[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian glibc security update

Oh, one other thing:

"Format string vulnerability in groff.

A format string problem exists in groff; apparently it could be remotely
exploited when it is configured to be used with the lpd printing system. (First
LWN report: August 16, 2001).

The stable release of Debian is not vulnerable.

New updates:

Red Hat (January 14, 2002)

 Previous updates:

Conectiva (October 2, 2001)
Debian (August 10, 2001)
Progeny (August 16, 2001)"

I don't know what this works out using LWN's New Math, but by my subjective
reckoning the spam from August 10th, 2001, to January 14th, 2002, is about 5
months.  This is for a package that is on every GNU/Linux system where one can
read manual pages.  You can argue all you want about relative impact of
the glibc globbing vulnerability and this groff format string
vulnerability -- and if you want to, I understand there's some
interesting information about the real-world vulnerability of glibc.

But on an apples-to-apples basis, I would think Red Hat deserves a
little equal time in the getting-shit-on-by-LWN's-editorial-staff
department.  I'm sure you disagree.  :)

Since when did the sort of slashdot-editoresque armchair commentary
become the norm in LWN?  It seems to have started creeping into the
daily updates over the past couple of weeks, and is now appearing in the
weekly edition.  LWN used to be very objective and vendor-neutral when
it came to Linux distributions.  Is that a thing of the past?  Failing
to catch an error like "December 14th + 2 months = before press time"
seems like the sort of thing that happens when you're hyped up into a
hysterical frenzy.  Too bad you expire the old daily updates.  Your
initial article on the glibc security update was even less charitable
than the one in this week's issue.

G. Branden Robinson                |     Exercise your freedom of religion.
Debian GNU/Linux                   |     Set fire to a church of your
branden@deadbeast.net              |     choice.
http://www.deadbeast.net/~branden/ |

Attachment: pgpVVMxLZgRyU.pgp
Description: PGP signature

Reply to: