On Wed Feb 27, 2002 at 07:21:49PM -0800, David Guntner wrote: > There doesn't seem to be a list or address to report things like this > directly to Mandrake. I'm posting this here in the hopes that one of the > Mandrake employees on the list will forward it to the appropriate people > within the company. > > http://security.e-matters.de/advisories/012002.html is the actual > announcement of the problem. The version of PHP that I've last gotten from > Mandrake is 4.0.6-5. The current release version is 4.1.2, and it's being > recommended that sites using PHP upgrade to that version, which closes the > exploit. There's a story about the problem at > http://news.cnet.com/2100-1001-847092.html that discusses the problem a > bit. > > If one of the employees who are on this list would forward this information > to the right people at Mandrake, it would be appreciated.
Actually, there is a list. You can report directly to me at [EMAIL PROTECTED] (or my normal email address), or you can post it to [EMAIL PROTECTED], or subscribe/post to [EMAIL PROTECTED] exploits@ is a moderated list for exploit material, "early warning" advisories, and such. discuss@ is the security discussion list. To subscribe visit http://www.mandrakesecure.net/en/mlist.php or email [EMAIL PROTECTED] If you're not interested in subscribing to any of the lists, feel free to send all security-related stuff directly to me at my [EMAIL PROTECTED] alias. Thanks. (Oh, and BTW, MDKSA-2002:017 was released Thursday to fix this.) -- MandrakeSoft Security; http://www.mandrakesecure.net/ "lynx -source http://www.freezer-burn.org/bios/vdanen.gpg | gpg --import" 1024D/FE6F2AFD 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD Current Linux kernel 2.4.8-34.1mdk uptime: 38 days 14 hours 25 minutes.
msg50464/pgp00000.pgp
Description: PGP signature
