[Full-disclosure] Linux Kernel CIFS Vulnerability
eugeneteo at kernel.sg
Sun Apr 12 04:08:12 BST 2009
> MM> Even we as Linux distributors should probably set some people up to study the
> MM> .stable releases for such things.
> It would certainly help, what helps a lot more from my POV is creating
> a website, a sort of hallofshame, that discloses silent security
> fixes. It helps everbody, puts pressure on the "they are just normal
> bugs" fraction, helps those that ignore WHY a particular bug has
> security implications and helps the overall perception of OSS software
> in terms of security.
Not exactly a hall-of-shame sort of mailing list, but we have
something similar at:
Or if you are only interested in Linux kernel-related security-relevant bugs:
Btw, Linux distributors only send out an advisory if they have fixed
something. As for the CIFS vulnerability, as Marcus has mentioned, a
fix is still being worked on. You can keep track of the progress here:
Full-Disclosure is hosted and sponsored by Secunia.