oss-sec mailing list archives

Re: CVE for Kali Linux

From: Jeremy Stanley <jeremy () openstack org>
Date: Sun, 22 Mar 2015 15:54:11 +0000

On 2015-03-22 09:49:12 -0600 (-0600), Kurt Seifried wrote:
[...]

downloads of updates via HTTP with no other protection == CVE


And in this case the updates are signed by a key trusted by a
keyring baked into the OS, so given the presence of "other
protection" sounds like no CVE needed?
-- 
Jeremy Stanley

Current thread:

Re: CVE for Kali Linux, (continued)
- - - Re: CVE for Kali Linux Russ Allbery (Mar 21)
    - Re: CVE for Kali Linux Daniel Micay (Mar 21)
    - Re: CVE for Kali Linux Daniel Micay (Mar 21)
    - Re: CVE for Kali Linux Florian Weimer (Mar 22)
    - Re: CVE for Kali Linux Daniel Micay (Mar 22)
    - Re: CVE for Kali Linux Amos Jeffries (Mar 22)
    - Re: CVE for Kali Linux Daniel Micay (Mar 22)
    - Re: CVE for Kali Linux Michael Samuel (Mar 21)
    - Re: CVE for Kali Linux Florian Weimer (Mar 22)
    - Re: CVE for Kali Linux Kurt Seifried (Mar 22)
    - Re: CVE for Kali Linux Jeremy Stanley (Mar 22)
    - Re: CVE for Kali Linux Kurt Seifried (Mar 22)
    - Re: CVE for Kali Linux David A. Wheeler (Mar 22)
    - Re: CVE for Kali Linux Solar Designer (Mar 22)
    - Re: CVE for Kali Linux Solar Designer (Mar 22)
    - Re: CVE for Kali Linux Kurt Seifried (Mar 22)
    - Re: CVE for Kali Linux Donald Stufft (Mar 22)
    - Re: CVE for Kali Linux Daniel Micay (Mar 22)
    - Re: CVE for Kali Linux Kristian Fiskerstrand (Mar 22)
    - Re: CVE for Kali Linux Jeremy Stanley (Mar 22)
    - Re: CVE for Kali Linux David A. Wheeler (Mar 22)

(Thread continues...)