[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian security list (was Re: security)

lists@lina.inka.de (Bernd Eckenfels) writes:

> > /* Mount Exploit for Linux, Jul 30 1996


> whats your version of the mount package? Should be fixed long ago... (if it
> isnt another bug in mount):
> Wed Aug 21 13:10:46 1996  Guy Maor  <maor@ece.utexas.edu>
> (Debian 1.1.6)
> o Added mount 2.5l-1
>   Fixes major security hole.

It seems to me that Bernd Eckenfels did not known about the mount security
hole. As I know, the unique place where you can know that there are some
packages that MUST be updated due to security holes are linux-security,
perhaps linux-alert (but I do not sign it), and debian-users. The USENET
c.o.l.a too. RedHat normally warns about security holes in
redhat-announce-list and I think it is great.  IMO, debian-users is too much
noise to be the unique debian list to have this warning. 

My suggestion is that: either we create a debian-security-list or advice
about security-hole updated packages in  debian-announce. Furthermore, I
suggest that, during the installation, there is an advice that people subject
to security holes problems MUST sign this list. 

Alair Pereira do Lago  <alair@ime.usp.br> <http://www.ime.usp.br/~alair>
Computer Science Department -- Universidade de S~ao Paulo -- Brazil

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to: