Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20130610125335.GA22803@kludge.henri.nerv.fi>
Date: Mon, 10 Jun 2013 15:53:35 +0300
From: Henri Salo <henri@...v.fi>
To: gremlin@...mlin.ru
Cc: oss-security@...ts.openwall.com
Subject: Re: CVE request: Debian's package "mysql-server"
 leaks credential information

On Mon, Jun 10, 2013 at 03:26:30PM +0400, gremlin@...mlin.ru wrote:
> I know lots (even for MySQL, which we are discussing, I can recall
> at least mysqldump producing trash, or several replication issues),
> but I don't want to waste my time.
> 
> P.S.: http://pics.rsh.ru/img/debipoke_demo_itnrnj4r.png :-)

What do you mean by wasting time? Could you elaborate a bit more. I know that
there are several persons in this list who are actively fixing and reporting
security issues to Debian. Don't hide behind picture if you have some real
opinion why you should not be reporting bugs to Debian. You could even list the
problems here and I can deal with reporting part. Are you refering to this?
http://www.debian.org/security/2013/dsa-2667

---
Henri Salo

Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.