Motu application for Emanuele Gentili (emgent)
Emanuele Gentili
emgent at ubuntu.com
Wed Jul 9 14:49:28 BST 2008
Michael Bienia ha scritto:
Hello Michael and thanks for your reply.
> As security updates for stable are uploaded through the security team
> and upload right don't help much here (at least for now) my questions
> are about security updates for the development version:
>
> What work is needed there besides pulling the fixes from Debian
> unstable?
>
Not only from Debian Unstable.
We use track vulnerabilities via CVE [1], and we use analyse it and
write a patch and then talk with upstream for this. If upstream release
patch firt we use test official patch and apply it.
> Do you work with the Debian maintainer on security fixes which aren't
> yet in Debian (to keep the delta small)?
>
Not always, Debian security team is very restricted, but i usually talk
with DS people on OFTC.
> How do you keep track which packages need fixing in the development
> version?
>
Ubuntu CVE Tracker [2] and rmadison are our friends.
Also I use audit software and if found bug, I use propose a fix and talk
with upstream. [3]
> Regards
> Michael
>
Cheers,
[1] http://cve.mitre.org/
http://nvd.nist.gov/
[2] https://launchpad.net/ubuntu-cve-tracker
[3] https://launchpad.net/~ubuntu-whitehat
https://wiki.ubuntu.com/UbuntuPentest
https://wiki.ubuntu.com/UbuntuPentest/GuidelinesDraft
Emanuele
--
Emanuele Gentili | Ubuntu Security Team
emgent at ubuntu.com | https://edge.launchpad.net/~emgent
Key fingerprint: 2D40 5E33 506F 5609 FFCC 215B 10BA 2D1E A667 67F3
gpg --keyserver keyserver.ubuntu.com --recv-keys A66767F3
More information about the Motu-council
mailing list