lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: jluehr at gmx.net (Jan Lühr)
Subject: 1 patch for 1 vulnerabiliy for Linux and BSD?  gunna try and sell us a bridge now too?

Greetings,

Am Mittwoch, 14. April 2004 22:18 schrieb Exibar:
> are you kidding me?  for years and years all I've heard from *nix people is
> how secure the OS is and that there aren't as many patches needed for it
> and if a vuln is found a patch is released right away....

hey, hey. Slow down. The number of patches is not a direct indicator of the 
security of a system.
More complex system require more complex patches and more patches.
What you see here, is a DSA _synchronised_ with the release of 2.4.26. That 
means, that because of no exploits going around here, some distributors 
doesn't see any need to release fixes, before a the major distributors and 
kernel.org could release the new versions.
Because kernel-release-version do not have a crappy patch-level-number, a lot 
of issues were fixed in a new release. (Imagine you have a new release number 
for every single one turned into a zero in the sources, every != turned into 
a ==)
This time, five of them were security related. What's your point?

> ----- Original Message -----
> From: "John Sage" <jsage@...chhaven.com>

Please learn to quote.

Keep  smiling
yanosz


Powered by blists - more mailing lists