Re: [suse-sles-e] How long does Suse need to respond to security vulnerabilities? (was: Fwd: Security note: Multiple vulnerabilities in Suse ksh(93))

From: Marcus Meissner (meissner_at_suse.de)
Date: Tue Apr 10 2007 - 22:54:43 CEST

Next message: Marcus Meissner: "Re: [suse-sles-e] How long does Suse need to respond to security vulnerabilities? (was: Fwd: Security note: Multiple vulnerabilities in Suse ksh(93))"
Previous message: Alexei_Roudnev: "Re: [suse-sles-e] Security note: Multiple vulnerabilities in Suse ksh(93)"
In reply to: Felix Schulte: "[suse-sles-e] How long does Suse need to respond to security vulnerabilities? (was: Fwd: Security note: Multiple vulnerabilities in Suse ksh(93))"
Next in thread: Marcus Meissner: "Re: [suse-sles-e] How long does Suse need to respond to security vulnerabilities? (was: Fwd: Security note: Multiple vulnerabilities in Suse ksh(93))"
Reply: Marcus Meissner: "Re: [suse-sles-e] How long does Suse need to respond to security vulnerabilities? (was: Fwd: Security note: Multiple vulnerabilities in Suse ksh(93))"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 10 Apr 2007 22:54:43 +0200
From: Marcus Meissner <meissner@suse.de>
Message-ID: <20070410205443.GB32643@suse.de>
Subject: Re: [suse-sles-e] How long does Suse need to respond to security vulnerabilities? (was: Fwd: Security note: Multiple vulnerabilities in Suse ksh(93))

On Tue, Apr 10, 2007 at 05:41:12PM +0200, Felix Schulte wrote:
> What is the expected average time to respond to a published security
> vulnerability? I reported the problem more than a week ago but there
> are still no new packages available.

Our official security report alias is security@suse.de, security@suse.com
or Bugzilla.

This is very widely published.

Ciao, Marcus

> ---------- Forwarded message ----------
> From: Felix Schulte <felix.schulte@gmail.com>
> Date: Apr 2, 2007 4:22 PM
> Subject: Security note: Multiple vulnerabilities in Suse ksh(93)
> To: suse-sles-e@suse.com
>
>
> AT&T released
> [https://mailman.research.att.com/pipermail/ast-users/2007q1/001715.html]
> new binaries and sources of ksh(93) which include two major fixes for
> security vulnerabilities:
> 07-03-06 Several serious bugs with the restricted shell were reported
> and fixed.
> ...
> 06-10-13 The klockwork.com software detected a few coding errors that
> have been fixed.
>
> Is anyone doing patches for Suse 10.2? It looks Suse still ships a
> vulnerable version.
> --
> _ Felix Schulte
> _|_|_ mailto:felix.schulte@gmail.com
> (0 0)
> ooO--(_)--Ooo
>
>
> --
> _ Felix Schulte
> _|_|_ mailto:felix.schulte@gmail.com
> (0 0)
> ooO--(_)--Ooo
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: suse-sles-e-unsubscribe@suse.com
> For additional commands, e-mail: suse-sles-e-help@suse.com

-- 
Working, but not speaking, for the following german company:
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
---------------------------------------------------------------------
To unsubscribe, e-mail: suse-sles-e-unsubscribe@suse.com
For additional commands, e-mail: suse-sles-e-help@suse.com

This archive was generated by hypermail 2.1.7 : Wed Apr 11 2007 - 00:58:26 CEST