[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security Tracker Frame Options Header

On Wed, Jan 17, 2018 at 4:43 PM, Mattia Dorigatti wrote:

> I've worked around this by using Netscape

Netscape is a long-dead and probably by now a very insecure browser, I
would suggest you avoid it.

> though I can't figure out what "nnn" stands for. A number?

The Debian bug number, which is distinct from the CVE number.
If there is Debian bug reported, it will be in the "Debian Bugs" column.

> I've tried to email this addresses but they report inexistent

None of the CVEs you mention have bugs reported for them:

https://security-tracker.debian.org/tracker/CVE-2017-5753
https://security-tracker.debian.org/tracker/CVE-2017-5715
https://security-tracker.debian.org/tracker/CVE-2017-5754

Probably because they were initially handled with an embargo period
and now are the subject of industry-wide efforts to mitigate them.
Since these are bugs in hardware, they cannot be fixed by Debian or
Linux folks, only worked around with mitigations. I'd suggest you
subscribe to the security announcements list if you are waiting for
news on those mitigations:

https://lists.debian.org/debian-security-announce/

-- 
bye,
pabs

https://wiki.debian.org/PaulWise
Reply to: