On Mon May 27, 2002 at 06:18:38PM -0700, Ben Reser wrote: > > Actually, it's kinda funny. RedHat posted their updates which fix an > > RFC822 bug we were supposed to coordinate... but they referenced this > > other buffer overflow but it doesn't look like they included the patch > > (Caldera did, however). > > Probably what happened was they saw the Caldera advisory and went "Ohh > crap this wasn't cordinated we need to put it out." Looked at Caldera's > advisory, borrowed some of their description and spat it out. Not > realizing it was an entirely different issue.
That could very well be... It actually wouldn't surprise me. I did fire off an email to one of the guys at Red Hat that I talk with often and made a note of it to him, just in case he isn't aware. I might dislike Red Hat itself, but this is a little too serious to sit back and chuckle over. =) -- MandrakeSoft Security; http://www.mandrakesecure.net/ "lynx -source http://www.freezer-burn.org/bios/vdanen.gpg | gpg --import" 1024D/FE6F2AFD 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD Current Linux kernel 2.4.18-6.4mdk uptime: 4 days 8 hours 9 minutes.
msg64906/pgp00000.pgp
Description: PGP signature
