On 2025-07-08, Naganna G Eskala <naganna...@gmail.com> wrote: > --0000000000000ac2e6063966aa06 > Content-Type: text/plain; charset="UTF-8" > > Dear OpenBSD team, > > I found the following CVE from NVD Site (NVD - Search (nist.gov) ><https://nvd.nist.gov/products/cpe/search>) but I am not able to find this > information easily in Errata. Can someone help to gather this information > from the OpenBSD website. Why does NVD list a very old CVE from the > latest OpenBSD release also? Ex : For OpenBSD 7.3 release, NVD lists all > CVEs of 2019 and older
I think that would be a question for NVD - OpenBSD doesn't use CVEs internally. Note that the year number part of the CVE ID does not seem entirely consistent across CVEs (sometimes you get old year numbers for a new CVE when the problem was known to be found earlier, sometimes it's just down to when the CVE was created) and quality control on the database is often lacking; existence of a CVE doesn't mean that there's a valid problem. -- Please keep replies on the mailing list.
