oss-sec mailing list archives
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)
From: Daniel Kahn Gillmor <dkg () fifthhorseman net>
Date: Thu, 29 Jan 2015 21:43:46 -0500
On Thu 2015-01-29 19:00:35 -0500, Hanno Böck wrote:
As promised, I wrote down my lengthy thoughts in a blog post: https://blog.hboeck.de/archives/864-What-the-GHOST-tells-us-about-free-software-vulnerability-management.html
thanks for this writeup, Hanno. you wrote:
It would be an interesting (and time consuming) project to take a package like PHP and check for all the security vulnerabilities whether they are fixed in the latest packages in Debian Squeeze/Wheezy, all Red Hat Enterprise versions and other long term support systems.
I don't know about RHEL, but Debian's security tracker does actually try to do this, and to coordinate it with the CVEs. For example: https://security-tracker.debian.org/tracker/source-package/php5 It ain't pretty, but it's there. If you (or anyone) is interested in working on this sort of tracker, or integrating between this and other trackers, please talk to the debian security team: https://wiki.debian.org/Teams/Security Regards, --dkg
Attachment:
signature.asc
Description:
Current thread:
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235), (continued)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 30)
- R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) linkbc02 (Jan 30)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 30)
- R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) linkbc02 (Jan 30)
- Re: R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Ammar Brohi (Jan 31)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Michal Zalewski (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Kurt Seifried (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Daniel Kahn Gillmor (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Jan Schaumann (Jan 29)