[CentOS-devel] yum-plugin-security and shellshock
Karanbir Singh
mail-lists at karan.org
Thu Oct 2 17:31:06 UTC 2014
On 10/02/2014 06:00 PM, Pat Riehecky wrote:
> We were fully aware of which versions of openssl contained CVE-2014-0160
> and which SL versions contained the vulnerability.
excellent, but you completely missed the point where all of SL installs
were potentially at risk, with no way to factor back or check any state
since there is no CVE validation being done.
or are you doing cve validations and testing expoits actively now ?
--
Karanbir Singh
+44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh
GnuPG Key : http://www.karan.org/publickey.asc
More information about the CentOS-devel
mailing list