"A busy week for Debian, Conectiva and others. Problems in
tcpdump, ethereal, pine, joe, and Gaim. Most vendors are still
playing catch-up, and on some issues, such as pine, it is unclear
who is suffering exactly what problem - remote DoS, code execution,
etc. The good news (as almost always) is that some vendors have
gotten quite a bit better at producing security advisories, giving
credit, and getting them out timely. Now if only Debian would
number its advisories (hint, hint)."
"We lead off with general advisories and exploit code, then move
to vendor advisories. Most items appear in alphabetical order. If
we're missing a Linux vendor's advisory, please tell us - ditto for
any Linux-related security alerts. The long strings of hex in front
of package names are MD5 signatures."