[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: pulling in other vulnerability databases

On 2018-01-25 16:27:58, Moritz Mühlenhoff wrote:
> Antoine Beaupré wrote:
>> So, regarding the first two (and similar), someone needs to teach those
>> folks about proper security tracking here... ;) Should I contact them
>> directly?
>
> Who in particular? Node and Snyk? Sure, go ahead.

I contacted snyk.io with mitre and the secteam in cc.

I'm not sure what to say to nodesecurity.io folks: there's a lot of
stuff in there, and I'm not sure it affects us so much. I couldn't find
a package without a CVE that is also in Debian in the first few pages of
their advosiry pages...

pabs, did you have any issues in mind that were problematic here
specifically?

in any case, feel free to reuse the message I sent to snyk as a template
for others...

a.
Reply to: