Date: Wed, 9 Jul 2014 08:14:40 +0000 From: Sven Kieske <S.Kieske@...twald.de> To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:13.pam Am 04.06.2014 07:42, schrieb Solar Designer: > I mention this so that people are not confused why this one advisory is > posted in here, even though we had decided that vendor-specific > advisories are normally not to be posted to oss-security. I'm sorry, but I'm still relatively new to this list, so forgive me my questioning: I see lots of "vendor specific" advisories here. So my guess is that "vendor" means "a vendor who bundles software into a linux/bsd/whatever distribution"? Because I would consider vulnerabilities in php, curl pnp4nagios (just picked as fresh examples) also as "vendor specific", as they are maintained by one vendor/project and those vulnerabilities don't occur in different tools or language implementations. What I would not consider "vendor specific" are issues inside algorithms or reference implementations of algorithms which are incorporated into different software projects (vendors) like the recent LZ4 and LZO vulns. Could you clarify this policy maybe a bit? I find it quite useful to have a dedicated list collecting these reports, and also freebsd ones even if just freebsd is affected. Lists like full disclosure create way more noise and are thus less useful. Thanks in advance. -- Mit freundlichen Grüßen / Regards Sven Kieske Systemadministrator Mittwald CM Service GmbH & Co. KG Königsberger Straße 6 32339 Espelkamp T: +49-5772-293-100 F: +49-5772-293-333 https://www.mittwald.de Geschäftsführer: Robert Meyer St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.