[yocto] bind: issue in trust anchor management can cause named to crash (CVE-2015-1349)
Benjamin Esquivel
benjamin.esquivel at linux.intel.com
Thu Mar 12 08:57:52 PDT 2015
On Thu, 2015-03-12 at 07:35 +0000, Sona Sarmadi wrote:
> Hi Alex,
>
>
>
> Yes I agree with you but this is already a public CVE. Maybe in the
> future we will/should just discuss security related issues in the
> yocto-security at yoctoproject.org mailing list, but right now we don’t
> have many members so I copy to the yocto at yoctoproject.org list as
> well.
>
I think this list is not published in the yocto lists page:
https://www.yoctoproject.org/tools-resources/community/mailing-lists
And, who would be able to subscribe to it? invite-only? public?
>
>
> My intention is to make the list aware of security
> vulnerabilities/CVEs which keep coming all the time. I encourage
> everyone to do this. We will soon or later create a bug in Bugzilla if
> needed or just backport the CVE to our version or upgrade the recipes
> in the affected package to the version which is not vulnerable.
>
>
>
> //Sona
>
>
>
> From: Alexandru Vaduva [mailto:vaduvajanalexandru at yahoo.com]
> Sent: den 12 mars 2015 00:28
> To: Sona Sarmadi; yocto-security at yoctoproject.org
> Cc: yocto at yoctoproject.org
> Subject: Re: [yocto] bind: issue in trust anchor management can cause
> named to crash (CVE-2015-1349)
>
>
>
>
> Wouldn`t it be better for the bugs to be only mentioned on the
> security list?
>
>
> It is my opinion that know about a risk before it is fixed could cause
> more harm then good.
>
>
> What do you thing about this?
>
>
>
>
>
>
>
>
> Alex Vaduva
>
>
More information about the yocto
mailing list