Debian security list (was Re: security)
lists@lina.inka.de (Bernd Eckenfels) writes:
> > /* Mount Exploit for Linux, Jul 30 1996
...
> whats your version of the mount package? Should be fixed long ago... (if it
> isnt another bug in mount):
>
> Wed Aug 21 13:10:46 1996 Guy Maor <maor@ece.utexas.edu>
> (Debian 1.1.6)
> o Added mount 2.5l-1
> Fixes major security hole.
It seems to me that Bernd Eckenfels did not known about the mount security
hole. As I know, the unique place where you can know that there are some
packages that MUST be updated due to security holes are linux-security,
perhaps linux-alert (but I do not sign it), and debian-users. The USENET
c.o.l.a too. RedHat normally warns about security holes in
redhat-announce-list and I think it is great. IMO, debian-users is too much
noise to be the unique debian list to have this warning.
My suggestion is that: either we create a debian-security-list or advice
about security-hole updated packages in debian-announce. Furthermore, I
suggest that, during the installation, there is an advice that people subject
to security holes problems MUST sign this list.
--
Alair Pereira do Lago <alair@ime.usp.br> <http://www.ime.usp.br/~alair>
Computer Science Department -- Universidade de S~ao Paulo -- Brazil
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: