Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20110604200313.GA5687@openwall.com>
Date: Sun, 5 Jun 2011 00:03:13 +0400
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: openssl timing attack

On Sat, Jun 04, 2011 at 02:53:29PM -0400, Michael Gilbert wrote:
> As a practical matter, you could follow the Debian
> secure-testing-commits mailing list [0] or check out the svn repo [1].
> Updates to Mitre's CVE database are synced there twice a day.

This is very nice, thanks.  Many of the commits have Debian-specific
info, though, which would be a bit distracting, and the Subjects are not
specific (just "data/CVE" or "data/DSA"), yet this may be helpful.

I downloaded
http://lists.alioth.debian.org/pipermail/secure-testing-commits/2011-May.txt.gz
and grepped it for SSL (case-insensitive).  Didn't find the OpenSSL
issue that started this thread.  This is not surprising: apparently, the
issue did not receive a CVE ID in May, even though CERT published a
Vulnerability Note on it.

> [0]http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
> [1]svn://svn.debian.org/svn/secure-testing

Perhaps add these to
http://oss-security.openwall.org/wiki/distro-patches#debian ?
And, while you're at it, fix the many broken links currently in the
Debian section there (I counted at least three broken links).

Thanks,

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.