Archives
Archives
| From: | Michael Orlitzky <mjo@g.o> | ||
|---|---|---|---|
| To: | gentoo-user@l.g.o | ||
| Subject: | Re: [gentoo-user] Sparse security announcements | ||
| Date: | Sat, 10 Sep 2016 23:47:27 | ||
| Message-Id: | c6ce7d9c-8831-5119-07a8-6ff89ff7bd55@gentoo.org | ||
| In Reply to: | [gentoo-user] Sparse security announcements by Ian Zimmerman |
||
| 1 | On 09/10/2016 07:11 PM, Ian Zimmerman wrote: |
| 2 | > [2] https://www.debian.org/security/2016/dsa-3652 |
| 3 | |
| 4 | Beats me, I don't see it in bugzilla... maybe none of those affect our |
| 5 | newer 6.9.x.y versions? (I didn't dig into the vulnerabilities.) |
| 6 | |
| 7 | |
| 8 | > [3] https://www.debian.org/security/2016/dsa-3653 |
| 9 | |
| 10 | You only get a GLSA after an issue has been fixed and stabilized on all |
| 11 | architectures. And after that, someone actually has to write the GLSA, |
| 12 | so they can appear long after the vulnerability is found or even fixed. |
| 13 | This one hasn't been fixed yet: |
| 14 | |
| 15 | https://bugs.gentoo.org/show_bug.cgi?id=CVE-2016-6354 |
| 16 | |
| 17 | |
| 18 | > [4] https://www.debian.org/security/2016/dsa-3655 |
| 19 | |
| 20 | Same here: |
| 21 | |
| 22 | https://bugs.gentoo.org/show_bug.cgi?id=CVE-2016-6265 |
| Subject | Author |
|---|---|
| [gentoo-user] Re: Sparse security announcements | Ian Zimmerman <itz@×××××××.net> |