Böck: Multiple vulnerabilities in RPM – and a rant
Böck: Multiple vulnerabilities in RPM – and a rant
[Security] Posted Aug 29, 2016 12:29 UTC (Mon) by corbet
Hanno Böck performed some fuzz testing on the dpkg and RPM package managers
and reported the results; it seems that one
of the projects has been rather more responsive than the other in
fixing these issues. "The development process of RPM seems to be
totally chaotic, it's neither clear where one reports bugs nor where one
gets the latest code and security bugs don't get fixed within a reasonable
time. There's been some recent events that make me feel especially worried
about this...
" It seems that some of the maintenance issues with
RPM may not have improved greatly since they were reported here ten years ago.