Dear Debian security team,
Will there be a DSA written for CVE-2016-5696 [1]? It looks pretty
serious and I'd like to fix this on my systems ASAP.
Kind regards,
Richard van den Berg
[1] https://security-tracker.debian.org/tracker/CVE-2016-5696
On 7 Nov 2016, at 16:54, Ozgur wrote:
>
> Linux 3.16.0-4-amd64 (Debian 8.6)
>
Always test security vulnerabilities on a fully patched system. According to
https://security-tracker.debian.org/tracker/CVE-2016-5195 this was fixed in
version 3.16.36-1+deb2 of the linux package.
Kind regards,
On 13-11-2020 08:18, Georgi Guninski wrote:
Some more exploit vectors from the FD list:
https://seclists.org/fulldisclosure/2020/Nov/13
Partial results:
1. mutt (text email client) exposes ~/.mutt/muttrc,
which might contain the imap password in plaintext.
Interesting find. Please report this
On 10/05/2022 05:37, Vitaly Krasheninnikov wrote:
Thank you for debcheckroot. I think it is a great project, which makes us one
step closer to a verifiable Debian system.
In this particular case, I'd like to point out the exact flags from fileserror.lis that you showed
us: "..._.GM" and "..._.
VE.
Kind regards,
Richard van den Berg
1: https://security-tracker.debian.org/tracker/CVE-2023-41105
.
Is it possible to set up a mirror somewhere for the time being?
--
Richard van den Berg, CISSP
Trust Factory B.V. | http://www.trust-factory.com/
Bazarstraat 44a | Phone: +31 70 3620684
NL-2518AK The Hague | Fax : +31 70 3603009
The Netherlands |
.
Is it possible to set up a mirror somewhere for the time being?
--
Richard van den Berg, CISSP
Trust Factory B.V. | http://www.trust-factory.com/
Bazarstraat 44a | Phone: +31 70 3620684
NL-2518AK The Hague | Fax : +31 70 3603009
The Netherlands |
--
To UNSUBSCRIBE
Thanks a lot for the quick fix. Will bind9 9.7.3.dfsg-1 in stable also be
fixed? I don't see any reports on http://www.debian.org/security/#DSAS and
http://lists.debian.org/debian-security-announce/2013/threads.html
Kind regards,
Richard van den Berg
On 29 aug. 2013, at 09:39, Florian Weimer wrote:
> How would you tell a legitimate security update from a version that
> lacks a signature for other reasons?
If you are worried about a non-official/malicious update for the package, the
.deb will still need to have a proper signature. The discus
> I suggest it might be better if exploits were each given a quick/approximate
> "ranking" in terms of severity (and if the severity is unknown it could be
> assigned a default median ranking), so that the algorithm you mention wouldn't
> just add number of unplugged exploits, but add them by weigh
Joel Rees wrote On 17-05-14 03:19:
He gave me a link to the following site:
https://wiki.ubuntu.com/Security/Features
None of the meaningful items in that list are unavailable on Debian, and
the defaults are reasonably secure in Debian.
I might be misinterpreting your definition of "meaningfu
Joel Rees wrote On 17-05-14 18:20:
Hmm. Early boot has problems getting enough randomness (for what?),
To seed the kernel random number generator.
so let's go get some randomness from a server somebody in the Ubuntu project set up.
I never said it was a great solution, but the lack of good
Emmanuel Thierry wrote On 17-05-14 18:37:
Isn't it a better idea to use local entropy generators such as haveged instead
of online ones ?
Haveged is great, but IMHO it cannot replace a hardware PRNG.
I'm quite disturbed about using a online (and moreover third-party) service to
improve secu
On 21 sep. 2014, at 20:29, W. Martin Borgert wrote:
> If a package would change by adding another signature, then this
> would invalidate previous signatures.
Package formats like apk and jar avoid this chicken and egg problem by hashing
the files inside a package, and storing those hashes in a
On 28-10-14 20:59 , Riley Baird wrote:
> As far as I can tell, your code ensures that even if the strings are of
> different length, an equality calculation should be performed anyway,
> however returning 0, on the grounds that this would make it more
> difficult for an attacker to know that the tw
> You can also use the finger interface at db.debian.org:
>
> finger seb/k...@db.debian.org
The 90's called: they want their finger back. ;-) It seems RFC 1288 was
never updated for TLS support.
https://www.debian.org/events/keysigning points to
http://keyring.debian.org/ which should be the defa
16 matches
Mail list logo
