oss-sec mailing list archives
Re: vulnerable version: 4.8.12 and previous versions but xml file says: cpe:/o:linux:linux_kernel:4.8.12"/>
From: Sona Sarmadi <sona.sarmadi () enea com>
Date: Wed, 14 Dec 2016 19:57:11 +0100
On 2016-12-14 15:26, Kurt Seifried wrote:
Why are you complaining about a nist.gov website/data on an opensource security mailing list/to MITRE? (hint: we can't fix it and neither can MITRE) Please contact NIST.
Thanks for being so helpful. I was just trying to see of there are other people out there who also think this is a problem. This list seemed like a place where I could find such people. Perhaps someone knows a work around, perhaps some post-processing tool. If none exists, I guess we have to try to fix the problem at the source or use another CVE databse. Cheers //Sona
On Wed, Dec 14, 2016 at 1:19 AM, Sona Sarmadi <sona.sarmadi () enea com> wrote:Hi all, It seems that nvd.xml files (e.g. nvdcve-2.0-2016.xml) does not list vulnerable versions correctly. One example is the following CVE. Vulnerable
Current thread:
- vulnerable version: 4.8.12 and previous versions but xml file says: cpe:/o:linux:linux_kernel:4.8.12"/> Sona Sarmadi (Dec 14)
- Re: vulnerable version: 4.8.12 and previous versions but xml file says: cpe:/o:linux:linux_kernel:4.8.12"/> Kurt Seifried (Dec 14)
- Re: vulnerable version: 4.8.12 and previous versions but xml file says: cpe:/o:linux:linux_kernel:4.8.12"/> Sona Sarmadi (Dec 14)
- Re: vulnerable version: 4.8.12 and previous versions but xml file says: cpe:/o:linux:linux_kernel:4.8.12"/> Kurt Seifried (Dec 14)