(www.kroah.com)

103 points voxadam | 2 comments | 09 Dec 25 22:47 UTC | HN request time: 0.4s | source

Show context

throw329084 ◴[09 Dec 25 23:25 UTC] No.46212124[source]▶

>>46211802 (OP) #

This blog post, brought to you by the man who wants to burn down the CVE system https://lwn.net/Articles/1049140/

replies(4): >>46213146 #>>46213269 #>>46213912 #>>46214240 #

1. DeepYogurt ◴[10 Dec 25 02:17 UTC] No.46213269[source]▶

>>46212124 #

To be fair the CVE system can't even encode a version string

replies(1): >>46215182 #

2. spockz ◴[10 Dec 25 07:44 UTC] No.46215182[source]▶

>>46213269 (TP) #

Not sure whether this is a limitation of the scanning tooling or of the CVE format itself, it also cannot express sub packages. So if some Jackson-very-specific-module has a CVE the whole of Jackson gets marked as impacted. Same with netty.

↑

Linux CVEs, more than you ever wanted to know