Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <BNJXjgIp8lyeU9mV@aceecat.org>
Date: Sun, 5 Oct 2025 09:52:47 -0700
From: nightmare.yeah27@...ecat.org
To: oss-security@...ts.openwall.com
Subject: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure
 in distros

On Sun, Oct 05, 2025 at 08:23:21AM +0200, Greg KH wrote:

> That is the work we do to "triage" on a weekly basis.

> Again, not all bugfixes that go into the Linux kernel meet the
> cve.org definition of "vulnerability", and so, we do not mark all
> Linux bugfixes with a CVE.  If we were to do that, the rate of CVEs
> would be much higher than the current average of 13 per day (which
> if you look at applicability of those CVEs to your system, is on
> average, or a bit below, the other two major operating systems out
> there, so Linux is not an outlier at all.)

> Hope this helps explain things a bit better.  I think this means I
> need to write up even more documentation as to exactly how we do all
> of this work as this information isn't more widely known.

Yes, thank you. This in fact improved my understanding of the
situation a lot. I hope it also did so for others.

-- 
Ian

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.