←back to thread

Linux CVEs, more than you ever wanted to know

(www.kroah.com)
103 points voxadam | 1 comments | 09 Dec 25 22:47 UTC | HN request time: 0.568s | source
Show context
throw329084 ◴[09 Dec 25 23:25 UTC] No.46212124[source]
This blog post, brought to you by the man who wants to burn down the CVE system https://lwn.net/Articles/1049140/
replies(4): >>46213146 #>>46213269 #>>46213912 #>>46214240 #
DeepYogurt ◴[10 Dec 25 02:17 UTC] No.46213269[source]
To be fair the CVE system can't even encode a version string
replies(1): >>46215182 #
1. spockz ◴[10 Dec 25 07:44 UTC] No.46215182[source]
Not sure whether this is a limitation of the scanning tooling or of the CVE format itself, it also cannot express sub packages. So if some Jackson-very-specific-module has a CVE the whole of Jackson gets marked as impacted. Same with netty.