Re: [suse-security] Buffer overflow in Cyrus Imapd
On Tuesday 10 December 2002 14:19, Markus Gaugusch wrote:
I asked about this last Tuesday (I think). Roman posted a message (Friday?) that a patch is being worked on atm.
Yeah, I knew there was something, but didn't find it again :(
I'm anxiously awaiting the patch myself ;-)
As for a page with known vulnerabilities: do you mean something like: http://www.suse.com/us/private/support/security/index.html
This only contains announcements. Usually SuSE doesn't write an announcement without fixed packages to announce. What I'm missing is a "pending vulnerabilities" list. According to my suggestion, this list
In every security announcement there is a pending vulnerabilities list (see the openldap announcement under 2) for instance). Well done to SuSE ;-)
would NOT be done by SuSE people, but by us. This would take some work off from them (although very little), but everything would be more transparent.
Markus
it seems the SuSE boys have taken that off our hands already. Thank God :-) Stefan
On Dec 10, Stefan Suurmeijer <stefan@raptorweb.nl> wrote:
In every security announcement there is a pending vulnerabilities list (see the openldap announcement under 2) for instance). Well done to SuSE ;-) Yeah, but cyrus was not there (and last announcement was 6th of dec, which is a date where this was already known). Therefore I'd like US to the reporting, and SuSE to give the status. But it must be centralized, or no one will find the information. (Maybe something that can be queried automatically, like a YOU info-patch (just have to integrate that in fou4s ;)
Markus -- __________________ /"\ Markus Gaugusch \ / ASCII Ribbon Campaign markus@gaugusch.at X Against HTML Mail / \
participants (2)
-
Markus Gaugusch -
Stefan Suurmeijer