Re: [ MDKSA-2007:101 ] - Updated bind packages fix vulnerability

[Vincent Danen <vdanen () mandriva com>]

* Jeroen Massar <jeroen () unfix org> [2007-05-10 01:54:20 +0100]:

> Jeroen Massar wrote:
> > security () mandriva com wrote:
> > >  _______________________________________________________________________
> > >
> > >  Mandriva Linux Security Advisory                         MDKSA-2007:101
> > >  http://www.mandriva.com/security/
> > >  _______________________________________________________________________
> > >
> > >  Package : vim
> > >  Date    : May 9, 2007
> > >  Affected: 2007.0, 2007.1
> >
> > But the subject line reads:
> >
> > [ MDKSA-2007:101 ] - Updated bind packages fix vulnerability
> >
> > So is this a spoof or is this a spoof?
> > Or did somebody make a booboo at Mandriva. The PGP key seems to at least
> > check out for the fact that the signature on the part of the message
> > that is signed is correct. As the PGP key is not in the strong set it
> > can't be really trusted of course.

This was a booboo.  The advisory contents are correct, just the subject
line was incorrect.

> Also setting a Reply-To: to a broken xsecurity () mandriva com absolutely
> doesn't make any sense (unless you want to partially overcome the
> problem of vacation messages getting bounced back, but hey those people
> will nicely ignore your Reply-To anyway....)

Over 60% of the out-of-office or undeliverable messages have been
eliminated by doing this.  It's not 100% effective, but I'll take a 60%
reduction anyday.

--
Vincent Danen @ http://linsec.ca/

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/