On Wed, Jun 03, 2020 at 01:51:40PM +0200, Guilhem Moulin wrote:
> Hi,
>
> On Wed, 03 Jun 2020 at 12:34:09 +0100, David Pottage wrote:
> > Roundcube have just announced a new release which includes security
> > fixes.
> >
> > What is the timeline to updated the Debian package in backports?
>
>
On Tue, May 01, 2018 at 05:12:02PM +, Ben Hutchings wrote:
> -
> Debian Security Advisory DSA-4187-1 secur...@debian.org
> https://www.debian.org/security/Ben Hutchings
> May
Hi all,
Firstly, thank you, David, for your excellent work packaging ownCloud
and its dependencies. It allowed me a very easy setup for an installation
which has been really valuable so far. (I will need to think carefully
about future plans for this service.)
Given the recent removal of
On Thu, Mar 17, 2016 at 10:52:03PM +0100, Moritz Muehlenhoff wrote:
> Multiple security issues have been found in the Xen virtualisation
> solution, which may result in denial of service or information disclosure.
>
> The oldstable distribution (wheezy) will be updated in a separate
On Wed, Feb 17, 2016 at 07:31:49PM +0100, Thomas Hager wrote:
> On Wed, 2016-02-17 at 10:55 +0000, Dominic Hargreaves wrote:
> > "Mitigating factors for UDP include [...]
> > - A local resolver (that drops non-compliant responses)."
> >
> > &qu
On Tue, Feb 16, 2016 at 04:32:00PM +0100, Peter Ludikovsky wrote:
> Hello,
>
> A question to those more knowledgeable: we're using our own DNS
> servers for all lookups, and those do recursive lookup for any
> external addresses. Am I right to assume that Bind9 uses it's own
> implementation for
Control: tags -1 - security
Control: found -1 4.46-1
On Tue, Jan 12, 2016 at 12:54:19PM +, Chris Boot wrote:
> Control: tag -1 security
>
> On 12/01/16 12:28, Chris Boot wrote:
> [snip]
> > Forwarded: https://rt.cpan.org/Public/Bug/Display.html?id=80346
> >
> > Dear Maintainer,
> >
> >
On Tue, May 12, 2015 at 09:40:49PM +0200, Alessandro Ghedini wrote:
It was discovered that the fix for CVE-2013-4422 in quassel, a
distributed IRC client, was incomplete. This could allow remote
attackers to inject SQL queries after a database reconnection (e.g.
when the backend PostgreSQL
On Fri, Aug 23, 2013 at 05:53:12PM +, Salvatore Bonaccorso wrote:
Package: python-django
Vulnerability : cross-site scripting vulnerability
Problem type : remote
Debian-specific: no
Nick Brunn reported a possible cross-site scripting vulnerability in
python-django, a
-bin/bugreport.cgi?bug=697666
but you may wish to temporarily disable access to mt-upgrade.cgi
(which should not affect normal operation of MT) until this is
released.
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email
(and I'm
not going to do all those investigations by myself).
Mmm. I see a similar problem developing with Movable Type (which I
am the sole maintainer for at the moment). I don't know what the answer
is.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li
/wordpress-3-4-1/
and
http://wordpress.org/news/2012/09/wordpress-3-4-2/
apply to 3.3 too? Are there any plans to further upgrade squeeze in
this manner?
Cheers,
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email
On Wed, May 30, 2012 at 06:31:01PM +0100, Dominic Hargreaves wrote:
On Tue, May 29, 2012 at 09:04:59PM +0200, Florian Weimer wrote:
It was discovered that the recent request-tracker3.8 update,
DSA-2480-1, introduced a regression which caused outgoing mail to fail
when running under mod_perl
in
this package. Please see
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674924
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe
), this problem has been fixed in
version 4.0.5-3.
RT 4 should not have been affected by this bug.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject
On Fri, May 25, 2012 at 09:29:44AM +0100, Dominic Hargreaves wrote:
On Thu, May 24, 2012 at 07:37:03PM +0200, Moritz Muehlenhoff wrote:
Several vulnerabilities were discovered in Request Tracker, an issue
tracking system:
For the stable distribution (squeeze), this problem has been fixed
On Mon, Jan 30, 2012 at 01:55:57PM +, Dominic Hargreaves wrote:
On Sun, Jan 29, 2012 at 01:14:20PM +0100, Moritz Mühlenhoff wrote:
Moritz Mühlenhoff j...@inutil.org schrieb:
Hi,
the changes needed to secure Tomcat against the recent hash collision
attack are large and instrusive
there (that's a big if, of course).
Cheers,
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas
than typical stable
releases (eg 5 years, rather than the 2-3 that stable gets at the moment).
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject
, so I assume that noone had the time
to take it forward, but I thought it was worth checking whether anything
had happened.
Are there others on this list who would be willing to help support such
an initiative?
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from
On Wed, Jun 22, 2011 at 10:26:48PM +0100, Dominic Hargreaves wrote:
[adding perl maintainers to CC]
On Wed, Jun 22, 2011 at 02:49:02PM -0400, Junior Gamez Aguilera wrote:
after applying this upgrade mailscanner stop working, it start to enter
in a continuous cicle of restart. please could
in unstable.
Can you confirm that the errors on that thread match what you're seeing?
Unfortunately there does not yet appear to be any sign of a real fix
upstream, but there are a couple of possible workarounds mentioned.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from
Hello,
Are there any plans to update the sun-java6 packages in lenny and
squeeze for the recent floating point DoS issue?
Thanks,
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
--
To UNSUBSCRIBE, email to debian
On Mon, Feb 21, 2011 at 02:31:44PM +0100, Sylvestre Ledru wrote:
Le lundi 21 février 2011 à 13:11 +, Dominic Hargreaves a écrit :
Hello,
Are there any plans to update the sun-java6 packages in lenny and
squeeze for the recent floating point DoS issue?
Yes:
http://bugs.debian.org
not be a disaster).
Cheers,
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http
,
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http
-2.6.30
openoffice.org-l10n-lo
Cheers,
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas
security
updates, but I've never really persued it.
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas
Hello,
xpdf 3.02-1.4+lenny3 has hit lenny-security but there doesn't seem
to be any corresponding DSA yet. Is this an oversight?
Cheers,
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
--
To UNSUBSCRIBE, email
.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org
Hi,
CVE-2009-3892 is fixed in 3.6.7-5+lenny3.
If someone can add me (alioth username 'dom' to be able to make these
changes directly, I will do so.
Cheers,
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email
in the above: testing does not contain a
vulnerable version of RT; RT 3.6 has been kept out of testing as it
is basically EOLed (and will be removed from unstable too once the
new rtfm package has matured a bit), and RT 3.8.6 which fixes this is
already in testing.
Cheers,
Dominic.
--
Dominic
not contain this problem.
Thanks,
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
--
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas
at upgrading my servers?
The mmap_min_addr tuneabout was not introduced until after 2.6.18,
which is the default etch kernel. I am using the 'etchnhalf' kernel
(linux-image-2.6.24-etchnhalf*) on an etch machine, partly since it
offers this protection.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom
version of the fckeditor.
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
archive which
appears to fix this problem, but no subsequent advisory has been released.
Is this an oversight?
Cheers,
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
--
To UNSUBSCRIBE, email to debian-security-requ
On Mon, Jun 15, 2009 at 06:10:29PM +0200, Nico Golde wrote:
Hi,
* Thijs Kinkhorst th...@debian.org [2009-06-15 17:39]:
On Mon, June 15, 2009 16:42, Dominic Hargreaves wrote:
For the oldstable distribution (etch), this problem will be fixed soon.
2.1.22.dfsg1-8+etch1 has now
An update (2.1.22.dfsg1-23+lenny1) appeared in lenny-security over the
weekend, but I haven't noticed an advisory for it on
debian-security-announce or on the web site yet.
An oversight?
Cheers,
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li
Hi,
I wondered if any fix is likely to be available for CVE-2008-5519
(information disclosure, looks potentially quite severe) any time
soon or if any more help is needed?
Cheers,
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web
updates will typically release
in a staggered or leap-frog fashion.
i do not see this advisory (1794) @ http://www.debian.org/security
Advisories take a little while to appear on the web site, I believe.
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from
?
Cheers,
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
? It would help reassure users that things haven't been
forgotten about greatly.
Cheers,
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject
On Thu, Dec 11, 2008 at 12:11:05PM -0700, dann frazier wrote:
On Thu, Dec 11, 2008 at 06:49:59PM +, Dominic Hargreaves wrote:
May I make a suggestion that you include a comment along these lines in
the advisory texts? It would help reassure users that things haven't been
forgotten
dist, though, if you
wanted it. Volatile admins, is there something wrong with this package
or has it just been forgotten about?
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED
On Wed, Dec 10, 2008 at 11:51:49AM +0100, Cyril Brulebois wrote:
Dominic Hargreaves [EMAIL PROTECTED] (10/12/2008):
Looks like it is in the etch-proposed-updates/etch dist, though, if
you wanted it. Volatile admins, is there something wrong with this
package or has it just been forgotten
for volatile, as I understand it.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
-4etch16.
For the unstable distribution (sid), these problems have been fixed in
version 0.94.dfsg.2-1.
This looks like quite a serious bug (remote arbitrary code execution).
Are there any plans for an update to volatile?
Thanks,
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom
kernels.
Are they vulnerable to any of the issues discussed in this advisory, and
if so will they be fixed? (As I understood it the etchnhalf kernels
would be fully security supported).
Thanks,
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li
mailing lists?
Because this list is the Reply-To for debian-security-announce mails,
and that list probably has an order of magnitude more subscribers than
most, including, obviously, a greater proportion of misbehaving mail
programs.
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk
On Fri, Jul 04, 2008 at 09:16:56AM +0200, Thijs Kinkhorst wrote:
For the unstable distribution (sid), these problems have been fixed in
version 2.3.3-1.
Is this a mistake? packages.debian.org shows sid as having wordpress
2.5.1-4 currently...
Dominic.
--
Dominic Hargreaves | http
On Mon, May 12, 2008 at 05:31:32PM -0600, dann frazier wrote:
On Mon, May 12, 2008 at 11:52:27PM +0100, Dominic Hargreaves wrote:
Is there any reason this has been labelled as a DoS rather than an
potential arbitrary code execution issue (which
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008
in the Debian kernel?
It seems odd that Debian would release a new kernel for a single
DoS-only vulnerability.
Cheers,
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject
/version
will give you the full version of the booted kernel.
Cheers,
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL
quite a lot of .so files repackaged from the i386 binaries, and
I'm concerned that these won't be security supported (I've seen no
security updates for this package).
Is my analysis correct, and I shouldn't install this package in a
production environment?
Thanks,
Dominic.
--
Dominic Hargreaves
in volatile.debian.org?
Thanks,
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
certain confurations).
It may be worth reissuing the advisory to make this clear.
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
will install corrected packages
This won't work unless there are updated linux-image-2.6-* packages in
security, will it?
And even then, a dist-upgrade would be needed.
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email
On Thu, Aug 16, 2007 at 09:34:58AM +0100, Dominic Hargreaves wrote:
And even then, a dist-upgrade would be needed.
Sorry to be replying to myself.
Of course, this will also need module-assistant style (and any other)
out-of-tree modules to be rebuilt; I can't remember whether there's ever
been
OpenOffice.org depended on.
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
fixed in
version 2.2.1-5+etch1.
For the unstable distribution (sid), this problem has been fixed in
version 2.2.1-6.
What is the status of the sarge packages?
Cheers,
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email
round-robin, you should find the updated Packages file gets to you after
a few tries.
You may find a similar error - 404 when downloading the package, for the
same reason. In that case, simply retry the apt-get upgrade until it
works.
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom
/cgi-bin/search_packages.pl?keywords=openoffice.orgsearchon=namesversion=allrelease=all
Regards,
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe
so I'd imagine it'll be in etch soon.
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
On Sun, Nov 05, 2006 at 08:27:36PM -0800, John Bugg wrote:
Please register my name for update/upgrade notifications. Thanks in advance.
You can do this from
http://lists.debian.org/debian-security-announce/
Regards,
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key
sensitive data. It's not an issue specific to this vulnerability.
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
-security-announce/
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
someone please confirm that -r3 is out now?
There's an announcement on debian-announce sent out a couple of hours
ago:
http://lists.debian.org/debian-announce/debian-announce-2006/msg4.html
Yes, it is out.
Regards,
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key
with nfs-common and lpr, removing it is one of the
first things I do for a new install.
Cheers,
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe
am happy to provide
the fix.
Cheers,
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
to packages which have not been
released or included as URLs in the advisory
(mysql-dfsg 4.0.24-10sarge2, mysql-dfsg-4.1 4.1.11a-4sarge3). Will they
be released on security.debian.org and have an advisory released?
Cheers,
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key
On Thu, Apr 28, 2005 at 07:24:11PM +0200, martin f krafft wrote:
How can I find out the SSHD key fingerprint given the local file?
ssh-keygen -l
Cheers,
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
--
To UNSUBSCRIBE, email
not sure what your subscription address is, you can find it
encoded into the Return-path header of the list mails.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject
72 matches
Mail list logo