* [LTP] Query: LTP CVE test cherry picking
@ 2020-12-23 11:24 Pankaj Vinadrao Joshi
2021-01-04 10:40 ` Cyril Hrubis
0 siblings, 1 reply; 2+ messages in thread
From: Pankaj Vinadrao Joshi @ 2020-12-23 11:24 UTC (permalink / raw)
To: ltp
Hi,
I know LTP covers CVE tests but i want to know does LTP covers all CVE tests, how LTP cherry picks it ??
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linux.it/pipermail/ltp/attachments/20201223/f34b4f5f/attachment.htm>
^ permalink raw reply [flat|nested] 2+ messages in thread
* [LTP] Query: LTP CVE test cherry picking
2020-12-23 11:24 [LTP] Query: LTP CVE test cherry picking Pankaj Vinadrao Joshi
@ 2021-01-04 10:40 ` Cyril Hrubis
0 siblings, 0 replies; 2+ messages in thread
From: Cyril Hrubis @ 2021-01-04 10:40 UTC (permalink / raw)
To: ltp
Hi!
> I know LTP covers CVE tests but i want to know does LTP covers all CVE
> tests, how LTP cherry picks it ??
There is not much to cherry pick. We write tests for CVEs if it's
feasible. That usually means that there is a public reproducer for the
CVE that could be turned into automated testcase, which is not always
the case.
We are sometimes notified about such cases by developers that are
working on security and it usually ends up as a github issue. We do have
a few of these there with a tag "reproducer" with a link to reproducer
and description. These issues then hangs in the issue until someone has
time to work on that.
To sum it up, implementation of CVE testcases in LTP is best effort and
we are trying to cover as much as possible with the manpower we have.
--
Cyril Hrubis
chrubis@suse.cz
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-01-04 10:40 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-12-23 11:24 [LTP] Query: LTP CVE test cherry picking Pankaj Vinadrao Joshi
2021-01-04 10:40 ` Cyril Hrubis
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.