Finally released 12
security advisaries at once. Of course I made a few
typos, and lots of grammer errors. That's what I get to try
to rush the announcement to meet a self imposed
deadline...
Hopefully the code updates don't have any such problems.
I have to say again, auditing code isn't fun at all. And
it's amazing the kind of response that you get when you
point out a potential security problem in people's code to
them. The responses were grouped:
- no response at all. I'm amazed that the apache group
fell in this category.
- rudeness that there could be anything wrong in their
code. Now in defense of the author of links, he was right,
there is nothing wrong with links, but the other people that
really did have problems had a hard time accepting it.
- very helpful in fixing the problem, and learning about
how to prevent things like this from happening again. The
author of mgetty is in this category. Great response. Very
nice to see.
Unfortunatly, the rudeness category had the most people
:(
Off to the "simple" world of the kernel, that's enough
security stuff for a few days...