Re: vulnerable version: 4.8.12 and previous versions but xml file says: cpe:/o:linux:linux_kernel:4.8.12"/>

[Kurt Seifried <kseifried () redhat com>]

At the bottom of ever NVD web page:

Send comments or suggestions to nvd () nist gov

They can fix this, we can't.

On Wed, Dec 14, 2016 at 11:57 AM, Sona Sarmadi <sona.sarmadi () enea com>
wrote:

> On 2016-12-14 15:26, Kurt Seifried wrote:
> > Why are you complaining about a nist.gov website/data on an opensource
> > security mailing list/to MITRE? (hint: we can't fix it and neither can
> > MITRE) Please contact NIST.
> Thanks for being so helpful.
>
> I was just trying to see of there are other people out there who also
> think this is a problem. This list seemed like a place where I could
> find such people.
> Perhaps someone knows a work around, perhaps some post-processing tool.
> If none exists, I guess we have to try to fix the problem at the source
> or use another CVE databse.
>
> Cheers
> //Sona
> > On Wed, Dec 14, 2016 at 1:19 AM, Sona Sarmadi <sona.sarmadi () enea com>
> wrote:
> > > Hi all,
> > >
> > > It seems that nvd.xml files (e.g. nvdcve-2.0-2016.xml) does not list
> > > vulnerable versions correctly. One example is the following CVE.
> Vulnerable
> > >


-- 

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert () redhat com