Your message dated Mon, 14 Apr 2008 23:28:52 -0400
with message-id <[EMAIL PROTECTED]>
and subject line netkit-base has been removed from Debian, closing #294455
has caused the Debian Bug report #294455,
regarding Information leakage in ping utility.
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
294455: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=294455
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: netkit-base
Around line 609 of ping.c the following comment can be found:
pinger -- Compose and transmit an ICMP ECHO REQUEST packet. The IP
packet will be added on by the kernel. The ID field is our UNIX
process ID,
Then around line 422:
ident = getpid() & 0xFFFF;
Not that I am terribly bothered by this personally, but I'd imagine
there are a few paranoid people out there that would be. In this day and
age, can you blame them? :)
If you lack the time to find a replacement source for 'ident', then
please let me know and I will spend some time on it.
If you don't see this as a bug, can you at least notify upstream of it
anyway. This is the sort of thing that does no damage but ends up in
some future time the subject of a security advisory which will get
counted as part of the stats in Microsoft's marketing material. :)
Thanks,
David.
--
Making the simple complicated is commonplace; making the complicated
simple, awesomely simple, that's creativity.
-- Charles Mingus (1922-1979), Musician and composer
--- End Message ---
--- Begin Message ---
Version: 0.10-10.3+rm
The netkit-base package has been removed from Debian testing, unstable and
experimental, so I am now closing the bugs that were still opened
against it.
For more information about this package's removal, read
http://bugs.debian.org/383960 . That bug might give the reasons why
this package was removed, and suggestions of possible replacements.
Don't hesitate to reply to this mail if you have any question.
Thank you for your contribution to Debian.
Barry deFreese
--- End Message ---
