Re: [bulletproof.net.au #29025] [Comment] [SECURITY] [DSA 525-1] New apache packages fix buffer overflow in mod_proxy

On Monday, 2004-06-28 at 12:55:58 +1000, Lorenzo Modesto via RT wrote: ... whatever ... This e-mail and any attachments are confidential and may be legally privileged. Only the intended recipient may access or use it and no confidentiality or privilege is waived or lost by mistaken

Re: full disclosure, or not?

On Sat, Jun 26, 2004 at 09:55:01PM +0200, Horst Pflugstaedt wrote: what would be the alternative? The security team would have to annonce there's a possible security flaw in package XY, we're on it, but it may take some more days to fix it What's the worth of such announcements? Users

Re: Why not push to stable?

On Sat, Jun 26, 2004 at 02:55:28PM +0200, martin f krafft wrote: also sprach Andreas Barth [EMAIL PROTECTED] [2004.06.26.1452 +0200]: what's the problem with: deb mirror deb security.d.o In this case, the file is taken from the mirror if it exists already there, and otherwise from

Re: [bulletproof.net.au #29025] [Comment] [SECURITY] [DSA 525-1] New apache packages fix buffer overflow in mod_proxy

On Mon, Jun 28, 2004 at 12:55:58PM +1000, Lorenzo Modesto via RT wrote: If a customer is affected we have to announce. Send it through and I'll approve. You guys do realise your Request Tracker setup is replying all correspondence on tickets that are being gated into RT back to the