Hi Andreas, On Tue, Apr 14, 2009 at 2:22 AM, Andreas Bogk <[email protected]> wrote: > Eugene Teo schrieb: >> Btw, Linux distributors only send out an advisory if they have fixed >> something. As for the CIFS vulnerability, as Marcus has mentioned, a >> fix is still being worked on. You can keep track of the progress here: >> http://thread.gmane.org/gmane.comp.security.oss.general/1620/focus=1629 > > I take back what I said about the vendors, this seems to be a reasonable > way to handle the issue. I'm still shaking my head about the kernel
Thanks. > maintainers, though. I have seen genuine cases where some developers themselves do not know the security consequences of the bugs they fixed. But of course, I have also seen the very obvious ones that were fixed silently. Sadly, it is not an easy problem to solve, but the situation can improve[1]. [1]http://oss-security.openwall.org/wiki/mailing-lists/oss-security Eugene -- http://www.kernel.sg/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
