oss-sec mailing list archives
Re: CVE-2022-21449 and version reporting
From: Brian Behlendorf <brian () behlendorf com>
Date: Thu, 28 Apr 2022 07:40:45 -0700 (PDT)
On Thu, 28 Apr 2022, Seaman, Chad wrote:
In what universe exactly are versions omitted from vulnerability reporting because a vendor “no longer supports that version”… this non-supported version is still vulnerable?
If that universe were consistent, it'd be one where vendors and open source projects issued pre-emptive CVEs when release branches are no longer provided with security fixes.
Brian
Current thread:
- CVE-2022-21449 and version reporting Seaman, Chad (Apr 28)
- Re: CVE-2022-21449 and version reporting Brian Behlendorf (Apr 28)
- Re: CVE-2022-21449 and version reporting Jeremy Stanley (Apr 28)
- Re: CVE-2022-21449 and version reporting Seth Arnold (Apr 28)
- Re: CVE-2022-21449 and version reporting Sven Schwedas (Apr 28)
- Re: CVE-2022-21449 and version reporting Seaman, Chad (Apr 28)
- Re: CVE-2022-21449 and version reporting Christian Fischer (Apr 30)
- Re: CVE-2022-21449 and version reporting John Helmert III (Apr 30)
- Re: CVE-2022-21449 and version reporting David A. Wheeler (Apr 30)
- Re: CVE-2022-21449 and version reporting Christian Fischer (Apr 30)
- Re: CVE-2022-21449 and version reporting John Helmert III (May 01)
- Re: CVE-2022-21449 and version reporting Christian Fischer (May 02)
- Re: CVE-2022-21449 and version reporting Sven Schwedas (Apr 28)