On Sat, Dec 31, 2005 at 07:12:57PM +0100, Ulf Harnhammar wrote:
>
> Perhaps someone with commit rights could add those? I saw that both
> Javier and Steve found some stuff that led to DSA's in December, so
> there's more stuff to add as well.
Yes, I found out some tempfile bugs (IIRC that was back in October). Since
the security team had their hands full and the bugs were not as critical as
other bugs they did not see a DSA until recently. I have not updated the DSA
or bug list since april, so there's a lot to add.
If anyone has some spare time, please pick up the wml files from
http://cvs.debian.org/webwml/english/security/audit/?root=webwml
add the advisories / bugs there and provide me with a patch so I can
upload it to the website.
I will make an update of that information, if time permits, sometime
in the future but I currently have my hands full with other stuff.
Regards
Javier
PS: BTW, have you guys read about the DHS involvement with OSS source code audits?
See
http://www.linuxgazette.com/node/10901
and
http://news.com.com/Homeland+Security+helps+secure+open-source+code/2100-1002_3-6025579.html