gpsd-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE-2023-43628?


From: Gary E. Miller
Subject: Re: CVE-2023-43628?
Date: Tue, 12 Dec 2023 11:53:59 -0800

Yo Jon!

On Tue, 12 Dec 2023 07:54:46 -0500
Jon Schlueter <jon.schlueter@gmail.com> wrote:

> What would probably be best is to get any issue resolved with a commit
> referencing that CVE

Too late, the commit was done before the I knew their was going to be
a CVE, and while the issue was "embargoed".

> but also that the feature/bug came in with
> development code since latest release and then a message can be sent
> to get the CVE closed with Note, only impacted development branch and
> this project uses Release tags.

Once again, Cisco, not MITRE.  No one is responding to my emails on
closing it.

> Maybe they will close it, maybe not but if there is a commit with
> details and description there is less drama around it.

Except the "disclosure" rules mean the commit has to be made before
the issue is public.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
        gem@rellim.com  Tel:+1 541 382 8588

            Veritas liberabit vos. -- Quid est veritas?
    "If you can't measure it, you can't improve it." - Lord Kelvin

Attachment: pgplNwytKpfoP.pgp
Description: OpenPGP digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]