[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: traceroute root exploit

On Wed, Oct 11, 2000 at 07:57:00PM -0400, Adam McKenna wrote:
> A root exploit for traceroute that was verified to work on potato was posted
> to bugtraq almost a week ago, yet no security bulletin has been published and
> the update has not yet been released for potato.  I've been told by a member
> of the security team that the update is sitting in proposed-updates, and has
> been for over a month.  What is holding up this update?

For reference, I believe this is the seventh or eighth email on this
topic I've sent in several days, including a few to this list...

We are backlogged.  I am busy with my classwork, as midterms approach,
but I'm trying to get advisories out as I can; Joey is unavailable;
Wichert and Michael Stone are both away for a few days, I think.  We're
trying.  Because I have said in several forums that the traceroute fix
was available, it was not high on my list of priorities.  It will be
done soon.

Dan

/--------------------------------\  /--------------------------------\
|       Daniel Jacobowitz        |__|        SCS Class of 2002       |
|   Debian GNU/Linux Developer    __    Carnegie Mellon University   |
|         dan@debian.org         |  |       dmj+@andrew.cmu.edu      |
\--------------------------------/  \--------------------------------/
Reply to: