Re: [SECURITY] [DSA 2287-1] libpng security update
On Thu, Jul 28, 2011 at 06:23:46PM +0200, Luciano Bello wrote: For the oldstable distribution (lenny), this problem has been fixed in version 1.2.27-2+lenny5. Due to a technical limitation in the Debian archive processing scripts, the updated packages cannot be released in paralell with the packages for Squeeze. They will appear shortly. This currently still doesn't seem to be available? Kurt -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110729083547.ga16...@roeckx.be
Re: [SECURITY] [DSA 2287-1] libpng security update
Kurt Roeckx k...@roeckx.be schrieb: On Thu, Jul 28, 2011 at 06:23:46PM +0200, Luciano Bello wrote: For the oldstable distribution (lenny), this problem has been fixed in version 1.2.27-2+lenny5. Due to a technical limitation in the Debian archive processing scripts, the updated packages cannot be released in paralell with the packages for Squeeze. They will appear shortly. This currently still doesn't seem to be available? There hasn't been any NEW processing by FTP masters, no. This is nothing the security team can control. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/slrnj352ma.kad@inutil.org
Fwsnort: --hex-string syntax bug
Hi, I've been trying to file a bug report trough the bug report tool of Debian. But without a succes. So I'll just inform you all about this bug since I do want to inform you about it. I'm sorry this isn't the proper method, but bugreport isn't cooperative with my SMTP for some reason. I've discovered that fwsnort generates a small but significant syntax error when this iptable rule is present: # ICMP echo request $IPTABLES -A OUTPUT -p icmp --icmp-type 8 -j ACCEPT The below fwsnort rule is generated which makes 'iptables-persistent' crash on boot, which in turn boots Debian without a firewall. -A FWSNORT_INPUT -p icmp -m icmp --icmp-type 8 -m string --hex-string| 0102030405060708090a0b0c0d0e0f| --algo bm --to 74 -m comment --comment sid:2100369; msg:GPL ICMP_INFO PING BayRS Router; classtype:misc-activity; reference:arachnids,438; rev:7; FWS:1.5; -j LOG --log-prefix [11] SID2100369 --log-ip-options The right syntax should be: --hex-string | 0102030405060708090a0b0c0d0e0f| It's a small syntax error, I'm sorry I don't have the time to fix this bug. I hope I've given enough information to you to fix this problem. In the mean time this can be fixed by editing the saved iptable configuration in /etc/iptables/rules.v4 To display some helpful debugging information you can run: # iptables-restore /etc/iptables/rules.v4 This will inform you of the line where this syntax error is. Then edit it accordingly with your favorite text editor. -- Kind regards, Kees de Jong De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde(n). Indien u dit bericht onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. -- The information contained in this message may be confidential and is intended to be exclusively for the addressee(s). Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. signature.asc Description: This is a digitally signed message part
Re: Fwsnort: --hex-string syntax bug
Hi, I've been trying to file a bug report trough the bug report tool of Debian. But without a succes. So I'll just inform you all about this bug since I do want to inform you about it. I'm sorry this isn't the proper method, but bugreport isn't cooperative with my SMTP for some reason. [...] You might want to simply file your bug report via email. Please see http://www.debian.org/Bugs/Reporting and skip to Sending the bug report via e-mail. Hope this helps, Michael pgp0Dnt5MQKDz.pgp Description: PGP signature
Re: Broken links in web-page
Hello Henri, On Thu, Jul 28, 2011 at 05:22:58PM +0300, Henri Salo wrote: Page http://www.debian.org/security/audit/tools contains broken links to several locations: I sent a bug report. See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635903. I set you as the submitter, so you'll get noticed when this gets fixed. Greetings, Mike Dornberger -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110729174209.gc4...@wolfden.dnsalias.net
wnpp_rm vs. official list discrepancy
I was looking at CVE-2010-4663, and noticed that cmsmadesimple/cmsms ( http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=60) is listed on the WNPP website (http://www.debian.org/devel/wnpp/being_packaged) but is not in the wnpp_rm file created by bin/check-new-issues and searched with .wname. What's causing this discrepancy, and is the wnpp_rm list not a 1-to-1 list with the lists on the website? -Johnathan