Hi folks, sorry, but we are currently very busy auditing and fixing things - the deadline for suse 6.4 is comming nearer and nearer ...
I downloaded exactly this rpm from the ftp server on 30 Jan while hunting for updates. That was 11 days ago! Now, why is it that the security announcement takes this long to appear?
this was a vulnerability thomas
(and on suse-security-announce it will appear appr 10 hours later than on suse-securtiy...)
thats because ... I don't know ;-) I'd guess there are more people subscribed to suse-security than to suse-security-announce, and hence ...
This has *never* happened to me while I was using Red Hat. Or are they just hiding updated rpms from their ftp server until after the announcement goes out? Not that the compile-date in their rpms dated more than a day back, usually.
One could argue that this security problem is not very serious - but does SuSE handle all security issues like this one?
our own security found the vulnerability and informed the other vendors and gave them time to fix and make an update as available as well. Thats how we think these things should be handled - however we are open for proposals to enhance it :-) SuSE takes security issues very serious - as you can see by the manpower put into this area and security tools made available by SuSE. Greets, Marc -- Marc Heuse, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: marc@suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~marc/marc.pgp | pgp -fka" Key fingerprint = B5 07 B6 4E 9C EF 27 EE 16 D9 70 D4 87 B5 63 6C