Re: Thanks to Debian OpenSSL developers

2008-05-17 Thread s. keeling
Izak Burger <[EMAIL PROTECTED]>: > On Thu, May 15, 2008 at 9:58 PM, Guido Hennecke > <[EMAIL PROTECTED]> wrote: > > In Germany we say: "Wer nichts macht, macht auch nichts verkehrt". > > Which means: he who does nothing makes no mistakes. (For those who > don't understand German) Danke. "

Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

2008-05-17 Thread Nico Golde
Hi Vincent, * Vincent Bernat <[EMAIL PROTECTED]> [2008-05-17 21:12]: > OoO En ce début d'après-midi nuageux du samedi 17 mai 2008, vers 14:15, > Nico Golde <[EMAIL PROTECTED]> disait: > > >> are there updates for this issue for old stable - sarge? > > > sarge is not affected > > I suppose that

Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

2008-05-17 Thread Vincent Bernat
OoO En ce début d'après-midi nuageux du samedi 17 mai 2008, vers 14:15, Nico Golde <[EMAIL PROTECTED]> disait: >> are there updates for this issue for old stable - sarge? > sarge is not affected I suppose that people may still be interested in blacklist support. > and besides that the security

Franz Tischler ist außer Haus.

2008-05-17 Thread Franz Tischler
Ich werde ab 16.05.2008 nicht im Büro sein. Ich kehre zurück am 18.05.2008. Ich werde Ihre Nachricht nach meiner Rückkehr beantworten. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

2008-05-17 Thread Florian Weimer
* Henrique de Moraes Holschuh: >> It's not so much a time issue, is a question of storage (or getting that >> data to the OpenSSH server). A networked service would be feasible, but >> it would also allow some sort of traffic analysis. > > I did mean putting a lot of brain grease on it. Math mig

dowkd.pl false positives

2008-05-17 Thread Florian Weimer
Someone has added a warning to the wiki page that dowdkd.pl "produces many false positives". Even if there are bugs in the script, this is *very* unlikely. Could someone please provide such an alleged false positive? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED

Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

2008-05-17 Thread Nico Golde
Hi Dimitar, * Dimitar Dobrev <[EMAIL PROTECTED]> [2008-05-17 13:48]: > are there updates for this issue for old stable - sarge? sarge is not affected and besides that the security support for sarge ended quite some time ago. cheers nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] -

Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

2008-05-17 Thread Martin Marcher
Hi, On Sat, May 17, 2008 at 12:55 PM, Dimitar Dobrev <[EMAIL PROTECTED]> wrote: > Hi group, > are there updates for this issue for old stable - sarge? >> The first vulnerable version, 0.9.8c-1, was uploaded to the unstable >> distribution on 2006-09-17, and has since propagated to the testing and

Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

2008-05-17 Thread Jens Schüßler
* Dimitar Dobrev <[EMAIL PROTECTED]> wrote: > Hi group, > > > are there updates for this issue for old stable - sarge? You should read what you quote: > The first vulnerable version, 0.9.8c-1, was uploaded to the unstable > distribution on 2006-09-17, and has since propagated to the testing > and

Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

2008-05-17 Thread Matteo Vescovi
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/17/2008 12:55 PM, Dimitar Dobrev wrote: > Hi group, > > > are there updates for this issue for old stable - sarge? It was said sarge is not affected, iirc. Greetings, mfv - -- Matteo F. Vescovi System Administrator Studio Vescovi Progettaz

Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

2008-05-17 Thread Dimitar Dobrev
Hi group, are there updates for this issue for old stable - sarge? Regards Florian Weimer wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1571-1 [EMAIL PROTECTED

Re: ssh-vulnkey and authorized_keys

2008-05-17 Thread CaT
On Thu, May 15, 2008 at 09:03:24AM -0400, Noah Meyerhans wrote: > On Thu, May 15, 2008 at 11:08:58AM +0300, Mikko Rapeli wrote: > > I think, and hope, Debian openssh packages will be updated too. > > Yes, expect it within hours. I'm curious... is there a way to get ssh-vulnkey to print out the li