lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <28fa9c5e0904112008j7089e1f7l72a886cf98ca2d95@mail.gmail.com>
Date: Sun, 12 Apr 2009 11:08:12 +0800
From: Eugene Teo <eugeneteo@...nel.sg>
To: Thierry Zoller <Thierry@...ler.lu>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Linux Kernel CIFS Vulnerability

G'day Thierry,

[snipped]
> MM> Even we as Linux distributors should probably set some people up to study the
> MM> .stable releases for such things.
> It would certainly help, what helps a lot more from my POV is creating
> a  website,  a  sort  of  hallofshame,  that discloses silent security
> fixes.  It  helps everbody, puts pressure on the "they are just normal
> bugs"  fraction,  helps  those  that  ignore  WHY a particular bug has
> security implications and helps the overall perception of OSS software
> in terms of security.

Not exactly a hall-of-shame sort of mailing list, but we have
something similar at:
http://news.gmane.org/gmane.comp.security.oss.general

Or if you are only interested in Linux kernel-related security-relevant bugs:
http://search.gmane.org/?query=eugene+teo&author=&group=gmane.comp.security.oss.general&sort=date&DEFAULTOP=and&xP=Zeugen%09Zteo&xFILTERS=Gcomp.security.oss.general---A

Btw, Linux distributors only send out an advisory if they have fixed
something. As for the CIFS vulnerability, as Marcus has mentioned, a
fix is still being worked on. You can keep track of the progress here:
http://thread.gmane.org/gmane.comp.security.oss.general/1620/focus=1629

Thanks, Eugene
--
http://www.kernel.sg/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ