Antwort: Re: [suse-security] fetchmail security announcement
I installed the "new" fetchmail rpm 5.6.5 for SuSE 7.1, but unfortunately fetchmail does not poll messages with the ETRN command any more. When starting to fetch the mails, fetchmail asks for a password (from lists.debian.org):
Debian bug #85938: fetchmail asks for a password when using ETRN;
This is a bug, which is fixed in 5.6.6. So, for me, this is not the right way "to avoid problems"! What could i do, if SuSE does not offer an upgrade to the latest version? CU Sven Thomas Biege <thomas@suse. An: Suse-Security <suse-security@suse.com> de> Kopie: Thema: Re: [suse-security] fetchmail security announcement 17.08.2001 11:17 On Fri, 17 Aug 2001, Togan Muftuoglu wrote:
Hi,
Hi.
Just received teh fetchmail related security announcement and IIRC on thebugtraq list it was mentioned fetchmail 5.8.17 and above is not vulnerable. Is it SuSE's numbering scheme diffirent or the patch has been applied to the preivious versions.
Second why the package numbers are different for 7.1 and 7.2 platforms
That's because we patch the original packets instead of making a version upgrade to avoid problems on older SuSE Linux versions. But in special cases we also did a version upgrade + testing, i.e. when the changes are too big. Have a nice weekend. Bye, Thomas -- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: thomas@suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/contact/thomas.asc | pgp -fka" Key fingerprint = 51 AD B9 C7 34 FC F2 54 01 4A 1C D4 66 64 09 84 -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com _____________________________________________ Sven Westenberg EDV/Schäfer Trennwandsysteme GmbH Phone: +49 (2687) 9151-46 Fax: +49 (2687) 9151-30 Email: s.westenberg@schaefer-trennwandsysteme.de
"Sven Westenberg" <s.westenberg@schaefer-trennwandsysteme.de> wrote:
What could i do, if SuSE does not offer an upgrade to the latest version?
I am sorry to say, but You could download the source tarball and build a rpm or just compile and install the new version by yourself. It is really not such a difficult task. Martin -- martin.peikert@innominate.com innominate AG http://www.innominate.com tel: +49.30.308806-0 fax: -77 gpg: http://innominate.org/gpg/mpe.gpg
What could i do, if SuSE does not offer an upgrade to the latest version?
I am sorry to say, but You could download the source tarball and build a rpm or just compile and install the new version by yourself. It is really not such a difficult task.
The whole thing is a dilemma that is not easy to solve. Our usership expects us to be compatible with ourselves, and people expect us to ship the most recent versions of the packages. Basically, this is the reason for us to make more than one distribution per year. Upgrade, that's what it's for. Guess what we spend our time with, and why it takes a few days more for SuSE to publish update packages, as compared to distributors who support only the latest version of their distribution.
Martin
Thanks, Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - -
Roman Drahtmueller <draht@suse.de> wrote:
What could i do, if SuSE does not offer an upgrade to the latest version?
I am sorry to say, but You could download the source tarball and build a rpm or just compile and install the new version by yourself. It is really not such a difficult task.
The whole thing is a dilemma that is not easy to solve. Our usership expects us to be compatible with ourselves, and people expect us to ship the most recent versions of the packages. Basically, this is the reason for us to make more than one distribution per year. Upgrade, that's what it's for.
Guess what we spend our time with, and why it takes a few days more for SuSE to publish update packages, as compared to distributors who support only the latest version of their distribution.
I can understand that you need a few days more, but if he really needs that update that urgent that he's posting such a question to the security mailing list - I could not resist to give him an answer. Next time I won't post such answers to the list but to the questioner directly. I'm sorry for wasting your time. But I think it's clear now why you need sometimes a bit more time for an update than other distributors. Martin -- martin.peikert@innominate.com innominate AG http://www.innominate.com tel: +49.30.308806-0 fax: -77 gpg: http://innominate.org/gpg/mpe.gpg
I can understand that you need a few days more, but if he really needs that update that urgent that he's posting such a question to the security mailing list - I could not resist to give him an answer. Next time I won't post such answers to the list but to the questioner directly.
Oh, go ahead, please! Your answer was right, I guess from mine as well as from other's perspectives. Your posting was a valuable contribution to that discussion, and this matter is most definitely important.
I'm sorry for wasting your time. But I think it's clear now why you need sometimes a bit more time for an update than other distributors.
I think you did not waste anybody's time.
Martin
Thank you, Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - -
Roman Drahtmueller wrote:
I can understand that you need a few days more, but if he really needs that update that urgent that he's posting such a question to the security mailing list - I could not resist to give him an answer. Next time I won't post such answers to the list but to the questioner directly.
Oh, go ahead, please! Your answer was right, I guess from mine as well as from other's perspectives. Your posting was a valuable contribution to that discussion, and this matter is most definitely important.
I'm sorry for wasting your time. But I think it's clear now why you need sometimes a bit more time for an update than other distributors.
I think you did not waste anybody's time.
Martin
If someone needs a fix that urgent why don't they get the latest source and compile themselves? Or are they an incompetent admin or just plain lazy and want someone else to do their work for them? -- Ken
** Reply to message from Ken Schneider <kschneider@rtsx.com> on Fri, 17 Aug 2001 08:37:50 -0400 ** If someone needs a fix that urgent why don't they get the latest source ** and compile themselves? Or are they an incompetent admin or just plain ** lazy and want someone else to do their work for them? ** ** -- ** Ken could be they are really new , and also under attack... it happens afterthought: Suppose you had everything. Where would you keep it?
participants (5)
-
jfweber@eternal.net -
Ken Schneider -
Martin Peikert -
Roman Drahtmueller -
Sven Westenberg