Re: New bugs discovered!

From: Roger Burton West (rogerat_private)
Date: Mon Nov 19 2001 - 10:48:15 PST

Next message: dave.goldsmithat_private: "RE: New bugs discovered!"

Previous message: Yanek Korff: "RE: kernel panic [linux 2.2.19-7] on UDP scan CP4.1-SP5"
In reply to: Alex Butcher (vuln-dev): "Re: New bugs discovered!"
Next in thread: Fabio Roccatagliata: "Re: New bugs discovered!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Nov 19, 2001 at 09:29:37AM +0000, Alex Butcher (vuln-dev) wrote:

>Yeah, Debian, like Red Hat (probably others too) frequently include 
>patches culled from mailing lists, their own code audits and so on, 
>meaning the version isn't a completely reliable guide to determining the 
>vulnerability or not of a given instance. This issue has arisen in the 
>past; perhaps it's time that the folks at Debian and Red Hat started 
>indicating more clearly that they've patched with their version numbers 

The version number of gzip on a Debian system is not "1.2.4"; it's (on
a box selected at random) 1.2.4-33.
/usr/share/doc/gzip/changelog.Debian.gz contains the full changelog,
information on which patches have been applied, and references to the
bug-tracking system. If one knows that this principle is in use, it can
be quite helpful.

Roger

Next message: dave.goldsmithat_private: "RE: New bugs discovered!"
Previous message: Yanek Korff: "RE: kernel panic [linux 2.2.19-7] on UDP scan CP4.1-SP5"
In reply to: Alex Butcher (vuln-dev): "Re: New bugs discovered!"
Next in thread: Fabio Roccatagliata: "Re: New bugs discovered!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Nov 19 2001 - 11:44:13 PST