Mike McCarty wrote: > Well, you see there are two exposures involved, the obvious one > > possible exploit of known vulnerability > > and the less obvious one > > replacing working code with with defective code > > The first exposure is relatively easy to evaluate; the latter is less > so, but exists nonetheless. I like to hear that a given patch or other > fix has "burnt in" for a while, especially where exposure due to > the know vulnerability has low or even nonexistent possibility of > exploit. > > I was hoping to get more information about how to evaluate my exposure.
Look at the source of the patch. The header says that the changes are from upstream. They will be in future versions of the code. To evaluate the vulnerability, the header says it fixes CVE-2009-1185 and CVE-2009-1186. Google that and you can read all about it. -- Bruce -- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
