ects woody" and now DSA 519-1 was shipped.
--
Regards,
Hideki Yamanemailto:henrich @ samba.gr.jp/iijmio-mail.jp
Hi,
"Tue, 15 Jun 2004 10:35:33 +0200", "Rudy Gevaert"
"securing PHP (was: Kernel Crash Bug)"
>Can somebody point me to some documentation about securing PHP?
Not documentation but patch for php, "Hardened-PHP".
http://www.harde
Hi,
On Tue, 3 Jul 2007 00:12:09 +0200
Moritz Muehlenhoff <[EMAIL PROTECTED]> wrote:
> If someone is able to read Japanese, please look into Bug 429174
> for mecab and provide the necessary information what this issue
> is all about in the bug log.
I've checked an upstream mailing list.
It wou
Hi,
Is there any plan to provide dowkd.pl via Debian Package?
I'm worried about that modified dowkd.pl, by malicious attacker,
would be spread out.
--
Hideki Yamane
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
ne's
blog or so, and will believe those articles and execute command with copy
& paste... ;-)
And if we would get it via package, when dowkd.pl is updated we can know
about it automatically (with apt-get :-)
--
Regards,
Hideki Yamane henrich @ debian.or.jp/iijmio-mail.jp
--
about this issue...
--
Regards,
Hideki Yamane henrich @ debian.or.jp/iijmio-mail.jp
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
cgi-bin/cvsweb.cgi/libc/NEWS?cvsroot=glibc
If we don't apply workaround in DSA-1605, my Debian box is exploitable?
If exploitable, is it easy (impact/risk)?
I'm confused... help.
--
Regards,
Hideki Yamane henrich @ debian.or.jp/iijmio-mail.jp
http://wiki.debian.org/HidekiYa
ot of wireless Access Point (in Cafe, McDonalds
or so) and many many people (Windows, Mac and a few Linux and *BSD users ;)
use such wireless AP and unpatched name servers provided by dhcpd...
oh no ;(
--
Regards,
Hideki Yamane henrich @ debian.or.jp/iijmio-mail.jp
http://wiki.debian.
has ended, so starting with this update
>> we're now following the 38.x releases.
Is there any action for it? or just backport package for stable-security
is not enough?
--
Regards,
Hideki Yamane henrich @ debian.or.jp/org
http://wiki.debian.org/HidekiYamane
and oldstable-security.
Thanks for your hard work!
--
Regards,
Hideki Yamane henrich @ debian.or.jp/org
http://wiki.debian.org/HidekiYamane
Hi,
Just some question.
https://packages.debian.org/jessie/mysql-server-core-5.5 says
armhf 5.5.50-0+deb8u1 it's only arch that have old version.
mysql-5.5 in armhf, there is no jessie-security log.
https://buildd.debian.org/status/logs.php?pkg=mysql-5.5&arch=armhf
https://tracker.debian.org/pk
sugu says it maybe not sufficient to fix non-x86 archs.
for this issue. see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837984
I'm not sure whether it's true or not, but can you give a look into it,
please?
--
Regards,
Hideki Yamane henrich @ debian.or.jp/org
http://wiki.debian.org/HidekiYamane
Hi,
I'm just curious, Ubuntu developer said that there was no embargo for
eject package vulnerability with Debian, is it true and if so, why?
https://bugs.launchpad.net/ubuntu/+source/eject/+bug/1673627/comments/3
--
Hideki Yamane
ade.tencent.com/magellan/index_en.html
CVE is not assigned yet, but we should track and try to fix it.
--
Hideki Yamane
stable release, so tracking is important.
--
Hideki Yamane
/www.sqlite.org/src/info/940f2adc8541a838
> [3] https://www.sqlite.org/src/info/de0781485701c138
Thanks for your work!
"Only Chrome seems to be affected" but how about chromium?
--
Regards,
Hideki Yamane henrich @ debian.org/iijmio-mail.jp
Hi,
I've read systemd's vulnerability article [1] and then I have
a question, do we have any plan to enable "-fstack-clash-protection"
by default? I cannot find any discussion about it.
[1] https://www.zdnet.com/article/new-linux-systemd-security-holes-uncovered/
--
Hideki Yamane
>
> There's a bug report requesting a build flags change:
>
> <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918914>
>
> We should keep a record of any discussion in that bug report.
Thanks Florian, I've subscribed it.
--
Regards,
Hideki Yamane henrich @ debian.org/iijmio-mail.jp
i?bug=183719
# but, yes, DSA have not been released yet.
# if you think that is too dangerous, post it in BTS is good.
# for example, I posted in BTS about slocate vulnerability and
# the security team released DSA-252.
--
regards,
Hideki Yamane mailto:henrich @ iijmio-mail.jp, m
Version Table:
> 1.9.1-4 0
>500 ftp://ftp.us.debian.org unstable/main Packages
> 1.8.7-4 0
>500 ftp://ftp.us.debian.org testing/main Packages
> 1.8.4beta1-3 0
> 1001 ftp://ftp.us.debian.org stable/main Packages
I don't know "apt-cache policy &q
this issue alone ?
or not effect Debian package? (if so, this bug should be closed.)
--
Regards,
Hideki Yamanemailto:henrich @ iijmio-mail.jp
dish and
unhelpful."
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=200593&archive=yes
so I don't want to post it to BTS...
--
Regards,
Hideki Yamanemailto:henrich @ iijmio-mail.jp
3:45:28 1997 UTC (6 years, 3 months ago) by akosut
http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/modules/standard/mod_alias.c?rev=1.17&content-type=text/vnd.viewcvs-markup
Have woody's apache patched to mod_alias anything ?
if so, why upstream left it?
--
Regards,
Hideki Yam
id you see this post?
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=217278
--
Regards,
Hideki Yamanemailto:henrich @ iijmio-mail.jp
require security update?
please tell me. thanks.
--
Regards,
Hideki Yamanemailto:henrich @ iijmio-mail.jp
xed in version
>2.4.18-12 of the kernel source packages, version 2.4.18-14 of the i386
>kernel images and version 2.4.18-11 of the alpha kernel images.
--
Regards,
Hideki Yamanemailto:henrich @ iijmio-mail.jp
em is not so many, so I think it's better
that defalt value is md5 than crypt.
--
Regards,
Hideki Yamanemailto:henrich @ samba.gr.jp/iijmio-mail.jp
le, solaris8 and
SFU - Windows Service for Unix) cannot use MD5 password for NIS.
Is it not true?
--
Regards,
Hideki Yamanemailto:henrich @ samba.gr.jp/iijmio-mail.jp
or not.
Does anyone know about this?
--
Regards,
Hideki Yamanemailto:henrich @ samba.gr.jp/iijmio-mail.jp
"I thought what I'd do was, I'd pretend I was one of those deaf-mutes."
from Ghost in the shell - Stand Alone Complex
Hi list,
Does anyone know about if security.debian.org is down or not?
I cannot get .debs from it, and ping to it with no reply.
--
Regards,
Hideki Yamanemailto:henrich @ samba.gr.jp/iijmio-mail.jp
i?bug=183719
# but, yes, DSA have not been released yet.
# if you think that is too dangerous, post it in BTS is good.
# for example, I posted in BTS about slocate vulnerability and
# the security team released DSA-252.
--
regards,
Hideki Yamane mailto:henrich @ iijmio-mail.jp, m
Version Table:
> 1.9.1-4 0
>500 ftp://ftp.us.debian.org unstable/main Packages
> 1.8.7-4 0
>500 ftp://ftp.us.debian.org testing/main Packages
> 1.8.4beta1-3 0
> 1001 ftp://ftp.us.debian.org stable/main Packages
I don't know "apt-cache policy &q
this issue alone ?
or not effect Debian package? (if so, this bug should be closed.)
--
Regards,
Hideki Yamanemailto:henrich @ iijmio-mail.jp
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
dish and
unhelpful."
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=200593&archive=yes
so I don't want to post it to BTS...
--
Regards,
Hideki Yamanemailto:henrich @ iijmio-mail.jp
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
3:45:28 1997 UTC (6 years, 3 months ago) by akosut
http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/modules/standard/mod_alias.c?rev=1.17&content-type=text/vnd.viewcvs-markup
Have woody's apache patched to mod_alias anything ?
if so, why upstream left it?
--
Regards,
Hideki Yam
id you see this post?
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=217278
--
Regards,
Hideki Yamanemailto:henrich @ iijmio-mail.jp
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
require security update?
please tell me. thanks.
--
Regards,
Hideki Yamanemailto:henrich @ iijmio-mail.jp
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
xed in version
>2.4.18-12 of the kernel source packages, version 2.4.18-14 of the i386
>kernel images and version 2.4.18-11 of the alpha kernel images.
--
Regards,
Hideki Yamanemailto:henrich @ iijmio-mail.jp
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of
em is not so many, so I think it's better
that defalt value is md5 than crypt.
--
Regards,
Hideki Yamanemailto:henrich @ samba.gr.jp/iijmio-mail.jp
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
le, solaris8 and
SFU - Windows Service for Unix) cannot use MD5 password for NIS.
Is it not true?
--
Regards,
Hideki Yamanemailto:henrich @ samba.gr.jp/iijmio-mail.jp
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
or not.
Does anyone know about this?
--
Regards,
Hideki Yamanemailto:henrich @ samba.gr.jp/iijmio-mail.jp
"I thought what I'd do was, I'd pretend I was one of those deaf-mutes."
from Ghost in the shell - Stand Alone Complex
--
To UNS
Hi list,
Does anyone know about if security.debian.org is down or not?
I cannot get .debs from it, and ping to it with no reply.
--
Regards,
Hideki Yamanemailto:henrich @ samba.gr.jp/iijmio-mail.jp
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubs
ects woody" and now DSA 519-1 was shipped.
--
Regards,
Hideki Yamanemailto:henrich @ samba.gr.jp/iijmio-mail.jp
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Hi,
"Tue, 15 Jun 2004 10:35:33 +0200", "Rudy Gevaert"
"securing PHP (was: Kernel Crash Bug)"
>Can somebody point me to some documentation about securing PHP?
Not documentation but patch for php, "Hardened-PHP".
http://www.harde
ask what to do next.", and
there is no more post about it from them.
--
Regards,
Hideki Yamanemailto:henrich @ samba.gr.jp/iijmio-mail.jp
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
TS.
see http://bugs.debian.org/php4, and #259351 "php4: memory_limit vulnerability".
--
Regards,
Hideki Yamanemailto:henrich @ samba.gr.jp/iijmio-mail.jp
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
anger than
fixed vulnerability in DSA 600-1, because this DSA 600-1 issue can
avoid by editing smb.conf as workaround.
I saw the post in BTS, but it seems to be left since July...
(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=260838)
Does anyone know about this issue?
--
Rega
previous 3.0.x releases
>(CAN-2004-0930). (Eloy)
>
>It has been fixed for unstable at least.
How about CAN-2004-0600 and CAN-2004-0686 for samba in stable?
--
Regards,
Hideki Yamane
Key fingerprint = 4555 82ED 38B6 C870 E099 388C 22ED 21CB C4C7 264B
--
To UNSUBSCRI
e,
not 3.0.x.
And upstream said all of support for 2.2.x is terminated
in 31th Oct, but CAN-2004-0600 and CAN-2004-0686 published
in July...about 4 mouths ago. Debian Samba package in stable
would be affected, I think, but no DSA is published.
See http://bugs.debian.org/cgi-bin/bugreport.cgi?b
imsgroup.com/?l=bugtraq&m=110149441815270&w=2 upstream
>version 1.3.2 in sid/sarge is not vulnerable.
so, should fix wml file (and its translations).
--
Regards,
Hideki Yamanemailto:henrich @ iijmio-mail.jp
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
are working on it,
>though.
Probably you know, now 3.0.10-1 for unstable and testing has come.
But ... vulnerabilities that in samba 3.0.x affect 2.2.x too.
(and upstream stops support for 2.2.x) and no DSA has come.
What should people who use woody's samba package do?
--
Regards,
SSL-enabled version of the default mail-tranport-agent
mail-transport-agent ?
same typo is in dsa-635. It should be fixed in web pages.
--
Regards,
Hideki Yamane
Key fingerprint = 4555 82ED 38B6 C870 E099 388C 22ED 21CB C4C7 264B
--
To
#x27;s not so strong randomization, but 'better than nothing', I think".
--
Regards,
Hideki Yamane henrich @ debian.or.jp/iijmio-mail.jp
http://wiki.debian.org/HidekiYamane
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Hi,
Please add Debian Security Advisory info for CVE-2008-2812.
http://www.debian.org/security/2008/dsa-1630
and if there is no page for the vulnerability, please check
http://lists.debian.org/debian-security-announce/ , then link
to mail archive.
Thanks.
--
Regards,
Hideki Yamane
one this weekend. Don't know, why it has already been
> send out...
>
> I'll send it to -announce tomorrow and will ad it to the webpage.
So, DSA-1975 web page will not appear? Anyway, it should be there, I think.
--
Regards,
Hideki Yamane henrich @ debian.or.jp/iijmio
http://security-tracker.debian.org/tracker/source-package/postfix
Cons)
- well, maybe I didn't get it ;) If you want to continue to use Exim, you
can do it via apt-get.
Please let me know your idea for this.
Thanks.
--
Regards,
Hideki Yamane henrich @ debian.or.jp/or
56 matches
Mail list logo
