Dailydave mailing list archives
Re: DSU
From: pageexec () freemail hu
Date: Wed, 12 Jul 2006 10:41:23 +0200
On 12 Jul 2006 at 6:34, Florian Weimer wrote:
On 11 Jul 2006 at 9:57, Dave Aitel wrote:This is the difference between Linux and Windows. If this had been Microsoft they would have just changed the behavior silently or made it part of some other patch and hoped no one noticed.sorry if i missed the sarcasm above, but are you suggesting that the following is actually what it is claimed to be? ;-) http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7c85d1f9d358b24c5b05c3a2783a78423775a080Most kernel bug fixes are not reviewed for their security impact. This means that a lot of things are in fact fixed silently. Perhaps it's not as deliberate as what Microsoft is doing, but as a side effect, some of these fixes are not picked up by vendors and do not end up in their kernels, even though the bug fix has been published.
nice try but then how do you explain the following: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2448 in particular note the date of the CVE entry vs. that of the commit and the obvious discrepancy between the two descriptions. something known to be as a security bug in May (hence the request for the CVE entry) was committed with a rather non-descript message next month. i for one would really like to see what went on on vendor-sec or the kernel security list regarding this bug. _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- DSU Dave Aitel (Jul 11)
- Re: DSU TINNES Julien RD-MAPS-ISS (Jul 12)