[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Linux Kernel CIFS Vulnerability
- To: Andreas Bogk <andreas@xxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Linux Kernel CIFS Vulnerability
- From: Eugene Teo <eugeneteo@xxxxxxxxx>
- Date: Tue, 14 Apr 2009 11:53:01 +0800
Hi Andreas,
On Tue, Apr 14, 2009 at 2:22 AM, Andreas Bogk <andreas@xxxxxxxxxxx> wrote:
> Eugene Teo schrieb:
>> Btw, Linux distributors only send out an advisory if they have fixed
>> something. As for the CIFS vulnerability, as Marcus has mentioned, a
>> fix is still being worked on. You can keep track of the progress here:
>> http://thread.gmane.org/gmane.comp.security.oss.general/1620/focus=1629
>
> I take back what I said about the vendors, this seems to be a reasonable
> way to handle the issue. I'm still shaking my head about the kernel
Thanks.
> maintainers, though.
I have seen genuine cases where some developers themselves do not know
the security consequences of the bugs they fixed. But of course, I
have also seen the very obvious ones that were fixed silently. Sadly,
it is not an easy problem to solve, but the situation can improve[1].
[1]http://oss-security.openwall.org/wiki/mailing-lists/oss-security
Eugene
--
http://www.kernel.sg/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/