|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] DSU
pageexec
freemail.hu
Date: Wed Jul 12 2006 - 03:41:23 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 12 Jul 2006 at 6:34, Florian Weimer wrote:
> > On 11 Jul 2006 at 9:57, Dave Aitel wrote:
> >> This is the difference between Linux and Windows. If this had been
> >> Microsoft they would have just changed the behavior silently or made it
> >> part of some other patch and hoped no one noticed.
> >
> > sorry if i missed the sarcasm above, but are you suggesting that the
> > following is actually what it is claimed to be? ;-)
> >
> > http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7c85d1f9d358b24c5b05c3a2783a78423775a080
>
> Most kernel bug fixes are not reviewed for their security impact.
> This means that a lot of things are in fact fixed silently. Perhaps
> it's not as deliberate as what Microsoft is doing, but as a side
> effect, some of these fixes are not picked up by vendors and do not
> end up in their kernels, even though the bug fix has been published.
nice try but then how do you explain the following:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2448
in particular note the date of the CVE entry vs. that of the commit
and the obvious discrepancy between the two descriptions. something
known to be as a security bug in May (hence the request for the CVE
entry) was committed with a rather non-descript message next month.
i for one would really like to see what went on on vendor-sec or the
kernel security list regarding this bug.
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]