[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE-2022-21449 and version reporting
From: Brian Behlendorf <brian () behlendorf ! com>
Date: 2022-04-28 14:40:45
Message-ID: 465685a3-b074-a283-d632-e1a69b23ae7f () behlendorf ! com
[Download RAW message or body]
On Thu, 28 Apr 2022, Seaman, Chad wrote:
> In what universe exactly are versions omitted from vulnerability
> reporting because a vendor "no longer supports that version"… this
> non-supported version is still vulnerable?
If that universe were consistent, it'd be one where vendors and open
source projects issued pre-emptive CVEs when release branches are no
longer provided with security fixes.
Brian
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic