The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [linux-security] Announce: chkexploit 1.13 (fwd)



Michael Meskes <meskes@topsystem.de> writes:

> >elm: VULNERABLE
> >  Problem: Local users can gain mail group access.
> >  Fix: Remove SGID bit or install elm newer than 2.4 PL25.
> 
> I guess they got confused by elm naming scheme. :-)

The ELM we ship with is *NOT* vulnerable to any known exploit or
security hole.

Also, here is how it is named.

Here's a sample version number:

elm-me+_2.4pl25ME+32
^^^^^^^ ^^^^^^^ ^ ^^
    a      b    c  d

a: Package name -- It is Elm plus the "ME" set of patches.
   (ME stands for the name of the original author of the patches.)
   These patches add security, MIME, PGP support, etc to Elm.
b: Upstream version number of elm, in this case, 2.4 PL 25.
c: ME+, indicates that the ME version number follows.
d: 32, the ME patchset number.

I know it is screwy, but it is better than the upstream author calls
it..

He says it is Elm2.4ME+ PL32 (25)

(This is rouhly acdb order compared to the above.)  Also, his scheme
cannot be parsed correctly by dpkg whereas my reording of it can.


-- 
John Goerzen          | Running Debian GNU/Linux (www.debian.org)
Custom Programming    | Debian GNU/Linux is a free replacement for
jgoerzen@complete.org | DOS/Windows -- check it out at www.debian.org.
----------------------+----------------------------------------------
Notice: You may purchase the right to send me unsolicited commercial e-mail
("spam") for the fee of $500 (USD) per message.  Billing can be either
pre-arranged or can occur automatically after the reception of a spam.
Failure to pay will be treated in accordance to US Code, title 47, sec. 227,
which allows unsolicited e-mail to be punishable by action to recover actual
monetary loss or $500, whichever is greater, per violation.  Sending spam
to me without payment constitutes unauthorized access to my mail daemon,
which is in violation of federal law.


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .