Hi,
On Mon, Jun 11, 2012 at 10:53:50PM +0200, Peter Pöschl wrote:
> Seems you overlooked this:
>
> > Debian Unstable 64-bit 5.5.23-2
I just tried on my 32bit machine, and didn't get in in some 50.000
attempts. Also, the squeeze versions are listed under "unaffected",
which is what reduces the s
On 12-06-12 at 12:33pm, Salvo Tomaselli wrote:
> > So because it turned out that the information indeed was public, you
> > find it ok to ask in public if it is public.
>
> he posted a link on the 1st email... how is a link "non public"?
The link was public. The discussion here about potential i
> So because it turned out that the information indeed was public, you
> find it ok to ask in public if it is public.
he posted a link on the 1st email... how is a link "non public"?
--
Salvo Tomaselli
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubs
On 06/12/2012 10:25 AM, Aron Xu wrote:
> I'm not expecting to hide anything, but it's harmful to announce the
> world by a discussion in debian-devel that we are affected with no
> solution provided, at the time related people (means the maintainers
> and Security Team, not including the user - lik
Quoting Thomas Goirand (z...@debian.org):
> The first time I wrote it, it wasn't clear enough. Maybe writing with
> CAPS-ON will help your understanding! :)
>
> IT HAS ALREADY BEEN MADE PUBLIC (for example: on slashdot) !!!
The debian-security mailing list is a public list.
My stance about sec
On Tue, Jun 12, 2012 at 2:39 AM, Clint Adams wrote:
> On Tue, Jun 12, 2012 at 02:23:47AM +0800, Aron Xu wrote:
>> sure whether it's relevant to Debian. People at Security Team are not
>> only responsible for fixing things when it breaks out, but also make
>> sure sensitive information is being dis
On Tue, Jun 12, 2012 at 2:40 AM, Thomas Goirand wrote:
> On 06/12/2012 02:23 AM, Aron Xu wrote:
>> I'm not saying you are disclosing anything, but you are asking if
>> someone knows it's in what status publicly in a Debian development
>> mailing list. Then this may lead to some disclosing and even
On 12-06-12 at 03:26am, Thomas Goirand wrote:
> On 06/12/2012 03:17 AM, Jonas Smedegaard wrote:
> > What you asked, and the answer to that question, was not already public.
> >
> > ...or you wouldn't have asked, I hope. ;-)
> >
> >
> > - Jonas
> >
> Actually, it was, and I was expecting to be a
Seems you overlooked this:
> Debian Unstable 64-bit 5.5.23-2
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/201206112253.50532.pp2ml.deb0...@nest-ai.de
On 06/12/2012 03:17 AM, Jonas Smedegaard wrote:
> What you asked, and the answer to that question, was not already public.
>
> ...or you wouldn't have asked, I hope. ;-)
>
>
> - Jonas
>
Actually, it was, and I was expecting to be able to find it, but didn't,
which is why I asked! :)
Thomas
-
On 12-06-12 at 02:40am, Thomas Goirand wrote:
> On 06/12/2012 02:23 AM, Aron Xu wrote:
> > I'm not saying you are disclosing anything, but you are asking if
> > someone knows it's in what status publicly in a Debian development
> > mailing list. Then this may lead to some disclosing and even misl
On Mon, June 11, 2012 20:11, Thomas Goirand wrote:
> On 06/12/2012 01:52 AM, Aron Xu wrote:
>> IMHO I suggest to talk with Security Team before disclosing
>> information that might be sensitive in the mean time on a Debian
>> development mailing list.
>>
> Could you explain to me what exactly I'm d
On 06/12/2012 02:23 AM, Aron Xu wrote:
> I'm not saying you are disclosing anything, but you are asking if
> someone knows it's in what status publicly in a Debian development
> mailing list. Then this may lead to some disclosing and even mislead
> some other people. Yes there are many people doing
On Tue, Jun 12, 2012 at 02:23:47AM +0800, Aron Xu wrote:
> sure whether it's relevant to Debian. People at Security Team are not
> only responsible for fixing things when it breaks out, but also make
> sure sensitive information is being disclosed in a correct form at a
> correct time. In the end,
On mar., 2012-06-12 at 02:23 +0800, Aron Xu wrote:
> On Tue, Jun 12, 2012 at 2:11 AM, Thomas Goirand wrote:
> > On 06/12/2012 01:52 AM, Aron Xu wrote:
> >> IMHO I suggest to talk with Security Team before disclosing
> >> information that might be sensitive in the mean time on a Debian
> >> develop
On 12-06-12 at 02:11am, Thomas Goirand wrote:
> On 06/12/2012 01:52 AM, Aron Xu wrote:
> > IMHO I suggest to talk with Security Team before disclosing
> > information that might be sensitive in the mean time on a Debian
> > development mailing list.
> >
> Could you explain to me what exactly I
On Tue, Jun 12, 2012 at 2:11 AM, Thomas Goirand wrote:
> On 06/12/2012 01:52 AM, Aron Xu wrote:
>> IMHO I suggest to talk with Security Team before disclosing
>> information that might be sensitive in the mean time on a Debian
>> development mailing list.
>>
> Could you explain to me what exactly
On 06/12/2012 02:00 AM, Lech Karol Pawłaszek wrote:
> According to this:
> https://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql
>
> Debian is not affected.
>
> Kind regards,
>
Cool, thanks!
Thomas
--
To UNSUBSCRIBE, email
On 06/12/2012 01:52 AM, Aron Xu wrote:
> IMHO I suggest to talk with Security Team before disclosing
> information that might be sensitive in the mean time on a Debian
> development mailing list.
>
Could you explain to me what exactly I'm disclosing?
The news is already on slashdot and so on, an
On Tue, 2012-06-12 at 01:44 +0800, Thomas Goirand wrote:
> Hi,
>
> Since it has been made public, I believe it's ok to discuss it in
> -devel. I came across this:
> http://seclists.org/oss-sec/2012/q2/493
>
> Is the Squeeze version affected? And SID? By reading it, especially the
> end about GCC,
On Tue, Jun 12, 2012 at 1:44 AM, Thomas Goirand wrote:
> Hi,
>
> Since it has been made public, I believe it's ok to discuss it in
> -devel. I came across this:
> http://seclists.org/oss-sec/2012/q2/493
>
> Is the Squeeze version affected? And SID? By reading it, especially the
> end about GCC, it
Hi,
Since it has been made public, I believe it's ok to discuss it in
-devel. I came across this:
http://seclists.org/oss-sec/2012/q2/493
Is the Squeeze version affected? And SID? By reading it, especially the
end about GCC, it's unclear to me if we need an urgent patch:
"To my knowledge gcc bui
22 matches
Mail list logo