On Fri, Apr 17, 2020 at 1:31 pm, John M. Harris Jr
wrote:
Most likely, multi-platform. There have been a few so big the NSA
stepped in
and started warning people they needed to update.
These are both use-after-free vulnerabilities. The vulnerability is
probably cross-platform, but exploits a
Demi M. Obenour wrote:
> I have virtually never noticed a regression, so I consider getting a security
> update out quickly to be much more important.
Debian is good at pushing out important security fixes quickly – and
it's fairly common to see bug fixes issued because a security fix
caused a re
On Fri, Apr 17, 2020 at 5:13 PM Michel Alexandre Salim
wrote:
>
> On 4/16/20 11:42 PM, Jan Kratochvil wrote:
> > On Fri, 17 Apr 2020 06:55:10 +0200, Michel Alexandre Salim wrote:
> >> For kernel updates this is probably not a good idea. Given that updates
> >> potentially introduce regressions, be
On Fri, Apr 17, 2020 at 1:43 AM Jan Kratochvil
wrote:
>
> On Fri, 17 Apr 2020 06:55:10 +0200, Michel Alexandre Salim wrote:
> > For kernel updates this is probably not a good idea. Given that updates
> > potentially introduce regressions, being able to distinguish updates with
> > known CVEs that
On 4/16/20 11:42 PM, Jan Kratochvil wrote:
On Fri, 17 Apr 2020 06:55:10 +0200, Michel Alexandre Salim wrote:
For kernel updates this is probably not a good idea. Given that updates
potentially introduce regressions, being able to distinguish updates with
known CVEs that we do need to roll out im
On Friday, April 17, 2020 9:32:19 AM MST Michael Catanzaro wrote:
> On Fri, Apr 17, 2020 at 12:11 pm, Gerald Henriksen
> wrote:
>
> > At least a recent Firefox update was to fix 2 issues that were
> > reported as being already exploited in the real world.
>
>
> Probably on Windows.
Most likel
On Fri, Apr 17, 2020 at 01:01:52AM -, Demi M. Obenour wrote:
> How can this be accomplished? I know that substantial releng and QA effort
> will be needed, along with close coordination with package maintainers and
> upstream developers. That said, I have virtually never noticed a
> regression,
On Thu, Apr 16, 2020 at 11:56 PM Michel Alexandre Salim
wrote:
>
> Apr 16, 2020 18:02:33 Demi M. Obenour :
>
> >
> > Finally, some packages should have all updates considered as security
> > updates. This includes anything based on a web browser (Firefox,
> > Thunderbird, SeaMonkey, Chromium, we
On Fri, Apr 17, 2020 at 12:11 pm, Gerald Henriksen
wrote:
At least a recent Firefox update was to fix 2 issues that were
reported as being already exploited in the real world.
Probably on Windows.
___
devel mailing list -- devel@lists.fedoraproject.
On Thu, 16 Apr 2020 18:14:29 -0700, you wrote:
>On Fri, 2020-04-17 at 01:01 +, Demi M. Obenour wrote:
>> Currently, security updates can take days to get to users. In
>> particular, Firefox and Thunderbird often take a day or more, even
>> though virtually every single update contains securit
On Fri, Apr 17, 2020 at 01:01:52AM -, Demi M. Obenour wrote:
> We need to ensure that security updates reach stable within hours of an
> upstream advisory.
Technically, we can create a critical security repository that will be
composed and published on every new package build. But since rsync
On Fri, 17 Apr 2020 06:55:10 +0200, Michel Alexandre Salim wrote:
> For kernel updates this is probably not a good idea. Given that updates
> potentially introduce regressions, being able to distinguish updates with
> known CVEs that we do need to roll out immediately, versus other updates we
> can
Apr 16, 2020 18:02:33 Demi M. Obenour :
>
> Finally, some packages should have all updates considered as security
> updates. This includes anything based on a web browser (Firefox, Thunderbird,
> SeaMonkey, Chromium, webkit2gtk, etc), as well the Linux kernel itself.
> Virtually every update of
On Fri, Apr 17, 2020 at 1:01 am, Demi M. Obenour
wrote:
Finally, some packages should have all updates considered as security
updates. This includes anything based on a web browser (Firefox,
Thunderbird, SeaMonkey, Chromium, webkit2gtk, etc), as well the Linux
kernel itself. Virtually every
On Fri, 2020-04-17 at 01:01 +, Demi M. Obenour wrote:
> Currently, security updates can take days to get to users. In
> particular, Firefox and Thunderbird often take a day or more, even
> though virtually every single update contains security fixes.
>
> We need to ensure that security update
15 matches
Mail list logo
