Re: Is Debian affected by the recent MySQL sql/password.c flow?
On Mon, June 11, 2012 20:11, Thomas Goirand wrote:
> On 06/12/2012 01:52 AM, Aron Xu wrote:
>> IMHO I suggest to talk with Security Team before disclosing
>> information that might be sensitive in the mean time on a Debian
>> development mailing list.
> Could you explain to me what exactly I'm disclosing?
> The news is already on slashdot and so on, and I think
> it'd be better to know, as hackers will.
As usual, the appropriate discussion venue for specific public security
issues is a bug against the package tagged security, in this case 677018.
Vulnerability information for the various current distributions can also
be found in the Security Tracker. I don't think there is a need to move
these fora to debian-devel.