oss-sec mailing list archives
Re: Buffer Overflow in raptor widely unfixed in Linux distros
From: Seth Arnold <seth.arnold () canonical com>
Date: Mon, 16 Nov 2020 23:11:42 +0000
On Mon, Nov 16, 2020 at 08:06:15PM +0100, Marius Bakke wrote:
I tried following the CVE assignment RSS feed initially, but it was not suitable for human consumption. How do other distros keep up with new CVE assignments?
We (Ubuntu security team) have weekly role rotations among the team. The person on CVE triage duty will use our tooling to download https://cve.mitre.org/data/downloads/allitems.xml.gz https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-recent.json.gz https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2020.json.gz https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2019.json.gz etc We also pull from Debian's security team: https://salsa.debian.org/security-tracker-team/security-tracker.git We collect CVEs from this list using local mboxes. We collect CVEs from Red Hat's security announce list: https://www.redhat.com/archives/rhsa-announce/ and oval feeds: https://www.redhat.com/security/data/oval/v2/RHEL8/ Having a variety of inputs gives us some resiliency when one or another service is offline for whatever reason, I hope this helps. Thanks
Attachment:
signature.asc
Description:
Current thread:
- Re: Buffer Overflow in raptor widely unfixed in Linux distros, (continued)
- Re: Buffer Overflow in raptor widely unfixed in Linux distros Dave Horsfall (Nov 14)
- Re: Buffer Overflow in raptor widely unfixed in Linux distros Dave Horsfall (Nov 14)
- Re: Buffer Overflow in raptor widely unfixed in Linux distros Ian Zimmerman (Nov 18)
- Re: Buffer Overflow in raptor widely unfixed in Linux distros Dave Horsfall (Nov 14)
- Re: Buffer Overflow in raptor widely unfixed in Linux distros Marcus Meissner (Nov 14)
- Re: Buffer Overflow in raptor widely unfixed in Linux distros David A. Wheeler (Nov 16)
- Re: Buffer Overflow in raptor widely unfixed in Linux distros Stephen John Smoogen (Nov 16)
- Re: Buffer Overflow in raptor widely unfixed in Linux distros Sam James (Nov 16)
- Re: Buffer Overflow in raptor widely unfixed in Linux distros Marius Bakke (Nov 16)
- Re: Buffer Overflow in raptor widely unfixed in Linux distros Jeremy Stanley (Nov 16)
- Re: Buffer Overflow in raptor widely unfixed in Linux distros Sam James (Nov 16)
- Re: Buffer Overflow in raptor widely unfixed in Linux distros Seth Arnold (Nov 16)
- Re: Buffer Overflow in raptor widely unfixed in Linux distros Marcus Meissner (Nov 17)
- Re: Buffer Overflow in raptor widely unfixed in Linux distros Morten Linderud (Nov 17)
- Re: Buffer Overflow in raptor widely unfixed in Linux distros David A. Wheeler (Nov 16)
- Re: Buffer Overflow in raptor widely unfixed in Linux distros Dave Horsfall (Nov 14)