The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: INN: Security fixes. Need response today if you want it in the CERT advisory

To: Alan Cox <alan@cymru.net>
Subject: Re: INN: Security fixes. Need response today if you want it in the CERT advisory
From: Miquel van Smoorenburg <miquels@holodeck.cistron.nl>
Date: Tue, 18 Feb 1997 14:17:58 +0100
Cc: security@debian.org
Delivered-to: security@debian.org
Importance: low
In-reply-to: <199702180917.JAA25425@snowcrash.cymru.net>; from Alan Cox on Feb 02, 1997 at 09:17:50AM
Priority: non-urgent
References: <199702180917.JAA25425@snowcrash.cymru.net>
Resent-from: debian-private@lists.debian.org
Resent-message-id: <"k6eNp.0.8k6.8lR2p"@master.debian.org>
Resent-reply-to: debian-private@lists.debian.org
Resent-sender: debian-private-request@lists.debian.org

According to Alan Cox:
> There are a couple of bugs in the parsecontrol of INN 1.5 and earlier, these
> allow mass worldwide execution of arbitary commands. 
> 
> You should either upgrade to INN 1.5.1 or check out and include either
> security-patch-01 (inn 1.4.x) or security-patch-02 (inn 1.4-sec) from
> ftp://ftp.isc.org/isc/inn/patches/

The current version of INN shipped with Debian is 1.4unoff4. However the
"unstable" (or development) tree contains inn-1.5.1. It can be gotten
from any debian mirror in the subdirectory

debian/unstable/news/binary

 d3603d9617fbf894a3743a330544b62e 591154 news optional inn_1.5.1-1_i386.deb
 205850779d2820f03f2438d063e1dc51 45230 news optional inn-dev_1.5.1-1_i386.deb
 badbe8431479427a4a4de8ebd6e1e150 31682 news optional inewsinn_1.5.1-1_i386.deb

I'll ask if the archive maintainer can move inn-1.5.1 into the "stable" tree.
It should then be part of the next maintenance release of debian 1.2,
Debian-1.2.7

Mike.


--
Please respect the confidentiality of material on the debian-private list.
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

References:
- INN: Security fixes. Need response today if you want it in the CERT advisory
  - From: Alan Cox <alan@cymru.net>

Prev by Date: INN: Security fixes. Need response today if you want it in the CERT advisory
Next by Date: inn security problems.
Previous by thread: INN: Security fixes. Need response today if you want it in the CERT advisory
Next by thread: Re: INN: Security fixes. Need response today if you want it in the CERT advisory
Index(es):
- Date
- Thread