Bug#348826: DoS vulnerability
Steve Langasek wrote: On Fri, Jan 20, 2006 at 08:20:30AM +0100, Philipp Kern wrote: [EMAIL PROTECTED] wrote: 1.0.0 contains a security bug which was fixed in yesterday's released mydns 1.1.0 version: Next time please contact me in private before you file a bug, thanks. I am generally quite responsive and your action wasn't too helpful. The author does not want several information to be disclosed, that's why I avoided a public bug report. And yet if someone is filing a bug about it, the information in that report is already public. I don't see any reason why you should be bothered by this, when it's obviously not your fault this information became public? The information was already public before the Debian bug was reported, so the submitter did the correct thing. Bye Racke -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#348826: DoS vulnerability
Stefan Hornburg wrote: The information was already public before the Debian bug was reported, so the submitter did the correct thing. Well, I also thought that the posting of mydns-announce is a publication, but then the author told me that I should keep the resonance low for the next days, that's way I reacted in this way. | I'm not going to post the upgrade to Freshmeat or SourceForge for | at least another week or so, so that the mydns-announce subscribers | can upgrade before I end up publicizing the fact that there is a bug | of this type. I did not mention the nature of the bug in the | ChangeLog or anywhere, but I doubt it would take somebody very long to | write an exploit by examining the code changes, etc. Updates to both stable and unstable are already prepared and will be uploaded ASAP. I'm still missing the CAN number, the security team sent a query about it to the ones who found the bug. Kind regards, Philipp Kern signature.asc Description: OpenPGP digital signature
Bug#348826: DoS vulnerability
Package: mydns Version: 1.0.0-4 1.0.0 contains a security bug which was fixed in yesterday's released mydns 1.1.0 version: 18 January 2006 - 1.1.0 released - fixed a critical denial-of-service vulnerability -- 10 GB Mailbox, 100 FreeSMS/Monat http://www.gmx.net/de/go/topmail +++ GMX - die erste Adresse für Mail, Message, More +++ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#348826: DoS vulnerability
tags 348826 +pending thanks [EMAIL PROTECTED] wrote: 1.0.0 contains a security bug which was fixed in yesterday's released mydns 1.1.0 version: Next time please contact me in private before you file a bug, thanks. I am generally quite responsive and your action wasn't too helpful. The author does not want several information to be disclosed, that's why I avoided a public bug report. The developer's reference told me to contact the security team first, if in doubt which I were because I spoke with the maintainer of MyDNS. Kind regards, Philipp Kern signature.asc Description: OpenPGP digital signature
Bug#348826: DoS vulnerability
On Fri, Jan 20, 2006 at 08:20:30AM +0100, Philipp Kern wrote: [EMAIL PROTECTED] wrote: 1.0.0 contains a security bug which was fixed in yesterday's released mydns 1.1.0 version: Next time please contact me in private before you file a bug, thanks. I am generally quite responsive and your action wasn't too helpful. The author does not want several information to be disclosed, that's why I avoided a public bug report. And yet if someone is filing a bug about it, the information in that report is already public. I don't see any reason why you should be bothered by this, when it's obviously not your fault this information became public? -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ signature.asc Description: Digital signature