|
|
Subscribe / Log in / New account

A turning point for CVE numbers

A turning point for CVE numbers

Posted Feb 14, 2024 17:23 UTC (Wed) by dullfire (guest, #111432)
Parent article: A turning point for CVE numbers

IIRC Kernel patches are supposed to have a "Fixes" annotation for... fixes.

Does this mean the CVE generation part can basically be fully automated. But with possible touch ups for patches with bad commit messages.

to post comments

A turning point for CVE numbers

Posted Feb 14, 2024 18:15 UTC (Wed) by gregkh (subscriber, #8) [Link] (2 responses)

Yes it can, and that is what we are going to use for tracking when a problem showed up, and when and what branch it is fixed in. CVE makes this very easy to consume on their side as they are using JSON to handle all of it, which while complex at times, is at least machine-parsable.

A turning point for CVE numbers

Posted Feb 15, 2024 23:00 UTC (Thu) by Darakian (guest, #96997) [Link] (1 responses)

Do you intent to stick the commit data in there in a machine readable way? I'd love to know what scheme you're using even if that scheme evolves over time.

A turning point for CVE numbers

Posted Feb 19, 2024 5:46 UTC (Mon) by apollock (guest, #14629) [Link]

I sincerely hope they will.

The CVE 5 schema has a variety of ways of expressing machine-readable data about the vulnerability

https://cveproject.github.io/cve-schema/schema/v5.0/docs/...

I spent a lot of energy dealing with not-so-machine-readable data to convert non-CVE 5 schema CVE records to OSV for https://osv.dev/blog/posts/introducing-broad-c-c++-support/


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds