Re: mozilla's recent hole

2002-05-05 Thread frodo
NH>> Anybody with half-decent programming skills can program something that NH>> daily mirror's or rsync's Redhat's updates, checks their gpg signatures, NH>> and then either apply them automatically or apply them by hand once in NH>> a while (I do the latter). Up to apply position, it's easy ind

Re: mozilla's recent hole

2002-05-05 Thread frodo
TC>> > *Update mechanism reliability reputation*: Bad personal experience, but TC>> > not in a server. Anyone using it? I have experienced up2date to break my samba installation on upgrade (new RPM appared installed, but in fact number of files were missing, so I had to download and install them

Re: mozilla's recent hole

2002-05-05 Thread Tzafrir Cohen
On Sun, 5 May 2002, Nadav Har'El wrote: > On Sun, May 05, 2002, Tzafrir Cohen wrote about "Re: mozilla's recent hole": > > up2date requires registration (unlike redhat itself). Does this pose any > > technical problems? > > Anybody with half-decent prog

Re: mozilla's recent hole

2002-05-05 Thread Nadav Har'El
On Sun, May 05, 2002, Tzafrir Cohen wrote about "Re: mozilla's recent hole": > up2date requires registration (unlike redhat itself). Does this pose any > technical problems? Anybody with half-decent programming skills can program something that daily mirror's or rsync&

Re: mozilla's recent hole

2002-05-04 Thread Tzafrir Cohen
On Fri, 3 May 2002, Shachar Shemesh wrote: > From what I understood about this bug, it was irrelevant for Mozilla > RC-1 because the exploited feature was not working at all there (i.e. - > the bug was there, but another bug prevented exploiting the first one). > > I am using debian sid, and the

Re: mozilla's recent hole

2002-05-03 Thread Shachar Shemesh
From what I understood about this bug, it was irrelevant for Mozilla RC-1 because the exploited feature was not working at all there (i.e. - the bug was there, but another bug prevented exploiting the first one). I am using debian sid, and they carry nightly mozilla builds (mine is from 20020

Re: mozilla's recent hole

2002-05-03 Thread Aviram Jenik
> > It seems that recently a meduim security hole was exposed in mozilla: > allows a server to read local files. > [snip] > Anybody here happens to know more about the ways in which GreyMagic tried > to inform Netscape of this flaw (according to ther advisory)? The bugs in > the bugzilla were only

mozilla's recent hole

2002-05-03 Thread Tzafrir Cohen
Hi It seems that recently a meduim security hole was exposed in mozilla: allows a server to read local files. See the origianl advisory: http://sec.greymagic.com/adv/gm001-ns/ as well as lwn.net's short summary: http://lwn.net/2002/0502/security.php3 Anybody here happens to know more abo