On Sun, Nov 11, 2001 at 03:54:40PM +0100, Wichert Akkerman wrote: > Previously Bernd Eckenfels wrote: > > just a small information, I have at least 2 confirmed reports about Hacked > > Debian Boxes. All of them are hacked by exploiting the old nonfree-ssh and > > installing a rootkit. Fortunatelly the rootkit is easy to detect, since it > > is linked against libc5. > Non-free, not part of Debian, etc. etc. ajt@pandora:~$ du -s /org/security.debian.org/ftp/dists/potato/updates/non-free 92916 /org/security.debian.org/ftp/dists/potato/updates/non-free Certainly seems like we've been doing security advisories for it in the past. If this policy's changed, it'd be at least courteous to tell people who might be using software from either contrib or non-free that they'd better start taking care of monitoring the various security news sites themselves for vulnerabilities, because Debian's not going to bother anymore. Cheers, aj -- Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/> I don't speak for anyone save myself. GPG signed mail preferred. "Security here. Yes, maam. Yes. Groucho glasses. Yes, we're on it. C'mon, guys. Somebody gave an aardvark a nose-cut: somebody who can't deal with deconstructionist humor. Code Blue." -- Mike Hoye, see http://azure.humbug.org.au/~aj/armadillos.txt
Attachment:
pgpqlR25fgpQX.pgp
Description: PGP signature