Re: [SECURITY] [DSA 3501-1] perl security update

* James Barrett wrote: > Unsubscribe me or I will spam your list You're already doing that...

Re: about bash and Debian Lenny

* Nikolay Hristov wrote: > On 10/01/2014 02:58 PM, Konstantin Khomoutov wrote: > >On Wed, 1 Oct 2014 14:45:55 +0300 > >Nikolay Hristov wrote: > > > >>>I made lenny packages for my machines. I could share them if you > >>>want? > >[...] > >>Which part of "I don't want to use deb packages from diff

Re: Testing needed for openjdk-6 security updates

* Moritz Muehlenhoff wrote: > As discussed on debian-release some time ago security support > for openjdk will be following upstream releases in the future. > > The packages for openjdk are generally ready, but I don't use > Java myself. As such I need some additional real world testing > before

Re: aptitude upgrade vs. apt-get upgrade

* Thomas Hungenberg wrote: > Piotr Drozdek wrote: > > I don't have any packages with 'id' status in my system. I don't know > > what they mean. Maybe somebody can help? > > I think 'd' marks packages for deletion? > However, I have not requested to delete all these packages. > > > But - to resol

Re: aptitude upgrade vs. apt-get upgrade

* Thomas Hungenberg wrote: > Piotr Drozdek wrote: > > Show me results of > > apt-cache policy tex-common > > tex-common: > Installed: 2.08 > Candidate: 2.08.1 > Version table: > 2.08.1 0 > 500 http://security.debian.org/ squeeze/updates/main i386 Packages > *** 2.08 0 >

Re: UNS: Debian 4.0 Upgrade Path

* Thiemo Nagel wrote: > Dear Johannes, > > On 01/22/2010 11:27 PM, Johannes Wiedersich wrote: >> A typical Debian upgrade will lead to >> a downtime on the order of a few minutes once every 2 years, compared to >> tedious manual reinstallation required on other systems. It is >> straightforward to

Re: UNS: Debian 4.0 Upgrade Path

* Thiemo Nagel wrote: > Dear Michael, > > Michael Gilbert wrote: >> it already seems hard enough with the current level of manpower to >> support two releases at the same time let alone three. it may be >> doable, but the security team would need more volunteers (particularly >> those interested

Re: rkhunter warning wget

* m...@firstfloor.org wrote: > hello > > after updateing wget on > > Linux version 2.6.26-2-686 (Debian 2.6.26-19) Lenny > > i received a waring from rkhunter: > > Warning: The file properties have changed: > File: /usr/bin/wget > Current hash: 2d5d175c449eecfda43401a7a66b8a3

Re: Einladung in mein XING-Netzwerk

* Andreas Kretschmer <[EMAIL PROTECTED]> wrote: > am Thu, dem 12.06.2008, um 4:28:52 +0200 mailte Stefan Ramahi folgendes: > > XING - Powering Relationships > > > > > > Guten Tag, > > > > ich möchte Sie gerne in mein XING-Netzwerk einladen! > > Sowas an eine Mailingliste? Das ist, sorry, aso

Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

* Andrew McGlashan <[EMAIL PROTECTED]> wrote: > Hi, > > Florian Weimer wrote: >> >> Affected keys include SSH keys, OpenVPN keys, DNSSEC keys, and key >> material for use in X.509 certificates and session keys used in >> SSL/TLS connections. Keys generated with GnuPG or GNUTLS are >> not affected,

Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

* Dimitar Dobrev <[EMAIL PROTECTED]> wrote: > Hi group, > > > are there updates for this issue for old stable - sarge? You should read what you quote: > The first vulnerable version, 0.9.8c-1, was uploaded to the unstable > distribution on 2006-09-17, and has since propagated to the testing > and

Re: [DSA 1494-1] Still vulnerable?

* Florian Weimer <[EMAIL PROTECTED]> wrote: > * Jens Schüßler: > > >> Not in our tests. Are you sure you're running the new kernel? What > >> does "uname -a" say? > > > $uname -a > > Linux algol 2.6.18+2008-02-12 #1 Tue Feb 12 16:49:

Re: [DSA 1494-1] Still vulnerable?

* Michel Messerschmidt <[EMAIL PROTECTED]> wrote: > On Tue, Feb 12, 2008 at 09:18:30PM +0100, Jens Schüßler wrote: > > * Florian Weimer <[EMAIL PROTECTED]> wrote: > > > Not in our tests. Are you sure you're running the new kernel? What > > > does &

Re: [DSA 1494-1] Still vulnerable?

* Florian Weimer <[EMAIL PROTECTED]> wrote: > * Jens Schüßler: > > > I just upgraded my linux-source-2.6.18 to 2.6.18.dfsg.1-18etch1_all and > > build a new linux-image. But after installing an rebooting I still was > > able to become root with this exploit: > &

[DSA 1494-1] Still vulnerable?

I just upgraded my linux-source-2.6.18 to 2.6.18.dfsg.1-18etch1_all and build a new linux-image. But after installing an rebooting I still was able to become root with this exploit: http://milw0rm.com/exploits/5092 Can anyone reproduce this? Jens -- To UNSUBSCRIBE, email to [EMAIL PROTECTED]

Re: Tiger and changing ntp server

* Johannes Graumann <[EMAIL PROTECTED]> wrote: > Hi, > > The machine I'm running tiger on gets its ntp server via dynamic dhcp and > therefore that changes regularly ... > I was wondering whether it is admissible to use wildcards in > /etc/tiger/templates/check_listeningprocs.out.template

Re: Package management and security

* Frédéric PICA <[EMAIL PROTECTED]> wrote: > Thanks for your answer, > > So I need to do an apt-get dist-upgrade in my cron job to be sure to always > have the latest security fixes ? > What's the risk to have a needed package uninstalled by that way ? You could use the package cron-apt for this,