Date: Sun, 5 Jun 2011 00:03:13 +0400 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: CVE request: openssl timing attack On Sat, Jun 04, 2011 at 02:53:29PM -0400, Michael Gilbert wrote: > As a practical matter, you could follow the Debian > secure-testing-commits mailing list  or check out the svn repo . > Updates to Mitre's CVE database are synced there twice a day. This is very nice, thanks. Many of the commits have Debian-specific info, though, which would be a bit distracting, and the Subjects are not specific (just "data/CVE" or "data/DSA"), yet this may be helpful. I downloaded http://lists.alioth.debian.org/pipermail/secure-testing-commits/2011-May.txt.gz and grepped it for SSL (case-insensitive). Didn't find the OpenSSL issue that started this thread. This is not surprising: apparently, the issue did not receive a CVE ID in May, even though CERT published a Vulnerability Note on it. > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits > svn://svn.debian.org/svn/secure-testing Perhaps add these to http://oss-security.openwall.org/wiki/distro-patches#debian ? And, while you're at it, fix the many broken links currently in the Debian section there (I counted at least three broken links). Thanks, Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.