[oi-dev] Security Work
Joerg Schilling
Joerg.Schilling at fokus.fraunhofer.de
Mon Jan 24 17:33:50 UTC 2011
Alasdair Lumsden <alasdairrr at gmail.com> wrote:
> On 01/24/11 05:12 PM, Joerg Schilling wrote:
>
> > If you believe thare are security issues that need to be addressed, please make
> > a bug report into the Schillix-ON Bug Tracking system:
>
> Hi Joerg,
>
> As we're currently using Illumos as our upstream ON, it makes sense for
> us to file and track the bugs on the Illumos bug tracker.
>
> But we'll share info and cooperate where we can.
Thank you!
> From what I've seen, they don't appear to have disclosed enough
> information to locate and fix said security issues. As an example:
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2632
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2632
>
> Completely unhelpful :-(
This really looks bad. We need to find a way to get the related information
that allows a fix. Does someone know what we might need to do in order to be
able to get to sufficient information?
Jörg
--
EMail:joerg at schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin
js at cs.tu-berlin.de (uni)
joerg.schilling at fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/
URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily
More information about the oi-dev
mailing list