[arch-security] Security-related ressources
Billy McCann
thebillywayne at gmail.com
Wed Mar 12 17:21:04 EDT 2014
Thanks, RbN.
I just posted a link to the wiki page. Parts of your email were
indispensable in its creation.
Again, many thanks.
BW
------------------------------------------[00(01|10)11]
-----------------------------------------
Billy Wayne McCann, Ph.D.
Google+ <https://plus.google.com/+BillyWayneMcCann>
PGP Key <http://pgp.mit.edu/pks/lookup?op=get&search=0x223A2CAA56146040>
irc://irc.freenode.net:bwayne
MzM0LTcwMy0wMTIyCg== | base64 -d
"A rich man will always desire what his wealth cannot acquire." ~ Faust
(Goethe)
------------------------------------------[11(10|01)00]-------
-----------------------------------
On Tue, Mar 11, 2014 at 3:56 PM, RbN <r.b.n at riseup.net> wrote:
> Hello,
>
> A message to give some hints and links to look more efficiently for
> security
> issues and CVE.
>
> Some mailing lists :
> * oss-sec
> main list dealing with security of free software, a lot of CVE
> attributions happen here, required if you wish to follow security
> news.
> * info:
> http://oss-security.openwall.org/wiki/mailing-lists/oss-security
> * subscribe: oss-security-subscribe(at)lists.openwall.com
> * archive: http://www.openwall.com/lists/oss-security/
> * bugtraq
> a full disclosure moderated mailing list (noisy)
> * info: http://www.securityfocus.com/archive/1/description
> * subscribe: bugtraq-subscribe(at)securityfocus.com
> * full-disclosure
> another full-disclosure mailing-list (noisy)
> * info: http://lists.grok.org.uk/full-disclosure-charter.html
> * subscribe: full-disclosure-request(at)lists.grok.org.uk
> You can also use some others : LibreOffice, X.org, Puppetlabs, ISC, etc.
>
> Resources of other distributions (to look for CVE, patch, comments etc.):
> *RedHat and Fedora:
> * rss advisories:
> https://admin.fedoraproject.org/updates/rss/rss2.0?type=security
> * CVE tracker: https://access.redhat.com/security/cve/<CVE-id>
> * bug tracker: https://bugzilla.redhat.com/show_bug.cgi?id=
> <CVE-id>
> Ubuntu:
> * advisories: http://www.ubuntu.com/usn/atom.xml
> * CVE tracker:
> http://people.canonical.com/~ubuntu-security/cve/?cve=<CVE-id>
> * database:
> https://code.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/master
> Debian:
> * CVE tracker: http://security-tracker.debian.org/tracker/<CVE-id>
> * patch-tracker: http://patch-tracker.debian.org/
> * database: http://anonscm.debian.org/viewvc/secure-testing/data/
> OpenSUSE:
> * CVE tracker: http://support.novell.com/security/cve/
> <CVE-id>.html
>
>
> Mitre and NVD links for CVE:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=<CVE-id>
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=<CVE-id>
> NVD and Mitre do not necessarily fill their CVE entry immediately after
> attribution, so it's not always relevant for us.
> The CVE-id and the "Date Entry Created" fields do not have particular
> meaning.
> CVE are attributed by CVE Numbering Authorities (CNA), and each CNA obtain
> CVE
> blocks from Mitre when needed/asked, so the CVE ID is not linked to the
> attribution date. The "Date Entry Created" field often only indicates when
> the
> CVE block was given to the CNA, nothing more.
>
> Linux Weekly News:
> LWN provides a daily notice of security updates for various distributions,
> sometimes very usefull: http://lwn.net/headlines/newrss
> This might be very handy to check if we miss something.
>
> If you need more, check the openwall wiki:
> http://oss-security.openwall.org/wiki/
>
>
> RbN
> _______________________________________________
> arch-security mailing list
> arch-security at archlinux.org
> https://mailman.archlinux.org/mailman/listinfo/arch-security
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.archlinux.org/pipermail/arch-security/attachments/20140312/30f3bdd0/attachment.html>
More information about the arch-security
mailing list