Greetings,..
Am Mittwoch, 14. April 2004 20:57 schrieben Sie:
> Jan Lühr <[EMAIL PROTECTED]> writes:
> > Greetings,
> Okay... This is the result of a cursory check, do your homework, yada,
> yada...
>
Thanks for doing so ;) Anyway, this wasn't the intetention of my
Greetings,
Am Mittwoch, 14. April 2004 23:08 schrieb Phillip Hofmeister:
> If you checked the reference CVE numbers you should be able to tell when
> the exposure first occurred (or close to it).
>
Thanks :) - I have already been there. Are there any, no longer classified
information about the fi
Greetings,
what about http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020 ?
Is debian finally going to fix it?
keep smiling
yanosz
Greetings,
Am Sonntag, 18. April 2004 18:56 schrieb Matt Zimmerman:
> On Sat, Apr 17, 2004 at 10:16:11PM +0200, Jan L??hr wrote:
> > what about
> > http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020 ? Is
> > debian finally going to fix it?
>
> Current consensus between the security te
Greetings,
Am Donnerstag, 30. Juni 2005 12:57 schrieb Paul Haesler:
> > Hi everybody. I hope this question won't be too stupid.
> > When I perform a standard installation (i.e minimal), the installer
> > installs many servers, and launches them (like portmap, ssh, exim,
> > etc). Why? I think that
(open letter to the debian security team)
Greetings,..
on friday, 8th july 2005 07:58 Martin Schulze wrote:
[...]
> The Debian project confirms that the security infrastructure for both
> the current release Debian GNU/Linux 3.1 (alias sarge) and the former
> release 3.0 (alias woody) is working
Greetings,
Am Donnerstag, 14. Juli 2005 17:40 schrieb Herwig Wittmann:
> Hi!
>
> I am trying to understand if my organization can rely on the debian
> security announcement mailing list as only source of security alerts in
> the future.
>
> This would be very convenient- but the delay that seems t
Hello folks,
thanks for providing a patch in Debian. One question:
Am 02/16/2016 um 03:18 PM schrieb Salvatore Bonaccorso:
> CVE-2015-7547
>
> The Google Security Team and Red Hat discovered that the glibc
Comparing the age (2015-07) and the severity: Can you give some details
on the situa
Hello folks,
Google patched CVE-2016-1503 in Android recently. Debian Bug #810621 is
open since January 2016 - an upstream fix seems to be available since
Tuesday (Debian BTS says so).
Info: https://security-tracker.debian.org/tracker/CVE-2016-1503
Will there be a DSA?
Thanks,
Jan
Hello,
CVE-2016-7117 was patched in Android today.I don't see much information
right now. The title is rather frightening - the issue appears to be urgent.
Can you confirm, that common Debian installation are unaffected and
cannot be taken over via CVE-2016-7117?
If not, I'd like to shut down a f
Hello,
Am 10/04/2016 um 07:57 PM schrieb Nicholas Luedtke:
> On 10/04/2016 11:40 AM, Felix Knecht wrote:
>
>> On 10/04/2016 06:38 PM, Jan Lühr wrote:
>>> CVE-2016-7117 was patched in Android today.I don't see much information
>>> right now. The title is rather
Hello,
Am 10/05/2016 um 06:52 AM schrieb Salvatore Bonaccorso:
> On Tue, Oct 04, 2016 at 11:54:12PM +0200, Jan Lühr wrote:
>> Hello,
>> Am 10/04/2016 um 07:57 PM schrieb Nicholas Luedtke:
>>> On 10/04/2016 11:40 AM, Felix Knecht wrote:
>>>
>>>> On 1
Hei folks,
android recently patched CVE-2016-10229: Remote code execution
vulnerability in kernel networking subsystem.
Since https://security-tracker.debian.org/tracker/CVE-2016-10229 is
rather blank ... does this problem exists in debian, too?
Thanks, Jan
--
There's a ripped off cord
To my TV
Hello,
Am 04/04/2017 um 08:11 AM schrieb Salvatore Bonaccorso:
> Hi
>
> On Tue, Apr 04, 2017 at 12:52:41AM +0200, Jan Lühr wrote:
>> Hei folks,
>>
>> android recently patched CVE-2016-10229: Remote code execution
>> vulnerability in kernel networking subsys
Greetings,
noticing the increasing amount of secure-adv I'd like to ask, wheter the
buid-deamons are back or wheter another issue is increasing the amount of
advs rapidly.
Keep smiling
yanosz
Greetings,
On Sat, Januar 10 2004 at 04:22 Matt Zimmerman wrote:
> On Sat, Jan 10, 2004 at 03:22:15AM +, Nick Boyce wrote:
> > On Wed, 7 Jan 2004 19:43:02 -0800, Matt Zimmerman wrote:
> > >On Thu, Jan 08, 2004 at 04:08:23AM +0100, Martin Helas wrote:
> > >> Am Mi Jan 07, 2004 at 06:5432 -0800
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,
Am Mittwoch, 18. Februar 2004 19:06 schrieb Steve Kemp:
> On Wed, Feb 18, 2004 at 11:59:06PM +0700, Jean Christophe ANDR? wrote:
> > Does any body could tell me why the /boot/vmlinuz-2.4.18-1-686
> > from kernel-image-2.4.18-1-686 version 2
Greetings,
Am Mittwoch, 18. Februar 2004 21:31 schrieb Otavio Salvador:
> Florian Weimer <[EMAIL PROTECTED]> writes:
> > Jan Lühr wrote:
> >> Does this mean, that a well known exploit was kept back for nearly three
> >> weeks, just because some odd vendors w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,
> > > >> Does this mean, that a well known exploit was kept back for nearly
> > > >> three weeks, just because some odd vendors were unable to build
> > > >> there kernels in time?
> > > >
> > > > Yes, this is the norm. Debian hides secur
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,
Am Mittwoch, 18. Februar 2004 22:47 schrieb Michael Stone:
> On Wed, Feb 18, 2004 at 10:36:35PM +0100, Jan Lühr wrote:
> >Well, of course you might have quite good reasons for doing so, but for
> > me, this is quite a
Greetings,.
Am Donnerstag, 19. Februar 2004 00:37 schrieb Michael Stone:
> On Wed, Feb 18, 2004 at 11:37:19PM +0100, Jan Lühr wrote:
> >But if knowlegde about this vuln is availeable - if fixes are done, but
> > not avaible yet, how do I protect myself?
>
> Are you l
Greetings,
Am Donnerstag, 19. Februar 2004 09:39 schrieb Jean Christophe ANDRÉ:
> Le jeudi 19 février 2004 à 09h24 (+0100), Jan Lühr écrivait :
> > What about establishing some kind of warning service? E.g. sshd has a
> > well known serious leak, you should shut it down for th
Greetings,.
Am Donnerstag, 19. Februar 2004 14:22 schrieben Sie:
> Jan Lühr wrote:
> > Well, of course you might have quite good reasons for doing so, but for
> > me, this is quite a good reason for changing the distri or os.
>
> But to what? Currently, you have two choi
Greetings,
Am Donnerstag, 19. Februar 2004 14:24 schrieben Sie:
> Jan Lühr wrote:
> > But if knowlegde about this vuln is availeable - if fixes are done, but
> > not avaible yet, how do I protect myself?
>
> You don't. Tough luck, of course, but that's the price fo
Greetings,
Am Donnerstag, 19. Februar 2004 14:28 schrieben Sie:
> Jan Lühr wrote:
> > But the dominance of the CERT is excactly the point I'm criticising.
>
> CERT/CC is no longer dominant. Many people now disclose their findings
> to other coordinators and get paid for t
Greetings,.
Am Donnerstag, 19. Februar 2004 05:05 schrieb Bernd S. Brentrup:
> On Wed, Feb 18, 2004 at 04:44:15PM -0500, Michael Stone wrote:
> > On Wed, Feb 18, 2004 at 09:17:13PM +0100, Florian Weimer wrote:
> > >Yes, this is the norm. Debian hides security bugs from its users for
> > >extended
Greeting,.
Am Donnerstag, 19. Februar 2004 15:12 schrieb Florian Weimer:
> Jan Lühr wrote:
> > > You don't. Tough luck, of course, but that's the price for running
> > > affordable, off-the-shelf software (free or proprietary).
> >
> > well, th
Greetings,
I discovered some strange output of the last command on our Woody
Terminalserver (for X11). I have already posted it on debian-user-german, but
I didn't get any answer. (I hope you don't mind, if I post it for the english
speaking majority)
Although I hope it is not security related,
Greetings,
Am Samstag, 21. Februar 2004 01:10 schrieb Matt Zimmerman:
..
> CERT rarely has anything to do with coordinating disclosure, and there is
> no need to bring them into this discussion at all. The coordination that
> happens is between vendors, like Debian, as peers.
>
> Those last two
Greetings,...
Am Samstag, 21. Februar 2004 17:11 schrieb s. keeling:
> Incoming from Jan Lühr:
> > Greetings,
> >
> > I discovered some strange output of the last command on our Woody
> > Terminalserver (for X11). I have already posted it on debian-user-german,
> >
Greetings,
Am Sonntag, 22. Februar 2004 10:09 schrieb Jim Richardson:
> On Sat, 21 Feb 2004 22:20:05 +0100,
>
> Matt Zimmerman <[EMAIL PROTECTED]> wrote:
> > On Sat, Feb 21, 2004 at 11:09:09AM +0100, Jan L?hr wrote:
> >> Am Samstag, 21. Februar 2004 01:10 schrieb Matt Zimmerman:
> >> ..
> >>
> >>
Greetings,
well, I looking for an open source intrusion detection. At first, tripwire
caputures my attention, but the last open source version seems to be three
years old - is it still in development or badly vulnerable?
Then I searched for tripwire in the woody packages and found integrit and
Greetings,
> or is good code more important than this sort of stuff?
What's the alternativ? Call the CIA or ths Spanish christian inquisition to
check everybodies political correctness?
Keep smiling
yanosz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,
over the last months, various security related bugs in mozilla appeared and
were fixed in new versions of mozilla - but what about the debian package?
Are there any efforts for making mozilla secure or to backport the mozilla
patches to
Greetings,
Am Dienstag, 9. März 2004 17:20 schrieb Steve Kemp:
> On Tue, Mar 09, 2004 at 05:15:42PM +0100, Jan L??hr wrote:
> > over the last months, various security related bugs in mozilla appeared
> > and were fixed in new versions of mozilla - but what about the debian
> > package? Are there a
Greetings,
Am Dienstag, 9. März 2004 20:54 schrieb Noah Meyerhans:
> On Tue, Mar 09, 2004 at 08:53:23PM +0100, Jan L?hr wrote:
> > So this is all in all a capacity problem? Doesn't have the debian
> > security team enough ressource to port exisiting patches to debian
> > packages? Why not enlargin
Greetings,
Am Mittwoch, 10. März 2004 17:06 schrieben Sie:
> Jan Lühr wrote:
> > So is mozilla the forgotten package? Considering how popular mozilla is,
> > making it secure would be worth the effort - imho.
>
> How many of Mozilla's security bugs which are fix dur
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,
Am Mittwoch, 10. März 2004 22:39 schrieb Florian Weimer:
> Sven Hoexter wrote:
> > > Okay, if that's the case, I'm going to start a campaign for including
> > > Mozilla 1.4 (plus fixes) in stable.
> >
> > Well why just include 1.4 and not 1
Greetings,
Am Donnerstag, 11. März 2004 19:22 schrieb Phillip Hofmeister:
> On Thu, 11 Mar 2004 at 12:24:15PM -0500, Matt Zimmerman wrote:
> > This introduces a whole new set of problems, given Mozilla's upgrade
> > history (not preserving user configuration data, breaking compatibility
> > with d
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,
Am Montag, 22. März 2004 19:30 schrieb Sven Hoexter:
> On Mon, Mar 22, 2004 at 06:57:39PM +0100, Giacomo Mulas wrote:
> > There is a \begin{sarcasm} nice \end{sarcasm} article in
> > linuxworld Australia (see
> > http://www.linuxworld.c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,...
Am Montag, 22. März 2004 21:05 schrieb Matt Zimmerman:
> On Mon, Mar 22, 2004 at 08:57:26PM +0100, Jan L?hr wrote:
> > Cron is another example
>
> Cron is another example of what? By all means, please elaborate.
Of a package of the dis
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,
Am Montag, 22. März 2004 21:16 schrieb Bryan Allen:
> On Mar 22, 2004, at 2:57 PM, Jan Lühr wrote:
> > Cron is another example - the be honest, the debian security team
> > seems to be
> > crippled by the debian releas
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,
Am Montag, 22. März 2004 21:52 schrieb Ramon Kagan:
> Every so often another set of tirades goes across this list. So I wish
> only to give my 2 cents.
>
> 1. If you don't like the way debian conducts it's FREE business, my
> opinion is g
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,
Am Montag, 22. März 2004 21:20 schrieb Nathan Eric Norman:
> On Mon, Mar 22, 2004 at 10:01:14PM +0100, Jan Lühr wrote:
> > Greetings,
> >
> > Am Montag, 22. März 2004 21:16 schrieb Bryan Allen:
> > > On Mar
Greetings,
Am Mittwoch, 14. April 2004 16:52 schrieb Martin Schulze:
> --
> Debian Security Advisory DSA 479-1 [EMAIL PROTECTED]
> http://www.debian.org/security/ Martin Schulze
Greetings,
noticing the increasing amount of secure-adv I'd like to ask, wheter the
buid-deamons are back or wheter another issue is increasing the amount of
advs rapidly.
Keep smiling
yanosz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMA
Greetings,
On Sat, Januar 10 2004 at 04:22 Matt Zimmerman wrote:
> On Sat, Jan 10, 2004 at 03:22:15AM +, Nick Boyce wrote:
> > On Wed, 7 Jan 2004 19:43:02 -0800, Matt Zimmerman wrote:
> > >On Thu, Jan 08, 2004 at 04:08:23AM +0100, Martin Helas wrote:
> > >> Am Mi Jan 07, 2004 at 06:5432 -0800
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,
Am Mittwoch, 18. Februar 2004 19:06 schrieb Steve Kemp:
> On Wed, Feb 18, 2004 at 11:59:06PM +0700, Jean Christophe ANDR? wrote:
> > Does any body could tell me why the /boot/vmlinuz-2.4.18-1-686
> > from kernel-image-2.4.18-1-686 version 2
Greetings,
Am Mittwoch, 18. Februar 2004 21:31 schrieb Otavio Salvador:
> Florian Weimer <[EMAIL PROTECTED]> writes:
> > Jan Lühr wrote:
> >> Does this mean, that a well known exploit was kept back for nearly three
> >> weeks, just because some odd vendors w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,
> > > >> Does this mean, that a well known exploit was kept back for nearly
> > > >> three weeks, just because some odd vendors were unable to build
> > > >> there kernels in time?
> > > >
> > > > Yes, this is the norm. Debian hides secur
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,
Am Mittwoch, 18. Februar 2004 22:47 schrieb Michael Stone:
> On Wed, Feb 18, 2004 at 10:36:35PM +0100, Jan Lühr wrote:
> >Well, of course you might have quite good reasons for doing so, but for
> > me, this is quite a
Greetings,.
Am Donnerstag, 19. Februar 2004 00:37 schrieb Michael Stone:
> On Wed, Feb 18, 2004 at 11:37:19PM +0100, Jan Lühr wrote:
> >But if knowlegde about this vuln is availeable - if fixes are done, but
> > not avaible yet, how do I protect myself?
>
> Are you l
Greetings,
Am Donnerstag, 19. Februar 2004 09:39 schrieb Jean Christophe ANDRÃ:
> Le jeudi 19 fÃvrier 2004 Ã 09h24 (+0100), Jan LÃhr Ãcrivait :
> > What about establishing some kind of warning service? E.g. sshd has a
> > well known serious leak, you should shut it down for the next few days.
>
>
Greetings,.
Am Donnerstag, 19. Februar 2004 14:22 schrieben Sie:
> Jan Lühr wrote:
> > Well, of course you might have quite good reasons for doing so, but for
> > me, this is quite a good reason for changing the distri or os.
>
> But to what? Currently, you have two choi
Greetings,
Am Donnerstag, 19. Februar 2004 14:24 schrieben Sie:
> Jan Lühr wrote:
> > But if knowlegde about this vuln is availeable - if fixes are done, but
> > not avaible yet, how do I protect myself?
>
> You don't. Tough luck, of course, but that's the price fo
Greetings,
Am Donnerstag, 19. Februar 2004 14:28 schrieben Sie:
> Jan Lühr wrote:
> > But the dominance of the CERT is excactly the point I'm criticising.
>
> CERT/CC is no longer dominant. Many people now disclose their findings
> to other coordinators and get paid for t
Greetings,.
Am Donnerstag, 19. Februar 2004 05:05 schrieb Bernd S. Brentrup:
> On Wed, Feb 18, 2004 at 04:44:15PM -0500, Michael Stone wrote:
> > On Wed, Feb 18, 2004 at 09:17:13PM +0100, Florian Weimer wrote:
> > >Yes, this is the norm. Debian hides security bugs from its users for
> > >extended
Greeting,.
Am Donnerstag, 19. Februar 2004 15:12 schrieb Florian Weimer:
> Jan Lühr wrote:
> > > You don't. Tough luck, of course, but that's the price for running
> > > affordable, off-the-shelf software (free or proprietary).
> >
> > well, th
Greetings,
I discovered some strange output of the last command on our Woody
Terminalserver (for X11). I have already posted it on debian-user-german, but
I didn't get any answer. (I hope you don't mind, if I post it for the english
speaking majority)
Although I hope it is not security related,
Greetings,
Am Samstag, 21. Februar 2004 01:10 schrieb Matt Zimmerman:
..
> CERT rarely has anything to do with coordinating disclosure, and there is
> no need to bring them into this discussion at all. The coordination that
> happens is between vendors, like Debian, as peers.
>
> Those last two
Greetings,...
Am Samstag, 21. Februar 2004 17:11 schrieb s. keeling:
> Incoming from Jan Lühr:
> > Greetings,
> >
> > I discovered some strange output of the last command on our Woody
> > Terminalserver (for X11). I have already posted it on debian-user-german,
> >
Greetings,
Am Sonntag, 22. Februar 2004 10:09 schrieb Jim Richardson:
> On Sat, 21 Feb 2004 22:20:05 +0100,
>
> Matt Zimmerman <[EMAIL PROTECTED]> wrote:
> > On Sat, Feb 21, 2004 at 11:09:09AM +0100, Jan L?hr wrote:
> >> Am Samstag, 21. Februar 2004 01:10 schrieb Matt Zimmerman:
> >> ..
> >>
> >>
Greetings,
well, I looking for an open source intrusion detection. At first, tripwire
caputures my attention, but the last open source version seems to be three
years old - is it still in development or badly vulnerable?
Then I searched for tripwire in the woody packages and found integrit and
Greetings,
> or is good code more important than this sort of stuff?
What's the alternativ? Call the CIA or ths Spanish christian inquisition to
check everybodies political correctness?
Keep smiling
yanosz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,
over the last months, various security related bugs in mozilla appeared and
were fixed in new versions of mozilla - but what about the debian package?
Are there any efforts for making mozilla secure or to backport the mozilla
patches to
Greetings,
Am Dienstag, 9. März 2004 17:20 schrieb Steve Kemp:
> On Tue, Mar 09, 2004 at 05:15:42PM +0100, Jan L??hr wrote:
> > over the last months, various security related bugs in mozilla appeared
> > and were fixed in new versions of mozilla - but what about the debian
> > package? Are there a
Greetings,
Am Dienstag, 9. März 2004 20:54 schrieb Noah Meyerhans:
> On Tue, Mar 09, 2004 at 08:53:23PM +0100, Jan L?hr wrote:
> > So this is all in all a capacity problem? Doesn't have the debian
> > security team enough ressource to port exisiting patches to debian
> > packages? Why not enlargin
Greetings,
Am Mittwoch, 10. März 2004 17:06 schrieben Sie:
> Jan Lühr wrote:
> > So is mozilla the forgotten package? Considering how popular mozilla is,
> > making it secure would be worth the effort - imho.
>
> How many of Mozilla's security bugs which are fix dur
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,
Am Mittwoch, 10. März 2004 22:39 schrieb Florian Weimer:
> Sven Hoexter wrote:
> > > Okay, if that's the case, I'm going to start a campaign for including
> > > Mozilla 1.4 (plus fixes) in stable.
> >
> > Well why just include 1.4 and not 1
Greetings,
Am Donnerstag, 11. März 2004 19:22 schrieb Phillip Hofmeister:
> On Thu, 11 Mar 2004 at 12:24:15PM -0500, Matt Zimmerman wrote:
> > This introduces a whole new set of problems, given Mozilla's upgrade
> > history (not preserving user configuration data, breaking compatibility
> > with d
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,
Am Montag, 22. März 2004 19:30 schrieb Sven Hoexter:
> On Mon, Mar 22, 2004 at 06:57:39PM +0100, Giacomo Mulas wrote:
> > There is a \begin{sarcasm} nice \end{sarcasm} article in
> > linuxworld Australia (see
> > http://www.linuxworld.c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,...
Am Montag, 22. März 2004 21:05 schrieb Matt Zimmerman:
> On Mon, Mar 22, 2004 at 08:57:26PM +0100, Jan L?hr wrote:
> > Cron is another example
>
> Cron is another example of what? By all means, please elaborate.
Of a package of the dis
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,
Am Montag, 22. März 2004 21:16 schrieb Bryan Allen:
> On Mar 22, 2004, at 2:57 PM, Jan Lühr wrote:
> > Cron is another example - the be honest, the debian security team
> > seems to be
> > crippled by the debian releas
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,
Am Montag, 22. März 2004 21:52 schrieb Ramon Kagan:
> Every so often another set of tirades goes across this list. So I wish
> only to give my 2 cents.
>
> 1. If you don't like the way debian conducts it's FREE business, my
> opinion is g
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,
Am Montag, 22. März 2004 21:20 schrieb Nathan Eric Norman:
> On Mon, Mar 22, 2004 at 10:01:14PM +0100, Jan Lühr wrote:
> > Greetings,
> >
> > Am Montag, 22. März 2004 21:16 schrieb Bryan Allen:
> > > On Mar
Greetings,
Am Mittwoch, 14. April 2004 16:52 schrieb Martin Schulze:
> --
> Debian Security Advisory DSA 479-1 [EMAIL PROTECTED]
> http://www.debian.org/security/ Martin Schulze
Greetings,..
Am Mittwoch, 14. April 2004 20:57 schrieben Sie:
> Jan Lühr <[EMAIL PROTECTED]> writes:
> > Greetings,
> Okay... This is the result of a cursory check, do your homework, yada,
> yada...
>
Thanks for doing so ;) Anyway, this wasn't the intetention of my
Greetings,
Am Mittwoch, 14. April 2004 23:08 schrieb Phillip Hofmeister:
> If you checked the reference CVE numbers you should be able to tell when
> the exposure first occurred (or close to it).
>
Thanks :) - I have already been there. Are there any, no longer classified
information about the fi
Greetings,
what about http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020 ?
Is debian finally going to fix it?
keep smiling
yanosz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Greetings,
Am Sonntag, 18. April 2004 18:56 schrieb Matt Zimmerman:
> On Sat, Apr 17, 2004 at 10:16:11PM +0200, Jan L??hr wrote:
> > what about
> > http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020 ? Is
> > debian finally going to fix it?
>
> Current consensus between the security te
Greetings,
because of the recent xpdf issues I tested the access restrictions of some
users like lp, mail, etc. with default settings in sarge. I noticed that, by
default, no acl were used to prevent access to vital system commands, the
user shouldn't have. For instance: lp could mount a vfat p
Greetings,
Am Freitag, 22. Oktober 2004 14:02 schrieb Daniel Pittman:
> On 22 Oct 2004, Jan LÃhr wrote:
> > because of the recent xpdf issues I tested the access restrictions of
> > some users like lp, mail, etc. with default settings in sarge. I noticed
> > that, by default, no acl were used to p
Greetings,...
Am Samstag, 23. Oktober 2004 05:58 schrieb Daniel Pittman:
> On 23 Oct 2004, Jan LÃhr wrote:
> > Am Freitag, 22. Oktober 2004 14:02 schrieb Daniel Pittman:
> >> On 22 Oct 2004, Jan LÃhr wrote:
> Yes, and that is one of the core points in my suggestion that you look
> at SELinux or a
Greetings,
just asking, cause it is relevant for me:
Will there be new official stable packages in the next few days (3-4)?
(If not, I've to patch it by myself)
Keep smiling
yanosz
--- Begin Message ---
*** From dhcp-announce -- To unsubscribe, see the end of this message. ***
Debian has recen
Greetings,
things seem to be in a rush right now, and I'm looking for a little overview.
In the past 1-2 months several kernel exploits rushed through the news that
might / can / probably will affect debian stable. However, I haven't seen any
signle DSA regarding the following issues: Can you pl
Greetings,
Am Mittwoch, 12. Januar 2005 18:27 schrieb Sam Morris:
> Jan LÃhr wrote:
> > Greetings,
> >
> > things seem to be in a rush right now, and I'm looking for a little
> > overview. In the past 1-2 months several kernel exploits rushed through
> > the news that might / can / probably will a
Greetings,
Am Freitag, 28. Januar 2005 21:25 schrieb Harald Krammer:
> hi !
>
> I have running some debian/woody machines with kernel 2.4.18.
>
> @:~$ cat /proc/version
> Linux version 2.4.18-1-k7 ([EMAIL PROTECTED]) (gcc version 2.95.4 20011002
> (Debian prerelease)) #1 Wed Apr 14 19:20:42 UTC 20
Greetings,...
Am Samstag, 29. Januar 2005 16:05 schrieb michael:
> On debian-user it was suggested I also post this here, thanks, Michael
> Forwarded Message
> From: michael <[EMAIL PROTECTED]>
> To: debian user
> Subject: security
> Date: Fri, 28 Jan 2005 09:46:31 +
> I not
Greetings,
Am Sonntag, 30. Januar 2005 21:14 schrieb Alexander Schmehl:
> Hi!
>
> * Michelle Konzack <[EMAIL PROTECTED]> [050130 20:29]:
> > > how does it come, that every time, you're telling such a story and are
> > > requested for some proof, one of your services is down, you cite
> > > complet
Greetings,..
Am Montag, 7. Februar 2005 14:10 schrieb Andras Got:
> Hi,
>
> You should start with grsec low and proc restricions set customly.
> Hardening your kernel is always a option. The grsec default high settings,
> and PaX break Jetty (java server container) in two, so it simply won't
> sta
Greetings,
Am Freitag, 18. Februar 2005 04:51 schrieb JM:
> Hello,
>
> * Besides grsecurity patch, pax etc...What other recommendations are there
> to patch a kernel on a woody or sarge production server?
>
> * Any experiences/opinions with the debian-hardened kernels?
>
> * Is it that terrible ru
Greetings,
is there any progress in providing fixed kernels for stable?
I was just wondering 'cause I expected 'em three months ago.
Keep smiling
yanosz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Greetings,
Am Sonntag 03 April 2005 22:57 schrieb Harald Krammer:
> Hi Jan,
> I had the same question but this is a while ago. At the moment I use
> kernel 2.4.27 from backport.org.
>
> Here is the link from the old thread:
> http://lists.debian.org/debian-security/2005/01/threads.html#00201
Me,
Greetings,
Am Sonntag 03 April 2005 23:16 schrieb Jan LÃhr:
> Greetings,
>
> Am Sonntag 03 April 2005 22:57 schrieb Harald Krammer:
> > Hi Jan,
> > I had the same question but this is a while ago. At the moment I use
> > kernel 2.4.27 from backport.org.
> >
> > Here is the link from the old threa
Greetings,
Am Freitag, 17. Juni 2005 10:58 schrieb Florian Weimer:
> Rumors suggest that the technical foundations of security support for
> sarge and woody are working again.
Nice to hear - however, a SpamAssassin-patch has to be ported to sarge.[1]
Let's see... the Sec-Announce was posted ~2 d
Greetings,
Am Samstag, 18. Juni 2005 09:04 schrieb Helmut Toplitzer:
> Hi!
>
> Just a few remarks:
>
> << Use unstable or testing, and apply security fixes yourself. Over
>
> To my opinion this is a bad suggestion. Maybe my last mail was a bit
> unclear about this. As security is a process rather
Greetings,..
Am Donnerstag, 23. Juni 2005 13:42 schrieb [EMAIL PROTECTED]:
> Hi list,
>
> a remote-dos-vulnerability in spamassassin 3.0.1-3.0.3 was announced a
> week ago. while most other distributions have since then reacted on this
> a debian stable security fix seems still unavailable. on t
Greetings,...
Am Freitag, 24. Juni 2005 15:58 schrieb Marek Olejniczak:
> On Fri, 24 Jun 2005, Nicolas [iso-8859-1] François wrote:
> > On Thu, Jun 23, 2005 at 03:52:14PM +0200, Marek Olejniczak wrote:
> >> There is also a bug in su package which is since 6 days not fixed.
> >> Hallo, security tea
Greetings,
Am Montag, 27. Juni 2005 15:54 schrieb Carl-Eric Menzel:
> On Mon, 27 Jun 2005 15:50:19 +0200, "Jan Wagner" <[EMAIL PROTECTED]> said:
> > On Monday 27 June 2005 15:25, W. Borgert wrote:
> > > Just FYI: The well-known German Heise Newsticker (IT related) has an
> > > article today with t
Greetings,
Am Montag, 27. Juni 2005 20:10 schrieb Adam Majer:
> Jan Lühr wrote:
> >Greetings,
> >
> >Am Montag, 27. Juni 2005 15:54 schrieb Carl-Eric Menzel:
> >>Does anybody know what the actual problem is, i.e. why there are no
> >>updates?
> >
>
1 - 100 of 103 matches
Mail list logo
