1 |
Tobias Weisserth wrote: |
2 |
|
3 |
>>Many (Most?) in the list have already been fixed as far as gentoo is |
4 |
>>concerned |
5 |
> |
6 |
> Take a look at the corresponding bugzilla entries. All of the things I |
7 |
> compiled into the mail are either "NEW" or "ASSIGNED". NONE of these |
8 |
> issues has been resolved as far as the status in bugzilla is concerned. |
9 |
> |
10 |
> Besides: none of these issues has been covered by a GLSA either so I |
11 |
> have to assume - in association with bugzilla status - that the issue is |
12 |
> still alive. |
13 |
|
14 |
Package: Linux kernel |
15 |
Subject: do_mremap VMA limit local privilege escalation vulnerability |
16 |
GLSA = 200403-02 |
17 |
|
18 |
Package: libxml2 |
19 |
Subject: URI Parsing Buffer Overflow Vulnerabilities |
20 |
GLSA = 200403-01 |
21 |
|
22 |
For the others, your report should separate between real pending |
23 |
vulnerabilities (not corrected in the tree) and those corrected but |
24 |
without GLSA issued. |
25 |
|
26 |
-K |
27 |
|
28 |
-- |
29 |
gentoo-security@g.o mailing list |