[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: su vulnerability



On Mon, Oct 09, 2000 at 03:04:35PM +0200, Javier Fernandez-Sanguino Peña wrote:
> 
> 	One thing I wonder is why does not Debian issue advisories to popular mailing
> lists (linux-security on securityportal and bugtrack on securityfocus comes to

they do post announcments to BugTraq, at least every advisory i get
from debian-security-announce is cross posted to BugTraq too.

> mind). Also, I do not see this posted at security.debian.org
> 	I am currently maintaining my status as Debian maintainer but starting to move
> my focus towards security (I finished my life as student and working now on a
> security related company). 
> 	So, I'm willing to help the security team in posting these announcements (both
> on web and on security lists). It seems that some hands might be needed :)
> 	I  have another proyect in mind, but will send it later on...

i am a bit curious about the recent traceroute bug, (traceroute -g 1
-g 1 segfaults) pretty much every other major dist has released an
advisory and update for this, but debian appears not to have (unless i
missed it).  a fixed traceroute package does exist in proposed-updates
however.  (its been there for awhile now) same thing with tmpreaper
(aka tmpwatch) (even though thats only a DoS solved easily by disk
file quotas)

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgpFA7JfQYHZl.pgp
Description: PGP signature


Reply to: