full-disclosure-uk May 2007 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] [ MDKSA-2007:101 ] - U

Re: [Full-disclosure] [ MDKSA-2007:101 ] - Updated bind packages fix vulnerability

From: Vincent Danen <vdanen_at_nospam>
Date: Thu May 10 2007 - 16:19:53 GMT
To: Jeroen Massar <jeroen@unfix.org>

  • Jeroen Massar <jeroen@unfix.org> [2007-05-10 01:54:20 +0100]:

>Jeroen Massar wrote:
>> security@mandriva.com wrote:
>>> _______________________________________________________________________
>>>
>>> Mandriva Linux Security Advisory MDKSA-2007:101
>>> http://www.mandriva.com/security/
>>> _______________________________________________________________________
>>>
>>> Package : vim
>>> Date : May 9, 2007
>>> Affected: 2007.0, 2007.1
>>
>> But the subject line reads:
>>
>> [ MDKSA-2007:101 ] - Updated bind packages fix vulnerability
>>
>> So is this a spoof or is this a spoof?
>> Or did somebody make a booboo at Mandriva. The PGP key seems to at least
>> check out for the fact that the signature on the part of the message
>> that is signed is correct. As the PGP key is not in the strong set it
>> can't be really trusted of course.

This was a booboo. The advisory contents are correct, just the subject line was incorrect.

>Also setting a Reply-To: to a broken xsecurity@mandriva.com absolutely
>doesn't make any sense (unless you want to partially overcome the
>problem of vacation messages getting bounced back, but hey those people
>will nicely ignore your Reply-To anyway....)

Over 60% of the out-of-office or undeliverable messages have been eliminated by doing this. It's not 100% effective, but I'll take a 60% reduction anyday. -- Vincent Danen @ http://linsec.ca/

_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/