Full Disclosure mailing list archives
Re: [ MDKSA-2007:101 ] - Updated bind packages fix vulnerability
From: Vincent Danen <vdanen () mandriva com>
Date: Thu, 10 May 2007 10:19:53 -0600
* Jeroen Massar <jeroen () unfix org> [2007-05-10 01:54:20 +0100]:
Jeroen Massar wrote:security () mandriva com wrote:_______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:101 http://www.mandriva.com/security/ _______________________________________________________________________ Package : vim Date : May 9, 2007 Affected: 2007.0, 2007.1But the subject line reads: [ MDKSA-2007:101 ] - Updated bind packages fix vulnerability So is this a spoof or is this a spoof? Or did somebody make a booboo at Mandriva. The PGP key seems to at least check out for the fact that the signature on the part of the message that is signed is correct. As the PGP key is not in the strong set it can't be really trusted of course.
This was a booboo. The advisory contents are correct, just the subject line was incorrect.
Also setting a Reply-To: to a broken xsecurity () mandriva com absolutely doesn't make any sense (unless you want to partially overcome the problem of vacation messages getting bounced back, but hey those people will nicely ignore your Reply-To anyway....)
Over 60% of the out-of-office or undeliverable messages have been eliminated by doing this. It's not 100% effective, but I'll take a 60% reduction anyday. -- Vincent Danen @ http://linsec.ca/
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [ MDKSA-2007:101 ] - Updated bind packages fix vulnerability security (May 09)
- Re: [ MDKSA-2007:101 ] - Updated bind packages fix vulnerability Jeroen Massar (May 09)
- Re: [ MDKSA-2007:101 ] - Updated bind packages fix vulnerability Jeroen Massar (May 09)
- Re: [ MDKSA-2007:101 ] - Updated bind packages fix vulnerability Vincent Danen (May 11)
- Re: [ MDKSA-2007:101 ] - Updated bind packages fix vulnerability Jeroen Massar (May 09)
- Re: [ MDKSA-2007:101 ] - Updated bind packages fix vulnerability Jeroen Massar (May 09)