[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 2.99.50s17 available as tarball. SECURITY WARNING

On Tue, 11 May 1999, Matti Aarnio wrote:

>   Very good question.  How much could I tell without endangering
> everybody's servers ?   To my knowledge I am only one who knows
> its precise nature, and I would prefer it to stay that way.
> I would prefer this *not* to appear at bugtraq in form of an exploit...

The workaround is easy, and you've posted it to the list, so I wouldn't
worry about that. I'd just like to be able to test my servers for

> If there is demand, I can back-port the fix to older versions too.

That'd be appreciated, but if you do that you might as well just disclose
the bug (in fact since anyone can diff between -s17 and previous releases,
it probably wouldn't be too hard to figure it out as it is).