[yocto] bind: issue in trust anchor management can cause named to crash (CVE-2015-1349)
Sona Sarmadi
sona.sarmadi at enea.com
Thu Mar 12 00:35:25 PDT 2015
Hi Alex,
Yes I agree with you but this is already a public CVE. Maybe in the future we will/should just discuss security related issues in the yocto-security at yoctoproject.org<mailto:yocto-security at yoctoproject.org> mailing list, but right now we don’t have many members so I copy to the yocto at yoctoproject.org<mailto:yocto at yoctoproject.org> list as well.
My intention is to make the list aware of security vulnerabilities/CVEs which keep coming all the time. I encourage everyone to do this. We will soon or later create a bug in Bugzilla if needed or just backport the CVE to our version or upgrade the recipes in the affected package to the version which is not vulnerable.
//Sona
From: Alexandru Vaduva [mailto:vaduvajanalexandru at yahoo.com]
Sent: den 12 mars 2015 00:28
To: Sona Sarmadi; yocto-security at yoctoproject.org
Cc: yocto at yoctoproject.org
Subject: Re: [yocto] bind: issue in trust anchor management can cause named to crash (CVE-2015-1349)
Wouldn`t it be better for the bugs to be only mentioned on the security list?
It is my opinion that know about a risk before it is fixed could cause more harm then good.
What do you thing about this?
Alex Vaduva
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20150312/33bdd22b/attachment.html>
More information about the yocto
mailing list