Re: Python rexec and Bastion flaws

To: debian-python@lists.debian.org, security@debian.org
Subject: Re: Python rexec and Bastion flaws
From: Bastian Kleineidam <calvin@debian.org>
Date: Thu, 23 Jan 2003 17:35:26 +0100
Message-id: <20030123163526.GA745@treasure>
Mail-followup-to: debian-python@lists.debian.org, security@debian.org
In-reply-to: <20030121064710.GS3088@finlandia.Infodrom.North.DE>
References: <20030120211015.GD12749@treasure> <20030121064710.GS3088@finlandia.Infodrom.North.DE>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, Jan 21, 2003 at 07:47:11AM +0100, Martin Schulze wrote:
> > I suggest to disable the above two modules in python2.2 (which is in
> > woody), even if existing applications can break. What do you think?
> 
> I'd rather know about the vulnerability (and maybe doko is able to
> implement a fix) than to blindly castrate software.  Theo d.R. already
> taught us that blindly releasing updates are not good.

Yup, ok. I will see if I can identify packages using rexec or Bastion
and provide patches for them instead of disabling modules.

Cheers, Bastian

- -- 
     Bastian Kleineidam

 Atombombe · Plutonium · Fat Man · Do it Yourself · Tim Taylor
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+MBnOeBwlBDLsbz4RAvkdAKDJwrV2OBbeoaO4jkKYNlsCfPapeQCeMa/x
KjqJsBk60KpWPQ2GL/nstRI=
=DgqG
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: Python rexec and Bastion flaws
  - From: Martin Schulze <joey@infodrom.org>

References:
- Python rexec and Bastion flaws
  - From: Bastian Kleineidam <calvin@debian.org>
- Re: Python rexec and Bastion flaws
  - From: Martin Schulze <joey@infodrom.org>

Prev by Date: Mentor needed for python-opengl2
Next by Date: Re: Python rexec and Bastion flaws
Previous by thread: Re: Python rexec and Bastion flaws
Next by thread: Re: Python rexec and Bastion flaws
Index(es):
- Date
- Thread