From: | Michael Orlitzky <mjo@g.o> | ||
---|---|---|---|
To: | gentoo-user@l.g.o | ||
Subject: | Re: [gentoo-user] Sparse security announcements | ||
Date: | Sat, 10 Sep 2016 23:47:27 | ||
Message-Id: | c6ce7d9c-8831-5119-07a8-6ff89ff7bd55@gentoo.org | ||
In Reply to: | [gentoo-user] Sparse security announcements by Ian Zimmerman |
1 | On 09/10/2016 07:11 PM, Ian Zimmerman wrote: |
2 | > [2] https://www.debian.org/security/2016/dsa-3652 |
3 | |
4 | Beats me, I don't see it in bugzilla... maybe none of those affect our |
5 | newer 6.9.x.y versions? (I didn't dig into the vulnerabilities.) |
6 | |
7 | |
8 | > [3] https://www.debian.org/security/2016/dsa-3653 |
9 | |
10 | You only get a GLSA after an issue has been fixed and stabilized on all |
11 | architectures. And after that, someone actually has to write the GLSA, |
12 | so they can appear long after the vulnerability is found or even fixed. |
13 | This one hasn't been fixed yet: |
14 | |
15 | https://bugs.gentoo.org/show_bug.cgi?id=CVE-2016-6354 |
16 | |
17 | |
18 | > [4] https://www.debian.org/security/2016/dsa-3655 |
19 | |
20 | Same here: |
21 | |
22 | https://bugs.gentoo.org/show_bug.cgi?id=CVE-2016-6265 |
Subject | Author |
---|---|
[gentoo-user] Re: Sparse security announcements | Ian Zimmerman <itz@×××××××.net> |