On Tue, Nov 19, 2019 at 7:30 PM Georgi Guninski wrote:
> * What do linux vendors to avoid malicious packages?
Some folks do audits of changes to upstream code, some folks run
static analysis tools on upstream code.
> * As end user what can I do to mitigate malicious packages?
Compartmentalise
CVE-2019-10172: TODO: check
CVE-2019-14891: RESERVED
CVE-2019-14892: RESERVED
CVE-2019-14893: RESERVED
CVE-2019-16201: RESERVED
--
The output might be a bit terse, but the above ids are known elsewhere,
check the references in the tracker. The second part indicates the status
of that id in the
As end user and contributor of gnu/linux, I am concerned about malicious
packages (either hostile developers or hacked developers or another reason)
and have two questions:
* What do linux vendors to avoid malicious packages?
* As end user what can I do to mitigate malicious packages?
Some
Anyone using this yet?
I would speculate, not many are using it. It needs step by step
instructions. Otherwise, most users are lost at hello.
> Things debcheckroot does not check at the moment are the initrd and
the MBR (master boot record). You may unpack the initrd by hand and
check the files
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4574-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
November 19, 2019
5 matches
Mail list logo