Re: Fwd: CVE-2023-38545 security fix not listed on NVD databse

To: Amar Adadande <amarstjit@gmail.com>
Cc: debian-project@lists.debian.org, team@security.debian.org
Subject: Re: Fwd: CVE-2023-38545 security fix not listed on NVD databse
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Fri, 2 Feb 2024 19:56:07 +0100
Message-id: <[🔎] Zb06x5AdX9rT1VLC@pisco.westfalen.local>
In-reply-to: <CACJb45WvXnffdFvYwr590Vpgkt+HJ+Tx1_0B0LDx3rrT9rA=mA@mail.gmail.com>
References: <CACJb45VXSuotm9PHf8ELF1+gVa9c3Hr17rLVUsua-VYLMzbPVw@mail.gmail.com> <CACJb45WvXnffdFvYwr590Vpgkt+HJ+Tx1_0B0LDx3rrT9rA=mA@mail.gmail.com>

Amar Adadande wrote:
> As part of our organization's security measures, we regularly conduct
> security scans using the National Vulnerability Database (NVD). We have
> noticed that the NVD database used by Debian may not be up to date with the
> latest vulnerabilities.

You seem to be mistaken. We don't use the NVD database for anything and
triage vulnerabilities ourselves.

If any external provider (like apparently the security feed you seem to
be using) uses incorrect/stale data which differs from what we publish
via the Debian Security Tracker you should report this disprepancy to
them, not us.

If you believe to have found incorrect, please see here:
https://security-tracker.debian.org/tracker/data/report

Cheers,
        Moritz

Reply to:

Prev by Date: Bug#1043539: Gmail forwarding issue with more information
Next by Date: Question regarding to the status of Debian 11 (bullseye) AMIs
Previous by thread: Bug#1043539: Gmail forwarding issue with more information
Next by thread: Question regarding to the status of Debian 11 (bullseye) AMIs
Index(es):
- Date
- Thread