http://www.securityfocus.com/bid/16375 is minor but important enough to
report?
A way to remotly crash a OpenBSD box is minor?
From http://openbsd.org/security.html:
"Security information moves very fast in cracker circles. On the other hand,
our experience is that coding and releasing of proper security fixes
typically requires about an hour of work -- very fast fix turnaround is
possible. Thus we think that full disclosure helps the people who really
care about security."
It requires to qualify as a root explort/possible root explorit to get a
security announce?
Sorry, I don't get it.
From: Marco Peereboom <[EMAIL PROTECTED]>
To: Rob W <[EMAIL PROTECTED]>
Subject: Re: MS Security VP Mike Nash remarks on MS vs OpenBSD security.
Date: Thu, 26 Jan 2006 13:04:55 -0600
How many times do you need to hear the same thing?
NOT ALL BUGFIXES MAKE IT TO THE ERRATA BECAUSE THEY ARE MINOR.
On Thu, Jan 26, 2006 at 05:11:23PM +0100, Rob W wrote:
> fox wrote:
> >According to http://openbsd.org/security.html, the last two releases
> >of OpenBSD have had 8 vulnerabilities (and that includes two that
> >apply to both releases - so really 6 for both releases of OpenBSD).
>
> What about http://www.securityfocus.com/bid/16375 and
> http://docs.freebsd.org/cgi/mid.cgi?200601251013.k0PAD9lO059018 (Fixed
in
> cvs, but NO patch for 3.8 or 3.7 and NO security announce -
>
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/if_bridge.c.diff?r1=1.147&r2=1.148)
>
> Is there other bugs that haven't made it to the errate page?
>
_________________________________________________________________
Find dine dokumenter lettere med MSN Toolbar med Windows-pc-sxgning:
http://toolbar.msn.dk
