View Issue Details

IDProjectCategoryView StatusLast Update
0000379administrationsecuritypublic2005-02-23 16:11
Reporterherrold 
PrioritylowSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
PlatformOtherOSotherOS Version
Product Versionunspecified 
Target VersionFixed in Version 
Summary0000379: retitled: security-watch exploder mailing list
DescriptionLance. Michael

It seems that there is no publicly available list which I cah find at Red Hat,
which mails ALL security errta, nor specific ones as to RHAS21 or RHEL3.

Could you please examine what you are recieving from them, and add a .procmailrc
header, to copy each to: security-caosity@owlriver.com

A general procmail ruleset might look like:

:0 cw
* ^Message-Id: \<.*redhat.com\>
* ^Subject: \[RHSA
      ! security-caosity@owlriver.com
TagsNo tags attached.

Activities

herrold

herrold

2004-02-08 15:30

reporter   ~0001276

Last edited: 1970-01-01 00:00

lance -- please scan this bug
lance@uklinux.net

lance@uklinux.net

2004-02-08 16:52

reporter   ~0001277

Last edited: 1970-01-01 00:00

http://www.redhat.com/mailman/listinfo/enterprise-watch-list

http://www.redhat.com/mailman/listinfo/redhat-watch-list

I also receive via bugtraq etc

actually I get redhat-watch via securityfocus ...

But I'm sure I get some direct - just cant find them ...

Should we have a security-watch mailing list and subscribe it to these, so we
get an archive of all the announcemnts in mailman ???
 

user7

2004-02-08 16:54

  ~0001278

Last edited: 1970-01-01 00:00

Personally, I'd like to see us have a security list which itself is subscribed
to the vendor-security, RHEL watch, etc. lists.

user7

2004-02-08 17:05

  ~0001279

Last edited: 1970-01-01 00:00

Unless you're not already on BUGTRAQ and the RH watch list, I wouldn't be much
help here. Hence why I think caos-security@caosity.org should be subscribed to
the aforementioned lists.
herrold

herrold

2004-02-08 18:37

reporter   ~0001280

Last edited: 1970-01-01 00:00

I have no problem with this, except that the monthly password mailers that occur
should not be archived. a procmail recipe can elide to some extent, but a
better solution might to make it a moderated list; set up as a hidden list, and
I'll go in and configure.

Also a webpage, describing the watched lists for 'security-watch' list is
probably in order.

user7

2004-02-08 18:40

  ~0001281

Last edited: 1970-01-01 00:00

IMHO, it shouldn't be archived at all, and should be closed, available only to
core developers with GPG-signed NDA's.
herrold

herrold

2004-02-08 18:48

reporter   ~0001282

Last edited: 1970-01-01 00:00

well, Security announcement bugs that cross public lists are by definition
public; the risk of incremental harm by public compiling announcements seems
slight [any elite cracker worth his salt already knows them; educating wannabes
is perhaps a good thing to avoid] ; limiting access to signed security NDA folks
is fine by me as well
herrold

herrold

2004-02-08 18:53

reporter   ~0001283

Last edited: 1970-01-01 00:00

hehe -- mebbe a closed list is a good idea:

Here is a partial quote form a post to Full Disclosure yesterday, for example
(courtesy of deleon@hushmail.com, full post at
http://lists.netsys.com/pipermail/full-disclosure/2004-February/016878.html) :

''...I discover it was a heap overflow and I even found how. The problem
is h323asn1.dll which ms004-04 patch, and microsoft tried to make this
hard to find by changing lost of fake things, but we have no problem
seeing the True Patch. Old function is sub_40fa6d, new is sub_40f627,
and patch checks a word to see that it is short enough. This word is
actually length of a string that follows (use ethereal to understand
packet) and it can be any length but a few kb is enough to overflow...''

Sort of like Neo being able to see the ebb and flow of information in the
Matrix, some guys spent so long in IDA that the binary is not so far from the
source for them....
lance@uklinux.net

lance@uklinux.net

2004-02-09 18:53

reporter   ~0001284

Last edited: 1970-01-01 00:00

I see no reason to hide this list - all posts are from public lists that anyone
can subscribe to - we are just compiling an archive for convenience.

user7

2004-02-09 19:05

  ~0001285

Last edited: 1970-01-01 00:00

Then we would need a separate list/alias for vendor-sec and other private lists,
CERT contacts, etc. Better to have just one.
herrold

herrold

2005-02-23 16:11

reporter   ~0001286

Last edited: 1970-01-01 00:00

long since overtaken by events - closing

Issue History

Date Modified Username Field Change
2004-02-08 15:30 herrold CC => lance@uklinux.net
2004-02-08 18:37 herrold Summary procmail help needed as to RHAS/RHEL security errata notifications => retitled: security-watch exploder mailing list
2005-02-23 16:11 herrold Status NEW => RESOLVED
2005-02-23 16:11 herrold Resolution => FIXED