On Sun, Mar 6, 2016 at 12:33 PM, Brian May wrote: > Just wondering if there is some other way we can track security issues > for when CVEs are not available. ... > For example, if there are no CVEs are we able to use OVEs instead? > > http://www.openwall.com/ove
This sounds like a good idea to me. Do you know of any issues where OVEs were used? Is there any project who uses them regularly? I wonder if we should be discussing this more widely, for example on oss-sec? > Thinking of imagemagick here, it has a lot of security issues, and > requests for CVEs are not getting any responses. It sounds like Mitre has quite a backlog: https://marc.info/?i=1456968329.26654.16.ca...@bonedaddy.net https://marc.info/?i=CANO=ty1yvjf505lzrj7utg5ypbys1gabo4bd0e5h95pup62...@mail.gmail.com https://cve.mitre.org/data/board/archives/2015-11/msg00018.html -- bye, pabs https://wiki.debian.org/PaulWise