On Wed, Aug 11, 2021 at 10:55:44PM -0500, Brian Thompson wrote:
> Thank you for bringing this to everyone's attention. This are very real
> vulnerabilities.
How are they vulnerabilities?
> NPM has similar issues with stopping malicious packages from being
> published to the FTP server.
That's
On Wed, Aug 11, 2021 at 11:30:27PM -0400, Timothy M Butterworth wrote:
> I just ran across this article
> https://blog.ikuamike.io/posts/2021/package_managers_privesc/ I tested
> the attacks on Debian 11 and they work successfully giving me a root
> shell prompt.
I don't think calling this
Timothy M Butterworth:
> All,
>
> I just ran across this article
> https://blog.ikuamike.io/posts/2021/package_managers_privesc/ I tested
> the attacks on Debian 11 and they work successfully giving me a root
> shell prompt.
>
> Tim
>
Hi Tim,
All of the attacks presented assumes that the
On Thu, Aug 12, 2021 at 3:22 AM Timothy M Butterworth wrote:
> Debian is missing KDE's Amarok music manager.
Amarok was removed as it required the obsolete Qt 4 library. Now that
upstream has finally ported it to Qt5, it could be reintroduced to
Debian.
https://tracker.debian.org/pkg/amarok
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Thu, 12 Aug 2021 06:01:53 +0200
Source: pywps
Architecture: source
Version: 4.4.5-1~exp1
Distribution: experimental
Urgency: medium
Maintainer: Debian GIS Project
Changed-By: Bas Couwenberg
Changes:
pywps (4.4.5-1~exp1)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Wed, 2021-08-11 at 23:30 -0400, Timothy M Butterworth wrote:
> All,
>
> I just ran across this article
> https://blog.ikuamike.io/posts/2021/package_managers_privesc/ I tested
> the attacks on Debian 11 and they work successfully giving me a
All,
I just ran across this article
https://blog.ikuamike.io/posts/2021/package_managers_privesc/ I tested
the attacks on Debian 11 and they work successfully giving me a root
shell prompt.
Tim
I am fine with Debian's release cycle but It would be nice to see more
packages. For example Debian is missing KDE's Amarok music manager. I
am happy to see Debian 11 gained KDE Elisa music manager. I am sad to
see that VirtualBox is not available on Debian 11. I had to jerry-rig
it using the
On Wed, Aug 11, 2021 at 12:24 PM Xavier wrote:
> Second: a lot of package have also their public source repo. See
> https://tracker.debian.org and follow "VCS" links to access to
> git/svn/... repo.
Aside from the VCS links on packages that use a VCS, the package
tracker also links to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 11 Aug 2021 23:49:35 +
Source: hurd
Binary: hurd hurd-dbgsym hurd-dev hurd-dev-dbgsym hurd-doc hurd-libs0.3
hurd-libs0.3-dbgsym hurd-libs0.3-udeb hurd-prof hurd-udeb
Architecture: source all
Version: 1:0.9.git20210811-3
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA384
Format: 1.8
Date: Wed, 11 Aug 2021 18:54:00 -0400
Source: testssl.sh
Architecture: source
Version: 3.0.5+dfsg1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Security Tools
Changed-By: Unit 193
Changes:
testssl.sh (3.0.5+dfsg1-1)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA384
Format: 1.8
Date: Wed, 11 Aug 2021 18:43:17 -0400
Source: arch-install-scripts
Architecture: source
Version: 24-1
Distribution: unstable
Urgency: medium
Maintainer: Unit 193
Changed-By: Unit 193
Changes:
arch-install-scripts (24-1) unstable;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 11 Aug 2021 21:56:43 +0200
Source: python-pretty-yaml
Binary: python3-pretty-yaml
Architecture: source all
Version: 21.8.3-1
Distribution: experimental
Urgency: medium
Maintainer: Sascha Steinbiss
Changed-By: Sascha Steinbiss
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 11 Aug 2021 21:06:00 +0200
Source: nodejs
Architecture: source
Version: 12.22.5~dfsg-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers
Changed-By: Jérémy Lal
Closes: 992112
Changes:
nodejs
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 11 Aug 2021 18:36:11 +0100
Source: ucx
Binary: libucx-dev libucx0 libucx0-dbgsym ucx-utils ucx-utils-dbgsym
Architecture: source amd64
Version: 1.11.1~rc1-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Science
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 11 Aug 2021 21:30:03 +0200
Source: node-tar
Architecture: source
Version: 6.1.7+~cs11.3.10-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers
Changed-By: Yadd
Closes: 992110 992111
Changes:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 11 Aug 2021 16:29:03 +
Source: hurd
Architecture: source
Version: 1:0.9.git20210811-2
Distribution: unstable
Urgency: medium
Maintainer: GNU Hurd Maintainers
Changed-By: Samuel Thibault
Changes:
hurd
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 11 Aug 2021 19:29:44 +0100
Source: libsdl2
Architecture: source
Version: 2.0.16+dfsg1-1
Distribution: experimental
Urgency: medium
Maintainer: Debian SDL packages maintainers
Changed-By: Simon McVittie
Changes:
libsdl2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 11 Aug 2021 11:24:42 -0600
Source: edk2
Architecture: source
Version: 2021.08~rc0-2
Distribution: experimental
Urgency: medium
Maintainer: Debian QEMU Team
Changed-By: dann frazier
Closes: 992100
Changes:
edk2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 11 Aug 2021 19:36:57 +0200
Source: nodejs
Architecture: source
Version: 12.22.5~dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers
Changed-By: Jérémy Lal
Changes:
nodejs
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 11 Aug 2021 20:13:07 +0300
Source: egl-wayland
Built-For-Profiles: noudeb
Architecture: source
Version: 1:1.1.7-2
Distribution: experimental
Urgency: medium
Maintainer: Timo Aaltonen
Changed-By: Timo Aaltonen
Changes:
Hi Wouter,
sorry for the late reply but I think it's still relevant...
(just thus rather leaving almost full quote as context.)
On Thu, Jul 08, 2021 at 11:25:26AM +0200, Wouter Verhelst wrote:
> On Mon, Jul 05, 2021 at 12:31:10PM +, Holger Levsen wrote:
> > On Mon, Jul 05, 2021 at 02:09:36PM
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 11 Aug 2021 18:06:44 +0200
Source: oz
Architecture: source
Version: 0.17.0-5
Distribution: experimental
Urgency: medium
Maintainer: Simon Josefsson
Changed-By: Simon Josefsson
Changes:
oz (0.17.0-5) experimental;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 11 Aug 2021 18:17:30 +0200
Source: jabberd2
Architecture: source
Version: 2.7.0-3
Distribution: experimental
Urgency: medium
Maintainer: Debian XMPP Maintainers
Changed-By: Simon Josefsson
Changes:
jabberd2 (2.7.0-3)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 11 Aug 2021 16:33:03 +0200
Source: hdf5
Architecture: source
Version: 1.10.6+repack-5
Distribution: unstable
Urgency: medium
Maintainer: Gilles Filippini
Changed-By: Gilles Filippini
Closes: 992068
Changes:
hdf5
On 2021-08-11 14:08 +0200, Hans wrote:
> And best: It is all GPL licensed,
It's all free software, but many licences are used, not just the GPL.
Wookey
--
Principal hats: Linaro, Debian, Wookware, ARM
http://wookware.org/
signature.asc
Description: PGP signature
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 11 Aug 2021 16:45:54 +0100
Source: redis
Built-For-Profiles: nocheck
Architecture: source
Version: 5:6.2.5-2
Distribution: experimental
Urgency: medium
Maintainer: Chris Lamb
Changed-By: Chris Lamb
Changes:
redis
On Wed, Aug 11, 2021 at 04:08:13PM +0200, Vincent Bernat wrote:
> I think we have more systemic issues. I am quite impressed how Nix/NixOS
> is able to pull so many packages and modules with so few people. But
> they use only one workflow, one way to package, one init system, etc.
> Looking at
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 08 Aug 2021 13:46:49 +0200
Source: libspf2
Architecture: source
Version: 1.2.10-7.1
Distribution: unstable
Urgency: medium
Maintainer: Magnus Holmgren
Changed-By: Salvatore Bonaccorso
Changes:
libspf2 (1.2.10-7.1) unstable;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 11 Aug 2021 15:59:46 +0100
Source:
Architecture: source
Version: 1:3.1.4+dfsg1-1
Distribution: unstable
Urgency: medium
Maintainer: Colin Watson
Changed-By: Colin Watson
Closes: 992093
Changes:
(1:3.1.4+dfsg1-1)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Tue, 10 Aug 2021 21:12:41 +0200
Source: linux-signed-arm64
Architecture: source
Version: 5.13.9+1~exp2
Distribution: experimental
Urgency: medium
Maintainer: Debian Kernel Team
Changed-By: Bastian Blank
Changes:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Tue, 10 Aug 2021 21:12:41 +0200
Source: linux-signed-amd64
Architecture: source
Version: 5.13.9+1~exp2
Distribution: experimental
Urgency: medium
Maintainer: Debian Kernel Team
Changed-By: Bastian Blank
Changes:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Tue, 10 Aug 2021 21:12:41 +0200
Source: linux-signed-i386
Architecture: source
Version: 5.13.9+1~exp2
Distribution: experimental
Urgency: medium
Maintainer: Debian Kernel Team
Changed-By: Bastian Blank
Changes:
linux-signed-i386
❦ 11 August 2021 11:27 +02, Steffen Möller:
> I have no exact idea what to change, though. A rolling Debian would be
> cool, yes, but also a bit late when compared with environments that
> Conda offers or the ease that comes with multiple installations of conda
> to e.g. avoid name conflicts. If
On Tue, Aug 10, 2021 at 03:19:10PM -0700, Josh Triplett wrote:
>Bastien Roucariès wrote:
>> I am going to compile shell.efi from source.
>>
>> I whish to install to something stable, but I need an arch triplet in order
>> to
>> put in a multiarch (like) location.
>>
>> I suppose that it will
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 11 Aug 2021 14:25:48 +0200
Source: blender
Architecture: source
Version: 2.93.2+dfsg-5
Distribution: experimental
Urgency: medium
Maintainer: Debian Multimedia Maintainers
Changed-By: Matteo F. Vescovi
Changes:
blender
Am Mittwoch, 11. August 2021, 13:34:27 CEST schrieb Horler, Johannes:
Hi Johannes,
every code of every debian package in debian/main is downloadable from the
repo.
You also get all needed stuff for the most used compiler and interpereter
languages, C, python, perl, lua, java, whatever you
On Wed, Aug 11, 2021 at 11:34:27AM +, Horler, Johannes wrote:
> Dear Debian Team,
>
>
> hopefully I am writing this to the right email address. (In case I am
> not, I would be happy about being refered.) Recently I got interested in
> operating systems. Now I want to try to experiment with
On 8/11/21 7:34 AM, Horler, Johannes wrote:
Dear Debian Team,
hopefully I am writing this to the right email address. (In case I am
not, I would be happy about being refered.) Recently I got interested
in operating systems. Now I want to try to experiment with modifying one.
Is the
Le 11/08/2021 à 13:34, Horler, Johannes a écrit :
> Dear Debian Team,
>
>
> hopefully I am writing this to the right email address. (In case I am
> not, I would be happy about being refered.) Recently I got interested in
> operating systems. Now I want to try to experiment with modifying one.
>
Dear Debian Team,
hopefully I am writing this to the right email address. (In case I am not, I
would be happy about being refered.) Recently I got interested in operating
systems. Now I want to try to experiment with modifying one.
Is the complete source code of any Debian Version available
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Tue, 10 Aug 2021 16:09:10 +0200
Source: icingaweb2-module-pdfexport
Architecture: source
Version: 0.9.1-1
Distribution: unstable
Urgency: medium
Maintainer: David Kunz
Changed-By: David Kunz
Changes:
icingaweb2-module-pdfexport
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Thu, 22 Jul 2021 23:31:21 +0200
Source: icingaweb2-module-director
Architecture: source
Version: 1.8.1-1
Distribution: unstable
Urgency: medium
Maintainer: David Kunz
Changed-By: David Kunz
Changes:
icingaweb2-module-director
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 11 Aug 2021 10:31:43 +0200
Source: icingaweb2-module-businessprocess
Architecture: source
Version: 2.3.1-1
Distribution: unstable
Urgency: medium
Maintainer: David Kunz
Changed-By: David Kunz
Changes:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 11 Aug 2021 11:05:38 +0900
Source: firefox-esr
Architecture: source
Version: 91.0esr-1
Distribution: experimental
Urgency: medium
Maintainer: Maintainers of Mozilla-related packages
Changed-By: Mike Hommey
Changes:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 11 Aug 2021 07:35:23 +0900
Source: firefox
Architecture: source
Version: 91.0-2
Distribution: experimental
Urgency: medium
Maintainer: Maintainers of Mozilla-related packages
Changed-By: Mike Hommey
Changes:
firefox
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 11 Aug 2021 07:18:22 +0900
Source: firefox
Architecture: source
Version: 91.0-1
Distribution: unstable
Urgency: medium
Maintainer: Maintainers of Mozilla-related packages
Changed-By: Mike Hommey
Changes:
firefox (91.0-1)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 11 Aug 2021 02:29:43 +
Source: hurd
Binary: hurd hurd-dbgsym hurd-dev hurd-dev-dbgsym hurd-doc hurd-libs0.3
hurd-libs0.3-dbgsym hurd-libs0.3-udeb hurd-prof hurd-udeb
Architecture: source all
Version: 1:0.9.git20210811-1
On 11.08.21 08:46, Marc Haber wrote:
On Wed, 11 Aug 2021 01:09:29 -0400, Calum McConnell
wrote:
On Wed, 2021-08-11 at 00:51 +, Paul Wise wrote:
On Tue, Aug 10, 2021 at 5:38 PM Andrey Rahmatullin wrote:
"So, Arch Linux, one of the main reasons, there's a couple, but the
main
reason is
On Tue, 10 Aug 2021 at 15:19:10 -0700, Josh Triplett wrote:
> Bastien Roucariès wrote:
> > I suppose that [EFI] will be x86_64-efi-none (or maybe x86_64-windows-efi
> > ) and
> > i686-uefi-none ?
It's certainly not x86_64-windows-efi. The EFI environment isn't Windows
(even though it borrows
On Wed, 11 Aug 2021 01:09:29 -0400, Calum McConnell
wrote:
>On Wed, 2021-08-11 at 00:51 +, Paul Wise wrote:
>> On Tue, Aug 10, 2021 at 5:38 PM Andrey Rahmatullin wrote:
>>
>> > "So, Arch Linux, one of the main reasons, there's a couple, but the
>> > main
>> > reason is the rolling updates of
51 matches
Mail list logo
