Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 18 May 2011 21:28:17 +0400
From: Solar Designer <>
Subject: Re: Multiple libraries privilege checking

On Wed, May 18, 2011 at 06:53:23PM +0200, yersinia wrote:
> It happens that I am, with another name, an rpm5/popt comantainer . I am very
> interested to integrate these patches, being also a   security
> professional. Very

We have many more rpm patches here:
These are against rpm-4.2 and most of them are non-security, but they
were required to make rpm usable for us.  For example, when a package is
rebuilt with some changes but without Epoch/Version/Release change, and
the old build contains some files that are not in the new build, and the
package is upgraded on a system (such as with "-U --force"), the
original rpm would leave orphaned files around on the system (security
relevance: even SUID/SGID program binaries).  Ours removes those files.
You could want to take a look at our patches and see if any are still
relevant to rpm5.

> useful to follow this mailing list, but I am not part of a distro, at least
> for now, and I can no longer follow it in the future due to the  recent
> policy change. Thanks anyway.

Huh?  There's no policy change.  Are you possibly misinterpreting the
"Closed list" thread as applying to the oss-security list?  It does not.
The closed list is an alternative to the old vendor-sec and to the CC
lists that started to appear in the month without vendor-sec.  It is not
an alternative to oss-security.  In fact, with the new closed list being
more limited than the old vendor-sec was, I expect more topics to be
discussed on oss-security than there were when vendor-sec was around.



Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.