Mailinglist Archive: opensuse-security (25 mails)

[jfweber@xxxxxxxxxxxx]

On Fri November 6 2009 3:40:53 am Marcus Meissner wrote:
> On Fri, Nov 06, 2009 at 09:30:47AM +0100, Frank Steiner wrote:
> > Hi,
> >
> > Marcus Meissner wrote
<snip>
> > >

> > not meaning to offend anyone, but as far as I can see the patch for
> > this has been added on October 26th to the SuSE sources (SLE 10 SP2):
> >
> > * Mon Oct 26 2009 - jkosina@xxxxxxx
> > - patches.fixes/fix-pipe-null-ptr.patch: fs: pipe.c null pointer
> >   dereference (bnc#550001, CVE-2009-3547).
> >
> > So couldn't the kernels have been out a week ago?
>
> First, the issue was handled as responsible disclosure with the disclosure 
> date
> on this week (Nov 4 actually, but it turned out to be Nov 3).
>
> Second, we do need QA time to actually test kernels. 



Awwww, Marcus, we know these things flow fully formed from your pen.. I am not 
suggesting you don't need a few minutes to check that every token and pipe and 
all those things are all in their proper places..  ;-D
> Thirdly, the patch listed above was buggy. Which we noticed on Tuesday and had
> to restart the update. Otherwise we would probably be ready now.
 Now *THIS* could be a problem, except as usual you guys handled it very 
quickly.. and all is well.
I'll have to check and make certain all my computers have the right numbers

> Tue Nov  3 12:14:59 CET 2009 - jkosina@xxxxxxx
> - patches.fixes/fix-pipe-null-ptr.patch: fix incorrect increment
>   in pipe_write_open()
> in the changelog if you are testing KOTD kernels.


Thanks again for all the work  you guys do to make this as smooth a ride as 
possible for all of us.
Good Karma points all around  for the team... 
OR... a virtual beer ...
;-D
--
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx