From owner-freebsd-security Tue Apr 17 15: 2:26 2001 Delivered-To: freebsd-security@freebsd.org Received: from zork.punq.net (punq.net [207.154.84.94]) by hub.freebsd.org (Postfix) with SMTP id B361537B422 for ; Tue, 17 Apr 2001 15:02:22 -0700 (PDT) (envelope-from marcus@zork.punq.net) Received: (qmail 3919 invoked by uid 1000); 17 Apr 2001 22:02:21 -0000 Date: Tue, 17 Apr 2001 15:02:21 -0700 From: Marcus Reid To: Jonathan Slivko Cc: freebsd-security@freebsd.org Subject: Re: Latency of security notifications Message-ID: <20010417150221.B3580@blazingdot.com> References: <200104171717.AA1124598422@stmail.pace.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200104171717.AA1124598422@stmail.pace.edu>; from js43064n@stmail.pace.edu on Tue, Apr 17, 2001 at 05:17:41PM -0400 Coffee-Level: high Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I saw the ftpd/glob() vulnerability on bugtraq yesterday, and the vulnerability report came out this afternoon. The ntpd vulnerability says Announced: 2001-04-06 but I got the report 2001-04-12. I think it's admirable that the reports come with patches and background, but I'd like to know to disable ntpd as soon as possible while waiting for details. I'm sure there are good reasons that things are the way that they are. My question was not in the spirit of bashing it. I just thought that this forum might be a good place to ask about sources of timely security notifications. On Tue, Apr 17, 2001 at 05:17:41PM -0400, Jonathan Slivko wrote: > Such as? > > ---------- Original Message ---------------------------------- > From: Marcus Reid > Date: Tue, 17 Apr 2001 14:13:41 -0700 > > >Hi: > > > >When I joined the freebsd-security-notifications mailing list, I set it up > >so that I got paged when an email came in from it, and forwarded the email > >to my other mailboxes, thinking that it was the best source of early-warning > >information possible. However there's been a couple of recent vulnerabilities > >that I heard about from somewhere else first. > > > >What are the best sources for early-warning security notifications? > > > >-- > >Marcus Reid > >Blazingdot.com > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-security" in the body of the message > > > > -- > ~~~~ > Jonathan M. Slivko > Systems Administrator, DataSyrge Internet Services > Global IRC Operator, AsylumNet IRC Network > ~~~~ > -- > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message