Kurt Roeckx wrote:
> On Sun, May 02, 2010 at 09:06:46PM +0200, Francesco Poli wrote:
> > Hi,
> > I received DSA-2040-1 and verified its GPG signature, as I always do.
> > I found out that I am unable to correctly verify the signature.
>
> Works for me:
> gpg: Signature made Sun 02 May 2010 02:55:1
Alexander Konovalenko wrote:
> On 7/11/07, Martin Schulze <[EMAIL PROTECTED]> wrote:
>>
>> Do you know about
>>
>> http://www.debian.org/security/nonvulns-etch
>
> Oh, that's great. I should have read the website more carefully! Thanks.
>
> What
Alexander Konovalenko wrote:
> Proposed solution
Do you know about
http://www.debian.org/security/nonvulns-etch
Regards,
Joey
http://www.debian.org/security/nonvulns-sarge
--
It's time to close the windows.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscrib
Alexander Sack wrote:
> On Wed, Feb 07, 2007 at 08:36:56AM +0100, Martin Schulze wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> > - --
> > Debian Security Advisory DSA
Jens Seidel wrote:
> On Thu, Oct 05, 2006 at 09:06:41AM +0200, Martin Schulze wrote:
> > Jens Seidel wrote:
> > > I applied the following patch to CVS and hope I did it right. But I have
> > > one problem understanding the text:
>
martin f krafft wrote:
> I've been seeing this a bunch in the past few weeks. Just making
> sure you know about it, and maybe someone knows what's going on:
>
> W: GPG error: http://security.debian.org stable/updates Release: The
> following signatures were invalid: BADSIG 010908312D230C5F Debian
Florian Weimer wrote:
> * Martin Schulze:
>
> > Disabled again. The problem lies somewhere "between" saens and you.
> > It's fine on saens locally.
>
> While the bogus A record should be gone now that saens is down, you
> should still remove saens f
Neil McGovern wrote:
> I'm forwarding this over to debian-admin, as they're the people who can
> fix this :)
I had already answered Bjoern:
Ah yes, the named on saens went alive again. That was not planned.
Disabled again. The problem lies somewhere "between" saens and you.
It's fine on saens
Freek Dijkstra wrote:
> Martin Schulze wrote:
>
> > Proposed updates for woody and sarge are here:
> > http://klecker.debian.org/~joey/security/sudo/
> > I'd be glad if you could test them.r
>
> That's awesome. Thanks! Here, have some karma :-)
:)
> I
Proposed updates for woody and sarge are here:
http://klecker.debian.org/~joey/security/sudo/
I'd be glad if you could test them.r
Regards,
Joey
--
Linux - the choice of a GNU generation.
Please always Cc to me when replying to me on the lists.
--
To UNSUBSCRIBE, email to [EMAIL PRO
martin f krafft wrote:
> Hi, it seems 128.101.240.212, one of the two remaining security
> mirrors, is unreachable. Other mirrors (non-Debian, like
> 128.101.240.209 and 128.101.240.210, which seem to be right "next
> door") are reachable.
>
> It would be great to get a status update from the admi
martin f krafft wrote:
> tartini.debian.org, one of the three servers providing
> security.debian.org seems to have intermittent problems:
>
> Get:1 http://security.debian.org sarge/updates/main Packages [189kB]
> Err http://security.debian.org sarge/updates/main Packages
Noèl Köthe wrote:
> Hello,
>
> the https db.debian.org certificate is expired on 2006-01-30.
Certificate requested from wiggy on
Date: Tue, 14 Feb 2006 14:17:08 +0100
Regards,
Joey
--
If you come from outside of Finland, you live in wrong country.
-- motd of irc.funet.fi
--
Neil McGovern wrote:
> On Tue, Nov 15, 2005 at 05:54:32PM +0100, Piotr Roszatycki wrote:
> > http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6 reports
> > that sarge's phpmyadmin package has a security flaw which is occured only
> > if
> > "register_globals = on" setting is use
John Goerzen wrote:
> On Fri, Oct 28, 2005 at 04:42:31PM +0200, Piotr Roszatycki wrote:
> > Why my report was ignored? I've reported the problem 3 days ago and I had
> > no
> > reply.
>
> This seems to be a very frequent problem going on for awhile now.
>
> Could someone from the security team
Loïc Minier wrote:
> On Tue, Sep 13, 2005, Sam Morris wrote:
> > Is the version in stable too high, or is the version in stable/updates
> > too low? :)
>
> I think packages never leave from security.d.o.
In cvs you see the result of the major fuckup of security.debian.org I was
complaining abou
Lesstif
---
We have a bunch of patches for libxpm which is also part of lesstif1-1
in woody that need to be applied and tested. It needs to be
investigated whether the version in sarge needs patches as well. This
refers to only a single bug (CAN-2004-0914) but results in quite a
large patch
Noah Meyerhans wrote:
> Most other OS vendors are willing to make updates for errata beyond
> simple security updates. Often this means minor updates to software
> packages like web browsers. I believe the community will be better able
> to help us prepare e.g. bug-free firefox 1.0.5 packages tha
Moin,
it seems that less than two months after the release of sarge it is
not possible to support Mozilla, Thunderbird, Firefox (and probably
Galeon) packages anymore. (in terms of fixing security related
problems)
Unfortunately the Mozilla Foundation does not provide dedicated and
clean patches
Horms wrote:
> The attached patch should resolve this problem, and I have put
> packages that include this patch up at
> http://debian.vergenet.net/pending/heartbeat/
>
> Joey, what do you want to do about this?
We can't do anything about it.
All you can do, ant that's what you did already, is p
Lupe Christoph wrote:
> > The security team will continue to support Debian GNU/Linux 3.0 alias
> > woody until May 2006, or if the security support for the next release,
> > codenamed etch, starts, whatever happens first.
>
> This is equivalent to saying "We will rip security support for oldstabl
Steve Langasek wrote:
> On Sun, Jun 19, 2005 at 12:31:23AM -0400, sean finney wrote:
> > please excuse this blatant cross-posting, i wouldn't do it if i didn't
> > think it were critical that i do so...
>
> > http://www.infodrom.org/~joey/log/?200506142140
>
> > say it isn't so!
>
> It isn't so.
Steve Langasek wrote:
> On Wed, Jun 01, 2005 at 07:16:00PM -0700, Ian Eure wrote:
> > On Wednesday 01 June 2005 04:54 pm, Hilko Bengen wrote:
> > > Just a few hours ago, the Drupal project has released version 4.5.3, a
> > > bugfix release which fixes a serious security bug. I have created and
> >
Florian Weimer wrote:
> * Henrique de Moraes Holschuh:
>
> > I think not only we should do it, we should also make a big fuss
> > about it, so that some of the PHP people out there at least have a
> > chance to get the clue.
>
> Unlikely to work. Just look at how almost all PHP developers reject
Jeroen van Wolffelaar wrote:
> > Having /usr/share/$package for the include files and
> > /var/lib/$package for the executable PHP scripts that should be linked
> > into the web server.
>
> Eh, that's now how squirrelmail works. All stock php files are in
> /usr/share/$package, and that's also wha
Jeroen van Wolffelaar wrote:
> > What do people on this list think about fixing PHP include files in a
> > DSA that are accessible via HTTP as well and contain one bug or
> > another as they are not supposed to be accessible via HTTP but
> > accidently are.
> >
> > I'm rather annoyed by the lack o
Hans Spaans wrote:
> Martin Schulze wrote:
> > Hey!
> >
> > What do people on this list think about fixing PHP include files in a
> > DSA that are accessible via HTTP as well and contain one bug or
> > another as they are not supposed to be accessibl
Hey!
What do people on this list think about fixing PHP include files in a
DSA that are accessible via HTTP as well and contain one bug or
another as they are not supposed to be accessible via HTTP but
accidently are.
I'm rather annoyed by the lack of comptence of some PHP coders who
manage their
Steve Kemp wrote:
> On Fri, Oct 29, 2004 at 10:12:33PM +0200, Frank Lichtenheld wrote:
>
> > Perhaps someone with a little more experience in identifying security
> > problems should take a look, too. I CC'ed debian-security.
>
> Here's a quick summery :
>
> To be clear there are three flaws
David F. Skoll wrote:
> On Mon, 4 Oct 2004, Martin Schulze wrote:
>
> > There are reasons users install it setuid / setgid, and these installations
> > are vulnerable.
>
> I disagree. There is absolutely *no* reason to install rp-pppoe
> setuid-root. It is normall
David F. Skoll wrote:
> The rp-pppoe "security advisory" is totally bogus. rp-pppoe is
> not meant to run SUID-root, and nowhere in the documentation is this
> recommended.
There are reasons users install it setuid / setgid, and these installations
are vulnerable.
> You might as well post a secu
Noèl Köthe wrote:
> Hello,
>
> there is a stable update for python2.2
> (http://security.debian.org/pool/updates/main/p/python2.2/) available
> but there is no DSA for python2.2 on the webpage or mailinglist.
>
> Is it missing or is the update wrong?
Hmm, you are correct. I started to send out
Karsten M. Self wrote:
> > It had to be re-installed. You probably know that since you've read
> > the announcement we were able to send out before the machine was taken
> > down for reinstallation.
>
> That announcement wasn't delivered for all users until _after_ murphy
> was resurrected. I my
Karsten M. Self wrote:
> > It had to be re-installed. You probably know that since you've read
> > the announcement we were able to send out before the machine was taken
> > down for reinstallation.
>
> That announcement wasn't delivered for all users until _after_ murphy
> was resurrected. I my
Dan Jacobson wrote:
> To us debian users, the most notable thing during this break in or
> whatever episode, is how the communication structures crumbled.
It had to be re-installed. You probably know that since you've read
the announcement we were able to send out before the machine was taken
dow
Dan Jacobson wrote:
> To us debian users, the most notable thing during this break in or
> whatever episode, is how the communication structures crumbled.
It had to be re-installed. You probably know that since you've read
the announcement we were able to send out before the machine was taken
dow
I've been asked to post the patch below. Karsten Merker supplied
me with a patch to link woody stunnel statically against openssl.
Regards,
Joey
--
It's practically impossible to look at a penguin and feel angry.
Please always Cc to me when replying to me on the lists.
diff -Nur stunn
Nick Boyce wrote:
> On Friday 21 Mar 2003 2:01 pm, Martin Schulze wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> > -
> >- Debian Security Advisory DSA 265-1
Nick Boyce wrote:
> On Friday 21 Mar 2003 2:01 pm, Martin Schulze wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> > -
> >- Debian Security Advisory DSA 265-1
martin f krafft wrote:
> [joey, CCing you to make sure you see this immediately. you probably
> read debian-security too, i'd assume...]
>
> Check out
>
>
> http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2002.765.1
>
> DSA 169 is htcheck, not tomcat, right? At least tha
martin f krafft wrote:
> [joey, CCing you to make sure you see this immediately. you probably
> read debian-security too, i'd assume...]
>
> Check out
>
> http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2002.765.1
>
> DSA 169 is htcheck, not tomcat, right? At least that'
Olaf Meeuwissen wrote:
> Olaf Meeuwissen <[EMAIL PROTECTED]> (that's me!) writes:
>
> > Dear .debs,
> >
> > I recently wanted to apply security updates to a machine I'd installed
> > from woody pre6 CDs, hardened and upgraded to woody proper. [...]
> >
> > Before applying the upgrades I checked
Olaf Meeuwissen wrote:
> Olaf Meeuwissen <[EMAIL PROTECTED]> (that's me!) writes:
>
> > Dear .debs,
> >
> > I recently wanted to apply security updates to a machine I'd installed
> > from woody pre6 CDs, hardened and upgraded to woody proper. [...]
> >
> > Before applying the upgrades I checke
Ricardo Javier Cardenes Medina wrote:
> Mmmh... Comes to mind... What are the chances for a non-developer to be
> on "writers" at CVS now that we're authenticating via developer-related
> ssh keys? That would be very convenient just as many people (at least on
> the Spanish team) remain not being D
Oohara Yuuma wrote:
> For your information, this is how the Japanese translation of DSAs works:
> 1. Kenshi Muto forwards the English DSA to [EMAIL PROTECTED]
>as soon as possible (usually in 24 hours)
> 2. Seiji Kaneko translates the e-mail version of DSA into Japanese and
>post it to [EMA
Jan Niehusmann wrote:
> On Wed, Aug 14, 2002 at 12:18:29PM +0200, Danny De Cock wrote:
> > On Wed, 14 Aug 2002, Siegbert Baude wrote:
> > > language. As a side note: I personally know Germans and foreign
> > > Chinese students here in Germany working in this business, whose
> > > English skills wou
InfoEmergencias - Luis Gómez wrote:
> El mié, 14-08-2002 a las 11:03, Javier Fernández-Sanguino Peña escribió:
> > I do not see the benefit of this "push" method if we take in
> > account that we already provide an RDF channel for advisories and users
> > can configure their user agents (like E
Giuseppe Sacco wrote:
> We decided to translate from the english wml, so in order to start a
> translation we wait for the english published version. Is it the right
> way? In any case I will subscribe to debian-security-announce to get
> quicker translations.
That's the proper way. However, due
Giuseppe Sacco wrote:
> Il Tue, Aug 13, 2002 at 09:23:57PM +0200, Martin Schulze ha scritto:
> [...]
> > Currently, all DSAs are released via mail in english on
> > [EMAIL PROTECTED] and copied to www.debian.org
> > afterwards, where they will be picked up by seven[1] fell
Hi,
what do other developers think about localized lists for security
advisories, such as [EMAIL PROTECTED]
Currently, all DSAs are released via mail in english on
[EMAIL PROTECTED] and copied to www.debian.org
afterwards, where they will be picked up by seven[1] fellow translators
who produce th
Daniel Stone wrote:
> Considering that an upload hasn't been made to rectify this root hole,
> why hasn't something else been done about it - regular or security NMU?
> One would think that this is definitely serious.
>
> Oh and BTW, Slackware released an update today. Without trolling, I can
> sa
Daniel Stone wrote:
> Considering that an upload hasn't been made to rectify this root hole,
> why hasn't something else been done about it - regular or security NMU?
> One would think that this is definitely serious.
>
> Oh and BTW, Slackware released an update today. Without trolling, I can
> s
John Galt wrote:
> On Tue, 23 Oct 2001, Martin Schulze wrote:
>
> >John Galt wrote:
> >>
> >> It really didn't need to go to -devel in the first place: this is internal
> >> to debian-security until there's a candidate. Folloups redirected.
>
John Galt wrote:
>
> It really didn't need to go to -devel in the first place: this is internal
> to debian-security until there's a candidate. Folloups redirected.
Err... you have noticed that there are already two people filling
this position, haven't you?
Regards,
Joey
--
This is
John Galt wrote:
> On Tue, 23 Oct 2001, Martin Schulze wrote:
>
> >John Galt wrote:
> >>
> >> It really didn't need to go to -devel in the first place: this is internal
> >> to debian-security until there's a candidate. Folloups redirected.
>
John Galt wrote:
>
> It really didn't need to go to -devel in the first place: this is internal
> to debian-security until there's a candidate. Folloups redirected.
Err... you have noticed that there are already two people filling
this position, haven't you?
Regards,
Joey
--
This is
I'm awfully sorry for the delay, but I wasn't able to work on this
earlier again.
Here's a list of questions and answers that came up with the posting I
made last week.
Q: Is a requirement being a Debian developer?
No. It is my understanding that it would be good to have "fresh
blood" in
I'm awfully sorry for the delay, but I wasn't able to work on this
earlier again.
Here's a list of questions and answers that came up with the posting I
made last week.
Q: Is a requirement being a Debian developer?
No. It is my understanding that it would be good to have "fresh
blood" in
Current problems with Debian Security have led me into reconsidering
this issue which I thought about one year ago or so. Debian Security
is very crucial to our users and thus should be managed properly.
To help improve the situation I'm offering a very important job within
the Debian project. I
Current problems with Debian Security have led me into reconsidering
this issue which I thought about one year ago or so. Debian Security
is very crucial to our users and thus should be managed properly.
To help improve the situation I'm offering a very important job within
the Debian project.
Noah L. Meyerhans wrote:
> I wish to mirror security.debian.org using rsync, but I can't find any
> documentation on rsync sources or other mirrors. It's not mentioned on
Please don't do that. Security updates should come *only* from
security.debian.org. This was discussed a while, you should b
Noah L. Meyerhans wrote:
> I wish to mirror security.debian.org using rsync, but I can't find any
> documentation on rsync sources or other mirrors. It's not mentioned on
Please don't do that. Security updates should come *only* from
security.debian.org. This was discussed a while, you should
Nick Jennings wrote:
> Hello,
>
> Can anyone on the list recommend a good book, online or in paper
> form, that goes in depth on Linux Security? Prevention & Detection etc.
O'Reilly has tha Locker book, Unix Security and stuff, check it out.
Regards,
Joey
--
Computers are not in
Wichert Akkerman wrote:
> Previously Keith Harbaugh wrote:
> > This is to announce the establishment of a new debian mailing list:
> >
> > debian-security,
> >
> > for the discussion of all aspects of security
> > significant to the Debian system, including cryptography.
>
> How can it happe
64 matches
Mail list logo
