Bugtraq mailing list archives

Re: OpenBSD xlock exploit

From: Darren Reed <avalon () COOMBS ANU EDU AU>
Date: Mon, 9 Oct 2000 11:22:27 +1100

In some mail from Theo de Raadt, sie said:
[...]

I am sorry, but you and K2 are out of line when you say that we didn't
tell the world about this.  We did.


Hmmm, I'll beg to differ and nit pick.  You published information locally
to www.openbsd.org but didn't announce via an active distribution that
known security problems had been fixed.  What you're essentially saying
is that "check the openbsd web site regularly because we're not going to
announce (via) any advisories when we fix known security holes".

[...]

So, and I see this with sincere sarcasm, do you want me to post all of
our patches for all of our format string fixes?  I can, if you really
want.  Think about where bugtraq would head if we were to do that.


We already see n patches for Linux this and Linux that, not to forget
the spam from n Linux vendors when each one fixes a problem, so I'm
not sure that it would detract from bugtraq in any meaningful manner.

Darren

Current thread:

OpenBSD xlock exploit Noir Desir (Oct 05)
- <Possible follow-ups>
- Re: OpenBSD xlock exploit lunguz (Oct 05)
- Re: OpenBSD xlock exploit Theo de Raadt (Oct 06)
- Re: OpenBSD xlock exploit Theo de Raadt (Oct 08)
  - Re: OpenBSD xlock exploit Darren Reed (Oct 09)
  - Re: OpenBSD xlock exploit Riley Hassell (Oct 10)