[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE-2022-21449 and version reporting
From:       Brian Behlendorf <brian () behlendorf ! com>
Date:       2022-04-28 14:40:45
Message-ID: 465685a3-b074-a283-d632-e1a69b23ae7f () behlendorf ! com
[Download RAW message or body]


On Thu, 28 Apr 2022, Seaman, Chad wrote:
> In what universe exactly are versions omitted from vulnerability 
> reporting because a vendor "no longer supports that version"… this 
> non-supported version is still vulnerable?

If that universe were consistent, it'd be one where vendors and open 
source projects issued pre-emptive CVEs when release branches are no 
longer provided with security fixes.

Brian

[prev in list] [next in list] [prev in thread] [next in thread]