Re: Identify security-related patches

From: Valdis . Kletnieks
Date: Thu Sep 02 2004 - 14:13:54 EST

Next message: Alan Cox: "Re: kernel bug: 2.6.8.1"
Previous message: Aleksey Gorelov: "RE: [PATCH] Early USB handoff"
In reply to: Chris Wright: "Re: Identify security-related patches"
Next in thread: Florian Weimer: "Re: Identify security-related patches"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 02 Sep 2004 11:48:07 PDT, Chris Wright said:
> * Frank Steiner (fsteiner-mail@xxxxxxxxxxxxxx) wrote:
> > is there an easy way to identify all security-related patches out of the
> > mass of patches floating around on linux.bkbits.net or the kernel bugzilla?
>
> No, there's not. It's not as simple as it seems. Your best bet is
> monitoring vendor updates, as they have the same goal. Occasionaly
> things get applied with a CVE candidate number (CAN-YYYY-NNNN), and
> those are security relevant.

Another point to remember is that there are probably many times that we've
fixed something because it's a bug, and only later find out that it's a bug
with security implications...

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Alan Cox: "Re: kernel bug: 2.6.8.1"
Previous message: Aleksey Gorelov: "RE: [PATCH] Early USB handoff"
In reply to: Chris Wright: "Re: Identify security-related patches"
Next in thread: Florian Weimer: "Re: Identify security-related patches"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]