Security annoucements list & webpage UNmaintained ??
Hi ! This _might_ just be a misunderstanding perhaps, but... This page: http://www.suse.com/us/support/security/index.html doesn't reflect the available patches that are listed, amongst others, here: http://www.suse.com/us/support/download/updates/72_i386.html In fact, there are NO new vulnerabilities added to that webpage-listing since the kernel -addition on 2 Nov 2001. But, since then there have been vulnerabilities in (at least): Postfix Susehelp Cyrus-sasl Ziptool Java2 Openssh Webalizer But they are NOT put on the security-announce webpage, and neither are mailed to the suse-security-announce mailinglist ! What's up, SuSE ? This is not good news... Did I miss something ? Maarten -- Maarten J. H. van den Berg ~~//~~ network administrator van Boetzelaer van Bemmel - Amsterdam - The Netherlands http://vbvb.nl T+31204233288 F+31204233286 G+31651994273
Hello, Wbalizer was announce on the mailing-list : [suse-security] SuSE Security Announcement: webalizer (SuSE-SA:2001:040) Date: Tuesday, Nov 06th, 2001 12.00 MET Regards. Eric
-----Original Message----- From: Maarten J H van den Berg [mailto:maarten@vbvb.nl] Sent: 21 November 2001 16:26 To: suse-security@suse.com Subject: [suse-security] Security annoucements list & webpage UNmaintained ??
Hi !
This _might_ just be a misunderstanding perhaps, but...
This page: http://www.suse.com/us/support/security/index.html doesn't reflect the available patches that are listed, amongst others, here: http://www.suse.com/us/support/download/updates/72_i386.html
In fact, there are NO new vulnerabilities added to that webpage-listing since the kernel -addition on 2 Nov 2001. But, since then there have been vulnerabilities in (at least):
Postfix Susehelp Cyrus-sasl Ziptool Java2 Openssh Webalizer
But they are NOT put on the security-announce webpage, and neither are mailed to the suse-security-announce mailinglist !
What's up, SuSE ? This is not good news... Did I miss something ?
Maarten
--
Maarten J. H. van den Berg ~~//~~ network administrator van Boetzelaer van Bemmel - Amsterdam - The Netherlands http://vbvb.nl T+31204233288 F+31204233286 G+31651994273
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
On Wednesday 21 November 2001 17:36, Eric Romang wrote:
Hello,
Wbalizer was announce on the mailing-list :
[suse-security] SuSE Security Announcement: webalizer (SuSE-SA:2001:040) Date: Tuesday, Nov 06th, 2001 12.00 MET
Ehm, sorry, nope. It was announced on the list "suse-security". It was NOT announced on the list "suse-security-announce", which is a different, very-low-traffic list. At least (looking at the subject) it is not the message you pointed out above.
Regards.
Eric
-----Original Message----- From: Maarten J H van den Berg [mailto:maarten@vbvb.nl] Sent: 21 November 2001 16:26 To: suse-security@suse.com Subject: [suse-security] Security annoucements list & webpage UNmaintained ??
Hi !
This _might_ just be a misunderstanding perhaps, but...
This page: http://www.suse.com/us/support/security/index.html doesn't reflect the available patches that are listed, amongst others, here: http://www.suse.com/us/support/download/updates/72_i386.html
In fact, there are NO new vulnerabilities added to that webpage-listing since the kernel -addition on 2 Nov 2001. But, since then there have been vulnerabilities in (at least):
Postfix Susehelp Cyrus-sasl Ziptool Java2 Openssh Webalizer
But they are NOT put on the security-announce webpage, and neither are mailed to the suse-security-announce mailinglist !
What's up, SuSE ? This is not good news... Did I miss something ?
Maarten
--
Maarten J. H. van den Berg ~~//~~ network administrator van Boetzelaer van Bemmel - Amsterdam - The Netherlands http://vbvb.nl T+31204233288 F+31204233286 G+31651994273
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- brick (brik) n. (4) pl. Another item that can be used to crash windows. Maarten J. H. van den Berg ~~//~~ network administrator van Boetzelaer van Bemmel - Amsterdam - The Netherlands http://vbvb.nl T+31204233288 F+31204233286 G+31651994273
[suse-security] SuSE Security Announcement: webalizer (SuSE-SA:2001:040) Date: Tuesday, Nov 06th, 2001 12.00 MET
Ehm, sorry, nope. It was announced on the list "suse-security". It was NOT announced on the list "suse-security-announce", which is a different, very-low-traffic list. At least (looking at the subject) it is not the message you pointed out above.
I'm afraid it was. I have received Thomas' announcement from
suse-security-announce@.
Roman.
--
- -
| Roman Drahtmüller
On Wed, 21 Nov 2001, Maarten J H van den Berg wrote:
On Wednesday 21 November 2001 17:36, Eric Romang wrote:
Hello,
Wbalizer was announce on the mailing-list :
[suse-security] SuSE Security Announcement: webalizer (SuSE-SA:2001:040) Date: Tuesday, Nov 06th, 2001 12.00 MET
Ehm, sorry, nope. It was announced on the list "suse-security". It was NOT announced on the list "suse-security-announce", which is a different, very-low-traffic list. At least (looking at the subject) it is not the message you pointed out above.
Hm, I send it to suse-security-announce and confirmed the moderation mail and it's also in the archive. http://lists.suse.com/archive/suse-security-announce/2001-Nov/0001.html Bye, Thomas -- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: thomas@suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/contact/thomas.asc | pgp -fka" Key fingerprint = 51 AD B9 C7 34 FC F2 54 01 4A 1C D4 66 64 09 83 -- Trete durch die Form ein, und trete aus der Form heraus.
Hi !
This _might_ just be a misunderstanding perhaps, but...
This page: http://www.suse.com/us/support/security/index.html doesn't reflect the available patches that are listed, amongst others, here: http://www.suse.com/us/support/download/updates/72_i386.html
In fact, there are NO new vulnerabilities added to that webpage-listing since the kernel -addition on 2 Nov 2001. But, since then there have been vulnerabilities in (at least):
Postfix Susehelp Cyrus-sasl Ziptool Java2 Openssh Webalizer
But they are NOT put on the security-announce webpage, and neither are mailed to the suse-security-announce mailinglist !
The download page reflects that there are security-related update packages on the ftp server to download. What you do NOT see is that there are packages not yet available for the other architectures and distributions. In addition to that, not all of the update packages you might find on the download page will have an own announcement (just because they are not bad enough) and will instead be mentioned in section 2 of the next announcement. In the special case of openssh, we're checking all vulnerabilities that have been found in the package (as well as in the ssh package) to see if we missed something. In all cases, it's better to update a package that you find on the web/ftp server. None of the fixes there are really urgent (while cyrus-sasl is new), and if there are major or critical bugs fixed, you'll very soon know with an announcement.
What's up, SuSE ? This is not good news... Did I miss something ?
Maarten
Thanks,
Roman.
--
- -
| Roman Drahtmüller
participants (4)
-
Eric Romang -
Maarten J H van den Berg -
Roman Drahtmueller -
Thomas Biege