The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security problem in old nfs-server versions (DFN-CERT#41511).

To: joost witteveen <joost@rulcmc.leidenuniv.nl>
Subject: Re: Security problem in old nfs-server versions (DFN-CERT#41511).
From: Peter Tobias <tobias@et-inf.fho-emden.de>
Date: Mon, 14 Jul 1997 21:06:25 +0200
Cc: security@debian.org
Delivered-to: bruce-lists--debian-private@lists.debian.org
Delivered-to: security@debian.org
In-reply-to: <m0wnjzR-000CP6C@rulcmc.leidenuniv.nl>; from joost witteveen on Mon, Jul 14, 1997 at 02:12:28PM +0200
References: <m0wnjzR-000CP6C@rulcmc.leidenuniv.nl>
Resent-cc: recipient list not shown: ;
Resent-date: 14 Jul 1997 20:14:42 -0000
Resent-from: debian-private@lists.debian.org
Resent-message-id: <"DU8EO2.0.dV6.oYeop"@debian>
Resent-sender: debian-private-request@lists.debian.org

On Jul 14, joost witteveen wrote:
> >   If the Linux system you're using is not listed then please contact your
> >   distributor directly or upgrade to the listed NFS server 2.2beta26.
> 
> Unfortunately, the list of systems you refer to seems to have
> been removed from the email. So, I'll email you just in case:
> 
> I'm using, and an active maintainer of, Debian GNU/Linux.
> 
> The current stable release, 1.3.1 is NOT vurnerable (uses 2.2beta16).
> Likewise 1.3.0 has 2.2beta16, and is NOT vurnerable.

Debian 1.3.x uses 2.2beta26 (part of netstd v2.12 from the 12. Feb. 1997).
All versions that use netstd v2.02 and above are NOT vulnerable. netstd
v2.02 was released on 19. Mar. 1996. That means at least Debian 1.1.9
(and maybe earlier versions) and above are ok.


Thanks,

Peter

PS: I sent a more detailed email to Wolfgang Ley (dfncert).
-- 
Peter Tobias <tobias@et-inf.fho-emden.de> <tobias@debian.org> <tobias@linux.de>
PGP ID EFAA400D, fingerprint = 06 89 EB 2E 01 7C B4 02  04 62 89 6C 2F DD F1 3C 


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

References:
- Re: Security problem in old nfs-server versions (DFN-CERT#41511).
  - From: joost@rulcmc.leidenuniv.nl (joost witteveen)

Prev by Date: Cheap*Bytes CDs for Developers
Next by Date: Re: load on master?
Previous by thread: Re: Security problem in old nfs-server versions (DFN-CERT#41511).
Next by thread: Debian Logo
Index(es):
- Date
- Thread