| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <28fa9c5e0904132053m6c36e88et6de7734f88ab2e39@mail.gmail.com> Date: Tue, 14 Apr 2009 11:53:01 +0800 From: Eugene Teo <eugeneteo@...nel.sg> To: Andreas Bogk <andreas@...reas.org> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Linux Kernel CIFS Vulnerability Hi Andreas, On Tue, Apr 14, 2009 at 2:22 AM, Andreas Bogk <andreas@...reas.org> wrote: > Eugene Teo schrieb: >> Btw, Linux distributors only send out an advisory if they have fixed >> something. As for the CIFS vulnerability, as Marcus has mentioned, a >> fix is still being worked on. You can keep track of the progress here: >> http://thread.gmane.org/gmane.comp.security.oss.general/1620/focus=1629 > > I take back what I said about the vendors, this seems to be a reasonable > way to handle the issue. I'm still shaking my head about the kernel Thanks. > maintainers, though. I have seen genuine cases where some developers themselves do not know the security consequences of the bugs they fixed. But of course, I have also seen the very obvious ones that were fixed silently. Sadly, it is not an easy problem to solve, but the situation can improve[1]. [1]http://oss-security.openwall.org/wiki/mailing-lists/oss-security Eugene -- http://www.kernel.sg/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists