Incorrect NVD severity ratings: (was: replacing misleading debian.org/security claims)
January 5, 2022 7:20:46 AM CET Paul Wise <pabs@debian.org> wrote:
> Please send a patch, issue or mail about that separately.
Please see below:
The security tracker is listing incorrect NVD severity ratings. It looks like NVD tends to assign "medium" severity and later upgrades them, while Debian doesn't.
For example, see
https://security-tracker.debian.org/tracker/CVE-2021-30579
https://security-tracker.debian.org/tracker/CVE-2021-37973
that show "medium" severity, but are actually rated "critical" and "high" by NVD.
--
Sent with https://mailfence.com
Secure and private email
Reply to: