Subject: Re: Not really an advocacy :-(
To: tech-security <>
From: Ing.,BcA. Ivan Dolezal <>
List: tech-security
Date: 06/21/2002 18:34:53

>>- "Package apache-1.3.24 has a remote-root-shell vulnerability"
>>  message from audit-packages
>>Am I missing something?
> You're missing something - you quoted it above - the message from
> audit-packages.

Unfortunately, I wasn't missing this - that's how I found out... I was 
quoting my "daily insecurity report".

My /etc/security.local surely contains:
export ftp_proxy=
if [ -x /usr/pkg/sbin/download-vulnerability-list ]; then

if [ -x /usr/pkg/sbin/audit-packages ]; then

My point was that at the moment when I found out about the problem, 
Debian Linux people had already automatically installed DEB packages 
with fixed SW... because they put apt-get update && apt-get upgrade in 
their crontabs. *sigh*

I posted this only to tech-security, because this would make Linux 
people even more laughing.