[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Some FC1 security advisories are still missing

Hash: SHA1

On Wednesday 19 May 2004 09:23, Bernd Bartmann wrote:

> It's nice to see that some of the missing FC1 security advisories were
> finally posted today:
> cvs-1.11.15-1
> neon-0.24.5-1
> mailman-2.1.4-1
> But again at least two advisories are still missing, although the
> updates are already available for some time:
> postfix-2.0.16-1
> tcpdump-3.7.2-8.fc1.2

I saw over on Full-disclosure that Stefan Esser released information on the 
bugs today, with, for example this for the CVS one:

Disclosure Timeline:

   02. May 2004 - CVS developers and vendor-sec were notified by email
                  Derek Robert Price replied nearly immediately that the
                  issue is fixed
   03. May 2004 - Pre-notification process of important repositories
                  was started
   11. May 2004 - Sourceforge discovered that the patch breaks
                  compatibility with some pserver protocol violating
                  versions of WinCVS/TortoiseCVS
   12. May 2004 - Pre-notified repositories were warned about this
                  problem with a more compatible patch.
   19. May 2004 - Coordinated Public Disclosure

It is likely then that the problems with postfix and tcpdump are currently 
being sat on until their "Coordinated Public Disclosure".

Me, if I see an official update is around, I jump on it, I'll find out why 
later ;-)

- -Andy

- -- 
Automatic actions for USB cameras, cardreaders, memory sticks, MP3 players
Version: GnuPG v1.2.4 (GNU/Linux)


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]