Re: debian/kernel security issues (Was: Re: Bits (Nybbles?) from the Vancouver release team meeting)
On Wed, 16 Mar 2005 02:14:07 -0500, Andres Salomon wrote:
> On Wed, 16 Mar 2005 01:38:48 -0500, Andres Salomon wrote:
>
>> On Tue, 15 Mar 2005 10:35:19 +0100, Sven Luther wrote:
>>
>>> On Tue, Mar 15, 2005 at 04:21:21AM -0500, Joey Hess wrote:
>>>> Sven Luther wrote:
>> [...]
>>>> >
>>>> > This is not a ubuntu related problem though, and the help the ubuntu
>>>> > kernel/security team has provided us was invaluable, but it should maybe not
>>>> > be necessary if the information was not unrightfully hold from us in the first
>>>> > time.
>>>>
>>>> You seem to be implying that ubuntu is providing you with confidential
>>>> prior warning about kernel security holes, but I really doubt this,
>>>
>>
>> Actually, that was the case for a while (before ubuntu's kernel team went
>> on vacation, and I went on vacation). However, w/ all the vacations
>> that have been happening, it hasn't been the case for a few months.
>>
>>
>
> Rather, I was mistaken; they were things that had already been made
> public.
And, as a perfect example;
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0210
This has already been made public, and has been fixed in Ubuntu kernels
for 2 days. Sure would be nice the cve folks to let the rest of us in on
it, eh?
Reply to: