* [gentoo-server] what happend to GLSA ?
@ 2008-01-08 18:08 Tomasz Lutelmowski
2008-01-08 18:22 ` Andrew Gaffney
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Tomasz Lutelmowski @ 2008-01-08 18:08 UTC (permalink / raw
To: gentoo-server
The GLSA is not updating since 2007-12-25...
xxx etc # glsa-check -l | tail
[A] means this GLSA was already applied,
[U] means the system is not affected and
[N] indicates that the system might be affected.
200712-16 [U] Exiv2: Integer overflow ( media-gfx/exiv2 )
200712-17 [U] exiftags: Multiple vulnerabilities ( media-gfx/exiftags )
200712-18 [U] Multi-Threaded DAAP Daemon: Multiple vulnerabilities ( media-
sound/mt-daapd )
200712-19 [U] Syslog-ng: Denial of Service ( app-admin/syslog-ng )
200712-20 [U] ClamAV: Multiple vulnerabilities ( app-antivirus/clamav )
200712-21 [U] Mozilla Firefox, SeaMonkey: Multiple vulnerabilities ( www-
client/seamonkey www-client/mozilla-firefox-bin www-client/mozilla-
firefox ... )
200712-22 [U] Opera: Multiple vulnerabilities ( www-client/opera )
200712-23 [U] Wireshark: Multiple vulnerabilities ( net-analyzer/wireshark )
200712-24 [U] AMD64 x86 emulation GTK+ library: User-assisted execution of
arbitrary code ( app-emulation/emul-linux-x86-gtklibs )
200712-25 [U] OpenOffice.org: User-assisted arbitrary code execution ( app-
office/openoffice app-office/openoffice-bin dev-db/hsqldb )
Is it temporary issue or Gentoo got new way of tracking vulnerabilities ?
Regards,
TOmek
--
gentoo-server@lists.gentoo.org mailing list
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [gentoo-server] what happend to GLSA ?
2008-01-08 18:08 [gentoo-server] what happend to GLSA ? Tomasz Lutelmowski
@ 2008-01-08 18:22 ` Andrew Gaffney
2008-01-08 18:24 ` mRyOuNg
2008-02-15 15:20 ` Raphael Marichez
2 siblings, 0 replies; 6+ messages in thread
From: Andrew Gaffney @ 2008-01-08 18:22 UTC (permalink / raw
To: gentoo-server
Tomasz Lutelmowski wrote:
> The GLSA is not updating since 2007-12-25...
>
> 200712-25 [U] OpenOffice.org: User-assisted arbitrary code execution ( app-
> office/openoffice app-office/openoffice-bin dev-db/hsqldb )
The -25 isn't a date. It's the 25th GLSA for that month. That particular one was
from 2007-12-30. And maybe there just haven't been any GLSAs released in the
last 9 days?
--
Andrew Gaffney http://dev.gentoo.org/~agaffney/
Gentoo Linux Developer Catalyst/Installer + x86 release coordinator
--
gentoo-server@lists.gentoo.org mailing list
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [gentoo-server] what happend to GLSA ?
2008-01-08 18:08 [gentoo-server] what happend to GLSA ? Tomasz Lutelmowski
2008-01-08 18:22 ` Andrew Gaffney
@ 2008-01-08 18:24 ` mRyOuNg
2008-02-15 15:20 ` Raphael Marichez
2 siblings, 0 replies; 6+ messages in thread
From: mRyOuNg @ 2008-01-08 18:24 UTC (permalink / raw
To: gentoo-server
[-- Attachment #1: Type: text/plain, Size: 1815 bytes --]
Tomasz Lutelmowski wrote:
> The GLSA is not updating since 2007-12-25...
>
> xxx etc # glsa-check -l | tail
> [A] means this GLSA was already applied,
> [U] means the system is not affected and
> [N] indicates that the system might be affected.
>
> 200712-16 [U] Exiv2: Integer overflow ( media-gfx/exiv2 )
> 200712-17 [U] exiftags: Multiple vulnerabilities ( media-gfx/exiftags )
> 200712-18 [U] Multi-Threaded DAAP Daemon: Multiple vulnerabilities ( media-
> sound/mt-daapd )
> 200712-19 [U] Syslog-ng: Denial of Service ( app-admin/syslog-ng )
> 200712-20 [U] ClamAV: Multiple vulnerabilities ( app-antivirus/clamav )
> 200712-21 [U] Mozilla Firefox, SeaMonkey: Multiple vulnerabilities ( www-
> client/seamonkey www-client/mozilla-firefox-bin www-client/mozilla-
> firefox ... )
> 200712-22 [U] Opera: Multiple vulnerabilities ( www-client/opera )
> 200712-23 [U] Wireshark: Multiple vulnerabilities ( net-analyzer/wireshark )
> 200712-24 [U] AMD64 x86 emulation GTK+ library: User-assisted execution of
> arbitrary code ( app-emulation/emul-linux-x86-gtklibs )
> 200712-25 [U] OpenOffice.org: User-assisted arbitrary code execution ( app-
> office/openoffice app-office/openoffice-bin dev-db/hsqldb )
>
> Is it temporary issue or Gentoo got new way of tracking vulnerabilities ?
>
> Regards,
> TOmek
>
Hi there ...
Hmm, if i remember well, the last number has nothing todo with the day ...
200712-25 means ... 25th Security Advisory during December 2007
Maybe i'm wrong, but one sure thing is that the last number as nothing
to do with the day ...
for example
# glsa-check -d 200712-17 | grep "Announced"
Announced on: December 29, 2007
cya!
--
. mRyOuNg :: [ SoundBomb . Syn[Rj] ] .
mail: mryoung@soundbomb.net
web : mryoung.soundbomb.net
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 252 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [gentoo-server] what happend to GLSA ?
2008-01-08 18:08 [gentoo-server] what happend to GLSA ? Tomasz Lutelmowski
2008-01-08 18:22 ` Andrew Gaffney
2008-01-08 18:24 ` mRyOuNg
@ 2008-02-15 15:20 ` Raphael Marichez
2008-02-15 22:16 ` Olaf Niermann
2 siblings, 1 reply; 6+ messages in thread
From: Raphael Marichez @ 2008-02-15 15:20 UTC (permalink / raw
To: gentoo-server
[-- Attachment #1: Type: text/plain, Size: 1672 bytes --]
On Tue, 08 Jan 2008, Tomasz Lutelmowski wrote:
>
> The GLSA is not updating since 2007-12-25...
>
> xxx etc # glsa-check -l | tail
> [A] means this GLSA was already applied,
> [U] means the system is not affected and
> [N] indicates that the system might be affected.
>
> 200712-16 [U] Exiv2: Integer overflow ( media-gfx/exiv2 )
> 200712-17 [U] exiftags: Multiple vulnerabilities ( media-gfx/exiftags )
> 200712-18 [U] Multi-Threaded DAAP Daemon: Multiple vulnerabilities ( media-
> sound/mt-daapd )
> 200712-19 [U] Syslog-ng: Denial of Service ( app-admin/syslog-ng )
> 200712-20 [U] ClamAV: Multiple vulnerabilities ( app-antivirus/clamav )
> 200712-21 [U] Mozilla Firefox, SeaMonkey: Multiple vulnerabilities ( www-
> client/seamonkey www-client/mozilla-firefox-bin www-client/mozilla-
> firefox ... )
> 200712-22 [U] Opera: Multiple vulnerabilities ( www-client/opera )
> 200712-23 [U] Wireshark: Multiple vulnerabilities ( net-analyzer/wireshark )
> 200712-24 [U] AMD64 x86 emulation GTK+ library: User-assisted execution of
> arbitrary code ( app-emulation/emul-linux-x86-gtklibs )
> 200712-25 [U] OpenOffice.org: User-assisted arbitrary code execution ( app-
> office/openoffice app-office/openoffice-bin dev-db/hsqldb )
>
> Is it temporary issue or Gentoo got new way of tracking vulnerabilities ?
indeed GLSA 200712-25 was sent 2007-12-30. After all, it was Chrismas
holidays...
We're still actively looking for helpers (which may become official
security members after a probation period) for wrangling security bugs
and writing GLSA. Mail to security@gentoo.org if interested.
--
Raphael Marichez aka Falco
[-- Attachment #2: Type: application/pgp-signature, Size: 481 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* RE: [gentoo-server] what happend to GLSA ?
2008-02-15 15:20 ` Raphael Marichez
@ 2008-02-15 22:16 ` Olaf Niermann
2008-02-16 14:49 ` Raphael Marichez
0 siblings, 1 reply; 6+ messages in thread
From: Olaf Niermann @ 2008-02-15 22:16 UTC (permalink / raw
To: gentoo-server
Hi Raphael,
Just use the command
# glsa-check -l |sort -n |tail
And you will see that glsa is up to date.
Regards,
Olaf Niermann
-----Original Message-----
From: Raphael Marichez [mailto:falco@gentoo.org]
Sent: Friday, February 15, 2008 4:20 PM
To: gentoo-server@lists.gentoo.org
Subject: Re: [gentoo-server] what happend to GLSA ?
On Tue, 08 Jan 2008, Tomasz Lutelmowski wrote:
>
> The GLSA is not updating since 2007-12-25...
>
> xxx etc # glsa-check -l | tail
> [A] means this GLSA was already applied,
> [U] means the system is not affected and
> [N] indicates that the system might be affected.
>
> 200712-16 [U] Exiv2: Integer overflow ( media-gfx/exiv2 )
> 200712-17 [U] exiftags: Multiple vulnerabilities ( media-gfx/exiftags )
> 200712-18 [U] Multi-Threaded DAAP Daemon: Multiple vulnerabilities (
media-
> sound/mt-daapd )
> 200712-19 [U] Syslog-ng: Denial of Service ( app-admin/syslog-ng )
> 200712-20 [U] ClamAV: Multiple vulnerabilities ( app-antivirus/clamav )
> 200712-21 [U] Mozilla Firefox, SeaMonkey: Multiple vulnerabilities ( www-
> client/seamonkey www-client/mozilla-firefox-bin www-client/mozilla-
> firefox ... )
> 200712-22 [U] Opera: Multiple vulnerabilities ( www-client/opera )
> 200712-23 [U] Wireshark: Multiple vulnerabilities ( net-analyzer/wireshark
)
> 200712-24 [U] AMD64 x86 emulation GTK+ library: User-assisted execution of
> arbitrary code ( app-emulation/emul-linux-x86-gtklibs )
> 200712-25 [U] OpenOffice.org: User-assisted arbitrary code execution (
app-
> office/openoffice app-office/openoffice-bin dev-db/hsqldb )
>
> Is it temporary issue or Gentoo got new way of tracking vulnerabilities ?
indeed GLSA 200712-25 was sent 2007-12-30. After all, it was Chrismas
holidays...
We're still actively looking for helpers (which may become official
security members after a probation period) for wrangling security bugs
and writing GLSA. Mail to security@gentoo.org if interested.
--
Raphael Marichez aka Falco
--
gentoo-server@lists.gentoo.org mailing list
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2008-02-16 14:49 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-01-08 18:08 [gentoo-server] what happend to GLSA ? Tomasz Lutelmowski
2008-01-08 18:22 ` Andrew Gaffney
2008-01-08 18:24 ` mRyOuNg
2008-02-15 15:20 ` Raphael Marichez
2008-02-15 22:16 ` Olaf Niermann
2008-02-16 14:49 ` Raphael Marichez
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox