[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVE-2023-43628?
From: |
Greg Troxel |
Subject: |
Re: CVE-2023-43628? |
Date: |
Tue, 12 Dec 2023 09:04:33 -0500 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/28.2 (berkeley-unix) |
Miroslav Lichvar <mlichvar@redhat.com> writes:
> On Mon, Dec 11, 2023 at 08:59:38AM -0500, Greg Troxel wrote:
>> My impression is that this CVE being in the database isn't causing any
>> problems for the gpsd maintainers, and therefore nobody is going to
>> expend any tilting-at-windmills effort to do anything. Is it causing
>> you problems, vs just seeming not right?
>
> It doesn't seem right. There are now users and probably other
> downstream maintainers confused about this. If they can find an
> explanation in the archives of this list, I think that will work too.
Fair enough and I agree about generally not being right. But the CVE
world is just like this, and it's unfortunately incorrect logic to get
upset about a CVE without really undrstanding.
Maybe there should be CVE-eval public project to critique and rate
validity of CVEs. I'm mostly kidding because it's a lot of work and
isn't fun.
Re: CVE-2023-43628?, Gary E. Miller, 2023/12/11