Böck: Multiple vulnerabilities in RPM – and a rant

Post Syndicated from corbet original http://lwn.net/Articles/698453/rss

Hanno Böck performed some fuzz testing on the dpkg and RPM package managers
and reported the results; it seems that one
of the projects has been rather more responsive than the other
fixing these issues. “The development process of RPM seems to be
totally chaotic, it’s neither clear where one reports bugs nor where one
gets the latest code and security bugs don’t get fixed within a reasonable
time. There’s been some recent events that make me feel especially worried
about this…
” It seems that some of the maintenance issues with
RPM may not have improved greatly since they were reported here ten years ago.