[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Is Debian affected by the recent MySQL sql/password.c flow?

On 06/12/2012 01:52 AM, Aron Xu wrote:
> IMHO I suggest to talk with Security Team before disclosing
> information that might be sensitive in the mean time on a Debian
> development mailing list.
>   
Could you explain to me what exactly I'm disclosing?
The news is already on slashdot and so on, and I think
it'd be better to know, as hackers will.

I made 10 000 connection attempts with a random pass
to one of my Squeeze server, and couldn't get in, so unless
I'm really unlucky (there's one chance out of 256), then
Debian is not vulnerable. I just wanted to be sure of it.

Cheers,

Thomas
Reply to: