[...]
> Isn't it interesting that their one example will potentially dereference
> the null pointer even before compiler optimizations (from the paper):
>
> struct tun_struct *tun=;
> struct sock *sk = tun->sk;
> if(*tun) return POLLERR;
>
> The check to see that tun is non-null should occur
Hi Andrew, hi all,
> I understand that Debian has a bunch of vulnerabilities as described in
> the following PDF.
>
> http://pdos.csail.mit.edu/~xi/papers/stack-sosp13.pdf
>
> Just a small quote:
>
> "This paper presents the first systematic approach for
> reasoning about and detecting unstable
Hi,
> I've been trying to file a bug report trough the bug report tool of
> Debian. But without a succes.
> So I'll just inform you all about this bug since I do want to inform you
> about it.
> I'm sorry this isn't the proper method, but bugreport isn't cooperative
> with my SMTP for some reason.
Hi all,
> On Sat, Mar 12, 2011 at 08:11:27AM -0800, tabris wrote:
> > On 2/25/11 6:56 AM, CamaleĆ³n wrote:
> > > I just have read this notice:
> > >
> > > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1003
> > >
> > > And wonder if it is foreseen an update for Lenny's ClamAV to 0.97 that
Hi,
> ---
> Debian Security Advisory DSA-2118-1 secur...@debian.org
> http://www.debian.org/security/ Nico Golde
> October 8th, 2010http://www.debian
[...]
>
> I would proceed in this way:
> bsh: add bsh-src binary creation
> jedit:
> - remove Debian bsh sources (added to the rejected package [2])
> - add bsh-src as builddep
I think if you do a versioned builddep (exact version) then at the very latest
an archive rebuild will ensure that jedi
> * Gabriele Giacone:
>
> > For example openjdk-6-source: source code is in both orig tarball and
> > openjdk-6-source binary package. This is a duplication, isn't it?
>
> First, the duplication refers to source packages. Second,
> openjdk-6-source is like the emacs*-el packages, it provides IDE
> Hi !
> The latest clamav 0.95.3+dfsg-1 from volatile knows howto scan rar
> files natively ? The --unrar option doesn't work anymore and the
> EICAR is not detected:
>
> #clamscan --scan-archive=yes --verbose --unrar=/usr/bin/unrar
> eicar.rar WARNING: Ignoring deprecated option --unrar
[...]
> This one time, at band camp, Michael Stone said:
> > On Mon, Feb 23, 2009 at 07:27:14PM +0100, Kurt Roeckx wrote:
> > >I think one the reason why clamav is in volatile is that the engine
> > >might need updating to detect new viruses. Is that something you
> > >want to support in stable-security
>
> Hi folks,
>
> I work for an hosting provider, and am looking at how to improve
> visibility into vulnerability exposure.
>
> We have over 800 Debian hosts that we manage fore customers, and will
> have over 1,000 by the end of this quarter.
>
> A major problem we face is that our change d
> On Wed, Dec 10, 2008 at 13:21, Dominic Hargreaves <[EMAIL PROTECTED]> wrote:
> > I don't really understand your question. There is no separate security
> > archive for volatile, as I understand it.
>
> Oddly enough I understood Tony, yet I don't understand the
> Volative+ClamAV situation. Can s
[...]
>
> This looks like quite a serious bug (remote arbitrary code execution).
> Are there any plans for an update to volatile?
>
The fixed version has been uploaded to volatile already and got accepted [1],
but probably is still being built!?
Best,
Michael
[1]
http://lists.alioth.debian.or
> On Thursday 21 August 2008 11:33:51 Michael Tautschnig wrote:
> > Hi all,
> >
> > since two days (approx.) I'm seeing an extremely high number of apparently
> > coordinated (well, at least they are trying the same list of usernames)
> > brute force attempts
> * Michael Tautschnig <[EMAIL PROTECTED]> [2008-08-21 07:35-0400]:
> > Hi all,
> >
> > since two days (approx.) I'm seeing an extremely high number of apparently
> > coordinated (well, at least they are trying the same list of usernames)
> > brute
>
> Assuming that your system is secured as well as can be, and that your
> question is not about how to fend off attacks but rather how to stop your
> attackers from being able to continue, isn't this the kind of thing that the
> police or other law enforcement agencies would normally investigate?
>
> Hi,
>
> * use a Firewall to prevent other IP address to connect to your ssh
> service. restrict just to yours (iptables script can be easy to find on
> the web)
Well, I should have added that my hosts must be world-wide accessible using
password-based authentication, so this is no option.
> * u
> On Thu, Aug 21, 2008 at 04:33:51PM +0200, Michael Tautschnig wrote:
>
> > Further, what do you guys do about such attacks? Just sit back and hope
> > they don't get hold of any passwords? Any ideas are welcome...
>
> Port knocking is a useful technique I'
Hi all,
since two days (approx.) I'm seeing an extremely high number of apparently
coordinated (well, at least they are trying the same list of usernames) brute
force attempts from IP addresses spread all over the world. I've got denyhosts
and an additional iptables based firewall solution in plac
I'm out of office until the 19th of August. Afterwards, I will try to respond
to your message as soon as possible.
Best regards,
Michael Tautschnig
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
19 matches
Mail list logo
