1 |
Koon wrote: |
2 |
> From what I know, the GLSA announcing the Feb 18 do_mremap kernel |
3 |
> vulnerability is still not out, though most (if not all) of the packages |
4 |
> implementing the correction are available in portage. I think we've a |
5 |
> problem here which should be addressed. |
6 |
|
7 |
The situation is even worse, after Feb 18 there was plenty of time to |
8 |
release GLSA, but yesterday public exploit was posted on BUGTRAQ and now |
9 |
systems can be cracked even by script kiddies in minutes. Just imagine |
10 |
how bad it can be for web servers hosting phpBB and other web |
11 |
applications with awful security history. |
12 |
|
13 |
Since writing GLSA takes some precious time, would it be better to mark |
14 |
security-related ebuilds as such and just give a link to original advisory? |
15 |
|
16 |
> - Koon |
17 |
|
18 |
Best Wishes, |
19 |
Viktors |
20 |
|
21 |
|
22 |
-- |
23 |
gentoo-security@g.o mailing list |