Re: Security response: how are we doing?

To: debian-security@lists.debian.org
Subject: Re: Security response: how are we doing?
From: aw@anhrefn.saar.de
Date: Thu, 1 Dec 2011 12:11:53 +0100
Message-id: <[🔎] p04kq8-tq6.ln1@anhrefn.saar.de>
References: <4ED44910.3090506@igalia.com> <20111129074009.GA32484@e3_shell_019.private.alderwick.co.uk>

In article <i2qVj-21Q-5@gated-at.bofh.it>,
Andrew Alderwick  <alderwick@fsfe.org> wrote:
>Hi Carlos,
>
>On Tue, Nov 29, 2011 at 03:53:04AM +0100, Carlos Alberto Lopez Perez wrote:
>>https://lwn.net/Articles/467615/
>
>It's certainly worth mentioning the errata that zack has posted:
>https://lwn.net/Articles/468117/
>
>â??Depending on how you read the above data, the â??noneâ?? count for Debian 
>would go down to either 3 or 4, the most common value for the columns of 
>your table. Considering that, I think it'd be fair to reconsider your 
>â??it is, in particular, sadâ?? comment.â??

On the other hand, at least from my point of view, things are not looking so
bright. I have on my watchlist 4 buffer overflows (CVE-2011-3193,
CVE-2011-3194, CVE-2011-1071, CVE-2011-1097), one DoS (CVE-2011-1659) and a
number of lesser problems (#628843, #615118, CVE-2011-1521), most of which
I have at least pinged once, most are around for at least 3 months, some
for more than 6 months. And my selection is a quite limited one.

cu

AW
-- 
[...] If you don't want to be restricted, don't agree to it. If you are
coerced, comply as much as you must to protect yourself, just don't support
it. Noone can free you but yourself. (crag, on Debian Planet)
Arne Wichmann (aw@linux.de)

Reply to:

Follow-Ups:
- Re: Security response: how are we doing?
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>

Prev by Date: Professional manufacturer of slewing bearings
Next by Date: Re: Bug#645881: critical update 29 available
Previous by thread: Professional manufacturer of slewing bearings
Next by thread: Re: Security response: how are we doing?
Index(es):
- Date
- Thread