oss-sec mailing list archives
Re: Linux kernel CVEs not mentioned on oss-security
From: Stiepan <stie@itk.swiss>
Date: Mon, 09 Oct 2017 16:17:40 -0400
+1; let's use other identifiers! And why not, a blockchain (based on at least SHA3) for public security issues? That would be great. And as trustable, as transparent as it needs to be. Amen -------- Original Message -------- On 9 Oct 2017, 13:11, Fabian Keil wrote:
Kurt Seifried wrote:If you see this: PLEASE SUBMIT THE URL AS AN UPDATE TO THE CVE USING THE CVE FORM (yes, I am shouting). https://cveform.mitre.orgAs you seem to be "shouting" a lot lately, I just like to point out that using the MITRE(!) form requires the execution of non-free and unsigned software from various sources. Some people don't consider this a problem, others do.Choose "Request an update to an existing CVE entry" and then for "Type of update requested" choose "Update References" and then eneter the CVE #, the ifo and URL and hit "Submit Request"... trust your browser's "sandbox" to work as advertised for a change and ignore the fact that you're running proprietary software that may or may not be customised just for your system and can't be easily audited in advance.TL;DR: Everyone wants the cat to wear a bell, and in past I'll admit we (the CVE community) didn't make it easy to contribute. Well now we have made it easy to contribute, so please do.TL;DR: Not everyone wants to allow remote code execution just to request a CVE. Some people are sufficiently satisfied when security issues are found and fixed in time. While CVE number are sometimes nice to have, other identifiers work just as well (for some). Fabian @redhat.com>
Current thread:
- Re: Linux kernel CVEs not mentioned on oss-security Greg KH (Oct 03)
- Re: Linux kernel CVEs not mentioned on oss-security Moritz Muehlenhoff (Oct 03)
- Re: Linux kernel CVEs not mentioned on oss-security Kurt Seifried (Oct 03)
- Re: Linux kernel CVEs not mentioned on oss-security Greg KH (Oct 03)
- <Possible follow-ups>
- Re: Linux kernel CVEs not mentioned on oss-security Yves-Alexis Perez (Oct 03)
- Re: Linux kernel CVEs not mentioned on oss-security Fabian Keil (Oct 09)
- Re: Linux kernel CVEs not mentioned on oss-security Stiepan (Oct 09)