-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Adam D. Barratt wrote:
> The next point release for the "etch" oldstable distribution, 4.0r9, is
> scheduled for Saturday, 22nd May.
I guess this is rather a plain "formality" than an endorsement by the
project that this release is an up-to-date versi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dear Thiemo,
Thiemo Nagel wrote:
> However if that is the case, I wonder if oldstable support could be
> extended for some more time.
>
> I know that all the work is done by volunteers and I'm very grateful for
> what they do. Still I think that esp
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thiemo Nagel wrote:
> I'm not talking of an upgrade in the sense of 'apt-get dist-upgrade',
> we'll be doing fresh installations with the new version. However, it
> would save both administrators and users a huge amount of work, if we
> could deploy s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thiemo Nagel wrote:
> having read your email concerning the termination of etch security
> support, I'm looking for an upgrade path for our installation of ~100
> machines.
- - read and follow the release notes [1]
- - upgrade one machine and record
seyyed ali zahiri wrote:
> I have tried to install plesk 9.3 on debian Lenny but i got some
> errors. the log file is below:
Why do you think this is relevant to debian-secur...@d.o ?
I will try to answer you post on the implicit assumption that you
promise to *never* *ever* arbitrarily cross-pos
Nico Golde wrote:
> Oergs, just one time I forgot to check the binary packages
> and now this. Rebuild is on it's way. Thanks for the notice.
> For security reasons, all text in this mail is double-rot13 encrypted.
Please don't forget to double-rot13 the source code for added extra
security.
8-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Vladislav Kurz wrote:
> I'd like to ask the security team, how long do they plan to support
> etch (oldstable)? I remember that when etch was released, they
> announced support for sarge will continue for one year. I haven seen
> such announcement when
Hallo list,
dann frazier wrote:
> --
> Debian Security Advisory DSA-1809-1secur...@debian.org
> http://www.debian.org/security/ dann frazier
> Jun 01, 2009http://ww
Guntram Trebs wrote:
> Hello,
>
> i use aptitude, i would do it this way:
>
> - call aptitude and look up, if you have a section named "Obsolete and
> Locally Created Packages". Normaly this section should not be visible as
> its empty
> - remove (better comment out) the backports-line in /etc/a
Holger Levsen wrote:
> http://lists.debian.org/stats/debian-security-announce.png
Is that really on the order of hundreds of DSAs per month (up to some
10/day)?
Then I'd miss a lot of them... ;-(
I rather think that there is something wrong with the left y-scale.
Cheers,
Johannes
--
To UNSUB
Hello,
Chip Panarchy wrote:
> Been doing a lot of research of late into the installation of Windows
> over a network (using the Unattended BootCD and a Network Share). Also
> a little into RIS (WDS).
>
> I am interested in how this could be done securely. To summarise what
> I would like to know,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Boyd Stephen Smith Jr. wrote:
> What about hardlinking the suid-root binaries to a hidden location, waiting
> for a security hole to be found/fixed, and then running the old binary to
> exploit the hole?
IIRC, a hard link is the same file called t
Mapper ict department wrote:
> DSA-1680-1 clamav -- buffer overflow, stack consumption
> Date Reported: 04 Dec 2008
> In the Debian bugtracking system: Bug 505134, Bug 507624.
> In Mitre's CVE dictionary: CVE-2008-5050, CVE-2008-5314.
[snip]
> We have the volatile archive in the apt-get sources l
Florian Lohoff wrote:
> On Sat, Dec 06, 2008 at 11:13:41AM +0100, Gerfried Fuchs wrote:
>>> It turns out that ftp2.de.debian.org is not up to date any more.
>> That's not directly related to security work, though given that lenny
>> fixes are announced through migration from unstable to testing I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I was wondering, why I don't receive any testing security updates any more.
[EMAIL PROTECTED] wrote:
[snip]
> Migrated from unstable:
> ===
> cups 1.3.8-1lenny4:
> CVE-2008-5286: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Obi wrote:
> On Mon, Nov 24, 2008 at 05:30:46PM +0100, Johannes Wiedersich wrote:
> Manuel Gomez wrote:
>>>> Now i am using Truecrypt, but when i mount the encrypted directory it's
>>>> vulnerable. I want to m
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Manuel Gomez wrote:
> Hi, i would like to maintain encrypt an archive in all moment, so i
If it is to remain encrypted in any moment in time, you should just use
a very complicated password and forget it immediately. Your data should
remain encrypted
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2008-07-17 16:46, Daniel Leidert wrote:
> I'm sorry, if this has already been brought up. I did not find a posting
> regarding this study, so I hereby start this thread).
http://lists.debian.org/debian-devel/2008/07/msg00321.html
Johannes
-BE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2008-05-14 12:53, Hideki Yamane wrote:
> And if we would get it via package, when dowkd.pl is updated we can know
> about it automatically (with apt-get :-)
I guess ssh-vulnkey from the updated openssh packages might do what you
ask for.
HTH,
Jo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Julien Stuby wrote on 2008-04-05 22:46:
> That seems the best way. The seconde step will be to use an another
> OS that the first to reduce even more attack surface from readed
> disk.
>
> -- Julien
>
> -Message d'origine- De : Alexander Kono
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Axel Beckert wrote:
> Hi,
>
> On Mon, Mar 17, 2008 at 09:51:09PM +0100, Florian Weimer wrote:
>> For the unstable distribution (sid), this problem has been fixed in
>> version 2.31.1.
>
> Ehm, that's strange somehow since unstable, testing and even
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Holger Levsen wrote:
> Hi,
>
> On Friday 28 September 2007 11:18, Jan Wagner wrote:
>>> Running postinst hook script /sbin/update-grub.
>>> You shouldn't call /sbin/update-grub. Please call /usr/sbin/update-grub
>>> instead!
>> you need to modify /etc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Johannes Wiedersich wrote:
> Javier Fernández-Sanguino Peña wrote:
>> Did you actually tried update-notifier on KDE?
>
> Yes, it was installed on my system for some months, but it never
> informed me about any update. (I get inf
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Javier Fernández-Sanguino Peña wrote:
> On Wed, Aug 22, 2007 at 09:29:10AM +0200, Johannes Wiedersich wrote:
>> - From the documentation I gather, that update-manager would probably work
>> on kde, but that it just checks, if the pack
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jose Marrero wrote:
> I believe Microsoft software comes with NO WARRANTY as well.
> Hell, we should read the small print on all software...
It does come with a warranty, at least in Germany/Europe. Everything you
*pay* for has by law two years of war
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Javier Fernández-Sanguino Peña wrote:
> I didn't say what you put here and do not have any intention to start a
> flamware. I'm just saying that Debian KDE users with no update-notifier
> *might*
> not be *as* aware of available security updates as us
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Javier Fernández-Sanguino Peña wrote:
> On Tue, Aug 21, 2007 at 09:00:47AM +0200, Johannes Wiedersich wrote:
>> Not exactly true. Debian adds security repositories to apt's sources,
>> that's true. But it does _not_ automatic
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Javier Fernández-Sanguino Peña wrote:
> On Fri, Aug 17, 2007 at 10:01:54AM +0200, Johannes Wiedersich wrote:
>> PS 2: While we are at it: debian by default also does not install or
>> enable an automated system to install security upd
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Pat wrote:
> Well, considering there are those of us who want to see linux become
> an operating system for the average person, and I do believe this is
> the ultimate goal of many linux communities.
Agreed. But since debian is arguably more secure w
Florian Weimer wrote:
> * Martin Schulze:
>
>> Package: openoffice.org
>> Vulnerability : several
>> Problem type : local (remote)
>> Debian-specific: no
>> CVE IDs: CVE-2007-0002 CVE-2007-0238 CVE-2007-0239
>
> Does this also cover CVE-2007-1466?
No -- according to
http://sec
Torsten Sadowski wrote:
Unluckily its not that easy. The homepage preference is not altered and points
to the right site.
Add a new user to your system and check, where his homepage points to.
Set it to a site that you know that works (maybe google.com).
If this works, the problem might be y
I have a web- and mail server that shows strange outbound connections.
If I
llserv:~# cat /proc/net/ip_conntrack
I get lines like this (one line, wraped by e-mail editor):
tcp 6 362459 ESTABLISHED src=my.server.s.ip dst=84.145.105.4
sport=80 dport=1575 [UNREPLIED] src=84.145.105.4 dst=my
Alvin Oga wrote:
italians just passed a law that all isp and internet cafe etc are required
to ask for ID of "ALL" visitors and users of their PCs and services
it shouldnt matter to that if we reboot etc, etc... but it's their
computers... and you might get stiffed with a fine/penalty if oyu do
steve wrote:
Le Mardi, 20 Décembre 2005 16.18, Michelle Konzack a écrit :
But in ALL Internet Cafes I can use my own (selfmade) Debian Live-System
with my prefered Desktop. In all Internet Cafes i get an IP via DHCP.
Wrong. I was in Milano (Italy) a few month ago, and I wanted to do exactl
I'm sorry, if I'm just too bad at looking at the documentation or
searching the archives.
I am missing information as to what is a bug that would warrant a fix in
stable. I filed two bug reports (#340699 and #325588) but nothing
appears to be happening in order to get things fixed.
Short sum
35 matches
Mail list logo
