Propagating security fixes efficiently

To: debian-devel@lists.debian.org
Subject: Propagating security fixes efficiently
From: rjk@greenend.org.uk (Richard Kettlewell)
Date: Thu, 26 Aug 1999 16:56:42 +0100 (BST)
Message-id: <[🔎] 14277.25530.717763.365104@chiark.greenend.org.uk>

Martin Schulze <joey@finlandia.Infodrom.North.DE> writes:
> Red Hat has recently released a Security Advisory (RHSA-1999:030-01)
> covering a buffer overflow in the vixie cron package.  Debian has
> discovered this bug two years ago and fixed it.  Therefore versions
> in both, the stable and the unstable, distributions of Debian are
> not vulnerable to this problem..

Do there now exist arrangements to ensure that Red Hat get to hear
about Debian's security fixes, and vica versa?  (And similarly with
regard to other Linux distributions, *BSD, ...)  Clearly such
arrangements either didn't exist, or failed in some way, for this bug
two years ago.

Equally importantly - how many other bugs are fixed only in one
vendor's code, and still waiting to bite the rest of us?  How best to
chase them down?

ttfn/rjk

Reply to:

Follow-Ups:
- Re: Propagating security fixes efficiently
  - From: Anthony Towns <aj@azure.humbug.org.au>

Prev by Date: Re: itp: static bins / resolving static debian issues
Next by Date: Re: Latest UNISYS LZW patent nonsense -- $5,000 for every web site
Previous by thread: Intent to package: a12k12
Next by thread: Re: Propagating security fixes efficiently
Index(es):
- Date
- Thread