Re: tracking security issues without CVEs

Salvatore Bonaccorso writes: > For the record, the thread is starting at > > http://www.openwall.com/lists/oss-security/2016/03/04/4 > > where Kurt Seifried from Red Hat raised the concern. Yes, am following that. Not entirely confident anything will happen, however would be

Re: tracking security issues without CVEs

Salvatore Bonaccorso writes: > Creating individual bugs in the Debian BTS, including more details > like fixing commits would be a great start, since we use either CVEs > or references to the Debian BTS in DSAs (and DLAs). Furthermore the > security-tracker handles both (you

Re: tracking security issues without CVEs

Hi Brian, hi Paul, On Sun, Mar 06, 2016 at 04:59:43PM +0100, Salvatore Bonaccorso wrote: > Hi, > > On Sun, Mar 06, 2016 at 03:33:16PM +1100, Brian May wrote: > > Just wondering if there is some other way we can track security issues > > for when CVEs are not available. > > > > Thinking of

Re: tracking security issues without CVEs

Hi, On Sun, Mar 06, 2016 at 03:33:16PM +1100, Brian May wrote: > Just wondering if there is some other way we can track security issues > for when CVEs are not available. > > Thinking of imagemagick here, it has a lot of security issues, and > requests for CVEs are not getting any responses.

Re: tracking security issues without CVEs

On Sun, Mar 6, 2016 at 12:33 PM, Brian May wrote: > Just wondering if there is some other way we can track security issues > for when CVEs are not available. ... > For example, if there are no CVEs are we able to use OVEs instead? > > http://www.openwall.com/ove This sounds like a good idea to

tracking security issues without CVEs

Hello, Just wondering if there is some other way we can track security issues for when CVEs are not available. Thinking of imagemagick here, it has a lot of security issues, and requests for CVEs are not getting any responses. For example, if there are no CVEs are we able to use OVEs instead?