[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: what's up with security?

On Wed, May 24, 2000 at 11:27:24PM -0700 , Joey Hess wrote:
> - New version of lynx, 2.8.3pre.5, appears to have actually been

in frozen/unstable there is 2.8.3 (and -ssl version)

>   audited now, and has security fixes, though there are no details of
>   them. Debian seems to have an older version.
   packages in frozen seem to have been updated this year.
> - A temp file race in openldap. I can't seem to find anything clear
>   about what version it is fixed in, so I don't know if we are
>   vulnerable.

openldap (1:1.2.10-3) frozen unstable; urgency=low

  * Fix all /tmp races (bad bad bad) per RHAT advisory

 -- Ben Collins <bcollins@debian.org>  Fri, 21 Apr 2000 20:15:52 -0400

> I have already filed bugs on netscape, qpopper, and gnapster.)

qpopper is safe IIRC recent discusion. or the fix shold be installed yesterday

qpopper (2.53-4) frozen unstable; urgency=high

   * Fix security hole (fixes: #63730). Did not use the patch as supplied
     on bugtraq, but fixed it myself. See debian/fgets1023.patch
 -- Miquel van Smoorenburg <miquels@cistron.nl>  Sun, 14 May 2000 13:11:43 +0200

Should this go to slink also?
				Petr Cech
Debian GNU/Linux maintainer - www.debian.{org,cz}

Resistance is futile. You all will be packaged

Reply to: