gpsd-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE-2023-43628?


From: Greg Troxel
Subject: Re: CVE-2023-43628?
Date: Tue, 12 Dec 2023 09:04:33 -0500
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (berkeley-unix)

Miroslav Lichvar <mlichvar@redhat.com> writes:

> On Mon, Dec 11, 2023 at 08:59:38AM -0500, Greg Troxel wrote:
>> My impression is that this CVE being in the database isn't causing any
>> problems for the gpsd maintainers, and therefore nobody is going to
>> expend any tilting-at-windmills effort to do anything.  Is it causing
>> you problems, vs just seeming not right?
>
> It doesn't seem right. There are now users and probably other
> downstream maintainers confused about this. If they can find an
> explanation in the archives of this list, I think that will work too.

Fair enough and I agree about generally not being right.  But the CVE
world is just like this, and it's unfortunately incorrect logic to get
upset about a CVE without really undrstanding.

Maybe there should be CVE-eval public project  to critique and rate
validity of CVEs.  I'm mostly kidding because it's a lot of work and
isn't fun.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]