Re: Use of DSA number for general announcements (was: [DSA 2548-1] Debian Security Team PGP/GPG key change notice)

[Arthur de Jong]

On Fri, 2012-09-14 at 10:31 +0200, Nico Golde wrote:
> I just want to point out though that as far as I know you can't send
> an announcement mail to this list without a fake DSA id.

Perhaps it is an idea to also reject mails with a DSA id already issued?
That could save a few problems. Judging by the mail archives 20 DSA ids
were used more than once in the last few years.

-- 
-- arthur - adej...@debian.org - http://people.debian.org/~adejong --


signature.asc
Description: This is a digitally signed message part

Re: Use of DSA number for general announcements

[Arthur de Jong]

On Sat, 2012-09-15 at 12:49 -0400, David Prévot wrote:
> They seem to be error prone for the security team, since the number was
> used twice this time:
> 
> https://lists.debian.org/debian-security-announce/2012/msg00189.html
> https://lists.debian.org/debian-security-announce/2012/msg00190.html

And also:
https://lists.debian.org/debian-security-announce/2012/msg00089.html

But I don't think using a DSA number for general announcements is a bad
idea. In fact I would very much like to see more of these like browser X
or Java is no longer supported, please remove or fix it yourself
(perhaps in nicer wording ;) ).

Thanks.

-- 
-- arthur - adej...@debian.org - http://people.debian.org/~adejong --


signature.asc
Description: This is a digitally signed message part

Re: [SECURITY] [DSA 2480-4] request-tracker3.8 regression update

[Darcy Small]

Darcy Small
Online PC Wizard
+447542537273
https://www.onlinepcwizard.com

On 15 Sep 2012, at 19:06, Raphael Geissert  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> - -
> Debian Security Advisory DSA-2480-4   secur...@debian.org
> http://www.debian.org/security/  Raphael Geissert
> September 15, 2012 http://www.debian.org/security/faq
> - -
> 
> Package: request-tracker3.8
> Vulnerability  : regression
> Debian-specific: no
> 
> The security updates for request-tracker3.8, DSA-2480-1, DSA-2480-2,
> and DSA-2480-3, contained minor regressions. Namely:
> 
> * The calendar popup page in Internet Explorer would be blocked by the
> CSRF protection mechanism.
> * Search results pages could not be shared without saving, sharing, and
> then loading the search.
> * rt-email-dashboards would fail with an error due to a call to an
> undefined "interp" method.
> 
> Please note that if you run request-tracker3.8 under the Apache web
> server, you must stop and start Apache manually.  The "restart"
> mechanism is not recommended, especially when using mod_perl.
> 
> For the stable distribution (squeeze), this problem has been fixed in
> version 3.8.8-7+squeeze5.
> 
> We recommend that you upgrade your request-tracker3.8 packages.
> 
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: http://www.debian.org/security/
> 
> Mailing list: debian-security-annou...@lists.debian.org
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.12 (GNU/Linux)
> 
> iEYEARECAAYFAlBUw7kACgkQYy49rUbZzloRmgCfRWU98a5Ug1c5HSGr9ltpRo17
> hU8An0wDUZTxSnOEuHfScdRcmuCYB1aW
> =BaTL
> -END PGP SIGNATURE-
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-announce-requ...@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
> Archive: http://lists.debian.org/201209151306.54607.geiss...@debian.org
> 
> 


--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/blu0-smtp1691396a9f28fb60c6239a9ab...@phx.gbl