oss-sec mailing list archives
Re: CVE abstraction choices and the Linux kernel
From: Michael Gilbert <mgilbert () debian org>
Date: Thu, 14 Mar 2013 21:18:45 -0400
On Fri, Mar 8, 2013 at 9:57 AM, Steven M. Christey wrote:
Considering the Krause kernel info-leaks as an example, this might suggest about 11 CVEs for crypto, xfrm_user, net (including net/tun), ipvs, dccp, llc, l2tp, Bluetooth, atm, udf, and isofs. There might be additional SPLITs based on bug type. What do people think? To the distro maintainers: given that CVE cannot support per-bug IDs for the reasons I've already described, are per-subsystem SPLITs workable?
Speaking only for myself, I think this is a quite reasonable way to draw a line. Best wishes, Mike
Current thread:
- CVE abstraction choices and the Linux kernel Steven M. Christey (Mar 08)
- Re: CVE abstraction choices and the Linux kernel Petr Matousek (Mar 14)
- Re: CVE abstraction choices and the Linux kernel Michael Gilbert (Mar 14)