a file can be changed so that its | code executes faster after a vulnerability fix. Agreed. But then do these files need CVE? (just checking) -> net/ax25/af_ax25.c -> net/rose/af_rose.c -> net/compat.c -> net/socket.c -> net/rxrpc/ar-recvmsg.c Thank you. -- Prasad J Pandit / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.