All of lore.kernel.org
 help / color / mirror / Atom feed
From: <Mikko.Rapeli@bmw.de>
To: <gtertych@cisco.com>
Cc: xe-linux-external@cisco.com, openembedded-core@lists.openembedded.org
Subject: Re: [PATCH 1/2] cve-report: add scripts to generate CVE reports
Date: Mon, 6 Aug 2018 06:56:54 +0000	[thread overview]
Message-ID: <20180806065653.GG8291@hiutale> (raw)
In-Reply-To: <1533335883158.4719@cisco.com>

On Fri, Aug 03, 2018 at 10:37:05PM +0000, Grygorii Tertychnyi (gtertych) via Openembedded-core wrote:
> cvert-kernel - generate CVE report for the Linux kernel.
>   NVD entries for the Linux kernel is almost always outdated.
>   For example, https://nvd.nist.gov/vuln/detail/CVE-2018-1065
>   is shown as matched for "versions up to (including) 4.15.7",
>   however the patch 57ebd808a97d has been back ported for 4.14.
>   cvert-kernel script checks NVD Resource entries for the patch URLs
>   and looking for the commits in the local git tree.

This is an interesting approach.

For the kernel I've been using information not from NVD but from
https://github.com/nluedtke/linux_kernel_cves/

As an example, all CVE fixed in 4.14 kernel series point releases AND all
non-fixed CVE are listed in:

https://github.com/nluedtke/linux_kernel_cves/blob/master/4.14/4.14_security.txt

I have not tried to automate this, but I do find the information there
much better than NVD.

-Mikko

  parent reply	other threads:[~2018-08-06  7:07 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-08-03 22:37 [PATCH 1/2] cve-report: add scripts to generate CVE reports Grygorii Tertychnyi (gtertych)
2018-08-04  8:56 ` Alexander Kanavin
2018-08-05  2:52   ` Victor Kamensky
2018-08-06  8:03     ` grygorii tertychnyi
2018-08-04 14:16 ` akuster808
2018-08-06  7:24   ` grygorii tertychnyi
2018-08-06  6:56 ` Mikko.Rapeli [this message]
2018-08-06  8:06   ` grygorii tertychnyi

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180806065653.GG8291@hiutale \
    --to=mikko.rapeli@bmw.de \
    --cc=gtertych@cisco.com \
    --cc=openembedded-core@lists.openembedded.org \
    --cc=xe-linux-external@cisco.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.