Re: Security updates are too slow or none existant

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Chuck,

> I'll repeat the question again: Can you name any security exploits that
> exist that haven't been addressed?

As you seem to be unwilling to investigate this yourself, despite
pointers handed to you by others, I'll help you out. As the original
poster (Nathan) stated there are many unresolved issues, as well as
issues that linger in testing but are never announced (as a security
update). Patches that linger in testing are probably not observed by 99%
of users, especially if they are not announced as security updates.

To me it is very surprising that while the infrastructure is not in
place and thus the community can not yet address these issues fully bug
reports are filed by the Red Hat Security Response Team for Red Hat
Linux and Red Hat Enterprise Linux, but these bug reports are not
propagated to Fedora Core (ie a duplicate entry added for FC), although
they are relevant to Fedora Core as well.

Also surprising is the fact that patches are added but not announced, as
in the case with mc. 4.6.0-8.1 got in testing without being announced
whatsoever. The same happened to mailman. Other issues are not dealt
with yet whatsoever.

The list as far as I can tell (thanks to Nathan for pointing out
tcpdump):

tcpdump:
CAN-2003-0989
CAN-2004-0055
CAN-2004-0057

gaim:
CAN-2004-0006
CAN-2004-0007
CAN-2004-0008

mc: (in testing since 4.6.0-8.1, but never announced, 8.3 and 8.4
announced as test, not as security patch)
CAN-2003-1023

mailman: (unannounced in testing)
CAN-2003-0965

Leonard.

-- 
mount -t life -o ro /dev/dna /genetic/research





[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux