[EMAIL PROTECTED] (Bernd Eckenfels) writes: > > /* Mount Exploit for Linux, Jul 30 1996
... > whats your version of the mount package? Should be fixed long ago... (if it > isnt another bug in mount): > > Wed Aug 21 13:10:46 1996 Guy Maor <[EMAIL PROTECTED]> > (Debian 1.1.6) > o Added mount 2.5l-1 > Fixes major security hole. It seems to me that Bernd Eckenfels did not known about the mount security hole. As I know, the unique place where you can know that there are some packages that MUST be updated due to security holes are linux-security, perhaps linux-alert (but I do not sign it), and debian-users. The USENET c.o.l.a too. RedHat normally warns about security holes in redhat-announce-list and I think it is great. IMO, debian-users is too much noise to be the unique debian list to have this warning. My suggestion is that: either we create a debian-security-list or advice about security-hole updated packages in debian-announce. Furthermore, I suggest that, during the installation, there is an advice that people subject to security holes problems MUST sign this list. -- Alair Pereira do Lago <[EMAIL PROTECTED]> <http://www.ime.usp.br/~alair> Computer Science Department -- Universidade de S~ao Paulo -- Brazil -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]
