On Fri, Jun 23, 2023 at 06:48:23AM +0200, Anton Gladky wrote:
> Hi,
>
> two CVEs might be irrelevant for Debian systems. Can they be
> tagged as "unaffected"? Or we have some systems, where
> /dev/urandom is not existing?
They are already marked as non-issues:
CVE-2023-31124 (c-ares is an asynch
Hi!
I found the Securing Debian Manual
(https://www.debian.org/doc/manuals/securing-debian-manual/index.en.html).
This version is from 2017.
It has „Chapter 6. Automatic hardening of Debian systems” which mentions
Harden packages and Bastille. None of these packages exist anymore in
Debian
Dear all,
I was downloading the netimage of bookworm, the signing key(s) and sha sums
when I noticed that my timestamp of the signature [0] differs from the one on
the website. [1]
Is this a security issue or just a website not updated?
Kind regards
Julian
--
[0] :
$ LC_ALL=C gpg --verify-files
On Fri, Jun 23, 2023 at 12:40:19PM +0200, Stephan Seitz wrote:
> I found the Securing Debian Manual
> (https://www.debian.org/doc/manuals/securing-debian-manual/index.en.html).
> This version is from 2017.
>
> It has „Chapter 6. Automatic hardening of Debian systems” which mentions
> Harden packa
On Fri, 2023-06-23 at 16:53 +0200, Julian Schreck wrote:
> I was downloading the netimage of bookworm, the signing key(s) and
> sha sums when I noticed that my timestamp of the signature [0]
> differs from the one on the website. [1]
> Is this a security issue or just a website not updated?
>
You
On 23 June 2023 15:53:08 BST, Julian Schreck wrote:
>Dear all,
>I was downloading the netimage of bookworm, the signing key(s) and sha sums
>when I noticed that my timestamp of the signature [0] differs from the one on
>the website. [1]
>Is this a security issue or just a website not updated?
>
Where to find the former? (Or do I not need it for checking the integrity of
the download(s)?)
--
> On Fri, 2023-06-23 at 16:53 +0200, Julian Schreck wrote:
> > I was downloading the netimage of bookworm, the signing key(s) and
> > sha sums when I noticed that my timestamp of the signature [0]
> >
Hi Anton, all
Well even if there are some systems affected I must say that if
someone have removed urandom the behavior described is expected. I
mean /dev/urandom is there for a reason. And yes there are better
functions than rand() but I can hardly see this as a vulnerability. Or
well it is, but
Thank you all for your replies!
@Moritz, could you please create an issue with a
the possible proposal, how it should look like?
Best regards
Anton
Am Fr., 23. Juni 2023 um 20:49 Uhr schrieb Ola Lundqvist :
>
> Hi Anton, all
>
> Well even if there are some systems affected I must say that if
>
On 2023-06-23 20:59:07 +0200 (+0200), Julian Schreck wrote:
> Where to find the former? (Or do I not need it for checking the
> integrity of the download(s)?)
[...]
> > > [1] : https://www.debian.org/CD/verify, e. g. 2011-01-05 [SC]
[...]
Please restate your question more precisely if this doesn't
10 matches
Mail list logo
