Re: [Plugins-writers] Missing CVE IDs

From: George A. Theall (theall@private)
Date: Mon Jul 04 2005 - 10:54:54 PDT


On Mon, Jul 04, 2005 at 07:54:08PM +0530, Jayesh KS wrote:

> I was just going through some of the plugins and noticed that many of
> them were not having any CVE IDs at the time of writing but later got
> assigned,  which are not updated in the plugins.
> I have  made a partial list of such scripts and their CVE ID's . I
> think there are many other such scripts that do not have CVE ID's. I
> thought it would be beneficial for all. Is this exercise worth
> carrying out? 

This is one of the tasks I've been working on, time permitting.
Unfortunately, it's a tedious process as each change needs to be
reviewed manually. Not only do people make mistakes (eg, the CVEs you
claim are for delegate_overflow2.nasl are really for ImageMagick), but
even Mitre and Security Focus sometimes do too.

In short, someone's already looking into the omissions / errors, but if
you want to do so too, feel free -- four eyes are better than two.

George
-- 
theall@private
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers



This archive was generated by hypermail 2.1.3 : Mon Jul 04 2005 - 11:09:20 PDT