Re: what's up with security?
On Wed, May 24, 2000 at 11:27:24PM -0700 , Joey Hess wrote:
> - New version of lynx, 2.8.3pre.5, appears to have actually been
in frozen/unstable there is 2.8.3 (and -ssl version)
> audited now, and has security fixes, though there are no details of
> them. Debian seems to have an older version.
packages in frozen seem to have been updated this year.
> - A temp file race in openldap. I can't seem to find anything clear
> about what version it is fixed in, so I don't know if we are
> vulnerable.
openldap (1:1.2.10-3) frozen unstable; urgency=low
* Fix all /tmp races (bad bad bad) per RHAT advisory
-- Ben Collins <bcollins@debian.org> Fri, 21 Apr 2000 20:15:52 -0400
> I have already filed bugs on netscape, qpopper, and gnapster.)
qpopper is safe IIRC recent discusion. or the fix shold be installed yesterday
qpopper (2.53-4) frozen unstable; urgency=high
* Fix security hole (fixes: #63730). Did not use the patch as supplied
on bugtraq, but fixed it myself. See debian/fgets1023.patch
[snip]
-- Miquel van Smoorenburg <miquels@cistron.nl> Sun, 14 May 2000 13:11:43 +0200
Should this go to slink also?
Petr Cech
--
Debian GNU/Linux maintainer - www.debian.{org,cz}
cech@atrey.karlin.mff.cuni.cz
Resistance is futile. You all will be packaged
Reply to: