[suse-sles-e] How long does Suse need to respond to security vulnerabilities? (was: Fwd: Security note: Multiple vulnerabilities in Suse ksh(93))

From: Felix Schulte (felix.schulte_at_gmail.com)
Date: Tue Apr 10 2007 - 17:41:12 CEST

• Next message: Michael T. Halligan: "Re: [suse-sles-e] Adding SDK to a SLES10 AutoYast repository? Is it even possible?"
• Previous message: Felix Schulte: "Re: [suse-sles-e] Security note: Multiple vulnerabilities in Suse ksh(93)"
• Next in thread: Marcus Meissner: "Re: [suse-sles-e] How long does Suse need to respond to security vulnerabilities? (was: Fwd: Security note: Multiple vulnerabilities in Suse ksh(93))"
• Reply: Marcus Meissner: "Re: [suse-sles-e] How long does Suse need to respond to security vulnerabilities? (was: Fwd: Security note: Multiple vulnerabilities in Suse ksh(93))"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Message-ID: <74f15d5f0704100841k48ecc37bodd9ae6b2c6c637b4@mail.gmail.com>
Date: Tue, 10 Apr 2007 17:41:12 +0200
From: "Felix Schulte" <felix.schulte@gmail.com>
Subject: [suse-sles-e] How long does Suse need to respond to security vulnerabilities? (was: Fwd: Security note: Multiple vulnerabilities in Suse ksh(93))

What is the expected average time to respond to a published security
vulnerability? I reported the problem more than a week ago but there
are still no new packages available.

---------- Forwarded message ----------
From: Felix Schulte <felix.schulte@gmail.com>
Date: Apr 2, 2007 4:22 PM
Subject: Security note: Multiple vulnerabilities in Suse ksh(93)
To: suse-sles-e@suse.com

AT&T released [https://mailman.research.att.com/pipermail/ast-users/2007q1/001715.html]
new binaries and sources of ksh(93) which include two major fixes for
security vulnerabilities:
07-03-06 Several serious bugs with the restricted shell were reported
and fixed.
...
06-10-13 The klockwork.com software detected a few coding errors that
have been fixed.

Is anyone doing patches for Suse 10.2? It looks Suse still ships a
vulnerable version.

--
      _        Felix Schulte
    _|_|_     mailto:felix.schulte@gmail.com
    (0 0)
ooO--(_)--Ooo
-- 
      _        Felix Schulte
    _|_|_     mailto:felix.schulte@gmail.com
    (0 0)
ooO--(_)--Ooo
---------------------------------------------------------------------
To unsubscribe, e-mail: suse-sles-e-unsubscribe@suse.com
For additional commands, e-mail: suse-sles-e-help@suse.com

• Next message: Michael T. Halligan: "Re: [suse-sles-e] Adding SDK to a SLES10 AutoYast repository? Is it even possible?"
• Previous message: Felix Schulte: "Re: [suse-sles-e] Security note: Multiple vulnerabilities in Suse ksh(93)"
• Next in thread: Marcus Meissner: "Re: [suse-sles-e] How long does Suse need to respond to security vulnerabilities? (was: Fwd: Security note: Multiple vulnerabilities in Suse ksh(93))"
• Reply: Marcus Meissner: "Re: [suse-sles-e] How long does Suse need to respond to security vulnerabilities? (was: Fwd: Security note: Multiple vulnerabilities in Suse ksh(93))"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Tue Apr 10 2007 - 19:45:02 CEST