On Fri, 20 Jun 2008, James Carlson wrote: > Robert Lawhead writes: >> Anyone know whether the issue raised in >> http://sunsolve.sun.com/search/document.do?assetkey=1-66-237965-1 >> "A Security Vulnerability in IP Multicast Filter processing of Sockets may >> lead to a system panic or possible execution of Arbitrary Code" has been >> addressed in current builds or upcoming (b92) releases? Thanks. > > CR 6597712 is fixed in snv_92. > > Seems like a mistake that these sorts of bugs can't be viewed via > bugs.opensolaris.org ...
Hi Jim - It's because it's tagged as a security vulnerability. Unfortunately, our process is very black & white in this area and none of our "boundary" systems (sunsolve, bugs.sun.com, bugs.opensolaris.org, etc) publish anything tagged with the keyword "security" - there's no distinguishing between "resolved & now okay to publish" and "still in progress/don't publish yet". It's tricky, even, to figure this out programitically, because we use a single CR for tracking issues accross multiple releases - so something may be "resolved" for one release, but not for all affected releases so we wouldn't be able to publish yet. And, some affected releases may not get patched (for example, many years past EOSL). It is something we've started talking about, but no good solutions have been proposed at this point. Valerie -- Valerie Fenwick, http://blogs.sun.com/bubbva Solaris Security Technologies, Developer, Sun Microsystems, Inc. 17 Network Circle, Menlo Park, CA, 94025. 650-786-0461
