-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 18 Dec 2002, Csongor Fagyal wrote:

> Michael She wrote:
>
> > It's bad for business : )
> > Maybe they're taking the MS route.
>
> I second this. These vulnerabilities are serious, they must be given
> more attention. Apache, PHP, RedHat and so on and so on are very careful
> with issues like this, all vulnerabilities/exploits are immediately
> published through all possible channels. Yes, it is always a pain to
> find out something like this, obviously the MySQL team just would like
> to forget this once and for all, but doing troublesome
> reinstalls/upgrades and so on is still better then getting our system
> hacked.

No, this is definately not the case. As I've written in a separate
message, we immediately reacted and released 3.23.54 to resolve this
issue. The security problem was clearly mentioned in the release
announcement that was posted to our announce mailing list:

http://lists.mysql.com/cgi-ez/ezmlm-cgi?2:mss:144:200212:cedhfgmdkobfodelamkh

But I fully agree - in this case the release announcement should have been
put up on the web site as well. This was an error on our side and it will
not happen again.

We will send out another (more public) announcement later today, which
will also be put up on the web pages.

Bye,
        LenZ
- -- 
For technical support contracts, visit https://order.mysql.com/?ref=mlgr
   __  ___     ___ ____  __
  /  |/  /_ __/ __/ __ \/ /      Mr. Lenz Grimmer <[EMAIL PROTECTED]>
 / /|_/ / // /\ \/ /_/ / /__     MySQL AB, Production Engineer
/_/  /_/\_, /___/\___\_\___/     Hamburg, Germany
       <___/   www.mysql.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQE+AG9dSVDhKrJykfIRAnvDAJ9gmSFlvz5s5Uj+KJryW/xRjUeOiwCfUXsr
SQosoQaAyX/msQye8itk12k=
=dPgn
-----END PGP SIGNATURE-----


---------------------------------------------------------------------
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/           (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

Reply via email to