t; to migrate to the new host name as soon as possible.
That has now happened. security.debian.org no longer accepts
connections using rsync, so for continued mirroring of the security
archive you need to update your configuration to the new name.
[0]: https://lists.debian.org/debian-mirrors-announce/2
*not* recommend
doing this.)
rsync service on security.debian.org will stop in the near future (some
time after the end of this month), and we encourage anyone relying on it
to migrate to the new host name as soon as possible.
Thanks,
Julien, for the Debian mirrors team
signature.asc
and a
>(lightly) bodged binary package
[...]
>
> So, please - what do you think?
>
FWIW I also don't think 1 is reasonable, but whichever of 2 or 3 the
people doing the work want to run with will be fine.
Cheers,
Julien
I don't believe it does. The only relevant piece of software I'm aware of from
a security point of view is Xorg, which uses libxfont2 in stretch.
Julien
On October 16, 2017 6:56:40 PM GMT+02:00, Adrian Bunk wrote:
>On Tue, Oct 10, 2017 at 09:22:11PM +0200, Moritz Mueh
Hi
Was just wondering : when do you plan to release kernel fix for blueborne
aka cve-2017-1000251 ? Or does bluez fix mitigate the issue enough ?
I have several machines with bluetooth and this security hole is quite
scary.
Thanks for the information !
On Mon, May 1, 2017 at 15:14:10 +0200, Florian Weimer wrote:
> * Julien Cristau:
>
> > The current state for the release notes is actually at
> > https://www.debian.org/releases/stretch/releasenotes
>
> It's not clear based on the architecture list in this docume
t;
> <https://release.debian.org/stretch/arch_qualify.html>
>
The current state for the release notes is actually at
https://www.debian.org/releases/stretch/releasenotes
Cheers,
Julien
Hi,
The next point release for "jessie" (8.5) is scheduled for Saturday,
June 4th. Processing of new uploads into jessie-proposed-updates
will be frozen during the preceding weekend.
Cheers,
Julien
Hi,
The next (and last) point release for "wheezy" (7.11) is scheduled for
Saturday, June 4th. Processing of new uploads into
wheezy-proposed-updates will be frozen during the preceding weekend.
Cheers,
Julien
a single A record.
>
> But that explains a lot more about how full of surprises is that black
> box than I ever expected. I wonder why I don't get at least one as
> well, though. The mirror it returns has it.
>
I'm guessing "here" means the South America zone? I've added
santoro.d.o's ipv6 address to the security.debian.org rotation now, let
us know if it works out.
Cheers,
Julien
Celui-ci (et le précédent open-ssl) va falloir s'en occuper!
Le 05/06/2014 14:15, Salvatore Bonaccorso a écrit :
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-2949-1 secu
unstable distribution (sid), these problems have been fixed in
> version 4.0.2-2.
>
The tiff package was renamed to tiff3 in wheezy and sid. Some
information about a fixed version for that package would seem
appropriate.
Cheers,
Julien
signature.asc
Description: Digital signature
ther source, then you might consider making it explicit. Or removing
the numbers altogether, if not. As is, it's just confusing.
Cheers,
Julien
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.
> Package: avahi-daemon
> Version: 0.6.27-2
> Tags: security
> Severity: critical
> Justification: Introduces possible denial-of-service scenario.
>
> Hi,
>
> when I scan my server from another machine on the network using nmap, I
> get this:
[snip]
It seems that mandriva already released an upda
Maybe the all of that starting point was obviously out of the scope of this
mailing list, but it seems to catch the interest of everyone seeing how many
answers have been posted.
Just stop with all that rubbish and get back to the main topic : security in
Debian.
- Reply message -
De
> On Tue, Nov 23, 2010 at 5:48 PM, Daniel Hood wrote:
>
>> Does anyone have a good checklist or script to harden a vanilla debian
>> box after installation?
>>
>
>
> http://www.debian.org/doc/manuals/securing-debian-howto/
>
RTFM is the law, the securing debian howto is a good start. On top of
th
>
>
> Just give rights to opers to write in the includes dir and put a file
> called '"/home/matt/ubuntized.sh.conf spaced_filename.conf"
>
> You know... "$i"... but that is not the issue in the post... is just
> an example.
>
Have you ever tried to create a file containing slashes in its name ?
:/root:/bin/bash
delete the x to obtain the following line :
root::0:0:root:/root:/bin/bash
now you can login with root account without password and re install your
package.
Julien.
Le vendredi 19 juin 2009 à 14:37 +0100, Thomas Nguyen Van a écrit :
> Hello,
>
> I de-installed by mis
Le Wed, 7 May 2008 13:03:03 +0200,
"Jean-Paul Lacquement" <[EMAIL PROTECTED]> a écrit :
> > > I already did the followings:
> > > - installed chkrootkit
> > > - installed fail2ban (for ssh and proftpd)
> >
> > Beware of DOS.
> >
> >
> > > - allow only one user (not root) via /etc/ssh/sshd_con
> > Julien Stuby wrote on 2008-04-05:
> > > That seems the best way. The seconde step will be to use an
> > > another OS that the first to reduce even more attack surface from
> > > readed disk.
> > >
> > > -- Julien
> > >
> >
> Julien Stuby wrote on 2008-04-05:
> > That seems the best way. The seconde step will be to use an another
> > OS that the first to reduce even more attack surface from readed
> > disk.
> >
> > -- Julien
> >
> > Alexander Konovalenko
Johannes Wie
Files modified after download -> that said the system is compromise.
In this case, the detection is very hard because you want signing with the
compromise operating system.
-- Julien
On Sun, Apr 6, 2008, Bernd Eckenfels <[EMAIL PROTECTED]> wrote:
> In article <[EMAIL PROTEC
That seems the best way. The seconde step will be to use an another OS that the
first to reduce even more attack surface from readed disk.
-- Julien
-Message d'origine-
De : Alexander Konovalenko [mailto:[EMAIL PROTECTED]
Envoyé : samedi, 5. avril 2008 22:33
À : debian-sec
Hotmail live connector bug again ...
> Hi,> > If some packages are localy modified, This suggests that your local
> system is already compromised.> :¬ > > De : Alexander Konovalenko
> [mailto:[EMAIL PROTECTED] > Envoyé : samedi, 5. avril 2008 06:11> À :
> debian-security@lists.debian.org> Objet
-Message d'origine-
De : Julien Stuby [mailto:[EMAIL PROTECTED]
Envoyé : samedi, 5. avril 2008 21:19
À : 'debian-security@lists.debian.org'
Objet : RE: How to verify package integrity after they have been downloaded?
Hi,
If some packages are localy modified, This sug
Hi,
If some packages are localy modified, This suggests that your local system is
already compromised.
:¬
De : Alexander Konovalenko [mailto:[EMAIL PROTECTED]
Envoyé : samedi, 5. avril 2008 06:11
À : debian-security@lists.debian.org
Objet : How to verify package integrity after they have been
On Fri, Jun 02, 2006 at 12:12:35PM +0200, Martin Schulze wrote:
> For the unstable distribution (sid) this problem has been fixed in
> version 2.6-18.
This version does not exist. I fixed it in my NMU 2.6-17.2 (#366816).
Cheers,
--
Julien Danjou
.''`. Debian Devel
On Fri, Mar 24, 2006 at 03:53:03PM +0100, Martin Zobel-Helas wrote:
> Looks like just rebuilding the security version resolves that error, for
> whatever reason. Julien and me just cross checked that and got the same
> result.
We tried to reproduce the bug with zobel, and finally disco
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
gt; and you'll find out when someone cracks you through
BIND and tries to mail
> home.
Rigth, but more generally about the interest of
ipchains : if I have to consider
such packets are dangerous, it means that opened
service are not secured, can't
I just rely on having most recent ve
e wants to break in, but my
current conclusion is to say that I don't need
any ipchain rule. Did I miss something ?
Thanks for any hint !
Julien
___
Do You Yahoo!? -- Pour faire vos courses sur le Net,
Yahoo! Shopping : http://fr.shopping.yahoo.com
op them
> and you'll find out when someone cracks you through
BIND and tries to mail
> home.
Rigth, but more generally about the interest of
ipchains : if I have to consider
such packets are dangerous, it means that opened
service are not secured, can't
I just rely on having most recent ve
e wants to break in, but my
current conclusion is to say that I don't need
any ipchain rule. Did I miss something ?
Thanks for any hint !
Julien
___
Do You Yahoo!? -- Pour faire vos courses sur le Net,
Yahoo! Shopping : http://fr.shopping.y
if a security flaw is found in JS or Java (this
might possibly happen), and you read your mail with something JS or
Java enabled, you could run malicious code...
Julien
if a security flaw is found in JS or Java (this
might possibly happen), and you read your mail with something JS or
Java enabled, you could run malicious code...
Julien
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
insert a cryptographic trojan in an open source software.
And if you look at the SSL standard, a similar trick can be done by only
changing a few lines of the code.
Considering the huge importance that cryptology is taking on the net nowadays,
I would tend to think that this is a major point
insert a cryptographic trojan in an open source software.
And if you look at the SSL standard, a similar trick can be done by only
changing a few lines of the code.
Considering the huge importance that cryptology is taking on the net nowadays,
I would tend to think that this is a major point
You can use PGP, GPG or any other
software. As far as I rembember, the only limit is 128 bits on
_private_ keys systems, which is more than enough.
I also believe there are some restrictions if you want to create
and/or export a software that includes crypto, but certainly not
as many restrictions than in the US, for example :)
Regards,
Julien
39 matches
Mail list logo
