On Sun, 21 Jun 2015 21:47:48 +0200 Michael Franzl
wrote:
> On Thu, 18 Jun 2015 20:19:02 -0400 Michael Gilbert
> wrote:
> > Anyway the Debian security tracker is tracking this [2].
>
> > [2] https://security-tracker.debian.org/tracker/TEMP-000-A21526
>
> This link is dead / says "Not found"
On Thu, 18 Jun 2015 20:19:02 -0400 Michael Gilbert
wrote:
Anyway the Debian security tracker is tracking this [2].
[2] https://security-tracker.debian.org/tracker/TEMP-000-A21526
This link is dead / says "Not found". Could you post the correct link?
Thanks
--
To UNSUBSCRIBE, email to
On Thu, 2015-06-18 at 20:36 -0400, Michael Gilbert wrote:
> See previous message.
I've had read that only afterwards, as well as this message.
> You will get
> absolutely nowhere continuing to tell people that they need to drop
> everything to scratch your particular itches.
I don't think I've as
On Thu, 2015-06-18 at 20:19 -0400, Michael Gilbert wrote:
> Except that the actual contents of the downloaded files in many ways
> do not actually matter. Those files are nacl executables, which are
> sandboxed in any nacl-enabled chromium, so barring a sandbox escape
> included in the files, this
Michael Gilbert wrote:
> Yes, nacl is intentionally disabled in the Debian packages, [...]
> [...]
> No, it does not work. Obviously nacl applications cannot execute
> without a nacl interpreter.
Thanks! That's quite reassuring for Debian users at least.
Christoph Anton Mitterer wrote:
> I don'
On Thu, Jun 18, 2015 at 8:23 PM, Christoph Anton Mitterer wrote:
> - still no DSA (or something like that)
See previous message.
> - still no concentrated effort at the Debian level to pro-actively work
> against such sources that include or more or less secretly download
> blobs
If you have an
On Thu, 2015-06-18 at 23:42 +0100, Steven Chamberlain wrote:
> Upstream have said:
> https://code.google.com/p/chromium/issues/detail?id=491435#c10
> > This is not "opt-in default". If you do not explicitly opt in
> > (using
> > the "Enable Ok Google" setting in chrome://settings), then this
> >
Since this made it to LWN [0] and Y Combinator [1] with an incredible
amount of misinformation, let's attempt a (hopefully) non-hyped
conversation about this, which unfortunately didn't happen a few days
ago.
On Tue, Jun 16, 2015 at 9:15 AM, Christoph Anton Mitterer wrote:
> On Tue, 2015-06-16 at
On Thu, Jun 18, 2015 at 7:33 PM, Steven Chamberlain wrote:
> Steven Chamberlain wrote:
>> would the
>> DFSG chromium browser be 'more' free if it disabled NaCl?
>
> Actually, in the build log I see disable_nacl=1
>
> I'm confused that hotword-x86-64.nexe is "a NaCl module" [0], even
> though Debian
Steven Chamberlain wrote:
> would the
> DFSG chromium browser be 'more' free if it disabled NaCl?
Actually, in the build log I see disable_nacl=1
I'm confused that hotword-x86-64.nexe is "a NaCl module" [0], even
though Debian's chromium is built with NaCl 'disabled'?
Does this feature actually
Hi,
Upstream have said:
https://code.google.com/p/chromium/issues/detail?id=491435#c10
> This is not "opt-in default". If you do not explicitly opt in (using
> the "Enable Ok Google" setting in chrome://settings), then this module
> will not run.
That suggests to me that security of users was not
On Tue, 2015-06-16 at 00:49 -0400, Michael Gilbert wrote:
> Barring the obtusely incorrect rootkit miscategorization
Well, as I've said,.. no one can really tell what it is, since it's a
blob,... and even if one would assume that someone could correctly
reverse engineer it, or reproducibly build i
On Mon, Jun 15, 2015 at 11:16 PM, Christoph Anton Mitterer wrote:
> Shouldn't we see a DSA following this incident?
>
> Since no one really know which binaries have been downloaded there and
> what they actually do, and since it cannot be excluded that it was
> actually executed, such systems are b
Hi.
Shouldn't we see a DSA following this incident?
Since no one really know which binaries have been downloaded there and
what they actually do, and since it cannot be excluded that it was
actually executed, such systems are basically to be considered
compromised.
Quite a deal of people choose
On jeu., 2015-05-28 at 21:37 -0400, Michael Gilbert wrote:
> control: tag -1 confirmed, help
>
> On Wed, May 27, 2015 at 7:25 AM, Yves-Alexis Perez wrote:
> > Note that the binary blob is executed throught native client, which is
> > not enabled by default, so I /think/ you need explicit action fr
control: tag -1 confirmed, help
On Wed, May 27, 2015 at 7:25 AM, Yves-Alexis Perez wrote:
> Note that the binary blob is executed throught native client, which is
> not enabled by default, so I /think/ you need explicit action from the
> user (although if you enable NaCl for something else, then y
On mer., 2015-05-27 at 13:23 +0200, Vincent Bernat wrote:
> Same here. I did delete the extension path but somehow Chromium seems to
> think it's still here (I have the same output as you except "Shared
> Module Platforms"). You can check if it is running using the task
> manager: from various bug
❦ 27 mai 2015 12:56 +0200, Yves-Alexis Perez :
> Chromium 43.0.2357.65 (Built on Debian stretch/sid, running on Debian
> stretch/sid)
> OSLinux
> NaCl Enabled No
> MicrophoneNo
> Audio Capture Allowed Yes
> Current Language en-US
> Hotword Previous Language en-US
> Hotwor
On mer., 2015-05-27 at 12:52 +0200, Yves-Alexis Perez wrote:
> On mer., 2015-05-27 at 01:23 +0900, YOSHINO Yoshihito wrote:
> > Package: chromium
> > Version: 43.0.2357.65-1
> > Severity: serious
> > Tags: security upstream
> > Justification: Policy 2.1.2
> > Control: forwarded -1
> > https://code
On mer., 2015-05-27 at 01:23 +0900, YOSHINO Yoshihito wrote:
> Package: chromium
> Version: 43.0.2357.65-1
> Severity: serious
> Tags: security upstream
> Justification: Policy 2.1.2
> Control: forwarded -1
> https://code.google.com/p/chromium/issues/detail?id=491435
>
> Dear Maintainer,
>
> Aft
Package: chromium
Version: 43.0.2357.65-1
Severity: serious
Tags: security upstream
Justification: Policy 2.1.2
Control: forwarded -1 https://code.google.com/p/chromium/issues/detail?id=491435
Dear Maintainer,
After upgrading chromium to 43, I noticed that when it is running and
immediately after
21 matches
Mail list logo
