Re: DSU

[pageexec () freemail hu]

On 12 Jul 2006 at 6:34, Florian Weimer wrote:
> > On 11 Jul 2006 at 9:57, Dave Aitel wrote:
> > > This is the difference between Linux and Windows. If this had been
> > > Microsoft they would have just changed the behavior silently or made it
> > > part of some other patch and hoped no one noticed.
> >
> > sorry if i missed the sarcasm above, but are you suggesting that the
> > following is actually what it is claimed to be? ;-)
> >
> > http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7c85d1f9d358b24c5b05c3a2783a78423775a080
>
> Most kernel bug fixes are not reviewed for their security impact.
> This means that a lot of things are in fact fixed silently.  Perhaps
> it's not as deliberate as what Microsoft is doing, but as a side
> effect, some of these fixes are not picked up by vendors and do not
> end up in their kernels, even though the bug fix has been published.

nice try but then how do you explain the following:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2448

in particular note the date of the CVE entry vs. that of the commit
and the obvious discrepancy between the two descriptions. something
known to be as a security bug in May (hence the request for the CVE
entry) was committed with a rather non-descript message next month.

i for one would really like to see what went on on vendor-sec or the
kernel security list regarding this bug.

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave