oss-sec mailing list archives
Re: Thoughts on a vuln/CVE?
From: Florian Weimer <fw () deneb enyo de>
Date: Wed, 19 Jun 2013 08:17:03 +0200
* Kurt Seifried:
I care a lot less about what is "officially endorsed" or not endorsed and a lot more with what is actually going on. If a large percentage of people are exposed to a vuln, even if they "shouldn't" be then it would still get a CVE. I see a lot of CVEs that should never be exploitable, but people do crazy things/configurations.
But the present situation is really not that clear-cut. We have no indicator of malicious intent from the current domain owner, and users would still have to disable signature checking *and* they must have configured the problematic repository. That's a little bit far-fetched.
Current thread:
- Re: Thoughts on a vuln/CVE?, (continued)
- Re: Thoughts on a vuln/CVE? Yves-Alexis Perez (Jun 17)
- Re: Thoughts on a vuln/CVE? Russ Allbery (Jun 17)
- Re: Thoughts on a vuln/CVE? Moritz Muehlenhoff (Jun 17)
- Re: Thoughts on a vuln/CVE? Kurt Seifried (Jun 17)
- Re: Thoughts on a vuln/CVE? Florian Weimer (Jun 18)
- Re: Thoughts on a vuln/CVE? Simon McVittie (Jun 18)
- Re: Thoughts on a vuln/CVE? Dave Walker (Jun 18)
- Re: Thoughts on a vuln/CVE? Tim (Jun 18)
- Re: Thoughts on a vuln/CVE? Moritz Muehlenhoff (Jun 18)
- Re: Thoughts on a vuln/CVE? Kurt Seifried (Jun 18)
- Re: Thoughts on a vuln/CVE? Florian Weimer (Jun 18)
- Re: Thoughts on a vuln/CVE? Kurt Seifried (Jun 18)
- Re: Thoughts on a vuln/CVE? Kurt Seifried (Jun 17)