Hi everyone,
I've recently uploaded (to experimental only) new Snort 2.3.0 packages
(based on the release made by the Snort team last January 25th). One of the
main reasons I've uploaded this to experimental (and not sid) is that I've
introduced /etc/default/snort and made /etc/snort/snort.comm
SecurityFocuse newsletter #286 lists some bind issues:
http://www.securityfocus.com/bid/12364
CAN-2005-0033
http://www.securityfocus.com/bid/12365
CAN-2005-0034
Anyone know how Debian stands with these?
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
--
To UNSUBSCRI
Anyone know if gs-gpl is affected by the issues mentioned at
http://www.securityfocus.com/bid/12327?
(Asstute readers will realise that I'm going through the securityfocuse
newsletter #285.)
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
--
To UNSUBSCRIBE, email to
Anyone know if any Debian kernels are vulnerable to CAN-2004-1237?
Apparently it was originally just thought to be a redhat thing, but
bugtraq recently said it was also found in suse.
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
--
To UNSUBSCRIBE, email to [EMAIL
Has there been a DSA for apache, in relation to the securityfocus
bugtraqID #12308?
http://www.securityfocus.com/bid/12308
Cheers
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Co
On Tue, Feb 08, 2005 at 10:40:22PM -0200, Henrique de Moraes Holschuh wrote:
Your point being? We all know how well that little padlock works...
The point being that, good or bad, right or wrong, that's how the net
works.
Mike Stone
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "
On Tue, 08 Feb 2005, Michael Stone wrote:
> On Tue, Feb 08, 2005 at 10:29:43PM +0100, Florian Weimer wrote:
> >IMHO, the whole underlying idea that you can use a name to tell if a
> >site is trustworthy is flawed. The net just doesn't work this way.
>
> Yes it does. Ecommerce security is founded
On Tue, Feb 08, 2005 at 05:16:20PM -0500, Joey Hess wrote:
And if you have trusted that little padlock with anything important
anytime recently without at least making sure you have reasonable
insurance, you've not been paying attention.
Welcome to the internet. Just getting users to verify that th
* Joey Hess:
> Florian Weimer wrote:
>> People are filing security bugs because of the homograph issue. But
>> is this a real security problem? Do you think we should change our
>> fonts so that 1, l and I (and O and 0, of course) are more different
>> visually?
>
> That misses part of the point
In article <[EMAIL PROTECTED]> you wrote:
> The name is what associates a CA signature with a site. They're not
> signing the IP number.
The Browser is checking the address agaist the DN itself. So if the padlock
is blue, the certificate is for the current URL. Then you have to check the
content
* Michael Stone:
> On Tue, Feb 08, 2005 at 10:59:44PM +0100, Florian Weimer wrote:
>>Uh-oh. No. It appears if someone has paid a few bucks to someone
>>else. This has got nothing to do with names, they are not verified by
>>most CAs.
>
> The name is what associates a CA signature with a site. T
Florian Weimer wrote:
> People are filing security bugs because of the homograph issue. But
> is this a real security problem? Do you think we should change our
> fonts so that 1, l and I (and O and 0, of course) are more different
> visually?
That misses part of the point of the homograph issue
On Tue, Feb 08, 2005 at 10:59:44PM +0100, Florian Weimer wrote:
Uh-oh. No. It appears if someone has paid a few bucks to someone
else. This has got nothing to do with names, they are not verified by
most CAs.
The name is what associates a CA signature with a site. They're not
signing the IP numb
* Michael Stone:
> On Tue, Feb 08, 2005 at 10:29:43PM +0100, Florian Weimer wrote:
>>IMHO, the whole underlying idea that you can use a name to tell if a
>>site is trustworthy is flawed. The net just doesn't work this way.
>
> Yes it does. Ecommerce security is founded on the idea that if the
> l
On Tue, Feb 08, 2005 at 10:29:43PM +0100, Florian Weimer wrote:
IMHO, the whole underlying idea that you can use a name to tell if a
site is trustworthy is flawed. The net just doesn't work this way.
Yes it does. Ecommerce security is founded on the idea that if the
little padlock is lit up you're
People are filing security bugs because of the homograph issue. But
is this a real security problem? Do you think we should change our
fonts so that 1, l and I (and O and 0, of course) are more different
visually?
IMHO, the whole underlying idea that you can use a name to tell if a
site is trust
On Tue, Feb 08, 2005 at 04:58:36PM +0100, Frank K?ster wrote:
> I find the text of this advisory really confusing - the subject and
> Package line talk about xemacs21, the description about "Emacs, the
> well-known editor" and "your emacs packages". If it isn't sufficiently
> confusing to make xem
[EMAIL PROTECTED] (Martin Schulze) schrieb:
> Package: xemacs21
[...]
> Max Vozeler discovered several format string vulnerabilities in the
> movemail utility of Emacs, the well-known editor. Via connecting to a
> malicious POP server an attacker can execute arbitrary code under the
> pri
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 08, 2005 9:08 AM
To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 671-1] New xemacs21 packages fix arbitrary code
execution
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Feb 08, 2005 at 03:17:12AM -0200, Felipe Massia Pereira wrote:
>Do I really have to check all .deb files of Packages files if I have
>already checked all Packages' files themselves and they do check? AFAIK
>apt-get always check if md5 (from Packages files it downloads) does not
>match an
20 matches
Mail list logo
