Re: [Full-disclosure] Linux Kernel CIFS Vulnerability

[Eugene Teo <eugeneteo@xxxxxxxxx>]

G'day Thierry,

[snipped]
> MM> Even we as Linux distributors should probably set some people up to study 
> the
> MM> .stable releases for such things.
> It would certainly help, what helps a lot more from my POV is creating
> a  website,  a  sort  of  hallofshame,  that discloses silent security
> fixes.  It  helps everbody, puts pressure on the "they are just normal
> bugs"  fraction,  helps  those  that  ignore  WHY a particular bug has
> security implications and helps the overall perception of OSS software
> in terms of security.

Not exactly a hall-of-shame sort of mailing list, but we have
something similar at:
http://news.gmane.org/gmane.comp.security.oss.general

Or if you are only interested in Linux kernel-related security-relevant bugs:
http://search.gmane.org/?query=eugene+teo&author=&group=gmane.comp.security.oss.general&sort=date&DEFAULTOP=and&xP=Zeugen%09Zteo&xFILTERS=Gcomp.security.oss.general---A

Btw, Linux distributors only send out an advisory if they have fixed
something. As for the CIFS vulnerability, as Marcus has mentioned, a
fix is still being worked on. You can keep track of the progress here:
http://thread.gmane.org/gmane.comp.security.oss.general/1620/focus=1629

Thanks, Eugene
--
http://www.kernel.sg/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/