Re: [Debian-med-packaging] Bug#496366: Bug#496366: Bug#496366: The possibility of attack with the help of symlinks in some Debian packages

2008-08-25 Thread Charles Plessy
tag 496366 forwarded Kazutaka Katoh <[EMAIL PROTECTED]> thanks Hi all, I forwarded the patch solving the problem to the upstream author. I would prefer if I could include a note that the patch was accepted upstream if possible. How long would you recommend to wait before uploading ? Have a nice

unfixed linux 2.6.24 and python vulnerabilities

2008-08-25 Thread Michael Gilbert
now that ubuntu has released an updated 2.6.24 kernel [1] today that fixes a couple CVEs that are as-yet unfixed in debian, and as of 25 days ago had released updates to python to fix quite a few CVEs [2] that are also as-yet unfixed in debian, can we expect to see some updates for these packages e

Re: [Yaird-devel] Bug#496500: yaird: fails to create initrd when running 2.6.24 etchnhalf kernel

2008-08-25 Thread Jonas Smedegaard
On Mon, Aug 25, 2008 at 04:43:48PM +0200, Maximilian Attems wrote: On Mon, Aug 25, 2008 at 12:26 PM, Jonas Smedegaard <[EMAIL PROTECTED]> wrote: NB! Even if yaird really is "generally too buggy" as judged in bug#457177, the current release in unstable is far better than the version currently

Re: What to do about SSH brute force attempts?

2008-08-25 Thread Carlos Antelo
On Saturday 23 August 2008 04:28:32 Roger Bumgarner wrote: > I think they're more interested in using your computer to participate > in the botnet. sending spam / exploiting other machines is far more > lucrative that holding Joe Nobody's machine for ransom. unplug + > format = game over. > > -rb

Re: [Yaird-devel] Bug#496500: yaird: fails to create initrd when running 2.6.24 etchnhalf kernel

2008-08-25 Thread Maximilian Attems
On Mon, Aug 25, 2008 at 12:26 PM, Jonas Smedegaard <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On Mon, Aug 25, 2008 at 04:29:39PM +0800, James Andrewartha wrote: >>Package: yaird >>Version: 0.0.12-18 >>Severity: important >> >>This is bug 431534, exposed again b

Re: [Yaird-devel] Bug#496500: yaird: fails to create initrd when running 2.6.24 etchnhalf kernel

2008-08-25 Thread Jonas Smedegaard
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Aug 25, 2008 at 04:29:39PM +0800, James Andrewartha wrote: >Package: yaird >Version: 0.0.12-18 >Severity: important > >This is bug 431534, exposed again because stable has an old version of >yaird but a recent kernel. Acknowledged. I see some

Re: [Debian-med-packaging] Bug#496366: The possibility of attack with the help of symlinks in some Debian packages

2008-08-25 Thread Thijs Kinkhorst
On Monday 25 August 2008 05:56, Charles Plessy wrote: > I have not followed the discussions on -devel closely. What is the > relevance of this bug for the releasability of the package? Upstream is > already at a much higher version number and I am not able to solve the > prolem by myself. > > Since