Re: CITL Releasing 7000 defects/vulnerabilities

To: debian-devel@lists.debian.org
Cc: Debian Security Team <team@security.debian.org>
Subject: Re: CITL Releasing 7000 defects/vulnerabilities
From: Utkarsh Gupta <utkarsh@debian.org>
Date: Sun, 1 Nov 2020 19:29:32 +0530
Message-id: <[🔎] CAPP0f97kfm=QTrrS1ysNW6V5ovAkWNeDAHL8WkUjW+dS9cQzjQ@mail.gmail.com>
In-reply-to: <[🔎] 87o8kh6wyb.fsf@news.ole.ath.cx>
References: <[🔎] 87o8kh6wyb.fsf@news.ole.ath.cx>

[CCing team@security.d.o]

On Sun, Nov 1, 2020 at 7:09 PM Ole Streicher <olebole@debian.org> wrote:
> I just stumbled upon the following web page:
> https://cyber-itl.org/2020/10/28/citl-7000-defects.html
> They claim to have found ~7000 defects in Ubuntu packages (a number of
> those are maintained by me).

On a *very* quick look, some of these packages have CVE(s) issued
against them and are already fixed as well, I think.

That said, it'd be a bit weird if they don't report these issues and
ask for a CVE assignment against these.
Anyway, the security team might know more about this.

- u

Reply to:

Follow-Ups:
- Re: CITL Releasing 7000 defects/vulnerabilities
  - From: Xavier <yadd@debian.org>
- Re: CITL Releasing 7000 defects/vulnerabilities
  - From: Russ Allbery <rra@debian.org>

References:
- CITL Releasing 7000 defects/vulnerabilities
  - From: Ole Streicher <olebole@debian.org>

Prev by Date: Re: CITL Releasing 7000 defects/vulnerabilities
Next by Date: Re: CITL Releasing 7000 defects/vulnerabilities
Previous by thread: Re: CITL Releasing 7000 defects/vulnerabilities
Next by thread: Re: CITL Releasing 7000 defects/vulnerabilities
Index(es):
- Date
- Thread