Date: Sun, 5 Jun 2011 00:03:13 +0400 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: CVE request: openssl timing attack On Sat, Jun 04, 2011 at 02:53:29PM -0400, Michael Gilbert wrote: > As a practical matter, you could follow the Debian > secure-testing-commits mailing list  or check out the svn repo . > Updates to Mitre's CVE database are synced there twice a day. This is very nice, thanks. Many of the commits have Debian-specific info, though, which would be a bit distracting, and the Subjects are not specific (just "data/CVE" or "data/DSA"), yet this may be helpful. I downloaded http://lists.alioth.debian.org/pipermail/secure-testing-commits/2011-May.txt.gz and grepped it for SSL (case-insensitive). Didn't find the OpenSSL issue that started this thread. This is not surprising: apparently, the issue did not receive a CVE ID in May, even though CERT published a Vulnerability Note on it. > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits > svn://svn.debian.org/svn/secure-testing Perhaps add these to http://oss-security.openwall.org/wiki/distro-patches#debian ? And, while you're at it, fix the many broken links currently in the Debian section there (I counted at least three broken links). Thanks, Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ