On Die, 22 Okt 2002, Joerg Henner wrote:
______________________________________________________________________________
2) Pending vulnerabilities in SuSE Distributions and Workarounds:
- mod_php4 There was a mistake in Advisory SuSE-SA:2002:036 in section "Affected products". SuSE 7.0 and 7.1 are _not_ vulnerable.
- kon2 There is a vulnerability in kon2, a Japanese input manager for the VGA console, that can be exploited by local users to obtain root privilege. We recommend to un-install kon2.
__________________________________________________________________________
Hi,
are those the "one and only" PENDINGS @SuSE ???
What about:
=> ZIP - CAN-2002-0370, CERT/CC-Bug-ID: VU#383779, Lotus-Bug-ID: SPR# KSPR5CJV2G, Verity-Bug-ID: 76316
=> Apache - CAN-2002-0839
And what are with those "pendings" listet in previous Announcements:
MSG-ID: 20021014181528.A10008@suse.de
Why not listing "pending vulnerabilities" at www.suse.de ???
As i looked around, i found some strange things at: http://www.suse.de/de/security/ Alot of SA (SuSE-Announcements) are published. BUT, many of the listed "pendings" still *NOT* published after more then 2-3 weeks or particular also more then one month !!!! For Example: Announcement-ID: SuSE-SA:2002:034 Date: Mon Sep 30 17:00:00 CEST 2002 ...lists a lot of "pendings", which are not listet anymore (nor in newer Announcements, nor at "http://www.suse.de/de/security/") Any comments around ? I'm still waiting for a "SuSE Statement".... Greetings, -- Jörg Henner Fon: +49 (7 11) 48 90 83 - 0 ETES - EDV-Systemhaus GbR Fax: +49 (7 11) 48 90 83 - 50 Libanonstrasse 58 A * D-70184 Stuttgart Web: http://www.etes.de ______________________________________ Inflex - eMail Scanning and Protection Queries to: postmaster@etes.de