[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: su vulnerability

On Mon, Oct 09, 2000 at 05:16:20AM -0800, Ethan Benson wrote:
> On Mon, Oct 09, 2000 at 03:04:35PM +0200, Javier Fernandez-Sanguino Peña wrote:
> > 
> > 	One thing I wonder is why does not Debian issue advisories to popular mailing
> > lists (linux-security on securityportal and bugtrack on securityfocus comes to
> they do post announcments to BugTraq, at least every advisory i get
> from debian-security-announce is cross posted to BugTraq too.
> > mind). Also, I do not see this posted at security.debian.org
> > 	I am currently maintaining my status as Debian maintainer but starting to move
> > my focus towards security (I finished my life as student and working now on a
> > security related company). 
> > 	So, I'm willing to help the security team in posting these announcements (both
> > on web and on security lists). It seems that some hands might be needed :)
> > 	I  have another proyect in mind, but will send it later on...
> i am a bit curious about the recent traceroute bug, (traceroute -g 1
> -g 1 segfaults) pretty much every other major dist has released an
> advisory and update for this, but debian appears not to have (unless i
> missed it).  a fixed traceroute package does exist in proposed-updates
> however.  (its been there for awhile now) same thing with tmpreaper
> (aka tmpwatch) (even though thats only a DoS solved easily by disk
> file quotas)

I'll say this for the fifth time this week...

We are backlogged.  There aren't very many of us, and we have over half
a dozen half-written advisories.  They will be going out soon.

I posted on bugtraq that the vulnerability had been fixed in debian,
informally, I believe.


/--------------------------------\  /--------------------------------\
|       Daniel Jacobowitz        |__|        SCS Class of 2002       |
|   Debian GNU/Linux Developer    __    Carnegie Mellon University   |
|         dan@debian.org         |  |       dmj+@andrew.cmu.edu      |
\--------------------------------/  \--------------------------------/

Reply to: