[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 431-1] New perl packages fix information leak in suidperl

On Sun, Feb 01, 2004 at 12:18:07PM +0100, Arthur de Jong wrote:

> > - --------------------------------------------------------------------------
> > Debian Security Advisory DSA 431-1                     security@debian.org
> > http://www.debian.org/security/                             Matt Zimmerman
> > February 1st, 2004                      http://www.debian.org/security/faq
> > - --------------------------------------------------------------------------
> I don't mean to be paranoid but this advisory is dated February 1st, 2004
> but the new changelog entries are both dated 11 Sep 2003 and the deb file
> for i386 I got has a timestamp of Sep 12. Furthermore judging from
> timestamps on [1] other architectures seem to have similar build dates.
> Did it really take that long to coordinate this DSA or do all build
> daemons have a problem with their clocks? Not that it really matters for
> this DSA as it is a minor problem that should not affect that many people,
> just being curious.

Yes, the packages were built a long time ago.  I was waiting for some
additional problems to be fixed, but the advisory had to be released in
order to fix a problem with the postgresql update (which had picked up a
dependency on this unreleased version).

 - mdz

Reply to: