Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 2 Jul 2001 06:41:13 +0400
From: solar@...nwall.com
To: announce@...ts.openwall.com
Cc: owl-users@...ts.openwall.com
Subject: Owl 0.1-stable

Hi,

We've started maintaining a stable branch of Owl, based on Owl 0.1-
prerelease.  This branch will have all significant reliability and
security fixes necessary to use Owl in production -- even before its
feature set is complete for it to be called 1.0.

Another recent addition is the OpenBSD-like change logs for both Owl
branches.  Whenever there's a security fix applied to an Owl branch,
there will be a change log entry with "SECURITY FIX" and a Severity
field on it, in addition to the usual description of what exactly was
changed and why.  As we fix even very minor security problems, we're
not going to "spam" Bugtraq with advisories each time.

We will keep the number of change log entries per week low such that
the really important changes may be easily seen.  Those who need more
detailed information can always read change logs for the individual
packages.

The Owl change logs are included with the corresponding branches under
Owl/doc/CHANGES (Owl-0_1-stable/doc/CHANGES for the stable branch) and
are also available at:

http://www.openwall.com/Owl/CHANGES.shtml (current branch)
http://www.openwall.com/Owl/CHANGES-stable.shtml (stable branch)

Finally, below is a summary of security fixes that have been applied
since the prerelease.  So far, the worst vulnerability which affects
the default install of Owl 0.1-prerelease is the GnuPG format string
bug, and that is passive.

owl!build:~$ grep -B1 '^SECURITY FIX' native/Owl/doc/CHANGES 
2001/06/29	Package: xinetd
SECURITY FIX	Severity: none to high, remote, active
--
2001/06/27	Package: gpm
SECURITY FIX	Severity: none to low, physical, active
--
2001/06/14	Package: openssh
SECURITY FIX	Severity: none to low, remote, active
--
2001/06/12	Package: screen
SECURITY FIX	Severity: low, local, passive
--
2001/06/11	Package: openssh
SECURITY FIX	Severity: low, local, active
--
2001/06/03	Package: glibc
SECURITY FIX	Severity: low to medium, local, passive
--
2001/05/30	Package: gnupg
SECURITY FIX	Severity: high, remote, passive
--
2001/05/29	Packages: SysVinit, xinetd, owl-startup
SECURITY FIX	Severity: none to medium, local, passive to active
--
2001/05/27	Package: gawk
SECURITY FIX	Severity: low, local, passive
--
2001/05/23	Package: sysklogd
SECURITY FIX	Severity: none to medium, local, active

-- 
/sd

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.