oss-sec mailing list archives
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz
From: Greg KH <greg () kroah com>
Date: Sat, 15 Jun 2019 17:57:40 +0200
On Sat, Jun 15, 2019 at 11:49:03AM -0400, Alex Gaynor wrote:
I do not have a solution to this problem. I wanted to raise awareness of it, in the hope that it would start a discussion which might come to a solution.
Why not just do a simple "you must upgrade to the latest version X to fix a bunch of bugs" type of announcement? No need to worry about crazy backports and cherry-picking, that always fails in the end. thanks, greg k-h
Current thread:
- Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Alex Gaynor (Jun 15)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Greg KH (Jun 15)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Yves-Alexis Perez (Jun 21)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Simon McVittie (Jun 21)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Moritz Muehlenhoff (Jun 21)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Ian Zimmerman (Jun 21)
- Re: Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Simon McVittie (Jun 21)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Yves-Alexis Perez (Jun 21)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Greg KH (Jun 21)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Yves-Alexis Perez (Jun 21)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Greg KH (Jun 15)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Alex Gaynor (Jun 15)