Vulnerability Development mailing list archives
Re: New bugs discovered!
From: Roger Burton West <roger () firedrake org>
Date: Mon, 19 Nov 2001 18:48:15 +0000
On Mon, Nov 19, 2001 at 09:29:37AM +0000, Alex Butcher (vuln-dev) wrote:
Yeah, Debian, like Red Hat (probably others too) frequently include patches culled from mailing lists, their own code audits and so on, meaning the version isn't a completely reliable guide to determining the vulnerability or not of a given instance. This issue has arisen in the past; perhaps it's time that the folks at Debian and Red Hat started indicating more clearly that they've patched with their version numbers
The version number of gzip on a Debian system is not "1.2.4"; it's (on a box selected at random) 1.2.4-33. /usr/share/doc/gzip/changelog.Debian.gz contains the full changelog, information on which patches have been applied, and references to the bug-tracking system. If one knows that this principle is in use, it can be quite helpful. Roger
Current thread:
- New bugs discovered! vuln-dev (Nov 18)
- Re: New bugs discovered! Alex Butcher (vuln-dev) (Nov 18)
- Re: New bugs discovered! Nate Amsden (Nov 19)
- Re: New bugs discovered! Alex Butcher (vuln-dev) (Nov 19)
- Re: New bugs discovered! Roger Burton West (Nov 19)
- Re: New bugs discovered! Fabio Roccatagliata (Nov 19)
- Re: New bugs discovered! Respect (Nov 19)
- Re: New bugs discovered! Nate Amsden (Nov 19)
- Re: New bugs discovered! Alex Butcher (vuln-dev) (Nov 18)
- Re: New bugs discovered! Yaroslav Klyukin (Nov 18)
- Re: New bugs discovered! Crist J. Clark (Nov 19)
- Re: New bugs discovered! Robert Jaroszuk (Nov 19)
- Re: New bugs discovered! Naseer Bhatti (Nov 19)
- Re: New bugs discovered! Larry W. Cashdollar (Nov 18)
- Re: New bugs discovered! Syzop (Nov 19)
- Re[2]: New bugs discovered! Mariusz Mazur (Nov 19)
- Re: New bugs discovered! Chris D. Sloan (Nov 18)