[c-nsp] Cisco Security Advisory: Cisco IOS Software RSVP Vulnerability

Reuben Farrelly reuben-cisco-nsp at reub.net
Thu Sep 25 20:10:10 EDT 2014


Another similar change I've noticed recently in so far as release notes 
and details of changes go is this - release notes for 15.1(4)M9:

http://www.cisco.com/c/en/us/td/docs/ios/15_1/release/notes/15_1m_and_t/151-4MCAVS.html#pgfId-62747

"All resolved bugs for this release are available in the Cisco Bug 
Search Tool through the fixed bug search."

For that release the release notes just point to the Bug Search Tool on 
CCO.   Which for me I find an abominable tool in all browsers - it's 
slow, really kills performance on all other open browser windows as well 
and the Load Saved Search function is just unusable - it tries to 
emulate real menus but fails badly (things need to be double clicked to 
work, it doesn't work well if you have folders and bugs saved in any 
sort of hierarchy for example).

I hope that the pointing to BST for details at the expense of listed 
summaries is not a strategy that is going to be deployed across the 
board for other release notes.  There's a lot to be said for being able 
to quickly skim through the open P1 and P2 caveats of a new release in a 
plain HTML page.

<tongue-in-cheek>
It's probably a good candidate function/feature that could be replaced 
by another classy Java/JRE app on the CCO website ;)
</tongue-in-cheek>

Reuben


On 25/09/2014 11:18 PM, Clay Seaman-Kossmeyer (ckossmey) wrote:
>
> Hi Folks -
>
> We definitely appreciate the feedback and will put some thought into
> how we can satisfy this request.  Behind the scenes, we’ve moved to a
> very different infrastructure for compiling vulnerability information
> for each IOS release, which allows us to greatly improve our ability
> to show granular, real-time exposure vs. a 6-month static snapshot.
>
> The compromise that we always struggled with in the tables was the
> lack of release-level granularity, especially given the depth of
> branching in some (many) IOS trains.
>
> We’ll put our heads together and kick around some ideas for how we
> can provide some quick-reference, summary information, though it’s
> unlikely we’ll be able to do anything in short order for this
> bundle.
>
> Thanks again for the feedback.
>
> Clay
>
> On Sep 25, 2014, at 7:50 AM, Gert Doering <gert at greenie.muc.de>
> wrote:
>
>> Hi,
>>
>> On Thu, Sep 25, 2014 at 11:35:01AM +0200, Peter Rathlev wrote:
>>> IOS Software Checker is a nice tool, do keep it. But for the
>>> "helicopter view" the comprehensive list is a really great help.
>>
>> This! +1



More information about the cisco-nsp mailing list