| 1 |
Hi Koon, |
| 2 |
|
| 3 |
Am So, den 28.03.2004 schrieb Koon um 12:34: |
| 4 |
> Tobias Weisserth wrote: |
| 5 |
... |
| 6 |
|
| 7 |
> Package: Linux kernel |
| 8 |
> Subject: do_mremap VMA limit local privilege escalation vulnerability |
| 9 |
> GLSA = 200403-02 |
| 10 |
|
| 11 |
This is still open in Bugzilla ;-) |
| 12 |
|
| 13 |
http://bugs.gentoo.org/show_bug.cgi?id=42024 |
| 14 |
|
| 15 |
> Package: libxml2 |
| 16 |
> Subject: URI Parsing Buffer Overflow Vulnerabilities |
| 17 |
> GLSA = 200403-01 |
| 18 |
|
| 19 |
This is still open in Bugzilla too ;-) |
| 20 |
|
| 21 |
http://bugs.gentoo.org/show_bug.cgi?id=42735 |
| 22 |
|
| 23 |
> For the others, your report should separate between real pending |
| 24 |
> vulnerabilities (not corrected in the tree) and those corrected but |
| 25 |
> without GLSA issued. |
| 26 |
|
| 27 |
I orientated myself according to the status of the bugzilla entries. |
| 28 |
Maybe this wasn't a good idea because obviously some of the fixed issues |
| 29 |
remain open entries in bugzilla. You have to agree that this is somehow |
| 30 |
confusing, isn't it? ;-) It seems that at least in those two cases you |
| 31 |
found, the bugzilla issues haven't been closed although a GLSA has been |
| 32 |
issued? Who is going to fix that? |
| 33 |
|
| 34 |
Thanks for your suggestions and hints. |
| 35 |
|
| 36 |
regards, |
| 37 |
Tobias |
| 38 |
|
| 39 |
|
| 40 |
-- |
| 41 |
*************************************************** |
| 42 |
____ _____ |
| 43 |
| _ \| ____| Tobias Weisserth |
| 44 |
| | | | _| tobias@weisserth.[de|com|net|org] |
| 45 |
_| |_| | |___ http://www.weisserth.org |
| 46 |
(_)____/|_____| |
| 47 |
|
| 48 |
Encrypted mail is welcome. |
| 49 |
Key and fingerprint: http://imprint.weisserth.org |
| 50 |
|
| 51 |
*************************************************** |
Archives