On Sat 19 July 2003 15:20, Joerg Schilling wrote: > From [EMAIL PROTECTED] Fri Jul 18 18:22:22 2003 > > >> >http://www.securiteam.com/exploits/5ZP0C2AAAC.html > > > >So, what we have here is someone installing an old version with > > a=20 known vulnerability, writing an exploit for it, and > > bragging about=20 it. Either that or it took him 3 1/2 months > > more than J=F6rg to=20 figure out that there was indeed a > > vulnerability and he didn't=20 bother to check if it had been > > fixed before publishing his exploit. > > The only bad thing with this exploit is that SuSE did know about > the problem sice october but did not report it! > > So the missing will to cooperate from a commercial Linux > distributor prevented this bug from being removed before > cdrtrools-2.0 has been published.
Ehm, so you're saying that cdrtools-2.0 still has this vulnerability? Is there a patch for the stable version (cdrtools-2.00.3.tar.gz on the ftp site?) or should we all just run the latest alpha to avoid problems? Lourens -- GPG public key: http://home.student.utwente.nl/l.e.veen/lourens.key -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
