[Full-disclosure] Linux Kernel CIFS Vulnerability
Eugene Teo
eugeneteo at kernel.sg
Sun Apr 12 04:08:12 BST 2009
G'day Thierry,
[snipped]
> MM> Even we as Linux distributors should probably set some people up to study the
> MM> .stable releases for such things.
> It would certainly help, what helps a lot more from my POV is creating
> a website, a sort of hallofshame, that discloses silent security
> fixes. It helps everbody, puts pressure on the "they are just normal
> bugs" fraction, helps those that ignore WHY a particular bug has
> security implications and helps the overall perception of OSS software
> in terms of security.
Not exactly a hall-of-shame sort of mailing list, but we have
something similar at:
http://news.gmane.org/gmane.comp.security.oss.general
Or if you are only interested in Linux kernel-related security-relevant bugs:
http://search.gmane.org/?query=eugene+teo&author=&group=gmane.comp.security.oss.general&sort=date&DEFAULTOP=and&xP=Zeugen%09Zteo&xFILTERS=Gcomp.security.oss.general---A
Btw, Linux distributors only send out an advisory if they have fixed
something. As for the CIFS vulnerability, as Marcus has mentioned, a
fix is still being worked on. You can keep track of the progress here:
http://thread.gmane.org/gmane.comp.security.oss.general/1620/focus=1629
Thanks, Eugene
--
http://www.kernel.sg/
Full-Disclosure is hosted and sponsored by Secunia.