George P Boutwell on 2005-07-14 18:02:40 -0500:
> > > 2) Apache & or cgi-bins I use, where the cause of my closest to being
> > > compromised situations. If I set-up Apache, PHP, cgis, etc in a
> > > chroot jail, how can I still provide and /~username/ type set-up, as I
> > > have at least 2 situ
George P Boutwell wrote:
...
It looks as though you've gotten at least one other reply, but I've not
seen it/them (yet)
3) I'd like to provide some limited SFTP (SSH FTP) mechanisms for
select individuals, for these I would really like to do away with the
shell, but I haven't found away, how
On 15/07/2005 3:33 AM, Luigi Gangitano wrote:
but didn't succeed. Can somebody please provide some more informations
like
- configuration file
- type of DNS used (BIND, dnscache, etc)
- a core file (if found)
I'm preparing a debug-enabled version to help extract more details, I'll
send to whom
On 7/14/05, DI Peter Burgstaller <[EMAIL PROTECTED]> wrote:
> I'm using AIDE and am very happy with it.
Thanks I'll look into it.
> > 2) Apache & or cgi-bins I use, where the cause of my closest to being
> > compromised situations. If I set-up Apache, PHP, cgis, etc in a
> > chroot jail, how can
Hello,
I currently have a Woody NAT/Firewall machine that provides internet
to my home LAN. In addition to that it provides Web proxy and Web
serving (mainly for a few pages for my family and friends). It's been
running nicely for several years now. Last year I had 2 cases where I
had near mi
On Thursday 14 July 2005 22:03, Fredrik "Demonen" Vold wrote:
> I think it's possible for a script to list all installed packages,
> then check each of them against the bug report system to see if the
> installed version has a security bug filed against it.
>
> Maybe if some autmated system on the
Greetings,
Am Donnerstag, 14. Juli 2005 17:40 schrieb Herwig Wittmann:
> Hi!
>
> I am trying to understand if my organization can rely on the debian
> security announcement mailing list as only source of security alerts in
> the future.
>
> This would be very convenient- but the delay that seems t
> More important is to know if you are vulnerable.
Yeah. I agree.
I purpose a slight addition to dpkg:
dpkg-secure
I think it's possible for a script to list all installed packages,
then check each of them against the bug report system to see if the
installed version has a security bug filed a
* Herwig Wittmann <[EMAIL PROTECTED]> [050714 17:58]:
> I am trying to understand if my organization can rely on the debian
> security announcement mailing list as only source of security alerts in
> the future.
I think even when there are no temporary problems with the security
infrastructure, th
Adobe PhotoShop CS 8.0 - $44.95
Norton Internet Security Professional 2005 - $19.95
Norton Internet Security Professional 2005 - $19.95
QuickBooks Pro Edition 2004 - $49.95
and much more. at http://replacesoft.com/?a=3331 with fr e e e bonus.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
Hi all,
I'm investigating this issue with upstream.
> squid: rfc1035.c:410: rfc1035RRUnpack: Assertion `(*off) <= sz' failed.
> Aborted
This is the error. Incorrect parsing of DNS replies.
> Since RFC 1035 deals with DNS and the Squid patch ist meant to
> specifically fix a DNS issue, I suspect
On Thu, Jul 14, 2005 at 05:40:22PM +0200, Herwig Wittmann wrote:
> This would be very convenient- but the delay that seems to have passed
> between the original squirrelmail security announcement and the time I
> received the alert via [EMAIL PROTECTED] is worrying:
>
> The Vulnerability seems to
On Thu, Jul 14, 2005 at 05:40:22PM +0200, Herwig Wittmann wrote:
> Hi!
>
> I am trying to understand if my organization can rely on the debian
> security announcement mailing list as only source of security alerts in
> the future.
>
> This would be very convenient- but the delay that seems to hav
* Gunther Stammwitz:
> No answer yet... Does anyone know what's going on at the security
> team?
You should report publicly documented security issues to the Bug
Tracking System (with a "security" tag), and not directly to the
security team. The BTS is read by more people, and the actual package
* Herwig Wittmann:
> I do not want to rude in any way- please try to excuse my way of
> putting things, but does anybody have a prediction how probable it
> is for such a thing to happen again?
Delays in the order of weeks are pretty standard, and not always they
are caused by embargoes. It's a
Hi!
I am trying to understand if my organization can rely on the debian
security announcement mailing list as only source of security alerts in
the future.
This would be very convenient- but the delay that seems to have passed
between the original squirrelmail security announcement and the time I
Title: Re: Hey My girl Bought me the patch
Sarah Franklin
Vendor Files Office Manager
ITN/NTA
18T073
Tel. 02/202.77.11
Mobile: 0476/20.62.28
email: mailto:[EMAIL PROTECTED]
DISCLAIMER
http://www.belgacom.be/maildisclaimer
No answer yet... Does anyone know what's going on at the security team?
Gunther
-Ursprüngliche Nachricht-
Von: Gunther Stammwitz [mailto:[EMAIL PROTECTED]
Gesendet: Sonntag, 10. Juli 2005 01:45
An: '[EMAIL PROTECTED]'
Betreff: critical bug in cacti
Wichtigkeit: Hoch
-BEGIN PGP SIG
* Andreas Gredler:
> On Wed, Jul 13, 2005 at 08:31:25PM +0200, Florian Weimer wrote:
>
>> Alternatives
>>
>> Most large ISPs who run customer PHP scripts on shared hosting
>> servers do not use mod_php (or other forms of direct
>> integration into a web server), but use the CGI version of PHP,
On Wed, Jul 13, 2005 at 08:31:25PM +0200, Florian Weimer wrote:
> Alternatives
>
> Most large ISPs who run customer PHP scripts on shared hosting
> servers do not use mod_php (or other forms of direct
> integration into a web server), but use the CGI version of PHP, href="http://httpd.apache.or
You may have received this comment already -- but please include the
package name as one of the first words in the subject line as tradition,
instead of the last -- or else I won't see it in my MUA.
i.e "New phpgroupware package fixes..." instead of above.
Thanks!
Brian
Michael Stone wrote:
* Kurt Roeckx:
> Hi Florian,
>
> Thanks for doing all of this, since it was rather manual work for me.
>
> Afaik, there are 3 kind of problems with zlib:
> - It's build-depending zlib, but linking staticly
> - It has it's own copy of zlib, and links staticly to it
> - It has it's own copy of the z
Hi Florian,
Thanks for doing all of this, since it was rather manual work for me.
Afaik, there are 3 kind of problems with zlib:
- It's build-depending zlib, but linking staticly
- It has it's own copy of zlib, and links staticly to it
- It has it's own copy of the zlib package (ia32-libs, amd64-
23 matches
Mail list logo
