Gentoo Archives: gentoo-security

From: William Kenworthy <billk@×××××××××.au>
To: tobias@×××××××××.de
Cc: gentoo-security@l.g.o
Subject: Re: [gentoo-security] [GLVP 200403-01] Gentoo Linux Pending Vulnerabilities
Date: Sat, 27 Mar 2004 23:50:14
Message-Id: 1080431391.7685.15.camel@rattus.Localdomain
In Reply to: [gentoo-security] [GLVP 200403-01] Gentoo Linux Pending Vulnerabilities by Tobias Weisserth
1 A couple of points:
2 Many (Most?) in the list have already been fixed as far as gentoo is
3 concerned - that is if you have followed policy and upgraded the problem
4 does not exist in the installed packages.
5
6 I think you should:
7 A: add a line to say "fixed in later version - upgrade via portage" or
8 similar (gotta be a better way to say this!)
9
10 B: Highlight ones for which the vulnerability is ongoing, that is those
11 that have no fix of any kind - top of list?
12
13 C: give the full package name. Firebird is a name used for both a
14 database and a browser, so I had to look twice at that one.
15
16 The problem is that if you are on the current x86 (as an example), none
17 of these should apply so confusion may occur. I know its a bit of a
18 "play on words", but these are not a "compilation of known but
19 unresolved vulnerabilities and security issues in Gentoo Linux." They
20 have been resolved and the packages listed will not/should not be
21 installed, but later fixed versions will. Installed systems should have
22 been upgraded by the user when the relevant GLSA appears. If not ...
23
24 BillK
25
26 On Sun, 2004-03-28 at 00:32, Tobias Weisserth wrote:
27 > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
28 > Gentoo Linux Pending Vulnerabilities GLVP 200403-01
29 > Unofficial Announcement
30 > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
31 > glvp@×××××××××.org
32 > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
33 >
34
35 >
36
37
38 --
39 gentoo-security@g.o mailing list

Replies

Subject Author
Re: [gentoo-security] [GLVP 200403-01] Gentoo Linux Pending Vulnerabilities Tobias Weisserth <tobias@×××××××××.de>