oss-sec mailing list archives
Re: vulnerable version: 4.8.12 and previous versions but xml file says: cpe:/o:linux:linux_kernel:4.8.12"/>
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 14 Dec 2016 12:00:42 -0700
At the bottom of ever NVD web page: Send comments or suggestions to nvd () nist gov They can fix this, we can't. On Wed, Dec 14, 2016 at 11:57 AM, Sona Sarmadi <sona.sarmadi () enea com> wrote:
On 2016-12-14 15:26, Kurt Seifried wrote:Why are you complaining about a nist.gov website/data on an opensource security mailing list/to MITRE? (hint: we can't fix it and neither can MITRE) Please contact NIST.Thanks for being so helpful. I was just trying to see of there are other people out there who also think this is a problem. This list seemed like a place where I could find such people. Perhaps someone knows a work around, perhaps some post-processing tool. If none exists, I guess we have to try to fix the problem at the source or use another CVE databse. Cheers //SonaOn Wed, Dec 14, 2016 at 1:19 AM, Sona Sarmadi <sona.sarmadi () enea com>wrote:Hi all, It seems that nvd.xml files (e.g. nvdcve-2.0-2016.xml) does not list vulnerable versions correctly. One example is the following CVE.Vulnerable
-- -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 Red Hat Product Security contact: secalert () redhat com
Current thread:
- vulnerable version: 4.8.12 and previous versions but xml file says: cpe:/o:linux:linux_kernel:4.8.12"/> Sona Sarmadi (Dec 14)
- Re: vulnerable version: 4.8.12 and previous versions but xml file says: cpe:/o:linux:linux_kernel:4.8.12"/> Kurt Seifried (Dec 14)
- Re: vulnerable version: 4.8.12 and previous versions but xml file says: cpe:/o:linux:linux_kernel:4.8.12"/> Sona Sarmadi (Dec 14)
- Re: vulnerable version: 4.8.12 and previous versions but xml file says: cpe:/o:linux:linux_kernel:4.8.12"/> Kurt Seifried (Dec 14)
- Re: vulnerable version: 4.8.12 and previous versions but xml file says: cpe:/o:linux:linux_kernel:4.8.12"/> Kurt Seifried (Dec 16)
- Re: vulnerable version: 4.8.12 and previous versions but xml file says: cpe:/o:linux:linux_kernel:4.8.12"/> Sona Sarmadi (Dec 14)
- Re: vulnerable version: 4.8.12 and previous versions but xml file says: cpe:/o:linux:linux_kernel:4.8.12"/> Kurt Seifried (Dec 14)