[PLUTO-security] [Fwd: Postfix: old bugs keep coming back]
Tom aka 'Dido'
tom at pluto.linux.it
Thu Aug 7 14:07:47 CEST 2003
Il parere del creatore di Postfix... Scusate se è un po' OT, ma mi
pareva una bellissima riflessione...
Dido
-----Forwarded Message-----
> From: Wietse Venema <wietse a porcupine.org>
> To: bugtraq a securityfocus.com
> Subject: Postfix: old bugs keep coming back
> Date: 04 Aug 2003 21:36:16 -0400
>
> Bugs happen. Perhaps more unusual is that the two problems reported
> today by Michal Zalewski were fixed nine or more months ago and
> that the fixed code has been publically available all that time.
>
> Number one was fixed as the accidental side effect of a code reorg.
> Number two was fixed by an explicit bugfix (not thought to be
> security related at the time). Unfortunately, number two did not
> feature in Michal's draft advisory that I worked off last week;
> I'd happily have fixed some technical inaccuracies in his text.
>
> This episode is a reminder that bugs don't necessarily go away even
> when they are fixed. Once the source code goes out the door you
> no longer control what happens with it. The result is that people
> can discover old fixed bugs in "brand-new" software.
>
> This phenomenon is far from new. As someone told me in private
> email, Robert Morris Sr. lamented that he personally had fixed some
> of the security bugs in the UNIX utilities back in the late '70's,
> but they were still being exploited almost 20 years later.
>
> Wietse
More information about the pluto-security
mailing list