Re: [suse-sles-e] How long does Suse need to respond to security vulnerabilities? (was: Fwd: Security note: Multiple vulnerabilities in Suse ksh(93))

From: Marcus Meissner (meissner_at_suse.de)
Date: Tue Apr 10 2007 - 23:06:48 CEST

Next message: Marcus Meissner: "Re: [suse-sles-e] Security note: Multiple vulnerabilities in Suse ksh(93)"
Previous message: Marcus Meissner: "Re: [suse-sles-e] How long does Suse need to respond to security vulnerabilities? (was: Fwd: Security note: Multiple vulnerabilities in Suse ksh(93))"
In reply to: Marcus Meissner: "Re: [suse-sles-e] How long does Suse need to respond to security vulnerabilities? (was: Fwd: Security note: Multiple vulnerabilities in Suse ksh(93))"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 10 Apr 2007 23:06:48 +0200
From: Marcus Meissner <meissner@suse.de>
Message-ID: <20070410210648.GD32643@suse.de>
Subject: Re: [suse-sles-e] How long does Suse need to respond to security vulnerabilities? (was: Fwd: Security note: Multiple vulnerabilities in Suse ksh(93))

On Tue, Apr 10, 2007 at 10:54:43PM +0200, Marcus Meissner wrote:
> On Tue, Apr 10, 2007 at 05:41:12PM +0200, Felix Schulte wrote:
> > What is the expected average time to respond to a published security
> > vulnerability? I reported the problem more than a week ago but there
> > are still no new packages available.
>
> Our official security report alias is security@suse.de, security@suse.com
> or Bugzilla.
>
> This is very widely published.

And what I specifically mean with this jetlagged reply is:

- We are not listening everywhere for security reports.

Ciao, Marcus
>
> > ---------- Forwarded message ----------
> > From: Felix Schulte <felix.schulte@gmail.com>
> > Date: Apr 2, 2007 4:22 PM
> > Subject: Security note: Multiple vulnerabilities in Suse ksh(93)
> > To: suse-sles-e@suse.com
> >
> >
> > AT&T released
> > [https://mailman.research.att.com/pipermail/ast-users/2007q1/001715.html]
> > new binaries and sources of ksh(93) which include two major fixes for
> > security vulnerabilities:
> > 07-03-06 Several serious bugs with the restricted shell were reported
> > and fixed.
> > ...
> > 06-10-13 The klockwork.com software detected a few coding errors that
> > have been fixed.
> >
> > Is anyone doing patches for Suse 10.2? It looks Suse still ships a
> > vulnerable version.
> > --
> > _ Felix Schulte
> > _|_|_ mailto:felix.schulte@gmail.com
> > (0 0)
> > ooO--(_)--Ooo
> >
> >
> > --
> > _ Felix Schulte
> > _|_|_ mailto:felix.schulte@gmail.com
> > (0 0)
> > ooO--(_)--Ooo
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: suse-sles-e-unsubscribe@suse.com
> > For additional commands, e-mail: suse-sles-e-help@suse.com
>
> --
> Working, but not speaking, for the following german company:
> SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: suse-sles-e-unsubscribe@suse.com
> For additional commands, e-mail: suse-sles-e-help@suse.com

-- 
Working, but not speaking, for the following german company:
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
---------------------------------------------------------------------
To unsubscribe, e-mail: suse-sles-e-unsubscribe@suse.com
For additional commands, e-mail: suse-sles-e-help@suse.com

Next message: Marcus Meissner: "Re: [suse-sles-e] Security note: Multiple vulnerabilities in Suse ksh(93)"
Previous message: Marcus Meissner: "Re: [suse-sles-e] How long does Suse need to respond to security vulnerabilities? (was: Fwd: Security note: Multiple vulnerabilities in Suse ksh(93))"
In reply to: Marcus Meissner: "Re: [suse-sles-e] How long does Suse need to respond to security vulnerabilities? (was: Fwd: Security note: Multiple vulnerabilities in Suse ksh(93))"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 11 2007 - 01:10:29 CEST