Details
-
Task
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
Description
I'd like to propose that we add a security matrix on our site for CVEs that exist and are fixed, like Oracle does for MySQL here:
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixMSQL
Note the CVSS Version 3 Metrics are [apparently] puled from here:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6304
Thank you for your consideration.
Attachments
Activity
This is great.
However, do you think we could add one more link, for each CVE, that goes to the web.nvd.nist.gov site (which contains the CVSS Version 3 Metrics/Scores)?
Here is an example link:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6304
This would make it a one-stop shop, so-to-speak, and then we could avoid the whole "matrix".
Check last comment from Chris. Could we add that link for each CVE?
It's normally available from the CVE page. Like our CVE-2012-5614 link points to http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5614. And at the top of that page there's a link Learn more at National Vulnerability Database (NVD)
In the KB any CVE-XXXX-XXXX text is automatically turned into a link to cve.mitre.org using the built-in auto-link feature. This feature doesn't have a way to turn a single CVE ID into two separate links, not right now at least. Such a thing could be added, but it would require a rewrite of the auto-link feature to allow for a single bit of text to be transformed into multiple links. bryan would know more about how feasible this would be.
https://mariadb.com/kb/en/mariadb/security/ is sufficient?