[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Incorrect NVD severity ratings: (was: replacing misleading debian.org/security claims)

January 5, 2022 7:20:46 AM CET Paul Wise <pabs@debian.org> wrote:

> Please send a patch, issue or mail about that separately.

Please see below:


The security tracker is listing incorrect NVD severity ratings. It looks like NVD tends to assign "medium" severity and later upgrades them, while Debian doesn't.

For example, see

https://security-tracker.debian.org/tracker/CVE-2021-30579
https://security-tracker.debian.org/tracker/CVE-2021-37973

that show "medium" severity, but are actually rated "critical" and "high" by NVD.

-- 
Sent with https://mailfence.com  
Secure and private email
Reply to: