Nothing that surprises me...
I believe it is preety normal that it is the largest packages to have
the most bugs. I'm convinced that the more code you have the more
likely it is to have a bug in it.
Other than that when we talk about security, an exposed application
(like ethereal or the kernel or squid or krb5 or httpd or php or
mozilla... ) is more likely to have bugs that are (correctly)
classified security issues.
I do not think a buffer overflow in a KEdit's dialog would be
considered a security threat as critical as the same bug in an
ethereal dissector that can be invoked via IP.
L.
On 10/26/05, Gilbert Ramirez <gram@xxxxxxxxxxxxxxx> wrote:
> This is both a good and bad statistic.
>
> Bad in that we have so many bugs.
>
> Good in that we used to have more bugs, but they went unnoticed. Now
> we have a system in place that actively looks for bugs by feeding
> ethereal strange data to see what happens.
>
> So, it's good the bugs are finally being found.
>
> --gilbert
>
> On 10/26/05, Radek Vokál <rvokal@xxxxxxxxxx> wrote:
> > 9% of vulnerabilities across all RHEL are in ethereal ..
> >
> > http://www.advogato.org/person/mjcox/diary.html?start=141
> >
> >
> > --
> > Radek Vokál <rvokal@xxxxxxxxxx>
> >
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.2 (GNU/Linux)
> >
> > iD8DBQBDX38NpPtjDwJDWJMRAuivAKCnP+X27bPYv4Y9fI1Nxjs2Dg1aTACgkMaQ
> > JwSN8eXS54y6dZfTVsAWfZc=
> > =a3jq
> > -----END PGP SIGNATURE-----
> >
> >
> > _______________________________________________
> > Ethereal-dev mailing list
> > Ethereal-dev@xxxxxxxxxxxx
> > http://www.ethereal.com/mailman/listinfo/ethereal-dev
> >
> >
> >
>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan