Hi,
I downloaded exactly this rpm from the ftp server on 30 Jan while hunting for updates. That was 11 days ago! Now, why is it that the security announcement takes this long to appear? (and on suse-security-announce it will appear appr 10 hours later than on suse-securtiy...)
This has *never* happened to me while I was using Red Hat. Or are they just hiding updated rpms from their ftp server until after the announcement goes out? Not that the compile-date in their rpms dated more than a day back, usually.
One could argue that this security problem is not very serious - but does SuSE handle all security issues like this one?
The reason is simple: The bug wasn't known to the public and only the vendors got notified by me right after I found it. To give other linux ditributors the time to fix their stuff I wait some days before releasing our announcement. Hope that explains everything. Bye, Thomas -- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: thomas@suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka" Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47