Re: Dealing with CVEs that apply to unspecified package versions

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Dealing with CVEs that apply to unspecified package versions

From:	Ludovic Courtès
Subject:	Re: Dealing with CVEs that apply to unspecified package versions
Date:	Thu, 16 Mar 2017 11:07:55 +0100
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)

address@hidden (Ludovic Courtès) skribis:

> What about raising the issue on oss-sec?  Ideally the QEMU folks would
> take care of labeling QEMU’s CVEs, the libxml2 folks would take care of
> theirs, etc.

For the record I followed up on this discussion on oss-sec:

  http://www.openwall.com/lists/oss-security/2017/03/15/3

Ludo’.

[Prev in Thread]

Current Thread

[Next in Thread]

Dealing with CVEs that apply to unspecified package versions, Ludovic Courtès, 2017/03/06
- Re: Dealing with CVEs that apply to unspecified package versions, Leo Famulari, 2017/03/10
  - Re: Dealing with CVEs that apply to unspecified package versions, Ludovic Courtès, 2017/03/11
    - Re: Dealing with CVEs that apply to unspecified package versions, Ludovic Courtès <=

Prev by Date: Re: [PATCH] build: Fix errors in "make dist"
Next by Date: Mass-packaging of 300 KDE application prepared - Help required
Previous by thread: Re: Dealing with CVEs that apply to unspecified package versions
Next by thread: Re: [PATCH 0/8] WIP: Better support for non-grub bootloaders.
Index(es):
- Date
- Thread