Mailing List Archive by Gossamer Threads http://www.gossamer-threads.com/lists/gentoo/security/ en-us (c) Gossamer Threads Inc. All rights reserved. 13 Feb 2012 03:38:01 -0800 120 75 23 http://www.gossamer-threads.com/lists/gentoo/security/ http://www.gossamer-threads.com/images/lists/rss_logo.jpg 08 Dec 2011 22:21:59 -0800 http://www.gossamer-threads.com/lists/gentoo/security/244096 On Nov 17, 2011, at 1:30 AM, David Sommerseth wrote: > > Hi, > > This is a very fresh CVE, and I wondered if this has caught your attention? > When 17 Nov 2011 00:48:23 -0800 http://www.gossamer-threads.com/lists/gentoo/security/242696 Hi, This is a very fresh CVE, and I wondered if this has caught your attention? When would it be reasonable to expect an update for this issue? ISC 16 Nov 2011 23:30:03 -0800 http://www.gossamer-threads.com/lists/gentoo/security/242692 Rich Freeman wrote, on 08/27/2011 03:06 PM: > However, that isn't really what we're discussing here. What we're > talking about is GLSAs vs no GLSAs. 27 Aug 2011 06:34:27 -0800 http://www.gossamer-threads.com/lists/gentoo/security/237182 On Sat, Aug 27, 2011 at 8:34 AM, Tobias Heinlein <keytoaster@gentoo.org> wrote: > I have read that idea multiple times now, each of them by people not 27 Aug 2011 06:06:43 -0800 http://www.gossamer-threads.com/lists/gentoo/security/237181 Rich Freeman wrote, on 08/27/2011 02:13 PM: > Note that I'm basically advocating ditching the tool. A tool is good > when it improves productivity. 27 Aug 2011 05:34:39 -0800 http://www.gossamer-threads.com/lists/gentoo/security/237180 On Sat, Aug 27, 2011 at 4:49 AM, Christian Kauhaus <kc@gocept.com> wrote: > So in consequence I would appreciate to have both mechanisms: a timely > u 27 Aug 2011 05:13:02 -0800 http://www.gossamer-threads.com/lists/gentoo/security/237179 Am 26.08.2011 20:08, schrieb Kevin Bryan: > SECURITY_FIXES="<www-plugins/adobe-flash-10.1.102.64" > SECURITY_REF="CVE:2010-2169 http://..." > SECURITY 27 Aug 2011 01:49:09 -0800 http://www.gossamer-threads.com/lists/gentoo/security/237175 But Alex, this could be a great improvement in system at all. This can help administrators to measure better its systems, and may be "force" developer 26 Aug 2011 16:38:50 -0800 http://www.gossamer-threads.com/lists/gentoo/security/237171 On Friday 26 August 2011 16:02:56 Kevin Bryan wrote: > I was not considering the entire process, just the part that really > impacts me: identifying v 26 Aug 2011 15:27:33 -0800 http://www.gossamer-threads.com/lists/gentoo/security/237168 I like this approach but I have no idea about how this could be performed. ACCEPT_RISKS="remote dos" emerge ... Sounds very cool to me. Daniel On 26 Aug 2011 13:40:49 -0800 http://www.gossamer-threads.com/lists/gentoo/security/237163 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I was not considering the entire process, just the part that really impacts me: identifying vulnerable 26 Aug 2011 13:02:56 -0800 http://www.gossamer-threads.com/lists/gentoo/security/237162 On Friday, August 26, 2011 08:07:57 PM Alex Legler wrote: > On Friday 26 August 2011 20:00:15 Joost Roeleveld wrote: > > On Friday, August 26, 2011 07 26 Aug 2011 12:30:02 -0800 http://www.gossamer-threads.com/lists/gentoo/security/237161 Alex. For WEB vulnerability discovering, one of the most important to us is Nessus to search and confronting against CVE database. Sometimes, Nessus 26 Aug 2011 12:27:03 -0800 http://www.gossamer-threads.com/lists/gentoo/security/237160 On Friday 26 August 2011 15:22:40 Daniel A. Avelino wrote: > > When I think about automation, I had in mind something that could help > > developers 26 Aug 2011 11:44:06 -0800 http://www.gossamer-threads.com/lists/gentoo/security/237159 Hi Kevin. That is an interesting idea. So one could check about vulnerabilies solutions _before_ package installation. And better. This could give us 26 Aug 2011 11:41:58 -0800 http://www.gossamer-threads.com/lists/gentoo/security/237155 On Friday 26 August 2011 14:08:38 Kevin Bryan wrote: > Although I like having the summary information about what the > vulnerability is, if I'm only r 26 Aug 2011 11:40:29 -0800 http://www.gossamer-threads.com/lists/gentoo/security/237154 On Fri, Aug 26, 2011 at 2:57 PM, Alex Legler <a3li@gentoo.org> wrote: > On Friday 26 August 2011 14:18:20 Daniel A. Avelino wrote: > > Alex. > > > > 26 Aug 2011 11:22:40 -0800 http://www.gossamer-threads.com/lists/gentoo/security/237153 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Although I like having the summary information about what the vulnerability is, if I'm only reading the 26 Aug 2011 11:08:38 -0800 http://www.gossamer-threads.com/lists/gentoo/security/237152 On Friday 26 August 2011 20:00:15 Joost Roeleveld wrote: > On Friday, August 26, 2011 07:06:35 PM Christian Kauhaus wrote: > > Am 26.08.2011 18:55, sc 26 Aug 2011 11:07:57 -0800 http://www.gossamer-threads.com/lists/gentoo/security/237151 On Friday 26 August 2011 14:18:20 Daniel A. Avelino wrote: > Alex. > > May be a call for volunteers more "intense" could improve the manpower. This > 26 Aug 2011 10:57:29 -0800 http://www.gossamer-threads.com/lists/gentoo/security/237150 Alex. May be a call for volunteers more "intense" could improve the manpower. This could be a more easy start point to address, no?. I work too in so 26 Aug 2011 10:18:20 -0800 http://www.gossamer-threads.com/lists/gentoo/security/237149 Am 26.08.2011 18:55, schrieb Alex Legler: > Compared to other distributions, our advisories have been rather detailed with > lots of manually research 26 Aug 2011 10:06:35 -0800 http://www.gossamer-threads.com/lists/gentoo/security/237148 On Friday 26 August 2011 18:12:00 Christian Kauhaus wrote: > Hi, > > I'm wondering that may favorite Linux distro hasn't had any security > announcem 26 Aug 2011 09:55:43 -0800 http://www.gossamer-threads.com/lists/gentoo/security/237145 Dear Christian Everything is secure. No reason to write GLSAs or to panic. ;) Chris Am 26.08.2011 um 18:12 schrieb Christian Kauhaus: > Hi, > > 26 Aug 2011 09:43:19 -0800 http://www.gossamer-threads.com/lists/gentoo/security/237144