Date: Fri, 3 May 2013 23:07:07 -0400 From: Michael Gilbert <mgilbert@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: Re-emergence of CVE-2008-4796 in Nagios current On Tue, Apr 30, 2013 at 7:28 PM, David Jorm wrote: >> CVE-2008-4796 snoopy: command execution via shell metacharacters >> >> Was found in Nagios core by Grant Murphy. >> >> Filed upstream: http://tracker.nagios.org/view.php?id=449 >> >> We really need to start thinking about ways to find vulnerable copies >> of code and fixing them everywhere people have embedded them. > > Debian uses clonewise: > > https://github.com/silviocesare/Clonewise There is also a human-researched list, which is never really up to date or anywhere near comprehensive: http://anonscm.debian.org/viewvc/secure-testing/data/embedded-code-copies?view=co Best wishes, Mike
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.