Re: [SECURITY] [DSA 431-1] New perl packages fix information leak in suidperl
On Sun, Feb 01, 2004 at 12:18:07PM +0100, Arthur de Jong wrote:
>
> > - --------------------------------------------------------------------------
> > Debian Security Advisory DSA 431-1 security@debian.org
> > http://www.debian.org/security/ Matt Zimmerman
> > February 1st, 2004 http://www.debian.org/security/faq
> > - --------------------------------------------------------------------------
>
> I don't mean to be paranoid but this advisory is dated February 1st, 2004
> but the new changelog entries are both dated 11 Sep 2003 and the deb file
> for i386 I got has a timestamp of Sep 12. Furthermore judging from
> timestamps on [1] other architectures seem to have similar build dates.
>
> Did it really take that long to coordinate this DSA or do all build
> daemons have a problem with their clocks? Not that it really matters for
> this DSA as it is a minor problem that should not affect that many people,
> just being curious.
Yes, the packages were built a long time ago. I was waiting for some
additional problems to be fixed, but the advisory had to be released in
order to fix a problem with the postgresql update (which had picked up a
dependency on this unreleased version).
--
- mdz
Reply to: