Am 22.01.22 um 21:07 schrieb Bjørn Mork:
Stefan Fritsch writes:
# cat /etc/apt/apt.conf.d/11-default-release
APT::Default-Release "bullseye";
Just don't do that. It breaks all normal preferences and will end up
preferring "bullseye" over anything else. Inc
Hi Viktor,
Am 22.01.22 um 11:34 schrieb SZÉPE Viktor:
Idézem/Quoting Stefan Fritsch :
I have noticed that the latest linux security update is not installed
on my box. The package is available in
# apt-cache policy linux-image-amd64
linux-image-amd64:
Installed: 5.10.84-1
Candidate
Hi,
I have noticed that the latest linux security update is not installed on
my box. The package is available in
# apt-cache policy linux-image-amd64
linux-image-amd64:
Installed: 5.10.84-1
Candidate: 5.10.84-1
Version table:
5.15.15-1 500
500 http://mirror.hetzner.de/debi
On Monday, 18 March 2019 09:19:41 CET Bjørn Håkon Noss wrote:
> After looking at the Security tracker
> (https://security-tracker.debian.org/tracker/CVE-2018-17199), I can
> see that CVE-2018-17199 is fixed in both jessie and buster but not
> stretch.
>
> Do you have any information about if and w
)
> On Wed, Aug 03, 2016 at 10:46:33PM +0200, Stefan Fritsch wrote:
> > Maybe the flashplugin-nonfree package should even be replaced by a package
> > that installs the ubuntu archive signing key, sets up the sources.list
> > line, and tweaks the unattended-updates config
On Mittwoch, 3. August 2016 20:43:29 CEST Rob van der Putten wrote:
> You can download the plugin manually. For i396 it's;
> http://fpdownload.macromedia.com/get/flashplayer/pdc/11.2.202.429/install_fl
> ash_player_11_linux.i386.tar.gz
An alternative that has worked quite well for me on some of my
On Wednesday 03 June 2015 16:07:56, Thorsten Glaser wrote:
> I’ve just done so: both the “precomputed, up to 8192 bits” part
> (which already makes Qualys not cap the grade to B, but is not
> the proper fix, because, in the end, people will just pregenerate
> for the Debian-shipped group too) and t
On Wednesday 20 May 2015 12:47:35, Dan Ritter wrote:
> In particular, Apache 2.2 does not have
> SSLOpenSSLConfCmd DHParameters
> as a configurable option. It looks like that only shows up in
> 2.4, which is not in wheezy-backports.
> So I guess this is a request for either a fix for Apache 2.2 o
On Sunday 21 September 2014 21:13:50, Richard van den Berg wrote:
> Package formats like apk and jar avoid this chicken and egg problem
> by hashing the files inside a package, and storing those hashes in
> a manifest file. Signatures only sign the manifest file. The
> manifest itself and the signa
Unfortunately, the latest update introduced a regression: Testing of
user filters with -bf as normal user no longer works:
$ /usr/sbin/exim4 -bf .forward
exim: changing group failed: Operation not permitted
$
See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611572
-
y for asking those stupid questions, but the instructions are a
> little ambiguous there...
Yes, that's what I meant with "The Debian default configuration is not
affected by the changes". How would you have worded it to be less
ambigous?
> On Sun, Jan 30, 2011 at 10:41:
On Monday 03 January 2011, Yves-Alexis Perez wrote:
> On mar., 2010-12-21 at 22:52 +0100, Yves-Alexis Perez wrote:
> > Starting january, I think I'll be able to dedicate some time to
> > debian security team.
Very nice.
> Ok, so we're now at beginning of january :)
>
> Is there any starting spec
On Tuesday 21 December 2010, John Goerzen wrote:
> I reported bug #605484 regarding a security hole in lenny. I
> believe the security team was CC'd.
>
> Prior to my report,
> http://security-tracker.debian.org/tracker/CVE-2010-3872 said that
> Debian/stable was not vulnerable. I also notified t
On Thursday 11 November 2010, Kurt Roeckx wrote:
> So I've prepared a package based on the ubuntu patch. I also went
> over every commit between the 0.9.8l and 0.9.8m release and am
> reasonly confident this patch should work properly.
>
> The current package is available at:
> http://people.debi
On Monday 22 September 2008, Felipe Figueiredo wrote:
> > Try modsecurity, it should block invalid URI
>
> Speaking of which, shouldn't it be re-included in Debian now that
> the licensing issue[1] is supposed to be over[2]?
There is already an ITP bug, but I don't know the current status.
http:/
On Monday 19 May 2008, Florian Weimer wrote:
> BTW, it appears that the same blacklist can be used for -3 and -F4
> keys. (Just in case you haven't checked that already.)
RSA keys with exponent 3 should probably not be used at all, because
multiple implementations did not verify the signatures co
On Wednesday 27 February 2008, Nick Boyce wrote:
> But it seems to me that simply enabling the --unrar parameter of
> clamscan would not entail incorporating or distributing any unrar
> code at all - the code to parse the --unrar parameter and call the
> non-free unrar binary if specified surely be
On Tuesday 12 February 2008, Jens Schüßler wrote:
> * Florian Weimer <[EMAIL PROTECTED]> wrote:
> > * Jens Schüßler:
> > > I just upgraded my linux-source-2.6.18 to
> > > 2.6.18.dfsg.1-18etch1_all and build a new linux-image. But
> > > after installing an rebooting I still was able to become root
>
Hi,
many wrapper scripts contain things like
export LD_LIBRARY_PATH=foo:$LD_LIBRARY_PATH
This is bad because if LD_LIBRARY_PATH is unset, it will expand to
LD_LIBRARY_PATH=foo:
which is interpreted as
LD_LIBRARY_PATH=foo:.
This means that the current directory
Hi,
Alexander Konovalenko wrote:
> I couldn't find any existing solutions to the problem described
> above. The testing security team does publish some of the
> information in their Secure-testing-commits, but it lacks more
> verbose explanations and is more of a tool for team members than a
> sou
Hi,
On Mittwoch, 2. Mai 2007, Celejar wrote:
> Dann Frazier <[EMAIL PROTECTED]> wrote:
> > Package: linux-2.6
> > Vulnerability : several
> > Problem-Type : local/remote
> > Debian-specific: no
> > CVE ID : CVE-2007-0005 CVE-2007-0958 CVE-2007-1357
> > CVE-2007-1592
> 1) DSA 12
On Sunday 14 January 2007 14:36, Adrian von Bidder wrote:
> I have users a, b, c, d, e. All users except e can have shell
> access, but beecause shell access is powerful, must not be able to
> log in with password, but only with public key. User e is allowed
> to log in with password and is restr
Hi,
>> One is CVE-2006-5815 and the other is a mod_tls vulnerability without
>> CVE
>> id yet. AFAIK there is no exploit for sarge's 1.2.x for CVE-2006-5815
>> yet.
>> So I would expect this to be the mod_tls vulnerability. Do you have
>> mod_tls enabled? Try connecting to your server with telnet
Hi,
> The attacks ceased before I noticed, so I was not able to capture a TCP
> stream. I would just like to alert people that there is still some
> vulnerability in the ProFTPD code that was not fixed by DSA-1218-1.
yes, there are two open vulnerabilites in proftpd. A DSA should be in the
works,
Hi,
On Tuesday 09 May 2006 18:30, Daniel Schröter wrote:
> > For the unstable distribution (sid) this problem will be fixed
> > soon.
>
> Isn't it fixed since FF 1.5.dfsg+1.5.0.3-1?
> http://lists.debian.org/debian-devel-changes/2006/05/msg00197.html
the DSA is about the old mozilla, not firefox.
On Thursday 25 August 2005 23:33, Peer Janssen wrote:
> Do they have some monitoring script? Or some monitoring people?
> (Might be interesting to know who: [disgruntled users? the
> competition?])
cron-apt will send you a mail.
Aug 25 05:16:31 xxx cron-apt: Failed to fetch
http://security.debia
On Thursday 14 July 2005 22:03, Fredrik "Demonen" Vold wrote:
> I think it's possible for a script to list all installed packages,
> then check each of them against the bug report system to see if the
> installed version has a security bug filed against it.
>
> Maybe if some autmated system on the
Hi!
On Tuesday 05 July 2005 14:00, Daniel Pittman wrote:
> /sbin/iptables -t filter -A in_world_http_s1 -p tcp --sport 1024:65535
> --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
> /sbin/iptables -t filter -A out_world_http_s1 -p tcp --sport 80 --dport
> 1024:65535 -m state --state ESTABL
On Monday 27 June 2005 20:26, Matt Zimmerman wrote:
> I expect it would be enough if they were all active, but that has
> never been the case for this group. Wichert, Daniel, Michael and
> myself are all de facto inactive for various reasons, and have been
> for some time.
And according to Steve
Hi Geoff,
On Friday 25 February 2005 06:52, Geoff Crompton wrote:
> Are the kernel team aware of
> http://www.securityfocus.com/bid/12555, a bunch of vulnerablities
> in 2.6 kernels prior to 2.6.11-rc2.
>
> Or more generally, are these being tracked? And if so, by whom, and
> I should I keep askin
Hi!
On Saturday 19 February 2005 02:40, kurt kuene wrote:
> so there WAS really a security team at that time. I eventually have
> thought that I had only dreamed or misunderstood something. but
> this is not debian-like. I have thought that if they run security
> updates they will not just stop th
Hi!
On Friday 05 November 2004 12:27, Baruch Even wrote:
> > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> > iptables -A INPUT -m state --state NEW -p tcp --tcp-flags ALL SYN -j ACCEPT
>
> Please dont do that!
> You can use SYN,ACK,FIN,RST SYN to check for illegal flags.
Sho
Hi!
Am Dienstag, 20. April 2004 15:27 schrieb Adrian 'Dagurashibanipal'
von Bidder:
> So, to rephrase the question, is
> there a way to have PAM set up my session (specifically, pam_env)
> without allowing users to log in with their password?
I think you can do this by removing a line in /etc/pa
Hi!
Am Dienstag, 20. April 2004 15:27 schrieb Adrian 'Dagurashibanipal'
von Bidder:
> So, to rephrase the question, is
> there a way to have PAM set up my session (specifically, pam_env)
> without allowing users to log in with their password?
I think you can do this by removing a line in /etc/pa
34 matches
Mail list logo
