Re: DSA 438 - bad server time, bad kernel version or information delayed?

To: Jan Lühr <jluehr@gmx.net>
Cc: debian-security@lists.debian.org
Subject: Re: DSA 438 - bad server time, bad kernel version or information delayed?
From: Florian Weimer <fw@deneb.enyo.de>
Date: Wed, 18 Feb 2004 21:17:13 +0100
Message-id: <[🔎] 20040218201713.GA4715@deneb.enyo.de>
In-reply-to: <[🔎] 200402181954.53985.jluehr@gmx.net>
References: <m1AtTe6-000pqXC@finlandia.Infodrom.North.DE> <[🔎] 20040218165906.GB14615@virus.home> <[🔎] 20040218180625.GA31401@steve.org.uk> <[🔎] 200402181954.53985.jluehr@gmx.net>

Jan Lühr wrote:

> Does this mean, that a well known exploit was kept back for nearly three 
> weeks, just because some odd vendors were unable to build there kernels in 
> time?

Yes, this is the norm.  Debian hides security bugs from its users for
extended periods of time.

Reply to:

Follow-Ups:
- Re: DSA 438 - bad server time, bad kernel version or information delayed?
  - From: Noah Meyerhans <noahm@debian.org>
- Re: DSA 438 - bad server time, bad kernel version or information delayed?
  - From: Otavio Salvador <otavio@debian.org>
- Re: DSA 438 - bad server time, bad kernel version or information delayed?
  - From: Michael Stone <mstone@debian.org>

References:
- DSA 438 - bad server time, bad kernel version or information delayed?
  - From: Jean Christophe ANDRÉ <jean-christophe.andre@auf.org>
- Re: DSA 438 - bad server time, bad kernel version or information delayed?
  - From: Steve Kemp <skx@debian.org>
- Re: DSA 438 - bad server time, bad kernel version or information delayed?
  - From: Jan Lühr <jluehr@gmx.net>

Prev by Date: Re: DSA 438 - bad server time, bad kernel version or information delayed?
Next by Date: Re: DSA 438 - bad server time, bad kernel version or information delayed?
Previous by thread: Re: DSA 438 - bad server time, bad kernel version or information delayed?
Next by thread: Re: DSA 438 - bad server time, bad kernel version or information delayed?
Index(es):
- Date
- Thread