[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Reassurance

On Mon, Oct 21, 2002 at 04:57:52PM -0700, Jeremy C. Reed wrote:
> On Mon, 21 Oct 2002, Joel Baker wrote:
> > Most of them are in userland which is already provided by Debian in other
> > packages, and as such, I do not build them from NetBSD sources.
> Hopefully, the Debian sources are updated.
> A quick look at http://www.debian.org/security/2002/ does not indicate
> sendmail/smrsh or groff/pic. (It also doesn't mention ntalkd, but I
> believe NetBSD's ntalk is different than Debian's netkit-ntalk.)

On that, I could not comment, I'm afraid - but the Security Team generally
does keep an eye on Bugtraq, as far as I know, and other similar lists, and
try to check anything new that comes out and applies.

Keep in mind that Debian often either has never run the problem version
(the maintainer never packaged it, it's too new and only appeared in sid
and wasn't a major hole - note that the PAM problem for sid was a *very*
unusual situation, usually things in sid aren't announced) - and sometimes,
Debian has patches that make the problem code irrelevant (though this seems
to be rarer).

If in doubt, of course, one can always ask the maintainer...
Joel Baker                           System Administrator - lightbearer.com
lucifer@lightbearer.com              http://users.lightbearer.com/lucifer/

Attachment: pgpf482KP1FUx.pgp
Description: PGP signature

Reply to: