Re: Misuse/Abuse

2020-10-13 Thread Daniel Leidert
le on > paste.debian.net. Clearly someone tries to run a command put as an address. Out of curiosity: Which kind of vulnerability are they trying to use here? Regards, Daniel -- Regards, Daniel Leidert | https://www.wgdd.de/ GPG-Key RSA4096 / BEED4DED5544A4C03E283DC74BCD0567C296D05D GPG-

Re: GnuPG 1.4.10 RC1 available from Debian Experimental

2009-08-16 Thread Daniel Leidert
Forwarding to debian-devel too. > Hi, > > The recent release candidate 1 for GnuPG 1.4.10 has been packaged and > uploaded > to Debian's "experimental" distribution, in order to facilitate testing. If > you wish, please try it out and of course report bugs found. All cautions > around release

Study: Attacks on package managers (inclusing apt)

2008-07-17 Thread Daniel Leidert
Hi all, Today there were some news about a study from the University of Arizona regarding security issues with package management systems (like apt). I did not yet read the whole study, but probably it's interesting for the project (they write about "vulnerabilities"). The study is here: http://w

Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

2008-05-13 Thread Daniel Leidert
Am Dienstag, den 13.05.2008, 16:02 +0200 schrieb Daniel Leidert: > Am Dienstag, den 13.05.2008, 15:27 +0200 schrieb Philipp Kern: > > On Tue, May 13, 2008 at 02:06:39PM +0200, Florian Weimer wrote: > > > A detector for known weak key material will be published at: &g

Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

2008-05-13 Thread Daniel Leidert
Am Dienstag, den 13.05.2008, 15:27 +0200 schrieb Philipp Kern: > On Tue, May 13, 2008 at 02:06:39PM +0200, Florian Weimer wrote: > > A detector for known weak key material will be published at: > > > > > >

Re: securing server

2008-05-07 Thread Daniel Leidert
Am Mittwoch, den 07.05.2008, 19:39 +0800 schrieb Abdul Bijur Vallarkodath: > haha. not really! if u have really managed an online server u'd have > seen tons of attacks and login attempts on your default ports by bots > looking around for weaker systems. But what you suggest doesn't increase th

Manipulated squirrelmail download archives - how to detect such cases automatically in the Debian packaging process?

2007-12-14 Thread Daniel Leidert
Hello, Maybe some of you already noticed it: Seems, some of the squirrelmail archives have been manipulated [1]. I've downloaded the package source and compared the md5sum of the .tar.gz to the ones provided by the squirrelmail developers and it seems, we have one of the original tarballs. Now I

Re: Bug#357561: privilege escalation hole

2007-03-01 Thread Daniel Leidert
Am Mittwoch, den 28.02.2007, 19:45 -0800 schrieb Russ Allbery: > Daniel Leidert <[EMAIL PROTECTED]> writes: > > > Package: apache > > Followup-For: Bug #357561 > > > Why isn't anybody of the official maintainers reacting or commenting on > > this

Bug#357561: privilege escalation hole

2007-02-28 Thread Daniel Leidert
Package: apache Followup-For: Bug #357561 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Why isn't anybody of the official maintainers reacting or commenting on this bug? There are 3(!) completely undocumented downgrades of a bug, that IMHO (from reading) fits the "grave" severity. Please react or

Re: GPG errors from apt update

2006-08-31 Thread Daniel Leidert
Am Donnerstag, den 31.08.2006, 11:50 -0700 schrieb Robert Dobbs: > That key is in debian-keyring, but was not in apt. > I had to manually add the /usr/share/keyrings/debian-keyring.* keyrings to > ~root/.gnupg/gpg.conf, then extract the keys and add with apt-key. There is no need to add them to