Re: xpdf vulnerability?

2005-03-23 Thread Frank Küster
Hi Javier, I'm following up on this because I want to learn, and because I'd like to write something about it for developers reference. Please don't take me as "playing dumb", at most I'm playing devils advocate, but mostly I simply didn't see the things when looking at the available information.

Re: xpdf vulnerability?

2005-03-23 Thread Frank Küster
Hubert Chan <[EMAIL PROTECTED]> wrote: > On 2005-03-22 08:20:32 -0500 Frank Küster <[EMAIL PROTECTED]> wrote: > >> However, that doesn't invalidate the check. >> The main point of CAN-2004-0206, as I understand it, is that the >> upstream/original check will be performed in the limits of the wides

Re: [DSA 694-1] New xloadimage packages fix several vulnerabilities

2005-03-23 Thread Bob Proulx
In the security FAQ: http://www.debian.org/security/faq The most important guideline when making a new package that fixes a security problem is to make as few changes as possible. Our users and developers are relying on the exact behaviour of a release once it is made, so any c

Re: [DSA 694-1] New xloadimage packages fix several vulnerabilities

2005-03-23 Thread Bob Proulx
Bob Proulx wrote: > But the latest security upload changed the dependencies. Obviously > that was unintentional. But it is still a bad thing. > > From: > Depends: libc6 (>= 2.2.4-4), libjpeg62, libpng2(>=1.0.12), libtiff3g, xlibs > (>> 4.1.0), zlib1g (>= 1:1.1.3) > To: > Depends: libc6 (>=

Re: xpdf vulnerability?

2005-03-23 Thread Hubert Chan
On 2005-03-23 04:07:47 -0500 Frank Küster <[EMAIL PROTECTED]> wrote: > Hubert Chan <[EMAIL PROTECTED]> wrote: > >> Is it an int or a size_t (like what malloc uses)? If it is an int, >> then INT_MAX would work as expected. If it's size_t, then you should >> use SIZE_MAX (defined in stdint.h). >

Apache 1.3.33 (from sarge) and mod_chroot

2005-03-23 Thread Krzysztof Jóźwiak
Hello! My web server was hacked a few days ago and I decided to install some new program and modules which improve security. I find in sarge libapache-mod-chroot which chroot apache (and it work fine) but I can't send mail from php. I installed ssmtp in chroot (I think so) in chroot environment b

Re: Apache 1.3.33 (from sarge) and mod_chroot

2005-03-23 Thread Ian Eure
On Wednesday 23 March 2005 10:31 pm, Krzysztof Jóźwiak wrote: > Hello! > > My web server was hacked a few days ago and I decided to install some > new program and modules which improve security. > I find in sarge libapache-mod-chroot which chroot apache (and it work > fine) but I can't send mail fr