Re: Separate list for commits | |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] | |
I subscribe to this list so I can get alerted to new CVE related bugs.
While the audit files change log was hard to understand at first, I can
now easily scan for packages my server relies on, and run yum to get new
packages if something is fixed.
Is there a better way for me to learn about vulnerabilities? If this is
the preferred way, then it would be nice to keep the commit log on this
list, so I don't have to subscribe to both. I'd also argue that if this
is the preferred way, then a new list for security discussions would be
a better way to change things.
-----Original Message-----
From: fedora-security-list-bounces@xxxxxxxxxx
[mailto:fedora-security-list-bounces@xxxxxxxxxx] On Behalf Of
fedora-security-list-request@xxxxxxxxxx
Sent: Tuesday, September 18, 2007 12:00 PM
To: fedora-security-list@xxxxxxxxxx
Subject: Fedora-security-list Digest, Vol 19, Issue 15
Send Fedora-security-list mailing list submissions to
fedora-security-list@xxxxxxxxxx
To subscribe or unsubscribe via the World Wide Web, visit
https://www.redhat.com/mailman/listinfo/fedora-security-list
or, via email, send a message with subject or body 'help' to
fedora-security-list-request@xxxxxxxxxx
You can reach the person managing the list at
fedora-security-list-owner@xxxxxxxxxx
When replying, please edit your Subject line so it is more specific than
"Re: Contents of Fedora-security-list digest..."
Today's Topics:
1. Re: Separate list for commits (Kevin Fenzi)
2. [Bug 243592] CVE-2007-3112, CVE-2007-3113: cacti DoS
vulnerabilities (bugzilla@xxxxxxxxxx)
3. [Bug 243592] CVE-2007-3112, CVE-2007-3113: cacti DoS
vulnerabilities (bugzilla@xxxxxxxxxx)
4. Re: Separate list for commits (Lubomir Kundrak)
5. Re: Separate list for commits (Eugene Teo)
6. [RFC] Tracking bugs for Fedora; managing security flaws in
multiple supported releases (Lubomir Kundrak)
7. fedora-security/audit fc6,1.260,1.261 fc7,1.108,1.109
(Tomas Hoger (thoger))
----------------------------------------------------------------------
Message: 1
Date: Mon, 17 Sep 2007 15:22:35 -0600
From: Kevin Fenzi <kevin@xxxxxxxxx>
Subject: Re: Separate list for commits
To: fedora-security-list@xxxxxxxxxx
Message-ID: <20070917152235.22da91ac@xxxxxxxxxxxxxxxxxxxxxxxx>
Keywords: Debian-sarge
Content-Type: text/plain; charset="us-ascii"
On Mon, 17 Sep 2007 17:27:47 +0200
Lubomir Kundrak <lkundrak@xxxxxxxxxx> wrote:
> Hi all,
>
> Wit the volume of the commit messagaes and bugzilla mails this list
> became less suited for discussions. Would anyone mind creating another
> list, say fedora-security-commits-list, where would that sort of mails
> go?
I filter such emails into another box, so discussion shows up just fine
here.
Perhaps we could use mailman "Topics" support better here?
ie, make all bugzilla and commits emails have their own topic.
If you just subscribe you get everything, but if you don't want
everything you can change your topics so you don't get the things you
don't want?
Or for that matter, perhaps we could just get the regular commits list
to have a security topic for people who only want security commits?
Just a thought.
> Regards,
kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
https://www.redhat.com/archives/fedora-security-list/attachments/2007091
7/e611a15e/signature.bin
------------------------------
Message: 2
Date: Mon, 17 Sep 2007 23:24:43 -0400
From: bugzilla@xxxxxxxxxx
Subject: [Bug 243592] CVE-2007-3112, CVE-2007-3113: cacti DoS
vulnerabilities
To: fedora-security-list@xxxxxxxxxx
Message-ID: <200709180324.l8I3OhYr027222@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset=utf-8
Please do not reply directly to this email. All additional comments
should be made in the comments box of this bug report.
Summary: CVE-2007-3112, CVE-2007-3113: cacti DoS vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=243592
------- Additional Comments From updates@xxxxxxxxxxxxxxxxx 2007-09-17
23:24 EST -------
cacti-0.8.6j-8.fc7 has been pushed to the Fedora 7 stable repository.
If problems still persist, please make note of it in this bug report.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: ------- You are on the CC
list for the bug, or are watching someone who is.
------------------------------
Message: 3
Date: Mon, 17 Sep 2007 23:24:44 -0400
From: bugzilla@xxxxxxxxxx
Subject: [Bug 243592] CVE-2007-3112, CVE-2007-3113: cacti DoS
vulnerabilities
To: fedora-security-list@xxxxxxxxxx
Message-ID: <200709180324.l8I3OiKS027247@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset=utf-8
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: CVE-2007-3112, CVE-2007-3113: cacti DoS vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=243592
updates@xxxxxxxxxxxxxxxxx changed:
What |Removed |Added
------------------------------------------------------------------------
----
Status|ASSIGNED |CLOSED
Resolution| |ERRATA
Fixed In Version| |0.8.6j-8.fc7
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
------------------------------
Message: 4
Date: Tue, 18 Sep 2007 14:49:41 +0200
From: Lubomir Kundrak <lkundrak@xxxxxxxxxx>
Subject: Re: Separate list for commits
To: Kevin Fenzi <kevin@xxxxxxxxx>
Cc: fedora-security-list@xxxxxxxxxx
Message-ID: <1190119781.3341.13.camel@xxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain
On Mon, 2007-09-17 at 15:22 -0600, Kevin Fenzi wrote:
> On Mon, 17 Sep 2007 17:27:47 +0200
> Lubomir Kundrak <lkundrak@xxxxxxxxxx> wrote:
>
> > Hi all,
> >
> > Wit the volume of the commit messagaes and bugzilla mails this list
> > became less suited for discussions. Would anyone mind creating
another
> > list, say fedora-security-commits-list, where would that sort of
mails
> > go?
>
> I filter such emails into another box, so discussion shows up just
> fine here.
>
> Perhaps we could use mailman "Topics" support better here?
>
> ie, make all bugzilla and commits emails have their own topic.
> If you just subscribe you get everything, but if you don't want
> everything you can change your topics so you don't get the things you
> don't want?
>
> Or for that matter, perhaps we could just get the regular commits list
> to have a security topic for people who only want security commits?
I would want to avoid topics. Most people don't know what they are. I
find a separate list much more convenient.
--
Lubomir Kundrak (Red Hat Security Response Team)
------------------------------
Message: 5
Date: Tue, 18 Sep 2007 22:14:15 +0800
From: Eugene Teo <eugeneteo@xxxxxxxxx>
Subject: Re: Separate list for commits
To: Lubomir Kundrak <lkundrak@xxxxxxxxxx>
Cc: fedora-security-list@xxxxxxxxxx
Message-ID: <20070918141415.GA5736@xxxxxxxxx>
Content-Type: text/plain; charset=us-ascii
<quote sender="Lubomir Kundrak">
> Hi all,
>
> Wit the volume of the commit messagaes and bugzilla mails this list
> became less suited for discussions. Would anyone mind creating another
> list, say fedora-security-commits-list, where would that sort of mails
> go?
It makes a lot of sense to do it this way. Generally we want to separate
these noise from the actual discussion. It also makes searching for
mails in the archive easier.
Eugene
------------------------------
Message: 6
Date: Tue, 18 Sep 2007 16:40:22 +0200
From: Lubomir Kundrak <lkundrak@xxxxxxxxxx>
Subject: [RFC] Tracking bugs for Fedora; managing security flaws in
multiple supported releases
To: fedora-security-list@xxxxxxxxxx
Message-ID: <1190126422.3341.25.camel@xxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain
Aim: To have a flexile way to deal with flaws affecting multiple
packages in multiple versions of multiple products.
http://fedoraproject.org/wiki/LubomirKundrak/TrackingBugsDraft
This should grow into documentation on dealing with security flaws for
both package maintainer and SRT member.
--
Lubomir Kundrak (Security Response Team)
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic
Registered in Brno under #CZ27690016
------------------------------
Message: 7
Date: Tue, 18 Sep 2007 11:43:25 -0400
From: "Tomas Hoger" (thoger) <fedora-extras-commits@xxxxxxxxxx>
Subject: fedora-security/audit fc6,1.260,1.261 fc7,1.108,1.109
To: fedora-extras-commits@xxxxxxxxxx
Message-ID: <200709181543.l8IFhPZr023894@xxxxxxxxxxxxxxxxxxxxxxxxx>
Content-Type: TEXT/PLAIN; charset=US-ASCII
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23869/audit
Modified Files:
fc6 fc7
Log Message:
Vulnerable rpc code also part of nfs-utils-lib and libtirpc.
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.260
retrieving revision 1.261
diff -u -r1.260 -r1.261
--- fc6 17 Sep 2007 15:42:28 -0000 1.260
+++ fc6 18 Sep 2007 15:43:23 -0000 1.261
@@ -36,6 +36,8 @@
CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-614]
CVE-2007-4000 backport (krb5) [since FEDORA-2007-690]
CVE-2007-3999 backport (krb5) [since FEDORA-2007-690]
+CVE-2007-3999 VULNERABLE (nfs-utils-lib) #294911
+CVE-2007-3999 VULNERABLE (libtirpc) #294931
CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on
Linux
CVE-2007-3961 ignore (gftp) off-by-one error in fsplib
CVE-2007-3852 backport (sysstat) #252296 [since FEDORA-2007-675]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.108
retrieving revision 1.109
diff -u -r1.108 -r1.109
--- fc7 17 Sep 2007 15:42:28 -0000 1.108
+++ fc7 18 Sep 2007 15:43:23 -0000 1.109
@@ -74,6 +74,8 @@
CVE-2007-4029 backport (libvorbis) #245991 [since FEDORA-2007-1765]
CVE-2007-4000 backport (krb5) [since FEDORA-2007-2017]
CVE-2007-3999 backport (krb5) [since FEDORA-2007-2017]
+CVE-2007-3999 VULNERABLE (nfs-utils-lib) #294901
+CVE-2007-3999 VULNERABLE (libtirpc) #294921
CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on
Linux
CVE-2007-3961 ignore (gftp) off-by-one error in fsplib
CVE-2007-3852 backport (sysstat) #252295 [since FEDORA-2007-1697]
--
fedora-extras-commits mailing list
fedora-extras-commits@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
------------------------------
--
Fedora-security-list mailing list
Fedora-security-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-security-list
End of Fedora-security-list Digest, Vol 19, Issue 15
****************************************************
--
Fedora-security-list mailing list
Fedora-security-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-security-list
[Home] [Fedora Legacy List] [Fedora Maintainers] [Fedora Desktop] [Red Hat 9 Bible] [Fedora Bible] [Fedora SELinux] [Big List of Linux Books] [Yosemite News] [Yosemite Photos] [KDE Users] [Coolkey] [Fedora Tools]
