On Fri, May 03, 2019 at 06:09:28PM +0200, Eugeniu Rosca wrote:
On Thu, May 02, 2019 at 12:32:53AM +0200, Eugeniu Rosca wrote:
Hi Tom,
On Wed, May 01, 2019 at 03:51:49PM -0400, Tom Rini wrote: [..]
Agreed, this patch sounds like it addresses a number of problems today that are real problems (I await someone filing a CVE now for our PRNG problem)
A new CVE has been submitted via https://cveform.mitre.org/. Will keep this thread posted with any updates from the CVE Team.
The CVE has been published as: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11690 https://nvd.nist.gov/vuln/detail/CVE-2019-11690
It looks like it is still WIP.
jFTR, https://nvd.nist.gov/vuln/detail/CVE-2019-11690 has been populated with some "Severity and Metrics".
and can be iteratively improved on, once merged rather than having a fundamental problem that needs to be addressed.
-- Tom
-- Best regards, Eugeniu.