On Fri, 2001-11-30 at 12:28, Volker Kuhlmann wrote: > > Many thanks Kerry for posting this. > > I'm not necessarily in favour of posting this sort of thing, but I'm > not complaining.
This is a Linux Users list is it not? I would have thought it was very on-topic post. > > > I already spotted the updated wu-ftpd early yesterday morning > > (from the RedHat updates) even before it became widely known. > > Wait a minute. Everyone running an ftp server to the public reads bugtraq, You assume too much. > right? It was announced there on Wed, therefore widely known on Wed = > 2 days ago. It was even more widely known on Thu, i.e. yesterday, because > that's when vendors informed their users. Well, SuSE did, I didn't check > the others. Yes it was announced on Wednesday due to a boo-boo by RedHat. The vulnerability was supposed to be announced on December 3 to allow the vendors to create a fix but RedHat accidently released it early. A lot of vendors were caught on the hop without immediate patches available. Since it is a very serious hole in a widely used package I thought it was a good idea to let those who were not yet aware of the problem know. Remember that wu-ftpd is commonly the default ftp server for Linux distros and many newbies may have it installed without realising. Don't alienate new users on this list by making elitist comments assuming that everyone should know this already. Kerry.
