[Full-disclosure] [ MDKSA-2007:101 ] - Updated bind packages fix vulnerability

Jeroen Massar jeroen at unfix.org
Thu May 10 01:54:20 BST 2007 

Jeroen Massar wrote:
> security at mandriva.com wrote:
>>  _______________________________________________________________________
>>
>>  Mandriva Linux Security Advisory                         MDKSA-2007:101
>>  http://www.mandriva.com/security/
>>  _______________________________________________________________________
>>
>>  Package : vim
>>  Date    : May 9, 2007
>>  Affected: 2007.0, 2007.1
> 
> But the subject line reads:
> 
> [ MDKSA-2007:101 ] - Updated bind packages fix vulnerability
> 
> So is this a spoof or is this a spoof?
> Or did somebody make a booboo at Mandriva. The PGP key seems to at least
> check out for the fact that the signature on the part of the message
> that is signed is correct. As the PGP key is not in the strong set it
> can't be really trusted of course.

Also setting a Reply-To: to a broken xsecurity at mandriva.com absolutely
doesn't make any sense (unless you want to partially overcome the
problem of vacation messages getting bounced back, but hey those people
will nicely ignore your Reply-To anyway....)

--

This is the Postfix program at host imap.mandriva.com.

I'm sorry to have to inform you that your message could not be
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to <postmaster>

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

			The Postfix program

<xsecurity at mandriva.com>: host
    /var/lib/imap/socket/lmtp[/var/lib/imap/socket/lmtp] said: 550-Mailbox
    unknown.  Either there is no mailbox associated with this 550-name
or you
    do not have authorization to see it. 550 5.1.1 User unknown (in reply to
    RCPT TO command)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 311 bytes
Desc: OpenPGP digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070510/b3c3d277/attachment.bin

Full-Disclosure is hosted and sponsored by Secunia.