oss-sec mailing list archives
Re: CVE for Kali Linux
From: Jeremy Stanley <jeremy () openstack org>
Date: Sun, 22 Mar 2015 15:54:11 +0000
On 2015-03-22 09:49:12 -0600 (-0600), Kurt Seifried wrote: [...]
downloads of updates via HTTP with no other protection == CVE
And in this case the updates are signed by a key trusted by a keyring baked into the OS, so given the presence of "other protection" sounds like no CVE needed? -- Jeremy Stanley
Current thread:
- Re: CVE for Kali Linux, (continued)
- Re: CVE for Kali Linux Russ Allbery (Mar 21)
- Re: CVE for Kali Linux Daniel Micay (Mar 21)
- Re: CVE for Kali Linux Daniel Micay (Mar 21)
- Re: CVE for Kali Linux Florian Weimer (Mar 22)
- Re: CVE for Kali Linux Daniel Micay (Mar 22)
- Re: CVE for Kali Linux Amos Jeffries (Mar 22)
- Re: CVE for Kali Linux Daniel Micay (Mar 22)
- Re: CVE for Kali Linux Michael Samuel (Mar 21)
- Re: CVE for Kali Linux Florian Weimer (Mar 22)
- Re: CVE for Kali Linux Kurt Seifried (Mar 22)
- Re: CVE for Kali Linux Jeremy Stanley (Mar 22)
- Re: CVE for Kali Linux Kurt Seifried (Mar 22)
- Re: CVE for Kali Linux David A. Wheeler (Mar 22)
- Re: CVE for Kali Linux Solar Designer (Mar 22)
- Re: CVE for Kali Linux Solar Designer (Mar 22)
- Re: CVE for Kali Linux Kurt Seifried (Mar 22)
- Re: CVE for Kali Linux Donald Stufft (Mar 22)
- Re: CVE for Kali Linux Daniel Micay (Mar 22)
- Re: CVE for Kali Linux Kristian Fiskerstrand (Mar 22)
- Re: CVE for Kali Linux Jeremy Stanley (Mar 22)
- Re: CVE for Kali Linux David A. Wheeler (Mar 22)