On 7/29/10 11:43 AM, Ashley Taylor wrote:
If your phpMyAdmin installations are safe and protected and you wish to
remove these from your log files for vanity reasons, please see this guide
with a cool fail2ban config that should help you:
On 09/28/2010 03:04 PM, Marsh Ray wrote:
On 09/24/2010 02:45 AM, Simon Josefsson wrote:
But that's a choice made by Debian. Call it release policy, procedure,
or whatever, Debian cannot use the existence of its own bureaucracy as a
justification for wrong action (or inaction).
Microsoft has
On 09/29/2010 03:52 PM, Michael Gilbert wrote:
On Tue, 28 Sep 2010 15:04:04 -0500, Marsh Ray wrote:
On 09/24/2010 02:45 AM, Simon Josefsson wrote:
Marsh Rayma...@extendedsubset.com writes:
As a long-term Debian user myself, I appeal to Debian's sense of
enlightened self-interest and urge
On Mon, 2010-10-11 at 10:40 -0400, Michael Gilbert wrote:
The problem here appears to be the jump to the new upstream version
(1.8.2 to 1.8.13), which has a different dependency set. New
upstreams are usually disallowed in security uploads. The question
is why was that OK in this case,
On Mon, 2010-10-11 at 11:15 -0400, Michael Gilbert wrote:
I highly doubt that there is anything malicious going on here, and there
is always the Debian does not hide problems mantra. The simplest,
and most-likely explanation is that it was easier to update to the new
upstream, rather than
On Tue, 2010-10-12 at 11:10 +0100, Marcin Owsiany wrote:
And it might be non-obvious, but some CPUs (e.g. the one in my
not-so-old laptop) don't support PAE, so making the default kernel use
PAE would make debian unbootable on them.
Because it's too hard to have ubiquity run a script that
On Tue, 2010-10-12 at 05:29 -0500, Jordon Bedwell wrote:
On Tue, 2010-10-12 at 11:10 +0100, Marcin Owsiany wrote:
And it might be non-obvious, but some CPUs (e.g. the one in my
not-so-old laptop) don't support PAE, so making the default kernel use
PAE would make debian unbootable on them
On Tue, 2010-10-12 at 11:35 +0100, Marcin Owsiany wrote:
What's ubiquity?
Read the follow up email where I corrected mistake please...
Enable what? Last time I checked, a given kernel image either user PAE
or not, there was no flag to control it.
You read to much into the subjective usage of
On Thu, 2010-10-14 at 20:09 +0200, Yves-Alexis Perez wrote:
On mar., 2010-10-12 at 05:34 -0500, Jordon Bedwell wrote:
Also to add, the benefits of NX on PAE far outweigh those of not having
PAE,
Like, not booting at all?
Like, going and buying a better computer? I have no problem booting
On Thu, 2010-10-14 at 20:21 +0200, Yves-Alexis Perez wrote:
I'm not sure it's a solution Debian can advertise.
I know it's not, that is why later down the discussion we brought up the
installer giving people the option to either choose the kernel or
building a script that will check for PAE and
On Thu, 2010-10-14 at 17:39 -0400, Jordan Metzmeier wrote:
There is not only issues of legacy hardware but virtual machines. I
signed up for the RHEL 6 beta. Downloaded my copy and fired it up in
virtualbox, only to find that it failed to boot, because virtualbox did
not support PAE.
On 10/27/2010 04:05 PM, Henrique de Moraes Holschuh wrote:
On Mon, 25 Oct 2010, Michael Loftis wrote:
checks prior to this indicate a soft success. If you remove
authentication from your system, its expected that any attempt to
access will pass, barring and specific denial.
If I remove
On 10/27/2010 05:19 PM, Jim P wrote:
Please move this thread to debian-u...@. EOM
I find it ironic you top post and don't trim while asking people to move
something to Debian-User. This guy has what /he/ thinks is a /security
issue/. According to Debian this list is: Discussions about
On 10/29/2010 11:06 AM, Min Wang wrote:
Hi
I have apache2.conf using prefork with MaxClient setting to 30 ( on Lenny)
but on system I saw more than 100 apache2 processes
Isn't the MaxClients supposed to limit total apache2 processes to be 30?
Something may be wrong/security issue?
On Sat, 2010-11-13 at 18:14 +0100, Thijs Kinkhorst wrote:
I have tested it in some different environments with different types of
configurations and the packages work very fine for me.
Just one question, did you test the patch or did you test the build?
--
To UNSUBSCRIBE, email to
On 1/30/2011 8:11 AM, Dario Ernst wrote:
Hello,
as i was affected by the recent exim exploit i may be a bit paranoid
here, but i have general question on this update.
If i am not using -D or -C anywhere in my exim setup (e.g. using the
debian default initscripts and have not added any of those
On 3/9/2011 1:26 PM, Timothy Ball wrote:
On Wed, Mar 09, 2011 at 01:31:50AM -0800, aizaz83 hussain wrote:
Dear I need your Help regarding Exploit development of CVE-2010-3872
Could you please Guide.
How might this CVE-2010-3872 be exploited and how might an exploit work
bwahahahahaha ...
On 3/11/2011 9:04 AM, Andrey Rahmatullin wrote:
On Fri, Mar 11, 2011 at 09:42:17AM -0500, hans wrote:
rm / -rf worked fine last time I tried it on a VM as an experiment.
It was fixed in coreutils 6.2 [2006-09-18].
Subjective fix. It can still destroy your system, it can still delete
On 08/19/2011 10:04 AM, Mason Loring Bliss wrote:
Evidently it's been fixed:
http://www.debian.org/security/2011/dsa-2252
Just a future note too, if you ever find a CVE and don't want to Google
you can do: http://security-tracker.debian.org/tracker/CVE-2011-1929
--
To UNSUBSCRIBE,
On 08/21/2011 03:37 PM, David Giard wrote:
Are we going to receive those every time he is out of the office? I hope
someone will do something about it...
Read his email again. Focus on the bottom.
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of
On 10/05/2011 05:39 PM, Poison Bit wrote:
On Thu, Oct 6, 2011 at 12:33 AM, Poison Bit poison...@gmail.com wrote:
In my experience: if a company does not perform operative system
upgrades, the company does not have more than 5 years and does not
understand how open source, and in special
On Wed, Dec 28, 2011 at 2:54 AM, Adam D. Barratt
a...@adam-barratt.org.uk wrote:
On 28.12.2011 07:56, Patrick Geschke wrote:
Hey,
@Maintainers: Whats the overall Status of the package?
According to php.net 5.3.8 is stable.
5.3.8 is in both testing and unstable - see
On Wed, Jan 11, 2012 at 3:37 AM, Kees de Jong keesdej...@gmail.com wrote:
For the home dirs try this: dpkg-reconfigure adduser. Then choose 'no'. I
think that should do the trick. I am on my Android right now so I can't
check it for you.
--
Met vriendelijke groet,
Kees de Jong
On Jan 11,
SSH Version: OpenSSH_5.5p1 Debian-6+squeeze1, OpenSSL 0.9.8o 01 Jun 2010
part of the config:
compression yes
maxauthtries 1
port 22
listenaddress 10.6.18.80
protocol 2
useprivilegeseparation yes
syslogfacility AUTH
loglevel VERBOSE
logingracetime 30
permitrootlogin yes
strictmodes yes
On Thu, Mar 1, 2012 at 6:31 AM, Taz taz.ins...@gmail.com wrote:
rsaauthentication no
change this to yes
I'm at a loss, how is setting an option that does not even apply to us
(since we use Protocol 2 and that option is moot for us anyways) going
to fix a logging issue? Perhaps I need to be more
2012/3/1 Aníbal Monsalve Salazar ani...@debian.org:
On Thu, Mar 01, 2012 at 06:56:07AM -0600, Jordon Bedwell wrote:
The problem is I cannot get sshd to log publickey denied errors to
/var/log/auth.log so our daemons can ban these users. I want to know
what happened to messages like publickey
On May 29, 2012 7:08 AM, Povl Ole Haarlev Olsen debian-secur...@stderr.dk
wrote:
Without any evidence of intrusion, I wouldn't be surprised if
you got a flaky key on your keyboard. Are you sure you don't
have a faulty 1 or something like that?
This one has gotten me before. What can make it
Hi,
On 08/07/2012 08:15 AM, Laurie Mercer wrote:
Is it possible to set the umask to a value (in this case 27) at boot
time so that all daemon processes started at boot time will have this
umask by default (unless they override it)?
In Redhat this is done in the /etc/sysconfig/init file,
On Fri, Nov 23, 2012 at 12:31 AM, Mike Mestnik
cheako+debian-secur...@mikemestnik.net wrote:
On 11/22/12 11:33, Laurentiu Pancescu wrote:
More likely: a vulnerability in their web service (some form of
execution of attacker-provided code), combined with a local privilege
elevation exploit (the
Hai,
On Wed, Dec 12, 2012 at 12:33 PM, Bart Martens ba...@debian.org wrote:
I already use mktemp -d /tmp/flashplugin-nonfree.XX. Isn't that
secure ? What is the problem you are suggesting to file a bug for ?
Please tell me you are trolling?
--
To UNSUBSCRIBE, email to
On Thu, Dec 13, 2012 at 1:47 PM, Davide Prina davide.pr...@gmail.com wrote:
On 12/12/2012 23:26, Michael Gilbert wrote:
Ultimately, for anyone even modestly
security-conscious adobe flash should really be avoided at all costs.
+1
I'm not an expert, but I think that packages like this must
On Thu, Sep 12, 2013 at 5:23 PM, Jonathan Perry-Houts
jperryho...@gmail.com wrote:
I still don't see why this should make me trust closed code more. For
all I know Intel's code is full of lines like that, or worse.
It's not about getting you to like closed or open source software
more, it's
On Thu, Sep 12, 2013 at 9:03 PM, adrelanos adrela...@riseup.net wrote:
Microcode. (I guess if the vulnerability can not be fixed with some kind
of firmware upgrade and is used in the wild, that would be a reason to
get it replaced for free or being required to buy a new one.)
I'm not a lawyer
On Tue, Oct 29, 2013 at 4:29 AM, Nikolay Kubarelov n...@tightwax.com wrote:
I would use Tor hidden service instead of SSL.
Wait: What? Can't tell if serious.
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
On Wed, Oct 30, 2013 at 12:11 AM, Pedro Worcel pe...@worcel.com wrote:
I fail to see what would make what hard, could you please explain?
Hard, maybe not, needed: no. There is no reason to try and hide the
information, there never was and there never will be. If you were to
implement SSL and
On Thu, Oct 31, 2013 at 10:28 AM, Paul Wise p...@debian.org wrote:
On Thu, Oct 31, 2013 at 8:55 PM, adrelanos wrote:
What are your plans if you ever have reason to believe that the Debian
archive signing key has been compromised?
It is unlikely that the people responsible for that are
On Fri, Nov 1, 2013 at 8:23 AM, Paul Tagliamonte paul...@debian.org wrote:
I take issue with this. I find this attitude really crappy. I'd strongly
invite you to reconsider this tone and belief.
I invite you to jump back down to earth and stop judging people as if
you are somehow better.
--
On Fri, Nov 1, 2013 at 8:30 AM, Paul Tagliamonte paul...@debian.org wrote:
On Fri, Nov 01, 2013 at 08:27:03AM -0500, Jordon Bedwell wrote:
On Fri, Nov 1, 2013 at 8:23 AM, Paul Tagliamonte paul...@debian.org wrote:
I take issue with this. I find this attitude really crappy. I'd strongly
On Fri, Nov 1, 2013 at 8:33 AM, Jordon Bedwell jor...@envygeeks.com wrote:
On Fri, Nov 1, 2013 at 8:30 AM, Paul Tagliamonte paul...@debian.org wrote:
On Fri, Nov 01, 2013 at 08:27:03AM -0500, Jordon Bedwell wrote:
On Fri, Nov 1, 2013 at 8:23 AM, Paul Tagliamonte paul...@debian.org wrote:
I
On Fri, Nov 1, 2013 at 8:42 AM, Darko Gavrilovic d.gavrilo...@gmail.com wrote:
I should say individual people without the, as the implies you were
insulting the people on the team, and not people in general.
No one here thinks they are better or smarter than you. It would just
be nice if
On Nov 30, 2013 6:29 PM, Bernhard R. Link brl...@debian.org wrote:
* Joel Rees joel.r...@gmail.com [131129 00:36]:
The standard needs to be re-written to encourage sane behavior in
undefined situations, and if you don't like that opinion, I'll take
some time later, when I have some, to rip
41 matches
Mail list logo
