1 |
Hi Koon, |
2 |
|
3 |
Am So, den 28.03.2004 schrieb Koon um 12:34: |
4 |
> Tobias Weisserth wrote: |
5 |
... |
6 |
|
7 |
> Package: Linux kernel |
8 |
> Subject: do_mremap VMA limit local privilege escalation vulnerability |
9 |
> GLSA = 200403-02 |
10 |
|
11 |
This is still open in Bugzilla ;-) |
12 |
|
13 |
http://bugs.gentoo.org/show_bug.cgi?id=42024 |
14 |
|
15 |
> Package: libxml2 |
16 |
> Subject: URI Parsing Buffer Overflow Vulnerabilities |
17 |
> GLSA = 200403-01 |
18 |
|
19 |
This is still open in Bugzilla too ;-) |
20 |
|
21 |
http://bugs.gentoo.org/show_bug.cgi?id=42735 |
22 |
|
23 |
> For the others, your report should separate between real pending |
24 |
> vulnerabilities (not corrected in the tree) and those corrected but |
25 |
> without GLSA issued. |
26 |
|
27 |
I orientated myself according to the status of the bugzilla entries. |
28 |
Maybe this wasn't a good idea because obviously some of the fixed issues |
29 |
remain open entries in bugzilla. You have to agree that this is somehow |
30 |
confusing, isn't it? ;-) It seems that at least in those two cases you |
31 |
found, the bugzilla issues haven't been closed although a GLSA has been |
32 |
issued? Who is going to fix that? |
33 |
|
34 |
Thanks for your suggestions and hints. |
35 |
|
36 |
regards, |
37 |
Tobias |
38 |
|
39 |
|
40 |
-- |
41 |
*************************************************** |
42 |
____ _____ |
43 |
| _ \| ____| Tobias Weisserth |
44 |
| | | | _| tobias@weisserth.[de|com|net|org] |
45 |
_| |_| | |___ http://www.weisserth.org |
46 |
(_)____/|_____| |
47 |
|
48 |
Encrypted mail is welcome. |
49 |
Key and fingerprint: http://imprint.weisserth.org |
50 |
|
51 |
*************************************************** |