Hi Roberto
I have checked your patch and the described problem and I think it
looks good. As I understand the reason why you count the number of tokens
instead of checking for a space in the hostname is that is easier to do
that way as you do not need to make an advanced parse mechanism.
To my kn
Hi
I agree that the VNC situation in Debian is sub-optimal. Frankly speaking
not just in Debian. This popular software has diverged quite a lot with lot
of packages sharing similar code-base.
I had a brief look at vnc4 as well. It does not seem to share the same code
base as libvncserver so it sh
Hi Mike
Please go ahead. I will be off for some time due to a planned surgery so it
would be very good if you can fix this.
// Ola
On Thu, 31 Oct 2019 at 08:55, Mike Gabriel
wrote:
> Hi Ola,
>
> On Mi 30 Okt 2019 21:20:50 CET, Ola Lundqvist wrote:
>
> > Hi
> >
Hi fellow Debian LTS and Debian Security memebers
When triaging the packages for LTS I looked into the package pcs. I saw
that it was already added to DSA needed so I have added it to DLA needed as
well. However when reading the correction for it I started to think that
the vulnerability may not b
ll insecure.
Cheers
// Ola
On Tue, 6 Sept 2022 at 03:09, Paul Wise wrote:
> On Mon, 2022-09-05 at 21:38 +0200, Ola Lundqvist wrote:
>
> > I agree that it is good to fix the pcs package, but shouldn't we fix
> > the default umask in general?
> > I would argue that the d
in pcs only and the
generic code is not vulnerable since the intention was not to use it for
internal communication without further authentication or similar.
Cheers
// Ola
On Sat, 10 Sept 2022 at 03:36, Paul Wise wrote:
> On Fri, 2022-09-09 at 22:41 +0200, Ola Lundqvist wrote:
>
> >
Hi Anton, all
Well even if there are some systems affected I must say that if
someone have removed urandom the behavior described is expected. I
mean /dev/urandom is there for a reason. And yes there are better
functions than rand() but I can hardly see this as a vulnerability. Or
well it is, but
7 matches
Mail list logo
