Re: APT vulnerability [DSA 4371-1] discussion

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, 2019-02-18 at 20:51 +, Brian Milliron wrote: > I have not seen any discussion of what appears to be a very serious > problem in Apt's security architecture. Hi, you might want to look at the APT development list archives. I myself asked

Re: Re: [SECURITY] [DSA 4371-1] apt security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, 2019-01-24 at 23:37 +0100, Edgar Remmel wrote: > Thanks a lot Yves-Alexis for reply and advice! > > > Also it's likely that > > you need to ask this to Raspbian, not Debian. > > Please give me a 2.nd try in this list. If it will become obvi

Re: [SECURITY] [DSA 4371-1] apt security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, 2019-01-24 at 15:08 +0100, Edgar Remmel wrote: > Hello, Hi Edgar, adding debian-security mailing list since it's the proper place to ask about his. > > the above security update was linked by a security forum. > > As the commands worked f

Re: Security support incomplete?

On mar., 2016-02-02 at 17:36 +, Pedro M. Jorge wrote: > Even the tracker has its issues. The tracker is (more or less) live data, so it's giving the current state of information the security team (and all interested contributors actually) has.  The DSA is more static, and represent the view a

Re: Security support incomplete? (was: Re: [SECURITY] [DSA 3455-1] curl security update)

On mar., 2016-02-02 at 17:37 +0200, Wolfgang Jeltsch wrote: > Can anyone please clarify? In particular, I would like to know what the > exact policies regarding coverage of security support are, and what > issues have not been fixed intentionally in oldstable (and maybe even > stable). Everything

Re: Q: Package login security problem?

On lun., 2015-12-21 at 10:11 +0100, Hans wrote: > Dear security-team, > > I am wondering, why the paramter for umask is set to 022 in /etc/login.defs > by  > default. I've already replied to this, see my previous mail <1450336571.28015.0.camel@d ebian.org> Regards, -- Yves-Alexis signature.a

Re: Unverifiable Signature on Debian Security Advisory Emails

On ven., 2014-12-12 at 10:17 +0100, Sébastien NOBILI wrote: > Hi, > > Le jeudi 11 décembre 2014 à 21:46, Hubert Chathi a écrit : > > On Thu, 11 Dec 2014 17:28:32 -0800, Jeremie Marguerie > > said: > > > I guess there might/should be something on the official website with > > > the key ID of offi

Re: Testing needed for xorg-server security update

On mer., 2014-12-10 at 06:56 +0100, Moritz Muehlenhoff wrote: > Hi, > there's been a new release of xorg-server fixing multiple security > vulnerabilities: > http://lists.x.org/archives/xorg-announce/2014-December/002500.html > > The update is ready for Wheezy/stable and has been successfully tes

Re: [SECURITY] [DSA 3074-1] php5 security update

On mar., 2014-11-18 at 22:59 +0100, Christoph Biedl wrote: > Um, that number is wrong. It isn't #768283 either. Definitely. This is a PHP bug number… > > > Worse, that update broke things: > > | From: root@ (Cron Daemon) > | To: root@ > | Subject: Cron > > [ -x /usr/lib/php5/maxlifetime ] && [

Re: Archive GPG key expiring process

On sam., 2014-10-18 at 13:55 +, Patrick Schleizer wrote: > Otherwise, what are the relevant people, how to contact them? You can find some hints in https://lists.debian.org/debian-security/2013/10/msg00066.html If it's really that hard, here are some pointers. DSA: https://dsa.debian.org/ (l

Re: Archive GPG key expiring process

at thread (which is true for this one too) is that you failed to contact the relevant people. Regards, -- Yves-Alexis Perez - Debian Security signature.asc Description: This is a digitally signed message part

Re: Iceweasel and web browsers vulnerabilty concerning poodle.

ves intend to disable SSLv3 in future Firefox releases. Regards, -- Yves-Alexis Perez - Debian Security signature.asc Description: This is a digitally signed message part

Re: Rubberhose filesystem for Wheezy

On jeu., 2014-10-09 at 02:37 -0300, Djones wrote: > On 08/10/2014 21:22, Allan J. Aguilar wrote: > > I am wondering if there is a way to have a deniable encryption archive > > in Debian Wheezy like rubberhose (similar to the hidden volume that > > TrueCrypt offered), and with software that complies

Re: about bash and Debian Lenny

On mer., 2014-10-01 at 15:03 +0300, Nikolay Hristov wrote: > In other words we > need security update for older debian distributions. That won't happen. -- Yves-Alexis Perez - Debian Security signature.asc Description: This is a digitally signed message part

Re: Checking for services to be restarted on a default Debian installation

On mar., 2014-09-02 at 00:11 +0300, Mikko Rapeli wrote: > As a workaround I, and hopefully most users, know about debian-goodies > and checkrestart, and figure out on their own if a reboot is > necessary. It's quite certain that about nobody know about debian-goodies or checkrestart. Regards, --

Re: L2TP/IPSec on Mac OSX stop working after openswan upgrade [with patches]

On ven., 2014-05-02 at 19:12 +0800, Liu DongMiao wrote: > I think it didn't reintroduce CVE-2013-6466. > I have use some packets to test them. > ref: http://www.openwall.com/lists/oss-security/2014/02/18/1 > on 1:2.6.37-3, it didn't show message droped, and on > 1:2.6.37-3+deb7u1 and the one with m

Re: L2TP/IPSec on Mac OSX stop working after openswan upgrade [with patches]

On mar., 2014-04-29 at 08:23 +0800, Liu DongMiao wrote: > Related bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744717 > > From the changelog of debian, I know that your are the maintainer of > openswan in debian: > openswan (1:2.6.37-3+deb7u1) wheezy-security; urgency=high > * Non-main

Re: [SECURITY] [DSA 2610-1] ganglia security update

On lun., 2013-01-21 at 21:32 +0100, Yves-Alexis Perez wrote: > Insufficient input sanitization in Ganglia, a web based monitoring > system, > could lead to remote PHP script execution with permissions of the user > running > the web browser. Web server, obviously. Sorry for the mi

Re: CVE-2012-3435: zabbix/testing

are marked as unimportant / no-dsa so they should be fixed through stable-proposed-updates. Regards, -- Yves-Alexis Perez Debian Security -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Arch

Re: CVE-2012-3435: zabbix/testing

On sam., 2012-12-08 at 11:10 +1100, Dmitry Smirnov wrote: > On Sat, 8 Dec 2012 00:37:44 Yves-Alexis Perez wrote: > > There's no security archive for Wheezy right now, so this need to go > > through testing-proposed-updates. Please get contact with the release > > te

Re: CVE-2012-3435: zabbix/testing

he rest. There's no security archive for Wheezy right now, so this need to go through testing-proposed-updates. Please get contact with the release team to get approval request. Regards, -- Yves-Alexis Perez Debian Security signature.asc Description: This is a digitally signed message part

Re: [rt.debian.org #3892] Re: Bug#677297: kfreebsd-8: cve-2012-0217

On sam., 2012-07-07 at 13:02 +0200, Yves-Alexis Perez wrote: > On jeu., 2012-07-05 at 13:13 +0100, Steven Chamberlain wrote: > > On 05/07/12 07:00, Yves-Alexis Perez wrote: > > > Can you show us a debdiff for the package you intend to upload to > > > stable-security

Re: [rt.debian.org #3892] Re: Bug#677297: kfreebsd-8: cve-2012-0217

On jeu., 2012-07-05 at 13:13 +0100, Steven Chamberlain wrote: > On 05/07/12 07:00, Yves-Alexis Perez wrote: > > Can you show us a debdiff for the package you intend to upload to > > stable-security? > > Hi, Please find debdiff attached. Sorry for the delay. Please go ahead

[rt.debian.org #3892] Re: Bug#677297: kfreebsd-8: cve-2012-0217

On mer., 2012-07-04 at 21:33 +0100, Steven Chamberlain wrote: > Hi Security Team, > > Someone replied on RT ticket #3892 (on which I am Cc'd, but can't view > it and don't know the author) the following: > > > Careful, patch in SVN repository can't be used as-is. See: > > http://lists.debian.org/

Re: CVE-2012-2459: Critical Vulnerability, but still reserved.

On mar., 2012-07-03 at 01:15 -0500, Mike Mestnik wrote: > Currently this(bitcoind) package is in back-ports. > > I think things may have gotten mixed up, here is the publication: > https://bitcointalk.org/index.php?topic=81749.0 > > Here is what the bitcoin daemon says: > cheako@hades:~$ bitcoind

Re: Security Implications of DKMS?

On mar., 2012-03-27 at 14:18 +0300, Rares Aioanei wrote: > I see that as a myth. Look at it this way: if an attacker already has > access to your machine, he/she can install anything he/she wants, > including compilers, interpreters, whatever. A good way to prevent that is to enforce W^X. There

Re: Security Implications of DKMS?

On lun., 2012-03-26 at 10:29 -0500, David Ehle wrote: > Hello, > > A bit of googling doesn't seem to produce much in the way of results on > this topic so I thought I would seek out opinions on the list. > > Please let me know if I'm making any false assumptions or showing a > mis-understanding

Re: Tales from the DNSCrypt: Linux Rising

On lun., 2012-02-20 at 19:50 -0200, Henrique de Moraes Holschuh wrote: > [1] or anything else that properly secures DNS sessions Note that you can have integrity protection / authentication using TSIG (though key distribution is still an issue). -- Yves-Alexis signature.asc Description: This is

Re: Bug#605090: Linux 3.2 in wheezy

> On do, 2012-02-02 at 12:18 +1100, Russell Coker wrote: > > On Thu, 2 Feb 2012, dann frazier wrote: > > > Whilte it may help the kernel team to not have to worry about problems > > > in the grsec flavor when preparing uploads, preventing delays for the > > > non-grsec images. But, that just push

Re: Bug#605090: Linux 3.2 in wheezy

On mer., 2012-02-01 at 19:14 +0100, Bastian Blank wrote: > On Wed, Feb 01, 2012 at 10:34:28AM +0100, Wouter Verhelst wrote: > > Well, that's what we have the 'linux-source' packages for: to allow > > other packages to build-depend on them. > > Since 3.1 or so it is not longer possible to use this

Re: Bug#605090: Linux 3.2 in wheezy

On mer., 2012-02-01 at 14:32 +, Ben Hutchings wrote: > On Wed, 2012-02-01 at 10:51 +0100, Yves-Alexis Perez wrote: > > On mer., 2012-02-01 at 10:34 +0100, Wouter Verhelst wrote: > > > On Wed, Feb 01, 2012 at 10:24:40AM +0100, Yves-Alexis Perez wrote: > > > > On m

Re: Bug#605090: Linux 3.2 in wheezy

On mer., 2012-02-01 at 10:34 +0100, Wouter Verhelst wrote: > On Wed, Feb 01, 2012 at 10:24:40AM +0100, Yves-Alexis Perez wrote: > > On mar., 2012-01-31 at 11:01 -0500, micah anderson wrote: > > > What is stopping you from creating another package, that provides the > >

Re: Bug#605090: Linux 3.2 in wheezy

On mar., 2012-01-31 at 11:01 -0500, micah anderson wrote: > On Mon, 30 Jan 2012 22:26:50 +0100, Yves-Alexis Perez > wrote: > > So I think it's perfectly clear that nor Debian nor Grsecurity are > > really interested in Debian shipping a Grsecurity kernel. > > Well,

Re: Bug#605090: Linux 3.2 in wheezy

On lun., 2012-01-30 at 14:08 +, Ben Hutchings wrote: > On Mon, 2012-01-30 at 11:05 +0100, Yves-Alexis Perez wrote: > > (adding few CC:s to keep track on the bug) > > > > On dim., 2012-01-29 at 21:26 +, Ben Hutchings wrote: > > > On Sun, 2012-01-29 at 20:57

Re: Linux 3.2 in wheezy

(adding few CC:s to keep track on the bug) On dim., 2012-01-29 at 21:26 +, Ben Hutchings wrote: > On Sun, 2012-01-29 at 20:57 +0100, Yves-Alexis Perez wrote: > > On dim., 2012-01-29 at 18:22 +, Ben Hutchings wrote: > > > Featuresets > > > --- >

Re: #651510 (gpw) - Not sure if security bug

tag 651510 security thanks On lun., 2012-01-16 at 11:30 +0100, Michael Stummvoll wrote: > Hi, > > last month I filed the bug #651510 against gpw. Short version of this bug: Hi, sorry for the delay. > > gpw is a password generator util. The user provides the length of > password and gpw generate

Re: [SECURITY] [DSA 2357-1] evince security update

On dim., 2011-12-04 at 11:54 +0100, Yves-Alexis Perez wrote: > - > Debian Security Advisory DSA-2357-1 secur...@debian.org > http://www.debian.org/security/ Yves-Ale

Re: upower: resets block-device tunings on startup

On mer., 2011-11-02 at 15:47 +0100, Alexander Kurtz wrote: > Notice how calling pm-powersave changes the mount options from read-only > to read-write. Since I'm actually using something like this on a server > to deliver read-only backups, this bug is quite serious for me. The > actual problem here

Re: Bug#645881: critical update 29 available

On mer., 2011-10-19 at 15:28 +0200, Thijs Kinkhorst wrote: > What I'm wondering is if we tried to ask upstream whether they would be > willing to extend the DLJ offer so we can keep security fixes for the > sun-java6 version in stable coming in for the lifetime of this release, > notwithstanding th

Re: Debian LTS?

On mar., 2011-10-04 at 11:59 +0100, Dominic Hargreaves wrote: > Hi all, > > I recall coming across the proposal/discussion in > > shortly after that wiki page was published, and thought it was something > which was worth persuing. I don't

Re: Paxtest results with default Grsec2 aren't impressive

On mar., 2011-09-13 at 22:47 +0200, Kees de Jong wrote: > I've been running my Debian machines with Grsec2 (package: > "linux-patch-grsecurity2") for a long time. > I thought that would keep me rather save, but I've ran Paxtest today > (which is in the Debian repository only available for i386...)

Re: Paxtest results with default Grsec2 aren't impressive

On mar., 2011-09-13 at 19:29 -0400, Robert Tomsick wrote: > I'm not familiar > with what defaults/settings the Debian package defaults to, but if it > doesn't pre-select all of the protections available, I suspect that's > why. > > If you mean the linux-patch-grsecurity2 package, it's just a patc

Re: Paxtest results with default Grsec2 aren't impressive

On mar., 2011-09-13 at 22:47 +0200, Kees de Jong wrote: > I've been running my Debian machines with Grsec2 (package: > "linux-patch-grsecurity2") for a long time. > I thought that would keep me rather save, but I've ran Paxtest today > (which is in the Debian repository only available for i386...)

Re: debian 6.0: About ipsec tunnel: outgoing traffic not encrypted

On mar., 2011-08-02 at 14:32 -0400, Min Wang wrote: >But it still does NOT use IPsec to send out the outgoing traffic. How exactly are you mesuring that? -- Yves-Alexis signature.asc Description: This is a digitally signed message part

Re: World writable pid and lock files.

On mer., 2011-05-11 at 08:37 +0200, helpermn wrote: > So what is a solution? Could I/you/someone report this somewhere? > Maybe Debian bugs tracker? For keepalived it's #626281. Regards, -- Yves-Alexis -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "

Wrong checksum on security.debian.org Squeeze source?

Hey, it seems that there's an issue with the current security sources: W: Failed to fetch http://security.debian.org/dists/squeeze/updates/main/binary-amd64/Packages.bz2 Hash Sum mismatch I get: curl -s http://security.debian.org/dists/squeeze/updates/main/binary-amd64/Packages.bz2 |sha256s

Re: avahi-daemon uses 100% of cpu when scanned with nmap (DoS possible?)

On Thu, 2011-02-24 at 15:31 +, Julien Reveret wrote: > [snip] > > It seems that mandriva already released an update for avahi : > > http://lists.grok.org.uk/pipermail/full-disclosure/2011-February/079525.html > > I guess you're facing the same issue. 0.6.28-4 has been accepted to unstable

RE: Question related to FDE (Full Disk Encryption) solution under Linux Debian Lenny

On lun., 2011-01-24 at 08:27 +, Jeroen van Dongen wrote: > If your server can reboot without a human being present to enter a > password, what's to stop someone who steals your server to obtain > access to the data? > > > The FDE does NOT protect your data against hackers - if they hack you

Re: Question related to FDE (Full Disk Encryption) solution under Linux Debian Lenny

On lun., 2011-01-24 at 08:14 +, Thomas Nguyen Van wrote: > Good morning > Our company needs to encrypt hard drives on our machines running under > Linux Debian Lenny. > Seagate proposes FDE solutions with Momentus 5400 and/or 7200 > (http://www.seagate.com/docs/pdf/fr-FR/whitepaper/mb595_2_mom

Re: some feedback about security from the user's point of view

On dim., 2011-01-23 at 17:35 +0100, Naja Melan wrote: > Some weeks ago I decided to have a look at debian and quite soon ran into > questions and problems considering the security of debian. I would like to > share some of those questions, remarks in this mail in the hope of > stimulating a discuss

Re: Starting point for contributing to debian-security

On lun., 2011-01-03 at 16:24 -0500, Michael Gilbert wrote: > Also, it would be useful to try to start adopting some of the additional > features applied in Ubuntu [1] but not in Debian. The hardest part > there is going to be convincing the gcc maintainers to deviate from > upstream defaults. No

Starting point for contributing to debian-security

On mar., 2010-12-21 at 22:52 +0100, Yves-Alexis Perez wrote: > Starting january, I think I'll be able to dedicate some time to debian > security team. Ok, so we're now at beginning of january :) Is there any starting specific point on which help/time would be needed? I know a “c

Starting point for contributing to debian-security

On mar., 2010-12-21 at 22:52 +0100, Yves-Alexis Perez wrote: > Starting january, I think I'll be able to dedicate some time to debian > security team. Ok, so we're now at beginning of january :) Is there any starting specific point on which help/time would be needed? I know a “c

Re: libapache2-mod-fcgid in lenny vulnerable to hole for weeks

(dropping the bug from CC:) On mar., 2010-12-21 at 22:21 +0100, Stefan Fritsch wrote: > FWIW, it seems the infrastructure has been finally fixed today, so I > hope things will improve now. But I do think that there are currently > to few active members in the security team. I am pretty sure we w

Re: non-executable stack (via PT_GNU_STACK) not being enforced

On jeu., 2010-10-14 at 13:35 -0500, Jordon Bedwell wrote: > On Thu, 2010-10-14 at 20:21 +0200, Yves-Alexis Perez wrote: > > I'm not sure it's a solution Debian can advertise. > > I know it's not, that is why later down the discussion we brought up the > inst

Re: non-executable stack (via PT_GNU_STACK) not being enforced

On jeu., 2010-10-14 at 13:15 -0500, Jordon Bedwell wrote: > > Like, not booting at all? > > Like, going and buying a better computer? I'm not sure it's a solution Debian can advertise. > I have no problem booting my > mums computer with PAE and NX (and it's almost 5 years old now ~ built > wit

Re: non-executable stack (via PT_GNU_STACK) not being enforced

On mar., 2010-10-12 at 05:34 -0500, Jordon Bedwell wrote: > Also to add, the benefits of NX on PAE far outweigh those of not having > PAE, Like, not booting at all? -- Yves-Alexis signature.asc Description: This is a digitally signed message part

Re: CVE-2009-3555 not addressed in OpenSSL

On mar., 2010-09-28 at 17:58 -0500, Jordon Bedwell wrote: > On 09/28/2010 03:04 PM, Marsh Ray wrote: > > On 09/24/2010 02:45 AM, Simon Josefsson wrote: > > But that's a choice made by Debian. Call it release policy, procedure, > > or whatever, Debian cannot use the existence of its own bureaucracy

Re: ...

On 05/07/2010 09:19, Michiel Klaver wrote: > How about putting all new subscribers into 'moderated' and have their > first messages to the list screened and approved or rejected by humans? This is not the correct list to discuss this. -- Yves-Alexis -- To UNSUBSCRIBE, email to debian-security-

Re: ...

On dim., 2010-07-04 at 15:26 -0400, Jim Popovitch wrote: > > If you really want to help, start learning about what's being done > > already. > > I would very much like to. Looking at > http://lists.debian.org/misc.html I don't see a mailinglist devoted to > spam/mail issues (other than debian-ad.

...

On sam., 2010-07-03 at 23:37 -0400, Jim Popovitch wrote: > WTF? Come on folks. who's running this list? Please don't reply to spam, especially not quoting them. Cheers, -- Yves-Alexis signature.asc Description: This is a digitally signed message part

Re: Debian 4.0 Upgrade Path

On 21/01/2010 18:00, Thiemo Nagel wrote: > The last time I checked, the freeze was scheduled for March. If I'm not > mistaken, usually security support starts some time before the final > release. So it's a rather narrow gap to be bridged (at least in my > imagination). Aren't you confusing the

Re: problem with security mirror?

Thijs Kinkhorst a écrit : > On Sun, November 8, 2009 13:34, Yves-Alexis Perez wrote: >> Hey, >> >> apt-get update on my lenny box gives the following warning: >> >> W: GPG error: http://security.debian.org lenny/updates Release: The >> following signature

problem with security mirror?

Hey, apt-get update on my lenny box gives the following warning: W: GPG error: http://security.debian.org lenny/updates Release: The following signatures were invalid: BADSIG 9AA38DCD55BE302B Debian Archive Automatic Signing Key (5.0/lenny) Do we have some info about that? Cheers, -- Yves-Ale

Re: how to send IP packets by myself

> what tools- tutorials- you have about it? That's not really the best list to ask, but try scapy (www.secdev.org and python-scapy) Cheers, -- Yves-Alexis Perez signature.asc Description: This is a digitally signed message part

Re: [Evolution] Bug#508479: evolution shows a SMIME signed messages as ok even if modified

On jeu, 2008-12-11 at 18:41 +0100, Joachim Breitner wrote: > please consider raising the Severity if appropriate. > > Attached are two very minimal test mails. you can drag’n’drop them in > evolution. The (self-signed) key.pem contains a certificate, you can > import it a signing authority. > > B

Re: "Certification Authorities are recommended to stop using MD5 altogether"

On mer, 2008-12-31 at 14:15 -0500, Micah Anderson wrote: > > Does anyone have a legitimate reason to trust any particular > Certificate Authority? I may be wrong, but I trust the CAs in ca-certificates. I've followed the add of French Gvt CA Certificates, and the procedure was enough strict to g

Re: authenticated NFS service on Lemote 2F

On sam, 2008-08-16 at 15:33 +0800, [EMAIL PROTECTED] wrote: > The problem: the modified version of Debian Linux offered by the > manufacturer doesn't have nfs-kernel-server, only have > nfs-user-server. Can't you add Debian sources for this an install nfs-kernel-server? Cheers, -- Yves-Alexis

Re: Thanks to Debian OpenSSL developers

On jeu, 2008-05-15 at 23:38 +0200, Steffen Schulz wrote: > or what its worth...I see 3.5 problems that accumulated into this > mess: > > - OpenSSL is complex and critical but the code is little documented. > Code pieces like the ones in question should have warning-labels > printed all over th

Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

On mar, 2008-05-13 at 23:39 -0300, Henrique de Moraes Holschuh wrote: > > It is probably worth a lot of effort to fully map the entire set of > keys > the broken openssl could generate, and find a very fast way to check > if > a key belong to that set. And add that to openssl upstream (to > autom

Re: Question about Security

On Wed, May 07, 2008 at 09:25:59AM +, Jesse Mirza wrote: > Dear All, > > I am planning to use Debian (etch) as a ISPconfig server to host some > websites can someone point me out the best way to 99,9% secure this > system, this system Will be running in a data center and i don't want to >

Re: securing server

On Wed, May 07, 2008 at 09:09:02AM +, Jean-Paul Lacquement wrote: > Hi, > > I plan to secure my Debian stable (or testing if you say it's better) server. […] > Would you please list me which packages to install and which rules to apply ? http://www.debian.org/doc/manuals/securing-debian-howto

Re: oCERT

On sam, 2008-04-12 at 19:16 +0200, Andrea Barisani wrote: > Ok, CC-BY (or CC-A) would allow this. > > Yves, would this be ok with you? (my name is Yves-Alexis) I'm not the one in charge, so I won't be able to answer (I was just porting the issue to ocert team). But CC-BY-NC is not considered DFS

Re: oCERT

On sam, 2008-04-12 at 12:54 +0200, Alexandre Dulaunoy wrote: > On Sat, Apr 12, 2008 at 12:14 PM, Yves-Alexis Perez <[EMAIL PROTECTED]> wrote: > > Hi list, > > > > would it make sense for Debian to participate to http://www.ocert.org > > (Opensource Computer Emer

oCERT

Hi list, would it make sense for Debian to participate to http://www.ocert.org (Opensource Computer Emergency Response Team)? It could be nice to share advisories and that sort of things. Cheers, -- Yves-Alexis signature.asc Description: This is a digitally signed message part

Re: DSA-1494-1 - Graphics errors

On Thu, Feb 14, 2008 at 05:04:47PM +, Riku Valli wrote: > I just installed 2.6.18-6-686 and compiled my Ati's properitier drivers > for this kernel. No problems. I used Thinkpad too (T61) if i remember > right. T61 use intel or nvidia card, so I don't think you remember right :) -- Yves-Ale

setuid binary in ktsuss

Hi, I'm about to upload ktsuss to debian, wich is a graphical wrapper around su (much like gksu but without any gnome dependency). One point puzzles me, the ktsuss binary is setuid root (so it can read the root password). gksu doesn't do this (it calls su, I guess). I don't really want to upload