> From: "Geo." 
> Yes it does.
> If you get sqlserver as part of an application, don't you hold the vendor of
> that application responsible for notification when that app requires sql
> patch? How are you supposed to know if you can install the standard MS sql
> patches or not? (ask Glenn about this, webboard includes sql server but
> won't take MS patches)

If it's a part of the OS then it's an OS problem. According to MS
themselves IE etc are an intrinsic part of the OS. Noone I know says that
GAIM is an intrinsic part of an OS. In fact given there are versions for a
load of OS'es including windows then it's a Windows problem as well

http://gaim.sourceforge.net/win32/index.php

The version affected is 0.75 & the Windows version is 0.75 so it must
be a Windows vulnerability. So how come MS haven't issued advisories for
it?

MS chooses to make these various things (IE, OE, WMP etc) "part of the
OS" for their own marketing & legal reasons. No one forced them to
make IE part of Windows. 



Adam



> Geo.
> "Adam Flinton"  wrote in message
> news:402c8256$1{at}w3.nls.net...
>> Geo. wrote:
>> 
>> > if it's part of the distribution it counts.
>> >
>> 
>> Ah right so Turbo linux bundle DB2. Does that mean a Db2 vuln is a linux
>> vuln? Or is it an AIX,OS400, Win32, Solaris, VMS, Linux, OS/2,HP-UX etc
>> vuln ?
>> 
>> 
>> I can't really see IBM letting Turbo Linux having the source to DB2 &
>> doing the fixes themselves.
>> 
>> Adam
>> 
>> > Geo.
>> >
>> > "Adam Flinton" 
wrote in message
>> > news:402b2d0f$1{at}w3.nls.net...
>> >
>> >>Rich wrote:
>> >>
>> >>
>> >>>   You don't have to look so far.  RedHat released a
bulletin for a
>> >>>remote attack and likely exploit today.  See
>> >>>https://rhn.redhat.com/errata/RHSA-2004-051.html.
>> >>
>> >>Which is for an application called mutt not linux.
>> >>
>> >>
>> >>>The previous remote
>> >>>vulnerability, not the previous vulnerbility, was just
three weeks
>> >>>earlier (https://rhn.redhat.com/errata/RHSA-2004-032.html).
>> >>
>> >>Which is for a IM app called GAIM not linux.
>> >>
>> >>
>> >>>There are
>> >>>11 security vulnerabilities in redhat linux 9 so far
this year and 81
>> >>>since it was released just 10-1/2 months ago.  That is
about 7-1/2
>> >>>vulnerabilities per month.  It's not that linux is not full of
> problems,
>> >>>it's that virtually no one cares.
>> >>>
>> >>
>> >>Hey let's start adding up all the vulnerabilities in all the windows
>> >>applications. Heck a mozilla on windows problem would thus be a
>> >>Windows/MS one as would an AOL one or a borland one etc.etc.
>> >>
>> >>Adam
>> >>
>> >>
>> >>>Rich
>> >>>
>> >>>
>> >>>    "Jeff Shultz" > >>>    >
wrote in message
>> >>>    news:pan.2004.02.12.05.48.06.499952{at}shultzinfosystems.com...
>> >>>    On Tue, 10 Feb 2004 20:55:34 -0500, Geo. wrote:
>> >>>
>> >>>     > http://www..eeye.com/html/Research/Upcoming/index.html
>> >>>   
http://www.eeye.com/html/Research/Upcoming/index.html>
>> >>>     >
>> >>>     > Just go look it's not an exploit it's a list
of reasons why you
>> >
>> > can't
>> >
>> >>>     > trust MS to protect your computers.
>> >>>     >
>> >>>     > Geo.
>> >>>
>> >>>    There are some who would probably kill me for
this.. but I'd really
>> >
>> > be
>> >
>> >>>    interested in seeing what would happen if eeye
turned some of that
>> >>>    talent
>> >>>    loose on Linux.
>> >>>
>> >>>    Either we'd get a heck of a lot of fixes...or the
Linux-heads would
>> >
>> > have
>> >
>> >>>    some strong evidence to back up the claim that
Linux is more secure
>> >
>> > than
>> >
>> >>>    Windows.
>> >>
>> >
>> >
>> 

--- BBBS/NT v4.01 Flag-5