Quoting cout at eircom.net (cout at eircom.net):
> Still I find it interesting people would think that simply emerging to
> a different version of a package would be less secure than any other
You must have heard that on some other mailing list, since nobody here
said it. Some of us here have commented on uncertain quality control in
administration and design matters, which are a different matter
> As far as I know, now feel free to correct me if I'm wrong, but all
> the other major distrobutions like 'Red Hat' which people on this list
> seem fond of have the zlib exploit present do they not?
By the time the advisories came out, Debian woody/3.0 (current "testing"
branch) package had long since incorporated the fix and auto-distributed
out to systems in the field via apt-get, without sysadmins having to
even watch out for the problem. And, according to
http://www.debian.org/security/ , the potato/2.2 (current "stable")
tbranch got its fixed packages on March 11, the same day the security
advisory came out.
Cheers, "That article and its poster have been cancelled."
Rick Moen -- David B. O'Donnel, sysadmin for America Online
rick at linuxmafia.com
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!