oss-sec mailing list archives
Re: Strange CVE situation (at least one ID should come of this)
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 30 Oct 2012 14:28:08 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/30/2012 11:39 AM, Henri Salo wrote:
On Tue, Oct 30, 2012 at 01:34:07PM -0400, Steven M. Christey wrote:Perhaps the OSS community could borrow an idea from one of the framework vendors with lots of third-party modules - I forget if it was Joomla or Drupal - who actively maintained a list of poorly maintained or obsolete software.There is at least http://docs.joomla.org/Vulnerable_Extensions_List and Drupal is coordinating contrib modules too (code reviews, advisories, etc). I don't know if Joomla security guys handle vulnerable extensions in some level or not. - Henri Salo
Does Drupal throw up a warning if you try to use one of these extensions? It occurs to me we need a mechanism similar to CRL/OCSP for software, especially things with plugins like Drupal/WordPress/Firefox/Chrome so that we can at least warn users of bad software. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJQkDhYAAoJEBYNRVNeJnmTPpYP/jL2WyeKwCZLEbWR0jb84cd6 Z+qJ/g9XvMicZr7n8n4huNqBF1K4eZ8/GN+JSj53XA8WA/CWFfpZ6POMxbxzQnq4 nVGl6iB4/mnnRFHMcCejAwV/bNi5W2yOlAkVBwbzPc2UM2X2iG3vEWOs+m8AfT0E Psde9Mj2X7hoVNy/nH0uIgPomQIT0ErIPYv/4fJgROKoIQGCWF7JG9WiWGboHNfd lnxYDrC0JLB2EG1P3aFarL6LRCIXyC7C344TbRd4l3Ye6H99Auw8ZheSbiYlITUH HDlUj/PemXruY04p4CLymXklGKIqi9ZTpfPnpHJyyMn4U3kdgM/ZE7hFlT1xl7mu 8/qvGj772E942LUrnpGmW3iATVOkBzmEg7IjOOiAzW9XsujV4Nmpsm1B1+GFOded u9FnUDoJa4oqpY0zkr2YI43UzfIV+vb0lBdrAQsxk3xame/8lgJSh7nw90PjKV8p oulkVDcqpnZoleflztgloGP0CqxBF91AoDOyPLX2UygopYCt8FvvcMCUhIupS1HO 0HBsHP+karYpnh3R0MO67UVcaN+h93Pd98Zzyr23mnnLMdvxXC4e2pUPDBFObqkH UaB2eTqZVPaa1swOT5Z5lRJLU6BDwW/ITD6odg7tuxi64go18PPK1O3EBdz8bs9V 2ntc+2tdD5xT95aAAiS7 =qntM -----END PGP SIGNATURE-----
Current thread:
- Strange CVE situation (at least one ID should come of this) Josh Bressers (Oct 26)
- Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried (Oct 29)
- Re: Strange CVE situation (at least one ID should come of this) Seth Arnold (Oct 29)
- Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried (Oct 29)
- Re: Strange CVE situation (at least one ID should come of this) Steven M. Christey (Oct 30)
- Re: Strange CVE situation (at least one ID should come of this) Henri Salo (Oct 30)
- Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried (Oct 30)
- Re: [security] [oss-security] Strange CVE situation (at least one ID should come of this) Greg Knaddison (Oct 31)
- Re: Strange CVE situation (at least one ID should come of this) Seth Arnold (Oct 29)
- Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried (Oct 30)
- Re: Strange CVE situation (at least one ID should come of this) Steven M. Christey (Oct 31)
- Re: Strange CVE situation (at least one ID should come of this) Josh Bressers (Nov 02)
- Re: Strange CVE situation (at least one ID should come of this) cve-assign (Nov 02)
- Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried (Oct 29)
- Re: Strange CVE situation (at least one ID should come of this) Vincent Danen (Dec 05)
- Re: Strange CVE situation (at least one ID should come of this) Josh Bressers (Dec 05)
- Re: Strange CVE situation (at least one ID should come of this) Vincent Danen (Dec 05)