Replies: 2 comments
-
|
Or, alternately, the X is included on the original CVE. The explosion of CVE reports is becoming a huge problem. But, I'm still going to track this. Perhaps these questions are better as discussions. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Just to cross reference #208 too |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
It is standard procedure for CNAs to assign new CVEs to libraries with embedded vulnerabilities. In other words, if library X has library Y embedded, and that version of library Y has a CVE, then library X should be assigned a new CVE.
However, it still seems useful to keep track of what Perl modules embed what libraries, even if it is tedious. See #207.
Beta Was this translation helpful? Give feedback.
All reactions