RE: Source of the Notes of CVE id
Hi Salvatore,
I have gone through the repository that you have shared with me and I found that the information are coming from "data/CVE/list". Under doc/security-team.d.o/security_tracker file I could see the process that how the CVEs are manipulated and note preparations an all. But can I know what criteria or process how the maintainer is making the CVE as "minor" or "medium" ? For your information I am giving below example which I have taken from the doc/security-team.d.o/security_tracker file.
" If you are not sure about some decision (e.g., which package is affected) or
triaging (e.g., bug severity) you can leave a TODO note for reviewing,
explaining which aspect have to be reviewed. For example:
CVE-2013-7295 (Tor before 0.2.4.20, when OpenSSL 1.x is used in ...)
- tor 0.2.4.20-1 (low)
[wheezy] - tor <no-dsa> (Minor issue)
"
Just wanted to know how the maintainer is tagging it as "(Minor issue )" in the note session. Is there any process that we are making to do like this ? Hope you understood my query and it will be very helpful if you are clearing this soon.
Regards
Sarath P T
-----Original Message-----
From: P T, Sarath
Sent: 14 February 2022 13:09
To: 'Salvatore Bonaccorso' <carnil@debian.org>
Cc: debian-security-tracker@lists.debian.org
Subject: RE: Source of the Notes of CVE id
Hi Salvatore,
Let me check the link that you shared. This will be a very helpful information to me. Thanks for the reply.
Regards
Sarath pt
-----Original Message-----
From: Salvatore Bonaccorso [mailto:salvatore.bonaccorso@gmail.com] On Behalf Of Salvatore Bonaccorso
Sent: 14 February 2022 12:20
To: P T, Sarath <Sarath_PT@mentor.com>
Cc: debian-security-tracker@lists.debian.org
Subject: Re: Source of the Notes of CVE id
Hi,
On Mon, Feb 14, 2022 at 04:55:35AM +0000, P T, Sarath wrote:
> Hi Team,
>
>
> It's a remainder to my query. Hope you will clear it soon !!
See
https://lists.debian.org/debian-security-tracker/2022/02/msg00016.html
Regards,
Salvatore
Reply to: