-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Max,
> Hello Samuel, are security vulnerabilities not classified by > cve.mitre.org in a way that can be simply and consistently > leveraged? I wouldn't expect gentoo to implement kernel patches > before the Linux kernel maintainers blessed the patch, and I'd > imagine that a cve number would have been assigned by then, our am > I mistaken? Yes, CVE's are assigned to kernel vulnerabilities, and I'm thinking that in general, these criteria would be applied after they are assigned a CVE (although that's not a requirement of course). We have our own criteria for Portage packages because it can take time before the issues are classified by MITRE, and the classifications aren't Gentoo specific (correct me if I'm wrong here). - -- Samuel -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSzLfkAAoJEGw+uP08RytWhd8IAM3h35FN5UdqpfhOlkvgPl/Q 9kJw5DeQXW6kpS51vkKtfnHKdWXTJjhFgIKLwcheT8L3i080sROjLunJazNc7rxf UrHg1Vs0/ppaUIw1hh7R+/lSeZGDsSle2wjplcqsoRo2qOGxZK8j7sAp3LBVSA2x jLjisJmYglJUAl0PH3fSKfFrbgdwz9bqC8JMKN5mka6Od4vDC2Y/QB79ERT8w2ZI 1cs/Ox304zYT9e7vwyQW7hZ20iuPHyFdBhREb1Php7uEoztOhp3se1v4WiGLQIDm iq7MC6wsS+jU7P2pOFZrueG6qbejruQJzP8/P+QNzMf9PpbxKzOughGGgo4NZSc= =KuhF -----END PGP SIGNATURE-----
