full-disclosure-uk May 2007 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] [ MDKSA-2007:101 ] - U

Re: [Full-disclosure] [ MDKSA-2007:101 ] - Updated bind packages fix vulnerability

From: Jeroen Massar <jeroen_at_nospam>
Date: Thu May 10 2007 - 00:54:20 GMT
To: security@mandriva.com


Jeroen Massar wrote:
> security@mandriva.com wrote:
>> _______________________________________________________________________ >> >> Mandriva Linux Security Advisory MDKSA-2007:101 >> http://www.mandriva.com/security/ >> _______________________________________________________________________ >> >> Package : vim >> Date : May 9, 2007 >> Affected: 2007.0, 2007.1
>
> But the subject line reads:
>
> [ MDKSA-2007:101 ] - Updated bind packages fix vulnerability
>
> So is this a spoof or is this a spoof?
> Or did somebody make a booboo at Mandriva. The PGP key seems to at least
> check out for the fact that the signature on the part of the message
> that is signed is correct. As the PGP key is not in the strong set it
> can't be really trusted of course.

Also setting a Reply-To: to a broken xsecurity@mandriva.com absolutely doesn't make any sense (unless you want to partially overcome the problem of vacation messages getting bounced back, but hey those people will nicely ignore your Reply-To anyway....) -- This is the Postfix program at host imap.mandriva.com. I'm sorry to have to inform you that your message could not be be delivered to one or more recipients. It's attached below. For further assistance, please send mail to <postmaster> If you do so, please include this problem report. You can delete your own text from the attached returned message. The Postfix program <xsecurity@mandriva.com>: host /var/lib/imap/socket/lmtp[/var/lib/imap/socket/lmtp] said: 550-Mailbox unknown. Either there is no mailbox associated with this 550-name or you do not have authorization to see it. 550 5.1.1 User unknown (in reply to RCPT TO command)

_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/