Received: by 2002:a05:6500:1b8f:b0:1fa:5c73:8e2d with SMTP id df15csp361125lqb; Tue, 28 May 2024 19:13:04 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXYNj24XG5yfNoMC0miER6ZFuyhlXTfhf+S/iKDE98yn5sJoZ1lm/dDqI7Pv/re2P6j8sz2wkpvMyrvTcuthmA3D1JOjlxw6QDnlUeMRA== X-Google-Smtp-Source: AGHT+IHTU0P7wRITIQEgdZ5z7jWVKQMG83YI4IkM1v4EPOSuVBVGvpmX7/W5qPlKuE2LzS5AOBX+ X-Received: by 2002:a05:651c:a0c:b0:2e9:714d:6d1 with SMTP id 38308e7fff4ca-2e9714d0903mr64271981fa.39.1716948783996; Tue, 28 May 2024 19:13:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1716948783; cv=none; d=google.com; s=arc-20160816; b=t1dOshS/uiRISECDOXkipBGGSgkYDntzR8eucYPq4ghc8HCbEHB9YBy4zk7/VpVNu5 02fUtqpRmjV2+1tXoiqa0RGra30nZX/VtkgvluHmnx22ubgpePyhAOcbhS7ZSvE7iDAv Ij+Q/bYhWnXlJsGDJhiYxSbPiLZbk3Gxc1sdXTJ6LujlZA1Bi6WhPy2R88r0KyEUgO5+ tJO29ZP5R/Q0sr9t4F0hDhWpgZtQTphRwizEZM7/NMBBNEE9lbISsR7BtwmwiKbczxAt V5MOOLZxb5nUSA4/M12jUPcqOTC/gKEG0juxqIKSCOWHmkf356ch5QYMjmVLvbOz41Zb fXdQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=subject:content-disposition:mime-version:message-id:cc:to:from:date :dkim-signature:delivered-to:delivered-to:reply-to:list-id :list-subscribe:list-unsubscribe:list-help:list-post:precedence :mailing-list; bh=N07IDJhhAu3rgfAONsLIvpZZF1MF0PjzVoDwWDZH2oM=; fh=K2Rk1+qQMkSZPssYmYi1BkLpXv2O/hQ3Y7czDwnG31g=; b=qwzZ89wnWa7BBlC39OdHsBIhp179NhU1G1aelNazR54ihJpNfLll5+pN4vMnzTVOkk NezkPo5AGx5k8rzSYe88ScRBniRkRHtaZMcrrCgwWEr5fIKW21hpOqY5kh/ftNATW/rB 4AXhXI2bkHHeIPyLanUO7lgVReTrVN5/BVEtseZWvMa9sRi0B/LqhMatWV+4mYNqtCGI elCS7HHhyLP7tDJsxot+Y2YB2owLRfY6T+zECue+Vysg769tbBnIXUj1T/+kI6w4Xfd4 Wnb+C8c6eBGCnFUHFeJckT9dKulbxBNOKE4r/2FTazWCi5tytXUn/hhfDhzmnauZPRcC +Trw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@codewreck.org header.s=2 header.b=RtqMwECK; spf=pass (google.com: domain of oss-security-return-30172-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) smtp.mailfrom="oss-security-return-30172-linux.lists.archive=gmail.com@lists.openwall.com"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=codewreck.org Return-Path: Received: from second.openwall.net (second.openwall.net. [193.110.157.125]) by mx.google.com with SMTP id 4fb4d7f45d1cf-579ca477fd5si3392648a12.544.2024.05.28.19.13.03 for ; Tue, 28 May 2024 19:13:03 -0700 (PDT) Received-SPF: pass (google.com: domain of oss-security-return-30172-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) client-ip=193.110.157.125; Authentication-Results: mx.google.com; dkim=fail header.i=@codewreck.org header.s=2 header.b=RtqMwECK; spf=pass (google.com: domain of oss-security-return-30172-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) smtp.mailfrom="oss-security-return-30172-linux.lists.archive=gmail.com@lists.openwall.com"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=codewreck.org Received: (qmail 1569 invoked by uid 550); 29 May 2024 02:12:45 -0000 Mailing-List: contact oss-security-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: oss-security@lists.openwall.com Delivered-To: mailing list oss-security@lists.openwall.com Delivered-To: moderator for oss-security@lists.openwall.com Received: (qmail 15573 invoked from network); 29 May 2024 00:54:18 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=codewreck.org; s=2; t=1716944050; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type; bh=N07IDJhhAu3rgfAONsLIvpZZF1MF0PjzVoDwWDZH2oM=; b=RtqMwECKFqoCj6qxaY1KhHRu9h97+kvFbw4GouingJIZsKvCGfefjuQPV3SwpNffyIBr7r 45TwlYSodQupsMovxtgfLsEptyw8LCJpcYEweEoiyupT4PvXCLv8fNBkSYTQmzRZDEVi1F QOYHOub3dfuWrlG4RylywFNkAokD6XFo7mVNF++6LSCJZiGyb32FRWU3awARK6tlf5X6La NQWXM8OXdMk8n6r77WOYUPtf60LqsBOCP1PybN039nb65KNMa/pM9uoursF/zqOkhxChGF SSZXIg8BJiz/3yZJJy6ORgxk3jBc6fjz5L07iAQt3cjh8vPF5LASRn/DfdOSrQ== Date: Wed, 29 May 2024 09:53:48 +0900 From: Dominique Martinet To: Greg Kroah-Hartman Cc: oss-security@lists.openwall.com Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Subject: [oss-security] List linux CVEs for a given stable release? Hi Greg, (Cc-ing oss-security because I think more people there might be interested than people subscribed to cve@kernel.org and I didn't want to cross-post to multiple lists) Up until last month someone had been managing a linuxkernelcves[1][2] site, but it's somehow gone without a trace (DNS emptied, no message I could see announcing it anywhere) [1] https://www.linuxkernelcves.com [2] https://github.com/nluedtke/linux_kernel_cves With the new vulns[3] repo I thought I could do similar search there, but while there are scripts to search by commit ID or by CVE I don't see anything allowing search for issues affecting a given stable release. [3] https://git.kernel.org/pub/scm/linux/security/vulns.git/ My motivation here is double: - We notify our users of notable CVEs fixed on every update to encourage them to upgrade every time (it's sad, but in the embedded world not updating is still the norm despite our efforts to make upgrades as painless as possible... New regulations are coming so hopefully that will slowly improve, but as of now such motivations help) - I'm currently not watching patches entering newer stable branches as closely, so if there are any new CVEs not fixed in the latest 5.10 I'd like to check if some impact us and will help with backports as possible (we're a small company so my time is limited, but might as well give back when I can) The information is there in the json files, so it's just a matter of writing some scripts to check them, but I can't believe there's none so I probably have missed something. Does someone have such a script that'd list the latest CVEs for a given tree? Thanks, -- Dominique Martinet | Asmadeus