On Fri, Apr 17, 2020 at 1:31 pm, John M. Harris Jr
wrote:
Most likely, multi-platform. There have been a few so big the NSA
stepped in
and started warning people they needed to update.
These are both use-after-free vulnerabilities. The vulnerability is
probably cross-platform, but exploits
Demi M. Obenour wrote:
> I have virtually never noticed a regression, so I consider getting a security
> update out quickly to be much more important.
Debian is good at pushing out important security fixes quickly – and
it's fairly common to see bug fixes issued because a security fix
caused a
On Fri, Apr 17, 2020 at 5:13 PM Michel Alexandre Salim
wrote:
>
> On 4/16/20 11:42 PM, Jan Kratochvil wrote:
> > On Fri, 17 Apr 2020 06:55:10 +0200, Michel Alexandre Salim wrote:
> >> For kernel updates this is probably not a good idea. Given that updates
> >> potentially introduce regressions,
On Fri, Apr 17, 2020 at 1:43 AM Jan Kratochvil
wrote:
>
> On Fri, 17 Apr 2020 06:55:10 +0200, Michel Alexandre Salim wrote:
> > For kernel updates this is probably not a good idea. Given that updates
> > potentially introduce regressions, being able to distinguish updates with
> > known CVEs that
On 4/16/20 11:42 PM, Jan Kratochvil wrote:
On Fri, 17 Apr 2020 06:55:10 +0200, Michel Alexandre Salim wrote:
For kernel updates this is probably not a good idea. Given that updates
potentially introduce regressions, being able to distinguish updates with
known CVEs that we do need to roll out
On Friday, April 17, 2020 9:32:19 AM MST Michael Catanzaro wrote:
> On Fri, Apr 17, 2020 at 12:11 pm, Gerald Henriksen
> wrote:
>
> > At least a recent Firefox update was to fix 2 issues that were
> > reported as being already exploited in the real world.
>
>
> Probably on Windows.
Most
On Fri, Apr 17, 2020 at 01:01:52AM -, Demi M. Obenour wrote:
> How can this be accomplished? I know that substantial releng and QA effort
> will be needed, along with close coordination with package maintainers and
> upstream developers. That said, I have virtually never noticed a
>
On Thu, Apr 16, 2020 at 11:56 PM Michel Alexandre Salim
wrote:
>
> Apr 16, 2020 18:02:33 Demi M. Obenour :
>
> >
> > Finally, some packages should have all updates considered as security
> > updates. This includes anything based on a web browser (Firefox,
> > Thunderbird, SeaMonkey, Chromium,
On Fri, Apr 17, 2020 at 12:11 pm, Gerald Henriksen
wrote:
At least a recent Firefox update was to fix 2 issues that were
reported as being already exploited in the real world.
Probably on Windows.
___
devel mailing list --
On Thu, 16 Apr 2020 18:14:29 -0700, you wrote:
>On Fri, 2020-04-17 at 01:01 +, Demi M. Obenour wrote:
>> Currently, security updates can take days to get to users. In
>> particular, Firefox and Thunderbird often take a day or more, even
>> though virtually every single update contains
On Fri, Apr 17, 2020 at 01:01:52AM -, Demi M. Obenour wrote:
> We need to ensure that security updates reach stable within hours of an
> upstream advisory.
Technically, we can create a critical security repository that will be
composed and published on every new package build. But since rsync
On Fri, 17 Apr 2020 06:55:10 +0200, Michel Alexandre Salim wrote:
> For kernel updates this is probably not a good idea. Given that updates
> potentially introduce regressions, being able to distinguish updates with
> known CVEs that we do need to roll out immediately, versus other updates we
>
Apr 16, 2020 18:02:33 Demi M. Obenour :
>
> Finally, some packages should have all updates considered as security
> updates. This includes anything based on a web browser (Firefox, Thunderbird,
> SeaMonkey, Chromium, webkit2gtk, etc), as well the Linux kernel itself.
> Virtually every update
On Fri, Apr 17, 2020 at 1:01 am, Demi M. Obenour
wrote:
Finally, some packages should have all updates considered as security
updates. This includes anything based on a web browser (Firefox,
Thunderbird, SeaMonkey, Chromium, webkit2gtk, etc), as well the Linux
kernel itself. Virtually every
On Fri, 2020-04-17 at 01:01 +, Demi M. Obenour wrote:
> Currently, security updates can take days to get to users. In
> particular, Firefox and Thunderbird often take a day or more, even
> though virtually every single update contains security fixes.
>
> We need to ensure that security
Currently, security updates can take days to get to users. In particular,
Firefox and Thunderbird often take a day or more, even though virtually every
single update contains security fixes.
We need to ensure that security updates reach stable within hours of an
upstream advisory. Ideally,
Currently, security updates can take days to get to users. In particular,
Firefox and Thunderbird often take a day or more, even though virtually every
single update contains security fixes.
We need to ensure that security updates reach stable within hours of an
upstream advisory. Ideally,
17 matches
Mail list logo