Thank you for the explanation and the work done. Could you contact me off list so that we confirm what and where was send? 14 days is longer than I've ever had as a response time from NVD. Kind regards Marta On Tue, 28 Feb 2023, 10:05 Geoffrey GIRY, wrote: > Hello Marta, Richard, > > We sent to NVD an update for one CVE (CVE-2020-27784) 14 days ago, we > are still waiting for an answer. > This is the first time we ever do this, so we did send only the first as a > test. > When the change is accepted, we will send updates requests for each > already patched CVE. > > Richard, thank you for the details provided. > > Regards, > Geoffrey GIRY > Research and Development Engineer > SMILE > > > > Le lun. 27 févr. 2023 à 23:02, Richard Purdie > a écrit : > > > > On Mon, 2023-02-27 at 18:49 +0100, Marta Rybczynska wrote: > > > Thank you for the work. Have you contacted NVD to update the database > > > instead? What did they say? > > > > Ideally a large portion of these should be sent to NVD but we did talk > > a little about the on the call last week. We agreed that it will take > > time and it was better to document this and fix our reporting in the > > meantime as well as share these useful details more widely. I'd suggest > > that as things are submitted we could document that, hopefully we'll > > also be able to remove many of these entries. > > > > I'm sure Geoffrey can provide more status but I wanted to update on why > > this was sent and why I think we should take it. > > > > I will drop the kernel filtering so new kernel CVEs then show up in all > > our metrics going forward. > > > > Cheers, > > > > Richard > > > > >