I keep an eye on the following sites to know of software vulnerabilities: http://web.nvd.nist.gov/view/vuln/search
http://packetstormsecurity.org/ There are times when vulnerabilities are not quickly addressed in SBo, because it takes time to update/approve the new updates in the repository. However, I must sincerely declare that I use over 50 SlackBuilded packages and they rarely have brought a meaningful security hole to my system. El Sat, 14 Jul 2012 14:48:31 -0700 "Bradley D. Thornton" <[email protected]> escribió: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: RIPEMD160 > > > > On 07/14/2012 11:49 AM, Slackware Security Team wrote: > > > > [slackware-security] pidgin (SSA:2012-195-02) > > > > New pidgin packages are available for Slackware 12.2, 13.0, 13.1, > > 13.37, and -current to fix security issues. > > Something that I had thought about bringing up in the past but always > ended up not being addressed due to other 'things' I needed to do... > > Anyway, I was taken aback for a second when I got the email above, but > only for a second. I had to think to myself, "Is Pidgin Mainline > Slack? Oh yeah, it is.", that's why I'm getting the alert. > > But there are plenty of SBo's that we don't get any sort of security > notification on, and while it is prudent to follow the security lists > for any such app that you install, I think that with regards to SBo's > most of us don't follow the upstream devs security announcement lists. > > Has there been any discussion on SBo providing links or any sort of > distribution of security news or announcements for SBo's supported > here? > > IOW, once an SBo, say 'htop' goes mainline Slack, then security issues > for that app are monitored by the Slackware team and we receive > announcements via the Slackware Security list or via a tail of the > Changelog. > > So it may be a good thing if we had something like that here at SBo > for announcements concerning SlackBuilds that are carried here. > > Kindest regards, > > > - -- > Bradley D. Thornton > Manager Network Services > NorthTech Computer > TEL: +1.310.388.9469 (US) > TEL: +44.203.318.2755 (UK) > TEL: +41.43.508.05.10 (CH) > http://NorthTech.US > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > Comment: Find this cert at x-hkp://pool.sks-keyservers.net > > iQEcBAEBAwAGBQJQAekuAAoJEE1wgkIhr9j3QYMH/jwZE9W62tqVFcjHuKz8qLy2 > KS86WFuV5aJt6WCgNfBP+0SMpIAVWoz+IOLHMOUdJB9eb6nKpyZv7IsykVtODcsQ > ZN+JQyCJxzxxMoVAaybXdvozEkP+guktBJDPn81wD0W2owXoGYWGC0QpQKxbwF4a > cvWMoqON0YG0wx54ETbsUfvtS+YBIWtaTbRR1Y/Bg2WAV5KydltHM7Gfqk/xZGV0 > blWNSREMO9U+J8IcjrIQ+Fhd1iQvG/k5O5AeTT/ldcswvFwRd9C8gUG0encChEy2 > M1ti0+94mJEsA8GQAkT8uHbyUX8DDbKNnt2johWu1QT2DEH/MxjCwzZUNfTbZaw= > =D7VZ > -----END PGP SIGNATURE----- > ---------- My GPG keys are available in various keyservers. To retrieve the one used for signing this mesage, use "gpg --keyserver hkp://keys.gnupg.net --recv-keys 0x6D0B9F27" under GNU/Linux. Windows rises the cost of your computer up to a 20%. Don't let them pull your leg! Use free operating systems. See the websites of Knoppix, Debian, Slackware...
signature.asc
Description: PGP signature
_______________________________________________ SlackBuilds-users mailing list [email protected] http://lists.slackbuilds.org/mailman/listinfo/slackbuilds-users Archives - http://lists.slackbuilds.org/pipermail/slackbuilds-users/ FAQ - http://slackbuilds.org/faq/
