Re: [SECURITY] [DSA 431-1] New perl packages fix information leak in suidperl
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 431-1 [EMAIL PROTECTED] http://www.debian.org/security/ Matt Zimmerman February 1st, 2004 http://www.debian.org/security/faq - -- I don't mean to be paranoid but this advisory is dated February 1st, 2004 but the new changelog entries are both dated 11 Sep 2003 and the deb file for i386 I got has a timestamp of Sep 12. Furthermore judging from timestamps on [1] other architectures seem to have similar build dates. Did it really take that long to coordinate this DSA or do all build daemons have a problem with their clocks? Not that it really matters for this DSA as it is a minor problem that should not affect that many people, just being curious. [1] http://security.debian.org/pool/updates/main/p/perl/ - -- arthur - [EMAIL PROTECTED] - http://people.debian.org/~adejong -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFAHOB3VYan35+NCKcRAlMrAJ46XEawS3xHCXTNeWYr9dWLaP6YEgCg2T+v zm6l6eg4IXsRB3HtjVNEC+g= =Iu+l -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 431-1] New perl packages fix information leak in suidperl
On Sun, Feb 01, 2004 at 12:18:07PM +0100, Arthur de Jong wrote: - -- Debian Security Advisory DSA 431-1 [EMAIL PROTECTED] http://www.debian.org/security/ Matt Zimmerman February 1st, 2004 http://www.debian.org/security/faq - -- I don't mean to be paranoid but this advisory is dated February 1st, 2004 but the new changelog entries are both dated 11 Sep 2003 and the deb file for i386 I got has a timestamp of Sep 12. Furthermore judging from timestamps on [1] other architectures seem to have similar build dates. Did it really take that long to coordinate this DSA or do all build daemons have a problem with their clocks? Not that it really matters for this DSA as it is a minor problem that should not affect that many people, just being curious. Yes, the packages were built a long time ago. I was waiting for some additional problems to be fixed, but the advisory had to be released in order to fix a problem with the postgresql update (which had picked up a dependency on this unreleased version). -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 431-1] New perl packages fix information leak in suidperl
On Sun, Feb 01, 2004 at 10:40:05PM +, Paul Hink wrote: Does this mean that it is possible that known and fixed (!) security problems are not being corrected in Debian for nearly 5 months? Even though this may be a minor problem, I would like to see it fixed as soon as possible. Trollbait politely declined. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 431-1] New perl packages fix information leak in suidperl
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 431-1 [EMAIL PROTECTED] http://www.debian.org/security/ Matt Zimmerman February 1st, 2004 http://www.debian.org/security/faq - -- I don't mean to be paranoid but this advisory is dated February 1st, 2004 but the new changelog entries are both dated 11 Sep 2003 and the deb file for i386 I got has a timestamp of Sep 12. Furthermore judging from timestamps on [1] other architectures seem to have similar build dates. Did it really take that long to coordinate this DSA or do all build daemons have a problem with their clocks? Not that it really matters for this DSA as it is a minor problem that should not affect that many people, just being curious. [1] http://security.debian.org/pool/updates/main/p/perl/ - -- arthur - [EMAIL PROTECTED] - http://people.debian.org/~adejong -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFAHOB3VYan35+NCKcRAlMrAJ46XEawS3xHCXTNeWYr9dWLaP6YEgCg2T+v zm6l6eg4IXsRB3HtjVNEC+g= =Iu+l -END PGP SIGNATURE-