On Fri, 2012-09-14 at 10:31 +0200, Nico Golde wrote:
> I just want to point out though that as far as I know you can't send
> an announcement mail to this list without a fake DSA id.
Perhaps it is an idea to also reject mails with a DSA id already issued?
That could save a few problems. Judging by
On Sat, 2012-09-15 at 12:49 -0400, David Prévot wrote:
> They seem to be error prone for the security team, since the number was
> used twice this time:
>
> https://lists.debian.org/debian-security-announce/2012/msg00189.html
> https://lists.debian.org/debian-security-announce/2012/msg00190.html
On Thu, 2011-12-22 at 17:01 +0100, Yann Autissier wrote:
> I am using the libnss-ldap and libpam-ldap packages with default
> configuration.
>
> NSS is configured to allow passwd and group resolution over ldap.
>
> user@host:~$ cat /etc/nsswitch.conf
> passwd: compat ldap
> group:
On Sun, 2011-01-02 at 18:56 +0100, Naja Melan wrote:
> Im trying to verify that the debian iso I downloaded has not been
> tampered with by following the following faq entry:
>
> http://www.debian.org/CD/faq/#verify
>
> There are some things I don't understand yet. I have gotten as far as
> downl
On Mon, 2010-12-13 at 10:59 +1030, Ashvin Narayanan wrote:
> This probably isn't the best place to ask but I couldn't find a better one.
> How do I obtain information about my Lenny installation? Is there a
> command that tells me the version number?
What I generally do to check the status of the
On Sat, 2009-07-04 at 21:31 -0300, mr fossguy wrote:
> I was just *notified that debian.org had its ip address changed, but I
> haven't seen any announcement about that anywhere else
See:
http://dsa.debian.org/dsablog/2009/07/Howto_mess_up_the_Debian_Project_homepage/
HTH
--
-- arthur - adej...
On Sat, 2009-01-24 at 11:07 +0100, Josselin Mouette wrote:
> The question is whether we can consider safe to pass authentication
> tokens as environment variables. Either we do, and we fix applications
> that pass environment where they shouldn’t. Either we don’t, and we have
> to find another way
On Tue, 2008-06-17 at 15:38 -0500, Bob Tanner wrote:
> Last several days I'm having problems accessing 130.89.175.54, a
> server in the security.debian.org rotation.
Probably related to this:
http://lists.debian.org/debian-infrastructure-announce/2008/06/msg1.html
(kassia.debian.org is 130.8
On Sun, 2007-06-24 at 19:01 +0200, Bernhard R. Link wrote:
> I had someone in the past considered this, too. First of all debsums's
> main advantage is looking for unintended changes (and its indeed a shame
> so many of the important packages come without, that makes bad RAM or
> unreliable control
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
As I'm not so aware could someone be so kind to help me with a forensic
analysis? I also still do not know which program (propably any php-stuff)
was/is vulnerable.
All I've found so far where these entries in my apache2 error-log.
http://jesusch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
You could also do something like this to generate md5sums for packages
that don't have them yet:
cd /var/cache/apt/archives
apt-get --download-only --reinstall install `debsums -l`
debsums --generate=keep,nocheck *.deb
(redownload all deb pac
On Fri, 2004-12-31 at 19:49 +0100, Daniel Kobras wrote:
> On Fri, Dec 31, 2004 at 07:37:18PM +0100, Arthur de Jong wrote:
> > Why is it that I can't add this to my sources.list:
> >
> > deb-src http://security.debian.org/debain-security stable updates/main
> >
Why is it that I can't add this to my sources.list:
deb-src http://security.debian.org/debain-security stable updates/main
updates/contrib updates/non-free
The source files themselves seem to be present on the server (they are
linked from the advisories) and there are even Sources.gz files
avai
On Sun, 2004-10-31 at 17:16 +0200, Haim Ashkenazi wrote:
> for a few days now I see in the logs of my firewall (debian/stable)
> entries about someone trying to connect to my SSH server with several
> users (root, test, mysql, etc..) without success. today I saw an entry
> which alarmed me:
> Oct 3
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sun, 19 Sep 2004, martin f krafft wrote:
> Are there any distinctive marks in the SSH login attempt that one could
> filter on?
The volume in attempts isn't as high here as on your system bug this is
what I got when I set loglevel to debug:
sshd[
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> In short, better package the IDEA module for GnuPG...
I did some work on this sometime ago, based on a previous package. The
work is here:
http://tiefighter.et.tudelft.nl/~arthur/gnupg-idea/
It is sort of an source-based installer. You get the so
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> - --
> Debian Security Advisory DSA 431-1 [EMAIL PROTECTED]
> http://www.debian.org/security/ Matt Zimmerman
> February 1st, 2004
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> - --
> Debian Security Advisory DSA 431-1 [EMAIL PROTECTED]
> http://www.debian.org/security/ Matt Zimmerman
> February 1st, 2004
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> I have experimented with running an anonymous CVS server inside
> user-mode-linux.
[...]
> The only problem is that the server need write access to the repository
> in order to create locks (which are directories, IIUC). I have not yet
> find a way
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> I have experimented with running an anonymous CVS server inside
> user-mode-linux.
[...]
> The only problem is that the server need write access to the repository
> in order to create locks (which are directories, IIUC). I have not yet
> find a way
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> While the "first generation" patches work with hardcoded values, there
> are others that are much more general. Check the link of the ISC patch
> for a description:
>
> http://www.isc.org/products/BIND/delegation-only.html
This will only work for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> While the "first generation" patches work with hardcoded values, there
> are others that are much more general. Check the link of the ISC patch
> for a description:
>
> http://www.isc.org/products/BIND/delegation-only.html
This will only work for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi, I'm the maintainer of cvsd (chroot wrapper to run a cvs pserver) and I
have a question about grsec. This refers to bug report #196690 [1]. I
think this is the least inappropriate list to ask this question so here
goes.
The problem is that version
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi, I'm the maintainer of cvsd (chroot wrapper to run a cvs pserver) and I
have a question about grsec. This refers to bug report #196690 [1]. I
think this is the least inappropriate list to ask this question so here
goes.
The problem is that version
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> I'm setting up a chrooted apache. All howto's I found _copy_ the
> required files into the directory that they later chroot into.
> Is it OK (read: safe) to use hardlinks and "mount --bind" instead?
[snip]
> The files in /usr/chroot/apache/usr coul
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> I'm setting up a chrooted apache. All howto's I found _copy_ the
> required files into the directory that they later chroot into.
> Is it OK (read: safe) to use hardlinks and "mount --bind" instead?
[snip]
> The files in /usr/chroot/apache/usr coul
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 18 Jan 2003, Guenther Starnberger wrote:
> the last openldap upgrade (DSA-227-1) seems to break proftpd when using
> LDAP authentication with proftpd-ldap (at least on my i386 system).
>
> proftpd logs:
> Jan 18 11:51:07 osprey proftpd[349]: foo (b
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 18 Jan 2003, Guenther Starnberger wrote:
> the last openldap upgrade (DSA-227-1) seems to break proftpd when using
> LDAP authentication with proftpd-ldap (at least on my i386 system).
>
> proftpd logs:
> Jan 18 11:51:07 osprey proftpd[349]: foo (b
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 22 Oct 2002, Kjetil Kjernsmo wrote:
> I'd like to ask what people do with their AIDE output at times when a
> lot of things change on their system?
>
> I've gone through the AIDE configuration, and I feel like having
> configured it well, to c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 22 Oct 2002, Kjetil Kjernsmo wrote:
> I'd like to ask what people do with their AIDE output at times when a
> lot of things change on their system?
>
> I've gone through the AIDE configuration, and I feel like having
> configured it well, to c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 17 Sep 2002, Hanasaki JiJi wrote:
> Any input on the below syslog entry from Samba in Woody? Thank you.
>
> nmbd[2009]: ^I^IFS 40009a03 (Samba 2.2.3a-6 for Debian)
Did you use tabs in your smb.conf file? (^I==tab char)?
- -- arthur - [EMAI
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 17 Sep 2002, Hanasaki JiJi wrote:
> Any input on the below syslog entry from Samba in Woody? Thank you.
>
> nmbd[2009]: ^I^IFS 40009a03 (Samba 2.2.3a-6 for Debian)
Did you use tabs in your smb.conf file? (^I==tab char)?
- -- arthur - [EMA
32 matches
Mail list logo
