|
Full Disclosure
mailing list archives
Re: Linux Kernel CIFS Vulnerability
From: Eugene Teo <eugeneteo () kernel sg>
Date: Sun, 12 Apr 2009 11:08:12 +0800
G'day Thierry,
[snipped]
MM> Even we as Linux distributors should probably set some people up to study the
MM> .stable releases for such things.
It would certainly help, what helps a lot more from my POV is creating
a website, a sort of hallofshame, that discloses silent security
fixes. It helps everbody, puts pressure on the "they are just normal
bugs" fraction, helps those that ignore WHY a particular bug has
security implications and helps the overall perception of OSS software
in terms of security.
Not exactly a hall-of-shame sort of mailing list, but we have
something similar at:
http://news.gmane.org/gmane.comp.security.oss.general
Or if you are only interested in Linux kernel-related security-relevant bugs:
http://search.gmane.org/?query=eugene+teo&author=&group=gmane.comp.security.oss.general&sort=date&DEFAULTOP=and&xP=Zeugen%09Zteo&xFILTERS=Gcomp.security.oss.general---A
Btw, Linux distributors only send out an advisory if they have fixed
something. As for the CIFS vulnerability, as Marcus has mentioned, a
fix is still being worked on. You can keep track of the progress here:
http://thread.gmane.org/gmane.comp.security.oss.general/1620/focus=1629
Thanks, Eugene
--
http://www.kernel.sg/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- Re: Linux Kernel CIFS Vulnerability, (continued)
Re: Linux Kernel CIFS Vulnerability Raj Mathur (Apr 09)
Re: Linux Kernel CIFS Vulnerability Marcus Meissner (Apr 10)
Re: Linux Kernel CIFS Vulnerability Andreas Bogk (Apr 10)
|
