Re: Strange CVE situation (at least one ID should come of this)

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/30/2012 11:39 AM, Henri Salo wrote:
> On Tue, Oct 30, 2012 at 01:34:07PM -0400, Steven M. Christey
> wrote:
> > Perhaps the OSS community could borrow an idea from one of the 
> > framework vendors with lots of third-party modules - I forget if
> > it was Joomla or Drupal - who actively maintained a list of
> > poorly maintained or obsolete software.
>
> There is at least http://docs.joomla.org/Vulnerable_Extensions_List
> and Drupal is coordinating contrib modules too (code reviews,
> advisories, etc). I don't know if Joomla security guys handle
> vulnerable extensions in some level or not.
>
> - Henri Salo

Does Drupal throw up a warning if you try to use one of these extensions?

It occurs to me we need a mechanism similar to CRL/OCSP for software,
especially things with plugins like Drupal/WordPress/Firefox/Chrome so
that we can at least warn users of bad software.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQkDhYAAoJEBYNRVNeJnmTPpYP/jL2WyeKwCZLEbWR0jb84cd6
Z+qJ/g9XvMicZr7n8n4huNqBF1K4eZ8/GN+JSj53XA8WA/CWFfpZ6POMxbxzQnq4
nVGl6iB4/mnnRFHMcCejAwV/bNi5W2yOlAkVBwbzPc2UM2X2iG3vEWOs+m8AfT0E
Psde9Mj2X7hoVNy/nH0uIgPomQIT0ErIPYv/4fJgROKoIQGCWF7JG9WiWGboHNfd
lnxYDrC0JLB2EG1P3aFarL6LRCIXyC7C344TbRd4l3Ye6H99Auw8ZheSbiYlITUH
HDlUj/PemXruY04p4CLymXklGKIqi9ZTpfPnpHJyyMn4U3kdgM/ZE7hFlT1xl7mu
8/qvGj772E942LUrnpGmW3iATVOkBzmEg7IjOOiAzW9XsujV4Nmpsm1B1+GFOded
u9FnUDoJa4oqpY0zkr2YI43UzfIV+vb0lBdrAQsxk3xame/8lgJSh7nw90PjKV8p
oulkVDcqpnZoleflztgloGP0CqxBF91AoDOyPLX2UygopYCt8FvvcMCUhIupS1HO
0HBsHP+karYpnh3R0MO67UVcaN+h93Pd98Zzyr23mnnLMdvxXC4e2pUPDBFObqkH
UaB2eTqZVPaa1swOT5Z5lRJLU6BDwW/ITD6odg7tuxi64go18PPK1O3EBdz8bs9V
2ntc+2tdD5xT95aAAiS7
=qntM
-----END PGP SIGNATURE-----