tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Trust in version range in CVE

To: tech-pkg%NetBSD.org@localhost
Subject: Trust in version range in CVE
From: Frederic Fauberteau <triaxx%NetBSD.org@localhost>
Date: Mon, 5 Oct 2020 15:56:33 +0200

Hi,

I was looking at https://nvd.nist.gov/vuln/detail/CVE-2020-13902 and I noticed that range is ImageMagick 7.0.9-27 through 7.0.10-17. We are now at 7.0.10-32 but I did not see any reference to CVE-2020-13902 in ImageMagick's ChangeLog. Could we consider to update pkg-vulnerabilities to introduce this range? In other words, could we trust https://nvd.nist.gov/?

Fred

Follow-Ups:
- Re: Trust in version range in CVE
  - From: Leonardo Taccari

Prev by Date: daily pkgsrc CVS update output
Next by Date: Re: Trust in version range in CVE
Previous by Thread: jobs safety of gcc8 package
Next by Thread: Re: Trust in version range in CVE
Indexes:

Home | Main Index | Thread Index | Old Index