Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Mon, 25 Aug 2008 11:59:49 +0200
From: Robert Buchholz <rbu@...too.org>
To: oss-security@...ts.openwall.com
Cc: Pınar YanardaÄ. <pinar@...dus.org.tr>
Subject: Pardus Bugs / Patches, Was: Re: CVE id request: vlc

On Sunday 24 August 2008, Pınar YanardaÄ. wrote:
> Nico Golde wrote On 24-08-2008 13:10:
> > Hi,
> >
> > * Pinar Yanarda<pinar@...dus.org.tr>  [2008-08-24 11:23]:
> >> Nico Golde wrote On 24-08-2008 03:13:
> >>> Hi,
> >>> there seems to be a buffer overflow in videolans mms
> >>> handling:
> >>> http://www.orange-bat.com/adv/2008/adv.08.24.txt
> >>
> >> Btw, a vendor patch has been released:
> >> http://mailman.videolan.org/pipermail/vlc-devel/2008-August/048488
> >>.html
> >
> > Wow that was fast, 4 hours after I notified them of the
> > problem.
> > Looks correct to me. Anyone else had a look at the patch?
>
> I was having some trouble to apply this patch but they updated it a
> couple of hours ago, which works fine now.

Hey Pınar,

I noticed Pardus is not yet listed on the 'How to steal hard work and 
patches from others' page, aka:
  http://oss-security.openwall.org/wiki/distro-patches

If you host your patches somewhere, please add a pointer there.
Also, are you managing security bugs with Bugzilla, or somewhere else 
where one can look up the status of an issue?

Thanks,
Robert

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux