[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian servers "hacked"?

On Wed, Nov 26, 2003 at 02:51:25PM -0500, George Georgalis wrote:

> I've posted 3 or 4 messages re the changes and compromise, from these
> I really only want to raise one point: 
>   Is there a list of what has been validated and/or restored at
>   debian? If so I see no reason to withhold it for a final report, and
>   good reason to have it live, throughout the process. It would enable
>   undertaking of realtime debian system threat analysis based on the
>   trust established with debian last week verses after the compromise.

I have no reason to believe that information is being witheld.

> That aside, I still wonder if we are talking about the same thing.  It
> turns out about 160 packages where posted on
> debian-changes@lists.debian.org Nov 19. According to the change logs they
> don't appear as normal bugfixes, but many are like "kernel-source-2.4.17
> (2.4.17-1woody1) stable-security; urgency=high" which includes at least
> one user to root vulnerability. Maybe I'm missing something, but I don't
> see any indication these changes don't effect current installs but are
> only relevant to r2. (not sure what the difference would be either)

3.0r2, like other point releases, includes all of the security fixes
released for 3.0r1.  None of those packages are new; they are all from
security.debian.org and correspnod to security advisories released since

 - mdz

Reply to: