| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu Mar 23 18:40:40 2006 From: kyphros at gmail.com (Mike Owen) Subject: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) On 3/23/06, Gadi Evron <ge@...uxbox.org> wrote: > Tech details: > Sendmail vulnerabilities were released yesterday. No real public > announcements to speak of to the security community. > <snip> > Public announcement > ------------------- > FreeBSD were the only ones who released a public announcement of a patch > and emailed it to bugtraq so far. > <snip> Not sure what you mean by no advisories from the major distros. The CERT advisory went out at about 1700GMT. At the same time, RedHat sent out their notices, Mandrake, SUSE and Gentoo were within a few hours. Debian and Sun had updates within 24 hours. I'd say that covers the major players, and all of them were sent out by the time you sent your email. If you mean specifically Bugtraq (tm) postings, then you're right, they haven't been released by the moderators of that list yet. Bugtraq is what a moderated FD would look like, which is why it's not anywhere near as popular or useful as it was back in the Aleph1 netspace.org days. While I agree with you that this vulnerability should have more publicity then it does, I don't think everything is quite as gloomy as you're making it sound. Mike
Powered by blists - more mailing lists