On Sun, Nov 11, 2001 at 03:54:40PM +0100, Wichert Akkerman wrote:
> Previously Bernd Eckenfels wrote:
> > just a small information, I have at least 2 confirmed reports about Hacked
> > Debian Boxes. All of them are hacked by exploiting the old nonfree-ssh and
> > installing a rootkit. Fortunatelly the rootkit is easy to detect, since it
> > is linked against libc5.
> Non-free, not part of Debian, etc. etc.
ajt@pandora:~$ du -s /org/security.debian.org/ftp/dists/potato/updates/non-free
92916 /org/security.debian.org/ftp/dists/potato/updates/non-free
Certainly seems like we've been doing security advisories for it in
the past. If this policy's changed, it'd be at least courteous to tell
people who might be using software from either contrib or non-free that
they'd better start taking care of monitoring the various security news
sites themselves for vulnerabilities, because Debian's not going to
bother anymore.
Cheers,
aj
--
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.
"Security here. Yes, maam. Yes. Groucho glasses. Yes, we're on it.
C'mon, guys. Somebody gave an aardvark a nose-cut: somebody who
can't deal with deconstructionist humor. Code Blue."
-- Mike Hoye,
see http://azure.humbug.org.au/~aj/armadillos.txt
Attachment:
pgpqlR25fgpQX.pgp
Description: PGP signature