From: Samuel Damashek <samuel.damashek@gmail.com>
To: gentoo-security@lists.gentoo.org
Subject: Re: [gentoo-security] Kernel Vulnerability Handling and Classification Criteria
Date: Tue, 07 Jan 2014 21:28:52 -0500 [thread overview]
Message-ID: <52CCB7E4.3080204@gmail.com> (raw)
In-Reply-To: <52ccb5e5.470b440a.3fc3.2ca6SMTPIN_ADDED_MISSING@mx.google.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Max,
> Hello Samuel, are security vulnerabilities not classified by
> cve.mitre.org in a way that can be simply and consistently
> leveraged? I wouldn't expect gentoo to implement kernel patches
> before the Linux kernel maintainers blessed the patch, and I'd
> imagine that a cve number would have been assigned by then, our am
> I mistaken?
Yes, CVE's are assigned to kernel vulnerabilities, and I'm thinking
that in general, these criteria would be applied after they are
assigned a CVE (although that's not a requirement of course). We have
our own criteria for Portage packages because it can take time before
the issues are classified by MITRE, and the classifications aren't
Gentoo specific (correct me if I'm wrong here).
- --
Samuel
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJSzLfkAAoJEGw+uP08RytWhd8IAM3h35FN5UdqpfhOlkvgPl/Q
9kJw5DeQXW6kpS51vkKtfnHKdWXTJjhFgIKLwcheT8L3i080sROjLunJazNc7rxf
UrHg1Vs0/ppaUIw1hh7R+/lSeZGDsSle2wjplcqsoRo2qOGxZK8j7sAp3LBVSA2x
jLjisJmYglJUAl0PH3fSKfFrbgdwz9bqC8JMKN5mka6Od4vDC2Y/QB79ERT8w2ZI
1cs/Ox304zYT9e7vwyQW7hZ20iuPHyFdBhREb1Php7uEoztOhp3se1v4WiGLQIDm
iq7MC6wsS+jU7P2pOFZrueG6qbejruQJzP8/P+QNzMf9PpbxKzOughGGgo4NZSc=
=KuhF
-----END PGP SIGNATURE-----
next parent reply other threads:[~2014-01-08 2:29 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <52ccb5e5.470b440a.3fc3.2ca6SMTPIN_ADDED_MISSING@mx.google.com>
2014-01-08 2:28 ` Samuel Damashek [this message]
2014-01-08 2:04 [gentoo-security] Kernel Vulnerability Handling and Classification Criteria Samuel Damashek
2014-01-08 8:29 ` Kristian Fiskerstrand
2014-01-09 4:28 ` Andrew Hamilton
2014-01-08 19:49 ` Agostino Sarubbo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52CCB7E4.3080204@gmail.com \
--to=samuel.damashek@gmail.com \
--cc=gentoo-security@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox