tech-security: Re: Not really an advocacy :-(

Subject: Re: Not really an advocacy :-(
To: tech-security <tech-security@netbsd.org>
From: Ing.,BcA. Ivan Dolezal <ivan.dolezal@vsb.cz>
List: tech-security
Date: 06/21/2002 18:34:53

Hello,


>>- "Package apache-1.3.24 has a remote-root-shell vulnerability"
>>  message from audit-packages
>>Am I missing something?
> 
> You're missing something - you quoted it above - the message from
> audit-packages.
> 

Unfortunately, I wasn't missing this - that's how I found out... I was 
quoting my "daily insecurity report".

My /etc/security.local surely contains:
export ftp_proxy=ftp://cache.vsb.cz:3128/
if [ -x /usr/pkg/sbin/download-vulnerability-list ]; then
         /usr/pkg/sbin/download-vulnerability-list
fi

if [ -x /usr/pkg/sbin/audit-packages ]; then
         /usr/pkg/sbin/audit-packages
fi


My point was that at the moment when I found out about the problem, 
Debian Linux people had already automatically installed DEB packages 
with fixed SW... because they put apt-get update && apt-get upgrade in 
their crontabs. *sigh*


I posted this only to tech-security, because this would make Linux 
people even more laughing.