[arch-security] Security-related ressources

Billy McCann thebillywayne at gmail.com
Wed Mar 12 17:21:04 EDT 2014


Thanks, RbN.

I just posted a link to the wiki page.  Parts of your email were
indispensable in its creation.

Again, many thanks.

BW

------------------------------------------[00(01|10)11]
-----------------------------------------

Billy Wayne McCann, Ph.D.
Google+ <https://plus.google.com/+BillyWayneMcCann>
PGP Key <http://pgp.mit.edu/pks/lookup?op=get&search=0x223A2CAA56146040>
irc://irc.freenode.net:bwayne

MzM0LTcwMy0wMTIyCg== | base64 -d

"A rich man will always desire what his wealth cannot acquire." ~ Faust
(Goethe)

------------------------------------------[11(10|01)00]-------
-----------------------------------


On Tue, Mar 11, 2014 at 3:56 PM, RbN <r.b.n at riseup.net> wrote:

> Hello,
>
> A message to give some hints and links to look more efficiently for
> security
> issues and CVE.
>
> Some mailing lists :
> * oss-sec
>         main list dealing with security of free software, a lot of CVE
>         attributions happen here, required if you wish to follow security
> news.
>         * info:
> http://oss-security.openwall.org/wiki/mailing-lists/oss-security
>         * subscribe: oss-security-subscribe(at)lists.openwall.com
>         * archive: http://www.openwall.com/lists/oss-security/
> * bugtraq
>         a full disclosure moderated mailing list (noisy)
>         * info: http://www.securityfocus.com/archive/1/description
>         * subscribe: bugtraq-subscribe(at)securityfocus.com
> * full-disclosure
>         another full-disclosure mailing-list (noisy)
>         * info: http://lists.grok.org.uk/full-disclosure-charter.html
>         * subscribe: full-disclosure-request(at)lists.grok.org.uk
> You can also use some others : LibreOffice, X.org, Puppetlabs, ISC, etc.
>
> Resources of other distributions (to look for CVE, patch, comments etc.):
> *RedHat and Fedora:
>         * rss advisories:
> https://admin.fedoraproject.org/updates/rss/rss2.0?type=security
>         * CVE tracker: https://access.redhat.com/security/cve/<CVE-id>
>         * bug tracker: https://bugzilla.redhat.com/show_bug.cgi?id=
> <CVE-id>
> Ubuntu:
>         * advisories: http://www.ubuntu.com/usn/atom.xml
>         * CVE tracker:
> http://people.canonical.com/~ubuntu-security/cve/?cve=<CVE-id>
>         * database:
> https://code.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/master
> Debian:
>         * CVE tracker: http://security-tracker.debian.org/tracker/<CVE-id>
>         * patch-tracker: http://patch-tracker.debian.org/
>         * database: http://anonscm.debian.org/viewvc/secure-testing/data/
> OpenSUSE:
>         * CVE tracker: http://support.novell.com/security/cve/
> <CVE-id>.html
>
>
> Mitre and NVD links for CVE:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=<CVE-id>
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=<CVE-id>
> NVD and Mitre do not necessarily fill their CVE entry immediately after
> attribution, so it's not always relevant for us.
> The CVE-id and the "Date Entry Created" fields do not have particular
> meaning.
> CVE are attributed by CVE Numbering Authorities (CNA), and each CNA obtain
> CVE
> blocks from Mitre when needed/asked, so the CVE ID is not linked to the
> attribution date. The "Date Entry Created" field often only indicates when
> the
> CVE block was given to the CNA, nothing more.
>
> Linux Weekly News:
> LWN provides a daily notice of security updates for various distributions,
> sometimes very usefull: http://lwn.net/headlines/newrss
> This might be very handy to check if we miss something.
>
> If you need more, check the openwall wiki:
> http://oss-security.openwall.org/wiki/
>
>
> RbN
> _______________________________________________
> arch-security mailing list
> arch-security at archlinux.org
> https://mailman.archlinux.org/mailman/listinfo/arch-security
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.archlinux.org/pipermail/arch-security/attachments/20140312/30f3bdd0/attachment.html>


More information about the arch-security mailing list