On 7/11/07, Alec Berryman <[EMAIL PROTECTED]> wrote: > > I can't speak for the security team, but the testing security team could > always use more people doing what you apparently already do - determine > which new CVEs affect Debian and find ways to get those issues fixed.
Actually I'm not currently following recent vulnerabilities, sorry... I just wanted to suggest a useful feature that could help others now and also myself in the future. > Much of the infrastructure you mentioned is already in place. The > testing security team keeps a list of CVEs and short descriptions of how > (if at all) each affects Debian as well as information like versions in > which the issue is fixed, bug numbers, and severity indicators. It's > kept in plain-text in a publicly-viewable svn repository, but there are > other ways to view the information. At > http://security-tracker.debian.net/ you can look up the status of > different packages, CVEs, and security bug numbers. Also, the Debian > Security Analyzer (package debsecan) will alert you to vulnerable > packages on that system using the security-tracker data. Thanks for the information, it's really helpful. -- Alexander _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
