On Mon, Oct 09, 2000 at 05:16:20AM -0800, Ethan Benson wrote: > On Mon, Oct 09, 2000 at 03:04:35PM +0200, Javier Fernandez-Sanguino Peña > wrote: > > > > One thing I wonder is why does not Debian issue advisories to popular > > mailing > > lists (linux-security on securityportal and bugtrack on securityfocus comes > > to > > they do post announcments to BugTraq, at least every advisory i get > from debian-security-announce is cross posted to BugTraq too. > > > mind). Also, I do not see this posted at security.debian.org > > I am currently maintaining my status as Debian maintainer but starting > > to move > > my focus towards security (I finished my life as student and working now on > > a > > security related company). > > So, I'm willing to help the security team in posting these > > announcements (both > > on web and on security lists). It seems that some hands might be needed :) > > I have another proyect in mind, but will send it later on... > > i am a bit curious about the recent traceroute bug, (traceroute -g 1 > -g 1 segfaults) pretty much every other major dist has released an > advisory and update for this, but debian appears not to have (unless i > missed it). a fixed traceroute package does exist in proposed-updates > however. (its been there for awhile now) same thing with tmpreaper > (aka tmpwatch) (even though thats only a DoS solved easily by disk > file quotas)
I'll say this for the fifth time this week... We are backlogged. There aren't very many of us, and we have over half a dozen half-written advisories. They will be going out soon. I posted on bugtraq that the vulnerability had been fixed in debian, informally, I believe. Dan /--------------------------------\ /--------------------------------\ | Daniel Jacobowitz |__| SCS Class of 2002 | | Debian GNU/Linux Developer __ Carnegie Mellon University | | [EMAIL PROTECTED] | | [EMAIL PROTECTED] | \--------------------------------/ \--------------------------------/
