mirror of
https://github.com/PrivSec-dev/privsec.dev
synced 2025-02-20 18:31:35 -05:00
6e834f30a9
The Release Cycle section shows how the classic patching process of distributions isn't always effective, and can even introduce additional bugs and vulnerabilities non present in the upstream project. The two linked examples, though, are not that insightful; the first one links to a double free caused by an erroneous bugfix backport, while the second shows a simple crash, but caused by a patch not relevant to the backport of patches but wrote by a Debian developer trying to port the library to another kernel. In short, the second linked bug has little to do with the issue described in the guide. This small patch replaces the aforementioned Firefox bug report with the Debian Security Advisory 1571 (DSA-1571), describing a serious bug introduced in the OpenSSL crypto library by an incautious backport of a security fix, only present in Debian's OpenSSL package. In my opinion, it gives to the reader a clearer idea of what a partial backport can cause. Signed-off-by: Andrea Pappacoda <andrea@pappacoda.it> |
||
|---|---|---|
| .. | ||
| apps | ||
| knowledge | ||
| os | ||
| providers | ||
| about.md | ||
| code.md | ||
| donate.md | ||
| privacy.md | ||
| search.md | ||