Subject: Re: Not really an advocacy :-(
To: tech-security <email@example.com>
From: Ing.,BcA. Ivan Dolezal <firstname.lastname@example.org>
Date: 06/21/2002 18:34:53
>>- "Package apache-1.3.24 has a remote-root-shell vulnerability"
>> message from audit-packages
>>Am I missing something?
> You're missing something - you quoted it above - the message from
Unfortunately, I wasn't missing this - that's how I found out... I was
quoting my "daily insecurity report".
My /etc/security.local surely contains:
if [ -x /usr/pkg/sbin/download-vulnerability-list ]; then
if [ -x /usr/pkg/sbin/audit-packages ]; then
My point was that at the moment when I found out about the problem,
Debian Linux people had already automatically installed DEB packages
with fixed SW... because they put apt-get update && apt-get upgrade in
their crontabs. *sigh*
I posted this only to tech-security, because this would make Linux
people even more laughing.