Re: [Fed-Talk] problem searching Apple's web site
Re: [Fed-Talk] problem searching Apple's web site
- Subject: Re: [Fed-Talk] problem searching Apple's web site
- From: Peter Link <email@hidden>
- Date: Mon, 7 Apr 2008 08:34:14 -0700
http://support.apple.com/kb/HT1241 This page lists information about
the security content of QT 7.4.5 including the CVE-2008-1013. I found
it by doing a general Google web search, not searching Apple's pages.
CVE-2008-1185 is only listed on sites pertaining to Sun's JRE so I'm
not sure about this one.
Apple has had a page dedicated to Security announcements but I always
have a hard time finding it. Try this page,
http://www.apple.com/support/security/, and subscribe to the
Security-Announce mailing list. Maybe it was this page,
http://support.apple.com/kb/HT1222, that I remember using. They
change it frequently so I keep having to try and find it.
At 11:13 AM -0400 4/7/08, Michael wrote:
Rather annoyed that I can't search Apple's site for CVE numbers.
For example, CVE-2008-1013 is listed in an email from Apple for QT
7.4.5, but I can't find it using that phrase on Apple's web site.
This is especially a pain because I need to check up on
CVE-2008-1185 among others but because of Apple's policy I can't
determine if OS X is:
1) not affected
2) under study
3) vulnerable
I know Apple's official response on this. Reality is that that
response means anything Apple has not released a patch for has to be
considered to be a vulnerability in OS X if any related products are
affected, in this case Sun's Java. This is how we treated SGI for
good reason and experience.
As far as I know CVE-2008-1185 only applies to OS X 10.3 which is an
unsupported product. And yes I can go to each desktop and laptop
and get their JRE numbers, but half of them are unavailable and
off-site.
And this only applies to this particular case. Next time it will be
something else.
Michael
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
--
Peter Link
Cyber Security Analyst
Cyber Security Program
Lawrence Livermore National Laboratory
PO Box 808, L-315
Livermore, CA 94550
email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden