From: Geoffrey GIRY <geoffrey.giry@smile.fr>
To: Marta Rybczynska <rybczynska@gmail.com>
Cc: Richard Purdie <richard.purdie@linuxfoundation.org>,
OE-core <openembedded-core@lists.openembedded.org>,
Yoann Congal <yoann.congal@smile.fr>
Subject: Re: [OE-core] [PATCH] cve-extra-exclusions: ignore inapplicable linux-yocto CVEs
Date: Tue, 28 Feb 2023 10:05:08 +0100 [thread overview]
Message-ID: <CAGwXbzboSNk=8rAsQDHOnmWhBEtjt2VW0YG3i__2OjkL+3=AOQ@mail.gmail.com> (raw)
In-Reply-To: <b746ce640228f72ad3cabcc39ae2992305dd4a0e.camel@linuxfoundation.org>
Hello Marta, Richard,
We sent to NVD an update for one CVE (CVE-2020-27784) 14 days ago, we
are still waiting for an answer.
This is the first time we ever do this, so we did send only the first as a test.
When the change is accepted, we will send updates requests for each
already patched CVE.
Richard, thank you for the details provided.
Regards,
Geoffrey GIRY
Research and Development Engineer
SMILE
Le lun. 27 févr. 2023 à 23:02, Richard Purdie
<richard.purdie@linuxfoundation.org> a écrit :
>
> On Mon, 2023-02-27 at 18:49 +0100, Marta Rybczynska wrote:
> > Thank you for the work. Have you contacted NVD to update the database
> > instead? What did they say?
>
> Ideally a large portion of these should be sent to NVD but we did talk
> a little about the on the call last week. We agreed that it will take
> time and it was better to document this and fix our reporting in the
> meantime as well as share these useful details more widely. I'd suggest
> that as things are submitted we could document that, hopefully we'll
> also be able to remove many of these entries.
>
> I'm sure Geoffrey can provide more status but I wanted to update on why
> this was sent and why I think we should take it.
>
> I will drop the kernel filtering so new kernel CVEs then show up in all
> our metrics going forward.
>
> Cheers,
>
> Richard
>
>
next prev parent reply other threads:[~2023-02-28 9:05 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-27 11:00 [PATCH] cve-extra-exclusions: ignore inapplicable linux-yocto CVEs Geoffrey GIRY
2023-02-27 17:49 ` [OE-core] " Marta Rybczynska
2023-02-27 22:02 ` Richard Purdie
2023-02-28 9:05 ` Geoffrey GIRY [this message]
2023-02-28 20:41 ` Marta Rybczynska
2023-03-01 10:43 ` Richard Purdie
2023-03-01 14:11 ` Richard Purdie
2023-03-01 14:37 ` Mikko Rapeli
2023-03-02 15:46 ` Geoffrey GIRY
2023-06-06 5:33 ` Clarifying CVEs for NVD (Was: Re: [OE-core] [PATCH] cve-extra-exclusions: ignore inapplicable linux-yocto CVEs) Marta Rybczynska
2023-06-06 12:35 ` Marko, Peter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAGwXbzboSNk=8rAsQDHOnmWhBEtjt2VW0YG3i__2OjkL+3=AOQ@mail.gmail.com' \
--to=geoffrey.giry@smile.fr \
--cc=openembedded-core@lists.openembedded.org \
--cc=richard.purdie@linuxfoundation.org \
--cc=rybczynska@gmail.com \
--cc=yoann.congal@smile.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).