Re: su vulnerability
On Mon, Oct 09, 2000 at 05:16:20AM -0800, Ethan Benson wrote:
> On Mon, Oct 09, 2000 at 03:04:35PM +0200, Javier Fernandez-Sanguino Peña wrote:
> >
> > One thing I wonder is why does not Debian issue advisories to popular mailing
> > lists (linux-security on securityportal and bugtrack on securityfocus comes to
>
> they do post announcments to BugTraq, at least every advisory i get
> from debian-security-announce is cross posted to BugTraq too.
>
> > mind). Also, I do not see this posted at security.debian.org
> > I am currently maintaining my status as Debian maintainer but starting to move
> > my focus towards security (I finished my life as student and working now on a
> > security related company).
> > So, I'm willing to help the security team in posting these announcements (both
> > on web and on security lists). It seems that some hands might be needed :)
> > I have another proyect in mind, but will send it later on...
>
> i am a bit curious about the recent traceroute bug, (traceroute -g 1
> -g 1 segfaults) pretty much every other major dist has released an
> advisory and update for this, but debian appears not to have (unless i
> missed it). a fixed traceroute package does exist in proposed-updates
> however. (its been there for awhile now) same thing with tmpreaper
> (aka tmpwatch) (even though thats only a DoS solved easily by disk
> file quotas)
I'll say this for the fifth time this week...
We are backlogged. There aren't very many of us, and we have over half
a dozen half-written advisories. They will be going out soon.
I posted on bugtraq that the vulnerability had been fixed in debian,
informally, I believe.
Dan
/--------------------------------\ /--------------------------------\
| Daniel Jacobowitz |__| SCS Class of 2002 |
| Debian GNU/Linux Developer __ Carnegie Mellon University |
| dan@debian.org | | dmj+@andrew.cmu.edu |
\--------------------------------/ \--------------------------------/
Reply to: