On 06/12/2012 10:25 AM, Aron Xu wrote:
I'm not expecting to hide anything, but it's harmful to announce the
world by a discussion in debian-devel that we are affected with no
solution provided, at the time related people (means the maintainers
and Security Team, not including the user - like
So because it turned out that the information indeed was public, you
find it ok to ask in public if it is public.
he posted a link on the 1st email... how is a link non public?
--
Salvo Tomaselli
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of
On 12-06-12 at 12:33pm, Salvo Tomaselli wrote:
So because it turned out that the information indeed was public, you
find it ok to ask in public if it is public.
he posted a link on the 1st email... how is a link non public?
The link was public. The discussion here about potential issues
Hi,
On Mon, Jun 11, 2012 at 10:53:50PM +0200, Peter Pöschl wrote:
Seems you overlooked this:
Debian Unstable 64-bit 5.5.23-2
I just tried on my 32bit machine, and didn't get in in some 50.000
attempts. Also, the squeeze versions are listed under unaffected,
which is what reduces the stress
Hi,
Since it has been made public, I believe it's ok to discuss it in
-devel. I came across this:
http://seclists.org/oss-sec/2012/q2/493
Is the Squeeze version affected? And SID? By reading it, especially the
end about GCC, it's unclear to me if we need an urgent patch:
To my knowledge gcc
On Tue, Jun 12, 2012 at 1:44 AM, Thomas Goirand tho...@goirand.fr wrote:
Hi,
Since it has been made public, I believe it's ok to discuss it in
-devel. I came across this:
http://seclists.org/oss-sec/2012/q2/493
Is the Squeeze version affected? And SID? By reading it, especially the
end
On Tue, 2012-06-12 at 01:44 +0800, Thomas Goirand wrote:
Hi,
Since it has been made public, I believe it's ok to discuss it in
-devel. I came across this:
http://seclists.org/oss-sec/2012/q2/493
Is the Squeeze version affected? And SID? By reading it, especially the
end about GCC, it's
On 06/12/2012 01:52 AM, Aron Xu wrote:
IMHO I suggest to talk with Security Team before disclosing
information that might be sensitive in the mean time on a Debian
development mailing list.
Could you explain to me what exactly I'm disclosing?
The news is already on slashdot and so on, and I
On 06/12/2012 02:00 AM, Lech Karol Pawłaszek wrote:
According to this:
https://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql
Debian is not affected.
Kind regards,
Cool, thanks!
Thomas
--
To UNSUBSCRIBE, email to
On Tue, Jun 12, 2012 at 2:11 AM, Thomas Goirand z...@debian.org wrote:
On 06/12/2012 01:52 AM, Aron Xu wrote:
IMHO I suggest to talk with Security Team before disclosing
information that might be sensitive in the mean time on a Debian
development mailing list.
Could you explain to me what
On 12-06-12 at 02:11am, Thomas Goirand wrote:
On 06/12/2012 01:52 AM, Aron Xu wrote:
IMHO I suggest to talk with Security Team before disclosing
information that might be sensitive in the mean time on a Debian
development mailing list.
Could you explain to me what exactly I'm
On mar., 2012-06-12 at 02:23 +0800, Aron Xu wrote:
On Tue, Jun 12, 2012 at 2:11 AM, Thomas Goirand z...@debian.org wrote:
On 06/12/2012 01:52 AM, Aron Xu wrote:
IMHO I suggest to talk with Security Team before disclosing
information that might be sensitive in the mean time on a Debian
On Tue, Jun 12, 2012 at 02:23:47AM +0800, Aron Xu wrote:
sure whether it's relevant to Debian. People at Security Team are not
only responsible for fixing things when it breaks out, but also make
sure sensitive information is being disclosed in a correct form at a
correct time. In the end, I
On 06/12/2012 02:23 AM, Aron Xu wrote:
I'm not saying you are disclosing anything, but you are asking if
someone knows it's in what status publicly in a Debian development
mailing list. Then this may lead to some disclosing and even mislead
some other people. Yes there are many people doing
On Mon, June 11, 2012 20:11, Thomas Goirand wrote:
On 06/12/2012 01:52 AM, Aron Xu wrote:
IMHO I suggest to talk with Security Team before disclosing
information that might be sensitive in the mean time on a Debian
development mailing list.
Could you explain to me what exactly I'm
On 12-06-12 at 02:40am, Thomas Goirand wrote:
On 06/12/2012 02:23 AM, Aron Xu wrote:
I'm not saying you are disclosing anything, but you are asking if
someone knows it's in what status publicly in a Debian development
mailing list. Then this may lead to some disclosing and even mislead
On 06/12/2012 03:17 AM, Jonas Smedegaard wrote:
What you asked, and the answer to that question, was not already public.
...or you wouldn't have asked, I hope. ;-)
- Jonas
Actually, it was, and I was expecting to be able to find it, but didn't,
which is why I asked! :)
Thomas
--
To
Seems you overlooked this:
Debian Unstable 64-bit 5.5.23-2
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/201206112253.50532.pp2ml.deb0...@nest-ai.de
On 12-06-12 at 03:26am, Thomas Goirand wrote:
On 06/12/2012 03:17 AM, Jonas Smedegaard wrote:
What you asked, and the answer to that question, was not already public.
...or you wouldn't have asked, I hope. ;-)
- Jonas
Actually, it was, and I was expecting to be able to find it,
On Tue, Jun 12, 2012 at 2:40 AM, Thomas Goirand z...@debian.org wrote:
On 06/12/2012 02:23 AM, Aron Xu wrote:
I'm not saying you are disclosing anything, but you are asking if
someone knows it's in what status publicly in a Debian development
mailing list. Then this may lead to some disclosing
On Tue, Jun 12, 2012 at 2:39 AM, Clint Adams cl...@debian.org wrote:
On Tue, Jun 12, 2012 at 02:23:47AM +0800, Aron Xu wrote:
sure whether it's relevant to Debian. People at Security Team are not
only responsible for fixing things when it breaks out, but also make
sure sensitive information is
Quoting Thomas Goirand (z...@debian.org):
The first time I wrote it, it wasn't clear enough. Maybe writing with
CAPS-ON will help your understanding! :)
IT HAS ALREADY BEEN MADE PUBLIC (for example: on slashdot) !!!
The debian-security mailing list is a public list.
My stance about
22 matches
Mail list logo