* Jeroen Massar <jeroen@xxxxxxxxx> [2007-05-10 01:54:20 +0100]:
Jeroen Massar wrote:security@xxxxxxxxxxxx wrote:_______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:101 http://www.mandriva.com/security/ _______________________________________________________________________ Package : vim Date : May 9, 2007 Affected: 2007.0, 2007.1But the subject line reads: [ MDKSA-2007:101 ] - Updated bind packages fix vulnerability So is this a spoof or is this a spoof? Or did somebody make a booboo at Mandriva. The PGP key seems to at least check out for the fact that the signature on the part of the message that is signed is correct. As the PGP key is not in the strong set it can't be really trusted of course.
This was a booboo. The advisory contents are correct, just the subject line was incorrect.
Also setting a Reply-To: to a broken xsecurity@xxxxxxxxxxxx absolutely doesn't make any sense (unless you want to partially overcome the problem of vacation messages getting bounced back, but hey those people will nicely ignore your Reply-To anyway....)
Over 60% of the out-of-office or undeliverable messages have been eliminated by doing this. It's not 100% effective, but I'll take a 60% reduction anyday. -- Vincent Danen @ http://linsec.ca/
Attachment:
pgp9w3XDF3brT.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/