subject:"\[OE\-core\] \[PATCH 1\/2\] cve\-report\: add scripts to generate CVE reports"

Re: [OE-core] [PATCH 1/2] cve-report: add scripts to generate CVE reports

2018-08-06 Thread grygorii tertychnyi via Openembedded-core

On 08/06/2018 09:56 AM, mikko.rap...@bmw.de wrote: On Fri, Aug 03, 2018 at 10:37:05PM +, Grygorii Tertychnyi (gtertych) via Openembedded-core wrote: cvert-kernel - generate CVE report for the Linux kernel. NVD entries for the Linux kernel is almost always outdated. For example,

Re: [OE-core] [PATCH 1/2] cve-report: add scripts to generate CVE reports

2018-08-06 Thread grygorii tertychnyi via Openembedded-core

On 08/05/2018 05:52 AM, Victor Kamensky wrote: On Sat, 4 Aug 2018, Alexander Kanavin wrote: How reliable is NVD database for such automated scans? Previously, we have repeatedly concluded that it should not be trusted, and proper patching of vulnerabilities must involve humans looking at

Re: [OE-core] [PATCH 1/2] cve-report: add scripts to generate CVE reports

2018-08-06 Thread grygorii tertychnyi via Openembedded-core

On 08/04/2018 05:16 PM, akuster808 wrote: On 08/03/2018 03:37 PM, Grygorii Tertychnyi (gtertych) via Openembedded-core wrote: cvert-kernel - generate CVE report for the Linux kernel. NVD entries for the Linux kernel is almost always outdated. For example,

Re: [OE-core] [PATCH 1/2] cve-report: add scripts to generate CVE reports

2018-08-06 Thread Mikko.Rapeli

On Fri, Aug 03, 2018 at 10:37:05PM +, Grygorii Tertychnyi (gtertych) via Openembedded-core wrote: > cvert-kernel - generate CVE report for the Linux kernel. > NVD entries for the Linux kernel is almost always outdated. > For example, https://nvd.nist.gov/vuln/detail/CVE-2018-1065 > is

Re: [OE-core] [PATCH 1/2] cve-report: add scripts to generate CVE reports

2018-08-04 Thread Victor Kamensky via Openembedded-core

On Sat, 4 Aug 2018, Alexander Kanavin wrote: How reliable is NVD database for such automated scans? Previously, we have repeatedly concluded that it should not be trusted, and proper patching of vulnerabilities must involve humans looking at vulnerability reports and making appropriate

Re: [OE-core] [PATCH 1/2] cve-report: add scripts to generate CVE reports

2018-08-04 Thread akuster808

On 08/03/2018 03:37 PM, Grygorii Tertychnyi (gtertych) via Openembedded-core wrote: > cvert-kernel - generate CVE report for the Linux kernel. > NVD entries for the Linux kernel is almost always outdated. > For example, https://nvd.nist.gov/vuln/detail/CVE-2018-1065 > is shown as matched

Re: [OE-core] [PATCH 1/2] cve-report: add scripts to generate CVE reports

2018-08-04 Thread Alexander Kanavin

How reliable is NVD database for such automated scans? Previously, we have repeatedly concluded that it should not be trusted, and proper patching of vulnerabilities must involve humans looking at vulnerability reports and making appropriate decisions - same as Debian is doing for example. Alex

[OE-core] [PATCH 1/2] cve-report: add scripts to generate CVE reports

2018-08-03 Thread Grygorii Tertychnyi (gtertych) via Openembedded-core

cvert-kernel - generate CVE report for the Linux kernel. NVD entries for the Linux kernel is almost always outdated. For example, https://nvd.nist.gov/vuln/detail/CVE-2018-1065 is shown as matched for "versions up to (including) 4.15.7", however the patch 57ebd808a97d has been back ported

Re: [OE-core] [PATCH 1/2] cve-report: add scripts to generate CVE reports

Re: [OE-core] [PATCH 1/2] cve-report: add scripts to generate CVE reports

Re: [OE-core] [PATCH 1/2] cve-report: add scripts to generate CVE reports

Re: [OE-core] [PATCH 1/2] cve-report: add scripts to generate CVE reports

Re: [OE-core] [PATCH 1/2] cve-report: add scripts to generate CVE reports

Re: [OE-core] [PATCH 1/2] cve-report: add scripts to generate CVE reports

Re: [OE-core] [PATCH 1/2] cve-report: add scripts to generate CVE reports

[OE-core] [PATCH 1/2] cve-report: add scripts to generate CVE reports

8 matches

Site Navigation

Mail list logo

Footer information