oss-sec mailing list archives

Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz

From: Greg KH <greg () kroah com>
Date: Sat, 15 Jun 2019 17:57:40 +0200

On Sat, Jun 15, 2019 at 11:49:03AM -0400, Alex Gaynor wrote:

I do not have a solution to this problem. I wanted to raise awareness of
it, in the hope that it would start a discussion which might come to a
solution.


Why not just do a simple "you must upgrade to the latest version X to
fix a bunch of bugs" type of announcement?  No need to worry about crazy
backports and cherry-picking, that always fails in the end.

thanks,

greg k-h

Current thread:

Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Alex Gaynor (Jun 15)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Greg KH (Jun 15)
  - Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Yves-Alexis Perez (Jun 21)
    - Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Simon McVittie (Jun 21)
    - Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Moritz Muehlenhoff (Jun 21)
    - Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Ian Zimmerman (Jun 21)
    - Re: Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Simon McVittie (Jun 21)
    - Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Greg KH (Jun 21)
    - Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Yves-Alexis Perez (Jun 21)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Bob Friesenhahn (Jun 15)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Hanno Böck (Jun 15)
  - Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Alex Gaynor (Jun 15)

(Thread continues...)