Upcoming stable point release (9.7)

Hi, The next point release for "stretch" (9.7) is in progress just now and should hit the mirrors in the next hours. Regards, Martin -- Martin Zobel-Helas Debian System Administrator Debian & GNU/Linux Developer Debian Listmaster http://

Re: HTTPS needs to be implemented for updating

ub.com/rgeissert/http-redirector/issues/78 httpredir is a dead horse. -- Martin Zobel-Helas Software in the Public Interest, Inc. | Member of the Board of Directors GPG Fingerprint: 6B18 5642 8E41 EC89 3D5D BDBB 53B1 AC6D B11B 627B

Re: Ticket received- [SECURITY] [DSA 3055-1] pidgin security update

Hi, On Thu Oct 23, 2014 at 23:15:54 +0100, Jack wrote: > On 23/10/2014 22:14, Multapplied Networks Technical Services wrote: > > Dear Debian-security, > > Ban the bots! > already kicked. Martin Zobel-Helas -- Debian Listmaster -- Martin Zobel-Helas Debian System Adm

Re: Long Exim break-in analysis

# cat apt.conf.d/01remount DPkg::Pre-Invoke {"if mount | awk '{print $3}' | grep -q '^/tmp$'; then /bin/mount -o remount,exec /tmp; fi";}; DPkg::Post-Invoke {"if mount | awk '{print $3}' | grep -q '^/tmp$'; then /bin/mount -o remount,noex

Re: [SECURITY] [DSA 2134-1] Upcoming changes in advisory format

eable format? > > will it include a list of affected binary packages (in addition to source > packages)? ACK. +1 YAML? -- Martin Zobel-Helas | Debian System Administrator Debian & GNU/Linux Developer | Debian Listmaster Public key http://zobel.ftbfs.d

Re: Upcoming etch point release

o integrate all pending DSAs into an point release. I am not even sure we can move DSAs into archive seperatly without breaking the GPG signature of the Release file. Cheers, Martin -- Martin Zobel-Helas | Debian System Administrator Debian & GNU/Linux Developer |

Re: ipv6 and security.debian.org

'-4' option (or alike) to force apt-get to use ipv4 but couldn't find > one. Is such an APT config option available? Can you give us a tcptraceroute6 to from your machine to security.d.o? Greetings Martin -- Martin Zobel-Helas | Debian System Administrator Debian & GNU/

Re: [SECURITY] [DSA 1633-1] New slash packages fix multiple vulnerabilities

Hi, On Mon Sep 01, 2008 at 20:55:11 +0200, [EMAIL PROTECTED] wrote: > *** out of office auto-reply *** unsubscribed. -- Martin Zobel-Helas <[EMAIL PROTECTED]> | Debian System Administrator Debian & GNU/Linux Developer | Debian Listmaster Pu

Re: [SECURITY] [DSA 1615-1] New xulrunner packages fix several vulnerabilities

such persons to [EMAIL PROTECTED] -- Martin Zobel-Helas <[EMAIL PROTECTED]> | Debian Release Team Member Debian & GNU/Linux Developer | Debian Listmaster Public key http://zobel.ftbfs.de/5d64f870.asc - KeyID: 5D64 F870 GPG Fingerprint: 5DB3 1301 375A A50F

Re: clamav.* package versions (etch)

hen please please let someone know. Is is already escalated, and we are working on that problem getting fixed. clamav will be available in a few minutes. Greetings Martin -- Martin Zobel-Helas <[EMAIL PROTECTED]> | Debian Release Team Member Debian & GNU/Linux Developer |

Re: [SECURITY] [DSA 1438-1] New tar packages fix several vulnerabilities

Hi, On Fri Dec 28, 2007 at 19:19:50 -0500, Jim Popovitch wrote: > On Fri, 2007-12-28 at 22:36 +0100, Martin Zobel-Helas wrote: > > On Fri Dec 28, 2007 at 22:10:08 +0100, Wolfgang Jeltsch wrote: > > > However, I cannot see any security announcement for most of these.

Re: [SECURITY] [DSA 1438-1] New tar packages fix several vulnerabilities

Hi, On Fri Dec 28, 2007 at 22:10:08 +0100, Wolfgang Jeltsch wrote: > Am Freitag, 28. Dezember 2007 16:29 schrieb Florian Weimer: > > > > Debian Security Advisory DSA-1438-1 [EMAIL PROTECTED] > > http://www.d

Re: security.debian.org: MD5Sum mismatch

Hi, On Fri Aug 17, 2007 at 13:12:34 +0200, Lupe Christoph wrote: > On Friday, 2007-08-17 at 10:46:32 +, [EMAIL PROTECTED] wrote: > > On Fri, Aug 17, 2007 at 12:20:34PM +0200, Lupe Christoph wrote: > > > > I *wish* those updates > > > were atomic, but they probably arent'. > > > why not thou

Re: verifying archive signature keys?

Hi, On Wed Aug 15, 2007 at 10:54:02 +0200, Hadmut Danisch wrote: > Hi, > > just a question because someone had asked me for help. The problem was > that apt-get update had complained about not beeing able to verify > signatures due to a missing pgp key. > > Was easy to tell to do > gpg --recv-k

Re: security mirror out of date: 128.101.240.212

Hi, On Mon May 14, 2007 at 17:17:13 -0400, Jim Popovitch wrote: > On Tue, 2007-05-15 at 00:14 +0300, Tomas Nykung wrote: > > What I don't understand is why I always got the bad mirror, regardless > > how many times I tried to rerun aptitude/apt-get update both yesterday > > and today (and on two

Bug#417328: links2: should not be part of any stable release

Package: links2 Version: 2.1pre16-1 Severity: serious Tags: security Justification: seem to buggy to be supported by the security team Hi, on December 21st, DSA 1240 was released from a member of the security team. It was issued to fix 'arbitrary shell command execution'. Within a week the stable

Re: Fabien Trauchessec est absent(e).

Hi Fabien, On Mon Nov 27, 2006 at 10:31:59 -0500, [EMAIL PROTECTED] wrote: > My auto-reply software sends severals messages to the debian-security > mailing-list. > Now my address is on google and I began to recieve some spam. The Debian-Listarchives-Policy is to NOT remove or alter any postings

Re: bind9 security problem?

On Sat Nov 04, 2006 at 10:30:55 +0100, Adrian von Bidder wrote: > Yodel! > > Is there a security problem in some bind version? Or in some syncml-related > application? Or is somebody just being silly? I have these in my logs: > > === > Nov 3 15:35:03 myhost named[8286]: unexpected RCODE (SER

Re: bug in tar 1.14-2.1

Hi Andi, On Monday, 27 Mar 2006, you wrote: > * Martin Zobel-Helas ([EMAIL PROTECTED]) [060324 16:00]: > > Looks like just rebuilding the security version resolves that error, for > > whatever reason. Julien and me just cross checked that and got the same > > result. >

Re: bug in tar 1.14-2.1

Hi mollo, On Sunday, 19 Mar 2006, you wrote: > On Tue, 7 Mar 2006 15:19:58 +0100 > using tar 1.14-2.1 > > fw:/home/mathieu# tar --rmt-command=/usr/sbin/rmt -cvf > '[EMAIL PROTECTED]:/home/mathieu/test.tgz' /etc tar: > [EMAIL PROTECTED]:/home/mathieu/test.tgz: Cannot open: Input/output > error ta

Re: problem with unsubscribe

Hi Thomas, looks like you are subscribed to debian-security-announce@lists.debian.org You can either go to http://lists.debian.org/debian-security-announce/ and use the unsubscribe function there or you send a mail to [EMAIL PROTECTED] with the subject "unsubscribe". If you are not sure with whi

Re: [SECURITY] [DSA 930-1] New smstools packages fix format string vulnerability

Hi Thijs, On Monday, 09 Jan 2006, you wrote: > Michael Stone wrote: > >Vulnerability : format string attack > >Problem-Type : local > >Debian-specific: no > >CVE ID : CVE-2006-0083 > > > >Ulf Harnhammar from the Debian Security Audit project discovered a > >format string attack in the l

Re: [SECURITY] [DSA 701-1] New samba packages fix arbitrary code execution (fwd)

Hi Rolf.Joschke, On Monday, 04 Apr 2005, you wrote: > > Dear Martin, > > I have been unable to find the security-fixed version samba 3.0.10-1. Can > you mail me the URL where to get it from. > have a look on http://packages.debian.org/testing/net/samba and choose your architecture. Greetings M