On Mon, Mar 28, 2016 at 10:34 PM, Andrew Deck wrote:
> On a related note, does anyone know what happened to OSF and the OSVDB?
> There still seem to be blog updates, but I remember OSVDB having a web
> UI, and the OSF website seems to be down.
They have officially closed the OSVDB site:
https://
On a related note, does anyone know what happened to OSF and the OSVDB?
There still seem to be blog updates, but I remember OSVDB having a web
UI, and the OSF website seems to be down.
https://en.wikipedia.org/wiki/Open_Source_Vulnerability_Database#Contributors
--
"Institutions will try to pr
On Wed, Mar 23, 2016 at 10:59:34AM +0800, Paul Wise wrote:
I think Debian needs to go towards the approach of VRDX-SIG and do
identifier cross-referencing instead of settling on *one* system for
referring to security vulnerabilities. Internally, we would continue
to use CVEs and CVE-2016- for
On Tue, Mar 22, 2016 at 10:06 PM, Antoine Beaupré wrote:
> Well, the friction is one thing, but we need to adopt *one* system for
> the future, if CVEs are going the wayside (or even as a complementary
> approach).
I agree with this post from oss-security:
https://marc.info/?l=oss-security&m=145
On 2016-03-13 08:53:38, Paul Wise wrote:
> On Sat, Mar 12, 2016 at 10:51 PM, Kurt Roeckx wrote:
>> On Sun, Mar 06, 2016 at 03:33:16PM +1100, Brian May wrote:
>>> For example, if there are no CVEs are we able to use OVEs instead?
>>
>> What abaout DWF?
>
> That didn't exist at the time of Brian's po
On Sat, Mar 12, 2016 at 10:51 PM, Kurt Roeckx wrote:
> On Sun, Mar 06, 2016 at 03:33:16PM +1100, Brian May wrote:
>> For example, if there are no CVEs are we able to use OVEs instead?
>
> What abaout DWF?
That didn't exist at the time of Brian's post.
I think OVE/OVI still have less friction than
On Sun, Mar 06, 2016 at 03:33:16PM +1100, Brian May wrote:
> Hello,
>
> Just wondering if there is some other way we can track security issues
> for when CVEs are not available.
>
> Thinking of imagemagick here, it has a lot of security issues, and
> requests for CVEs are not getting any response
On Fri, Mar 11, 2016 at 3:49 AM, Moritz Mühlenhoff wrote:
> On Sun, Mar 06, 2016 at 06:58:48PM +0100, Salvatore Bonaccorso wrote:
>
>> But I think as well that is right now to early to
>> start adopting these for not yet assigned issues.
>
> Agreed, let's stick with the usual "file a bug to get a t
On Sun, Mar 06, 2016 at 06:58:48PM +0100, Salvatore Bonaccorso wrote:
> But I think as well that is right now to early to
> start adopting these for not yet assigned issues.
Agreed, let's stick with the usual "file a bug to get a temporary
identifier" procedure for now.
Cheers,
Moritz
Salvatore Bonaccorso writes:
> For the record, the thread is starting at
>
> http://www.openwall.com/lists/oss-security/2016/03/04/4
>
> where Kurt Seifried from Red Hat raised the concern.
Yes, am following that. Not entirely confident anything will happen,
however would be good if it does get
Salvatore Bonaccorso writes:
> Creating individual bugs in the Debian BTS, including more details
> like fixing commits would be a great start, since we use either CVEs
> or references to the Debian BTS in DSAs (and DLAs). Furthermore the
> security-tracker handles both (you can actually search i
Hi Brian, hi Paul,
On Sun, Mar 06, 2016 at 04:59:43PM +0100, Salvatore Bonaccorso wrote:
> Hi,
>
> On Sun, Mar 06, 2016 at 03:33:16PM +1100, Brian May wrote:
> > Just wondering if there is some other way we can track security issues
> > for when CVEs are not available.
> >
> > Thinking of imagem
Hi,
On Sun, Mar 06, 2016 at 03:33:16PM +1100, Brian May wrote:
> Just wondering if there is some other way we can track security issues
> for when CVEs are not available.
>
> Thinking of imagemagick here, it has a lot of security issues, and
> requests for CVEs are not getting any responses.
Cre
On Sun, Mar 6, 2016 at 12:33 PM, Brian May wrote:
> Just wondering if there is some other way we can track security issues
> for when CVEs are not available.
...
> For example, if there are no CVEs are we able to use OVEs instead?
>
> http://www.openwall.com/ove
This sounds like a good idea to me
14 matches
Mail list logo
