[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[no subject]



Hello,

> > Wed Aug 21 13:10:46 1996  Guy Maor  <maor@ece.utexas.edu>
> > (Debian 1.1.6)
> > o Added mount 2.5l-1
> >   Fixes major security hole.
> 
> It seems to me that Bernd Eckenfels did not known about the mount security
> hole.

Sure I did, thats why I told the user to upgrade. I had never a suid mount
on my system. (oh.. I know, not important, but I have to watch my reputation
here :)

Anyway:

> As I know, the unique place where you can know that there are some
> packages that MUST be updated due to security holes are linux-security,
> perhaps linux-alert (but I do not sign it), and debian-users.

We tried to get an annoucement about security bugs together for
debian-announce (for the lpr bug, for example), but the problem with this
is, that the persons who have time to write an alert usually dont know what
neeeds to be put into the alert, and the ppl who know about the whole dont
have the time to write something. Anyway.. you will see all security FAQ
updates concerning debian crossmailed to debian-announce. Mailing the Log
with security upgrades to the stable tree will be a good idea, too. We
should to that for rex.

> about security-hole updated packages in  debian-announce.

Yes, we talked about this already.

Greetings
Bernd
--
  (OO)      -- Bernd_Eckenfels@Wittumstrasse13.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +4972573817  BE5-RIPE
(O____O)       If privacy is outlawed only Outlaws have privacy


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com


Reply to: