Hi Joe, I see that some errata information has CVE included (probably those disclosed before OpenBSD fixed them). Where this information is absent, I am not confident that the errata details are relevant. In the case of the SSL problem, there was a patch released around the time of the original CVE creation which modified ssl_engine_log.c (where the relevant fix was made) but which fixed a different issue.
Many UNIX administrators do not have the technical skills required to identify which bits of corrected code fix which problems. Simplifying the process of locating vulnerability information would, therefore, make OpenBSD a more attractive option to a wider audience and help ardent OpenBSD advocates sell the solution to managers and executives who may not fully appreciate the advantages of OpenBSD. I love the fact that OpenBSD does not compromise the fundamental security and design principles upon which it was founded. Adding clearer documentation of OpenBSD's superior security can only enhance its reputation. Cheers, Dan On 10/19/06, Joe <[EMAIL PROTECTED]> wrote: > > Podo Carp wrote: > > Thanks Steve, > > > > The scanner does indeed rely on banners (which can be completely > unreliable > > especially on OpenBSD). However, I would like them to not knock over my > > servers trying to confirm the problem if I can easily determine that the > > patches are irrelevant. Of course this is a greater problem for holes > that > > are not fixed but I can't tell which is the case without more > information. > > > > A centralized repository of vulnerability information would make my job > > maintaining OpenBSD systems much simpler and would provide yet another > > avenue to extoll the virtues of OpenBSD versus other operating systems > (as > > in this case where the patch was released a year before the > vulnerability > > was disclosed). > > > You can find all security vulnerabilities here: > > http://www.openbsd.org/errata.html
