Re: Compromising Debian Repositories
Hi Paul, On Montag, 5. August 2013, Paul Henning wrote: Yes, kick Kurt Roeckx from his admin privileges to start. It's the easiest most basic thing you can do. [more FUD deleted] are you paid by some three or four letter agency to spread FUD? cheers sorry, I couldnt resist, Holger signature.asc Description: This is a digitally signed message part.
Re: Compromising Debian Repositories
On Mon, Aug 5, 2013 at 9:17 AM, intrigeri intrig...@debian.org wrote: I need a reality check, as it's unclear to me what are the goals of this discussion. I don't think there are any goals. I asked it just to understand if it would be possible to do what I was thinking (apparently, it is) and the discussion continued from there. I think most of you are foccusing in servers running Debian, but when I asked the question I was thinking about personal computers. For example, if there are any vulnerabilities on ssh, they won't be able to get into my computer anyway because I'm always behind a NAT (and I'm not even sure that I have ssh on this computer). I understand that usually you are worried about directed attacks towards a machine, but in this case the NSA (and probably many other organizations) is interrested in infecting a lot of computers and mine data from there.
Re: Compromising Debian Repositories
On Wed, Aug 07, 2013 at 05:26:24PM +0100, Daniel Sousa wrote: I think most of you are foccusing in servers running Debian, but when I asked the question I was thinking about personal computers. For example, if there are any vulnerabilities on ssh, they won't be able to get into my computer anyway because I'm always behind a NAT (and I'm not even sure that I have ssh on this computer). That's why most attacks these days are launched against client systems rather than servers. Do you use a web browser on the internet? If yes, then somone can target you with an exploit. Mike Stone -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/70b5086c-ff81-11e2-b16f-001cc0cda...@msgid.mathom.us
External check
CVE-2013-1633: TODO: check CVE-2013-5029: RESERVED -- The output might be a bit terse, but the above ids are known elsewhere, check the references in the tracker. The second part indicates the status of that id in the tracker at the moment the script was run. -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/5201ec95.hofbppgmz3lzanf5%atomo64+st...@gmail.com
