Re: Reaction to potential PGP schism
Hi Daniel, Quick backstory: I stayed away from hardware crypto for a long while since there were so many incompatibilities, partial support, or side patches to get basic things to work. Over time, it seems it got to a point where it's mainstream enough that you can buy a Yubikey without much of a second thought, and get GPG to work out of the box on it… Daniel Kahn Gillmor (2023-12-20): > OpenPGP implementations have generally learned from those failures, and > many of them are now much more resilient and can support the kinds of > upgrade path that we need to consider. For most of our > signing/verifying-focused work, that means: > > - verifying tools should ignore signatures and certificates that they >don't understand, while still validating signatures from certificates >that they do understand > > - signing tools can make pairs of signatures, one "compatibility" >signature and one "modern" signature > > This means that for a debian signing/verification context, like package > distribution, which has a global workflow, starting from an existing > OpenPGP implementation, signing key and corresponding verification > certificate, it looks like: > > 0) upgrade the signing tool, and start upgrading some of the > verification tooling. > > 1) create a new signing certificate with the new version, algorithm, or > feature. > > 2) distribute the old+new certificates for the verifiers. > > 3) make signatures with old+new in parallel > > 4) complete upgrade of all verification tooling > > 5) stop making signatures with old signing certificates … what does this mean for anything that involves hardware-backed crypto? I'm thinking Yubikeys and the like, but also HSMs that might be on the critical path to sign things like GRUB, linux (at least for now), etc. Even if we end up with a brand new gnupg release on the relevant signing host(s), I fear hardware devices might not feature all the bits that are needed for those new features? Cheers, -- Cyril Brulebois (k...@debian.org)<https://debamax.com/> D-I release manager -- Release team member -- Freelance Consultant signature.asc Description: PGP signature
Re: amd64 running on Intel Celeron and Pentium?
Elmar Stellnberger (2022-04-17): > I haven´t heard yet of a Pentium IV supporting amd64. > Likely it does not exist. https://en.wikipedia.org/wiki/List_of_Intel_Pentium_4_processors seems to disagree in general. Willamette seems to be old enough to be 32-bit only though. Cheers, -- Cyril Brulebois (k...@debian.org)<https://debamax.com/> D-I release manager -- Release team member -- Freelance Consultant signature.asc Description: PGP signature
Re: Problems with shim and shim-signed in unstable, and proposed solutions to unblock us
Steve McIntyre (2019-03-04): > And Mark says: > > "we don't want to go rewinding version numbers in unstable; that could > lead to all sorts of unforeseeable breakage. > > much as we'd expected. Any more feedback please? Cyril prefers > approach #2 below, I prefer #3. To clarify: #2 was my preferred approach when we first tried to get #3 to work, seeing how many things could need tweaking; #2 is mostly about re-uploading packages that we know were working (albeit with different version numbers), which looked more reassuring. Given the amount of research we've done since then, it seems that we've ironed out what could be an issue (mostly the fact we moved files from one binary package to another one), and we didn't spot other packages having relationships to either binary packages, that could have an issue with the new layout. Building a binary package for real, even if in a chroot with some specific versions also looks cleaner to me than repacking and re-uploading old binaries. Long story short: #3 looks good to me. Cheers, -- Cyril Brulebois (k...@debian.org)<https://debamax.com/> D-I release manager -- Release team member -- Freelance Consultant signature.asc Description: PGP signature
Re: [SECURITY] [DSA 3355-2] libvdpau regression update
Hi, Daniel Reichelt(2015-11-03): > Hi * > > the amd64 build for 0.8-3+deb8u2 seems to be missing from [1]. > > Is this an error or am I missing something? > > > Thanks > Daniel > > > [1] http://security.debian.org/pool/updates/main/libv/libvdpau/ If I'm reading wanna-build right, it's Uploaded (as opposed to Installed), since 2015-11-02 17:25:03.079505 So far as I can check, queued and dak on ftp-master seem rather happy: | Nov 2 19:31:19 processing /libvdpau_0.8-3+deb8u2_amd64.changes | Nov 2 19:31:19 libvdpau_0.8-3+deb8u2_amd64.changes processed successfully (uploader pkg-nvidia-de...@lists.alioth.debian.org) and: | 20151102193529|process-upload|dak|Processing changes file|libvdpau_0.8-3+deb8u2_amd64.changes | 20151102193532|process-upload|dak|ACCEPT|libvdpau_0.8-3+deb8u2_amd64.changes so it doesn't seem obvious to me what's happening here. Adding team@ to the loop since I don't think I can check anything on the security.d.o side. Mraw, KiBi. signature.asc Description: Digital signature
Re: apt-build - Authentication warning overridden. - security issue?
Patrick Schleizer adrela...@riseup.net (2015-03-18): Hi, I was running: sudo apt-build install ccache And the output contained a message: WARNING: The following packages cannot be authenticated! ccache Authentication warning overridden. Is this just how apt-build works or could this be a security issue due to installing unauthenticated packages? It probably wouldn't happen if the source snippet added at installation time would be using “deb [trusted=yes]” instead of just “deb”. Manually editing /etc/apt/sources.list.d/apt-build.list seems to confirm that. See /var/lib/dpkg/info/apt-build.postinst: debline=deb file:$repository_dir apt-build main Mraw, KiBi. signature.asc Description: Digital signature
Re: [SECURITY] [DSA 3053-1] openssl security update
Jonathan Wiltshire j...@debian.org (2014-10-18): Technically nothing is blocked yet (except udebs) They were only blocked for a tiny number of days. Mraw, KiBi. signature.asc Description: Digital signature
Re: Shellshock: Has CVE-2014-7186 and CVE-2014-7187 been addressed for debian
Conrad Nelson y...@marupa.net (2014-09-27): On Sun, 2014-09-28 at 06:33 +1000, Andrew McGlashan wrote: On 28/09/2014 4:29 AM, Martin Holub wrote: Please according to the Security Tracker [1,2] booth are fixed in stable and oldstable. NOT QUITE . fixed in stable [wheezy] and oldstable-LTS [squeeze-lts] BUT NOT oldstable [squeeze] it is NOT fixed, nor is it still supported. :( Cheers A. What about Jessie? kibi@arya:~$ rmadison -a source bash -s testing,unstable bash | 4.3-9.2 |testing | source bash | 4.3-9.2 | unstable | source Mraw, KiBi. signature.asc Description: Digital signature
Re: Checking for services to be restarted on a default Debian installation
Thijs Kinkhorst th...@debian.org (2014-09-01): My questions to this list: - Do people agree that this would be something that's good to have in a default installation? Are there drawbacks? Having to know about debian-goodies always looked awkward to me. A dedicated, easy to identify package looks like a nice idea to me. - If agreed, how would we approach this? I have to admit that I do not know who decides what is part of a default install or where this is implemented. (Hopefully the following isn't too far from reality, just had a very quick look.) That would be the standard task, defined in tasksel (tasks/standard) with “Packages: standard”, which pulls packages with that priority; FWIW that task is a bit special since it's not defined as a task-$foo package. Mraw, KiBi. signature.asc Description: Digital signature
Re: Missing ISO hash
Djones Boni 07ea86b...@gmail.com (2014-07-14): The Debian 7.6 update ISO hashes are missing on bt-dvd directory. http://cdimage.debian.org/debian-cd/7.6.0/amd64/bt-dvd/MD5SUMS http://cdimage.debian.org/debian-cd/7.6.0/*/bt-dvd/MD5SUMS They can be found in iso-dvd and jigdo-dvd. http://cdimage.debian.org/debian-cd/7.6.0/amd64/iso-dvd/MD5SUMS http://cdimage.debian.org/debian-cd/7.6.0/amd64/jigdo-dvd/MD5SUMS This looks OK now. Mraw, KiBi. signature.asc Description: Digital signature
Re: USN-2192-1: OpenSSL vulnerabilities
Testosticore testostic...@openmailbox.org (2014-05-07): Aren't we affected by this, too? http://www.ubuntu.com/usn/usn-2192-1/ Checking the security tracker would seem like an idea? https://security-tracker.debian.org/tracker/CVE-2010-5298 https://security-tracker.debian.org/tracker/CVE-2014-0198 Mraw, KiBi. signature.asc Description: Digital signature
Re: SHA256SUM/MD5SUM check sums do not match for installer-i386
Hi, m...@xlist.pw m...@xlist.pw (2014-03-07): Hi, I downloaded wheezy from ftp://ftp2.de.debian.org/debian/dists/wheezy/main/installer- i386/current/images/* ftp://ftp.debian.org/debian/dists/wheezy/main/installer-i386/current/images/* and ftp://ftp.nl.debian.org/debian/dists/wheezy/main/installer- i386/current/images/* Checking with SHA256SUM und MD5SUM files I got the same checksum errors for the same files I downloaded from different locations: user@host:~/download/debian-wheezy/images$ sha256sum --check SHA256SUMS|grep FAILED 3:./hd-media/gtk/vmlinuz: FAILED 4:./hd-media/vmlinuz: FAILED 10:./netboot/xen/vmlinuz: FAILED sha256sum: ./netboot/gtk/pxelinux.cfg/default: No such file or directory 15:./netboot/gtk/pxelinux.cfg/default: FAILED open or read 61:./netboot/gtk/debian-installer/i386/linux: FAILED sha256sum: ./netboot/pxelinux.cfg/default: No such file or directory 64:./netboot/pxelinux.cfg/default: FAILED open or read 110:./netboot/debian-installer/i386/linux: FAILED 115:./cdrom/xen/vmlinuz: FAILED 120:./cdrom/gtk/vmlinuz: FAILED 121:./cdrom/vmlinuz: FAILED sha256sum: WARNING: 2 listed files could not be read sha256sum: WARNING: 8 computed checksums did NOT match user@host:~/download/debian-wheezy/images$ md5sum --check MD5SUMS|grep FAILED 3:./hd-media/gtk/vmlinuz: FAILED 4:./hd-media/vmlinuz: FAILED 10:./netboot/xen/vmlinuz: FAILED md5sum: ./netboot/gtk/pxelinux.cfg/default: No such file or directory 15:./netboot/gtk/pxelinux.cfg/default: FAILED open or read 61:./netboot/gtk/debian-installer/i386/linux: FAILED md5sum: ./netboot/pxelinux.cfg/default: No such file or directory 64:./netboot/pxelinux.cfg/default: FAILED open or read 110:./netboot/debian-installer/i386/linux: FAILED 115:./cdrom/xen/vmlinuz: FAILED 120:./cdrom/gtk/vmlinuz: FAILED 121:./cdrom/vmlinuz: FAILED md5sum: WARNING: 2 listed files could not be read md5sum: WARNING: 8 computed checksums did NOT match BTW, the same happens for installer-amd64. Who can be contacted to get the hash files fixed? well, that worked for me, for 'ftp', 'ftp.fr', 'ftp.nl': lftp -c mirror ftp://XX.debian.org/debian/dists/wheezy/main/installer-i386/current/images cd images md5sum --check MD5SUMS sha256sum --check SHA256SUMS So it looks to me checksums are OK. (#704162 is not relevant.) Make sure your downloads weren't truncated? Mraw, KiBi. signature.asc Description: Digital signature
Re: possible /dev/random compromise (misplaced trust in RDRAND / Padlock entropy sources)
Steven Chamberlain ste...@pyro.eu.org (2013-12-14): On 14/12/13 01:08, Henrique de Moraes Holschuh wrote: Yeah, I think Linux went through similar blindness braindamage sometime ago, but blind trust on rdrand has been fixed for a long time now, and it never trusted any of the other HRNGs (or used them for anything at all without a trip through rng-tools userspace until v3.12). I seem to remember that Ted T'so's committed the fix for this only after the release of Linux 3.2, so I assuemd wheezy's kernels might be still affected? If you're talking about this: | commit c2557a303ab6712bb6e09447df828c557c710ac9 | Author: Theodore Ts'o ty...@mit.edu | Date: Thu Jul 5 10:35:23 2012 -0400 | | random: add new get_random_bytes_arch() function | […] it was backported into 3.2.y, that would be 7f5d5266f8a1f7f54707c15e028f220d329726f4 also known as v3.2.27~51. Mraw, KiBi. signature.asc Description: Digital signature
Re: MIT discovered issue with gcc
Stefan Roas sr...@roath.org (2013-11-23): On Sat Nov 23, 2013 at 10:18:43, Robert Baron wrote: Second question: Doesn't memcpy allow for overlapping memory, but strcpy does not? Isn't this why memcpy is preferred over strcpy? Nope. There's memmove for overlapping areas. Indeed, easy enough to check anyway, opengroup memcpy gives you: http://pubs.opengroup.org/onlinepubs/007904975/functions/memcpy.html Quoting it: The memcpy() function shall copy n bytes from the object pointed to by s2 into the object pointed to by s1. If copying takes place between objects that overlap, the behavior is undefined. Mraw, KiBi. signature.asc Description: Digital signature
Re: There is Pidgin in security updates with same version but different checksum
Marko Randjelovic marko...@eunet.rs (2013-10-04): The package from security looks like error because it does not appear in apt-cache show, but exists in lists file and in http://security.debian.org/pool/updates/main/p/pidgin/. Can you please elaborate? The above has got: 2.7.3-1+squeeze3 Current status across distributions is: kibi@arya:~$ rmadison pidgin -a source pidgin | 2.7.3-1+squeeze3 | oldstable | source pidgin | 2.10.6-3~bpo60+1 | squeeze-backports | source pidgin | 2.10.6-3 |stable | source pidgin | 2.10.7-2 | testing | source pidgin | 2.10.7-2 | unstable | source so the 2.7.3-1+squeeze3 upload available through security for oldstable got merged into oldstable proper during a point release. What version are you chasing, for which distribution? Mraw, KiBi. signature.asc Description: Digital signature
Re: Upcoming oldstable point release (6.0.8)
Adam D. Barratt a...@adam-barratt.org.uk (2013-09-22): The next point release for squeeze (6.0.8) is scheduled for Saturday October 19th. Oldstable NEW will be frozen during the preceding weekend. As usual, base-files can be uploaded at any point before the freeze. I don't think I have anything d-i-ish for that one. -boot@, anything I forgot? Mraw, KiBi. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130922191746.ge30...@mraw.org
Re: Upcoming stable point release (7.2)
Adam D. Barratt a...@adam-barratt.org.uk (2013-09-22): The next point release for wheezy (7.2) is scheduled for Saturday October 12th. Stable NEW will be frozen during the preceding weekend. So there's a new linux kernel for that one: http://womble.decadent.org.uk/blog/linux-kernel-update-for-wheezy-3251-1.html which I haven't tested at all; there's kfreebsd-9 as well, along with flash-kernel, multipath-tools, gnupg, grub2, and libgcrypt11 (looking at the udeb-producing packages on the current p-u summary[1]). 1. http://release.debian.org/proposed-updates/stable.html I wonder whether we need/want to fix iso-scan's #722711 in stable as well. I haven't yet investigated if stable is affected and what the fix looks like, though; just mentioning it in case somebody wants to look into it. -boot@, if anyone sees something that needs fixing in stable and wasn't spotted/marked as such until now, please speak up. Mraw, KiBi. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130922192947.gf30...@mraw.org
Re: gpg signatures for Wheezy images
adrelanos adrela...@riseup.net (22/02/2013): Stable, http://cdimage.debian.org/debian-cd/6.0.6/i386/iso-dvd/ contains gpg signatures. Wheezy, http://cdimage.debian.org/cdimage/weekly-builds/i386/iso-dvd/ does not contain gpg signatures. Can you offer gpg signatures for Wheezy as well please? http://cdimage.debian.org/cdimage/wheezy_di_rc1/ has signatures, as well as previous releases. See http://www.debian.org/News/2013/20130219 for the announcement. Mraw, KiBi. signature.asc Description: Digital signature
Re: Linux 3.2: backports some features from mainline kernel (3.7)?
Hi, daniel curtis sidetripp...@gmail.com (15/12/2012): Kernel 3.7 is officially out. This Linux release includes many improvements practically in every aspect. Many changes also concerns security. Very interesting are: Cryptographically-signed kernel modules and - long awaited - symlink and hardlink restrictions (already in Linux 3.6), but it broke some programs, so it has been disabled by default, right? from http://packages.debian.org/changelogs/pool/main/l/linux/linux_3.2.35-1/changelog.html | linux (3.2.29-1) unstable; urgency=low | … |* fs: Update link security restrictions to match Linux 3.6: | - Drop kconfig options; restrictions can only be disabled by sysctl | - Change the audit message type from AUDIT_AVC (1400) to |AUDIT_ANON_LINK (1702) | … | linux-2.6 (3.2.9-1) unstable; urgency=high | … |* fs: Introduce and enable security restrictions on links: | - Do not follow symlinks in /tmp that are owned by other users |(sysctl: fs.protected_symlinks) | - Do not allow unprivileged users to create hard links to sensitive files |(sysctl: fs.protected_hardlinks) (Closes: #609455) |+ This breaks the 'at' package in stable, which will be fixed shortly | (see #597130) | The precise restrictions are specified in Documentation/sysctl/fs.txt in | the linux-doc-3.2 and linux-source-3.2 packages. Anyway, I suspect you want to ask Linux kernel questions to Linux kernel maintainers (meaning debian-kernel@). Mraw, KiBi. signature.asc Description: Digital signature
Re: [SECURITY] [DSA 2566-1] exim4 security update
Tomas Pospisek tpo_...@sourcepole.ch (26/10/2012): They don't seem to be available anywhere I look, particularily not in the http://security.debian.org/ package repository or in the standard debian package repository neither for unstable nor for wheezy. http://incoming.debian.org/ has the versions indicated above, however the packages are not signed. What's the way forward from here? Will you rerun the incoming queue and build packages for security.debian.org or should users (blindly?) install the packages from incoming? http://packages.qa.debian.org/e/exim4/news/20121026T084842Z.html says the package was accepted a few hours ago. https://buildd.debian.org/status/package.php?p=exim4suite=sid says packages were built a few hours ago. Please allow some time for packages to move from incoming to the mirrors, and upgrade at this point. Mraw, KiBi. signature.asc Description: Digital signature
Re: [SECURITY] [DSA 2550-1] asterisk security update
Hi. Herman van Rink r...@initfour.nl (19/09/2012): On 09/18/2012 11:40 PM, Michael Kozma wrote: Hello, I have an error with my sip config since i have updated the asterisk package : monitoring*CLI module load sip Unable to load module sip Command 'module load sip' failed. [Sep 18 23:31:39] WARNING[7931]: loader.c:393 load_dynamic_module: Error loading module 'sip': /usr/lib/asterisk/modules/sip.so: cannot open shared object file: No such file or directory [Sep 18 23:31:39] WARNING[7931]: loader.c:801 load_resource: Module 'sip' could not be loaded. Michael, that should be “chan_sip” apparently? I had a similar issue after this update, but not exactly. [Sep 19 08:41:32] WARNING[8405] loader.c: Error loading module 'chan_sip.so': /usr/lib/asterisk/modules/chan_sip.so: undefined symbol: sip_pvt_lock_full [Sep 19 08:41:32] WARNING[8405] loader.c: Module 'chan_sip.so' could not be loaded. Herman, probably a consequence of debian/patches/AST-2012-010: +static int reinvite_timeout(const void *data) +{ … + struct ast_channel *owner = sip_pvt_lock_full(dialog); … +} Looks like the patch is missing the addition of that needed function. Added team@ in the loop, to make sure they see this. Mraw, KiBi. signature.asc Description: Digital signature
Re: python 2.6.6 - python 2.6.8
Marc Haber mh+debian-secur...@zugschlus.de (25/06/2012): phyton is not listed in (ahah) http://security-tracker.debian.org/tracker/CVE-2011-3389, does that mean that nobody yet identified python as being affected? How can python be added here? Surely the links in “Please help us keep this information up-to-date by reporting any discrepancies or change of states that you are aware of and/or help us improve the quality of this information by participating.” on the tracker home page is what you're looking for. Mraw, KiBi. signature.asc Description: Digital signature
Re: [SECURITY] [DSA 2670-1] wordpress security update
Marc Gorzala m...@gorzala.de (11/05/2012): auf c nutzen wir ja kein debian-wordpress Please set proper To/Cc fields and leave this list alone, thanks already. Mraw, KiBi. signature.asc Description: Digital signature
Re: Antw: Re: [SECURITY] [DSA 2378-1] ffmpeg security update
Robyn Hurst rhu...@thomasu.edu (04.01.2012): Please remove me from this mailing list. Stefan Grzenkowski sgrzenkow...@gebics.de (04/01/2012): please remove me,too What about this? Both of you go read the mail you're replying to, and then do what's mentioned there to get unsubscribed? kthxbye. Mraw, KiBi. signature.asc Description: Digital signature
Re: [SECURITY] [DSA 2122-2] New glibc packages fix privilege escalation
Florian Weimer f...@deneb.enyo.de (11/01/2011): -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2122-2 secur...@debian.org http://www.debian.org/security/Florian Weimer January 11, 2011 http://www.debian.org/security/faq - - Package: glibc Vulnerability : missing input sanitization Problem type : local Debian-specific: no CVE ID : CVE-2010-3847 CVE-2010-3856 Colin Watson discovered that the update for stable relased in DSA-2122-1 did not complete address the underlying security issue in ↑ +ly I obeyed the Reply-To, but maybe one should mail another address to get typos fixed in the web version? KiBi. signature.asc Description: Digital signature
Re: Nessus to be removed from Debian, please switch to OpenVAS
Javier Fernández-Sanguino Peña j...@computer.org (02/08/2009): I encourage people that are looking for an alternative to Nessus to switch to OpenVAS (Open Vulnerability Assessment Scanner) which is a Nessus fork (based on the 2.2.x branch) that is actively being maintained and is now available in Debian. I'm not quite used to that, but that might be worse adding that to the release notes? Mraw, KiBi. signature.asc Description: Digital signature
Re: [SECURITY] [DSA 1786-1] New acpid packages fix denial of service
Nico Golde debian-security...@ngolde.de (04/05/2009): * Steffen Joeris wh...@debian.org [2009-05-04 05:25]: Debian Security Advisory DSA-1786-1 secur...@debian.org http://www.debian.org/security/ Steffen Joeris May 02, 2009 http://www.debian.org/security/faq Package: acpid Vulnerability : denial of service Problem type : remote Das sollte local sein. People might have got it, but anyway: “should have been local” (or “should be local”, I guess both senses are possible here). Mraw, KiBi. signature.asc Description: Digital signature
Re: mt-daapd #404640 introduces remote security hole
Alexander Kurtz kurtz.a...@googlemail.com (01/04/2009): since it took more than half a year until someone responded to the initial mail of #404640 and there are still SERIOUS REMOTE SECURITY ISSUES UNFIXED, I thougt I'd just drop a link: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=404640 YOU MUST BE KIDDING. Mraw, KiBi. signature.asc Description: Digital signature
Re: [LI#NCE-fWtY2-534] [SECURITY] [DSA 1737-1] New wesnoth packages fix several vulnerabilities
Dan Bassett t...@csl-tech.illinois.edu (11/03/2009): First of... HAHAHAHAHAHHAHAHAHAAHAHA Ah? Secondly, not on any of our servers... Hm, we don't care? Mraw, KiBi. signature.asc Description: Digital signature
Re: [Koumbit #27201] [SECURITY] [DSA 1731-1] New ndiswrapper packages fix arbitrary code execution vulnerability
Antoine Beaupré via RT secur...@rt.koumbit.net (02/03/2009): Status: resolved Status: we-don’t-care Fix your mail setup. Mraw, KiBi. signature.asc Description: Digital signature
Re: New Etch Point Release
Sythos syt...@sythos.net (10/02/2009): no lenny release as stable? :) Good things come to those… Mraw, KiBi. signature.asc Description: Digital signature
Re: [SECURITY] [DSA 1704-1] New xulrunner packages fix several vulnerabilities
Celejar cele...@gmail.com (15/01/2009): Is there any automatic way to check whether a given system has any of the binary packages built from a given source package installed? (without any deb-src) It looks like the following does what you want: | grep-status -sPackage -F Package $source_package Works for me with blender, xulrunner, graphviz as source package names. Mraw, KiBi. signature.asc Description: Digital signature
Re: [SECURITY] [DSA 1704-1] New xulrunner packages fix several vulnerabilities
Celejar cele...@gmail.com (15/01/2009): (without any deb-src) It looks like the following does what you want: | grep-status -sPackage -F Package $source_package Works for me with blender, xulrunner, graphviz as source package names. Bleh. Needed sleep :) Make “-F Package” become “-F Source”. Unfortunately, if a binary package is built from a source package with the same name, it isn't printed. E.g. “grep-status -sPackage -F Source graphviz” won't return graphviz, even if it's installed, so you'll have to add a special-case. Using --exact-match should help. What about the following? | grep-status -X -sPackage -F Source $p; grep-status -X -sPackage -F Package $p Might be suboptimal but oh well, it does (this time I hope…) answer your question. According to the man page, your command merely prints the package fields of those packages whose package fields contains the string $source_package, as above. Have I missed something? Sorry about that. Mraw, KiBi. signature.asc Description: Digital signature
Re: [SECURITY] [DSA 1704-1] New xulrunner packages fix several vulnerabilities
Celejar cele...@gmail.com (14/01/2009): We recommend that you upgrade your xulrunner packages. On my Sid box, I only have 'xulrunner-1.9' from the official repo, and xulrunner only from 'debian-multimedia.org'. That's the source package name. Binaries built from this source: | $ LANG=C apt-cache showsrc xulrunner|grep ^Binary:|tr -d ,|sed -e 's/ /\n/g'|sort | Binary: | libmozillainterfaces-java | libmozjs1d | libmozjs1d-dbg | libmozjs-dev | python-xpcom | spidermonkey-bin | xulrunner-1.9 | xulrunner-1.9-dbg | xulrunner-1.9-gnome-support | xulrunner-dev Mraw, KiBi. signature.asc Description: Digital signature
Re: Freeze exceptions for iceape/iceweasel/xulrunner?
Francesco Poli f...@firenze.linux.it (10/01/2009): On the other hand iceape [2], iceweasel [3], and xulrunner [4] seem to be in freeze, even though their unstable versions fix many vulnerabilities. Have freeze exceptions been already requested for them? http://lists.debian.org/debian-release/ (no) Otherwise, are there plans to do so? RC bugfixes are usually unblocked without the need for asking. Also, security bugfixes for ice* packages are allowed by habit. P.S.: Please Cc: me on replies, as I am not a list subscriber. Done. Mraw, KiBi. signature.asc Description: Digital signature
Re: [SECURITY] [DSA 1680-1] New clamav packages fix potential code execution
Dominic Hargreaves [EMAIL PROTECTED] (10/12/2008): Looks like it is in the etch-proposed-updates/etch dist, though, if you wanted it. Volatile admins, is there something wrong with this package or has it just been forgotten about? Correct according to: http://release.debian.org/proposed-updates/stable.html Mraw, KiBi. signature.asc Description: Digital signature
Re: md5 hashes used in security announcements
Florian Weimer [EMAIL PROTECTED] (24/10/2008): I don't know to which address you sent the address, so I don't know if it's been overlooked. [EMAIL PROTECTED] aka. http://lists.debian.org/debian-security/2008/10/msg00030.html Mraw, KiBi. signature.asc Description: Digital signature
Re: 17 updates for Etch?!?! ¡!¡¡111oneonelevenoneone
Jim Popovitch [EMAIL PROTECTED] (26/07/2008): WTF?!?!? Were all those apps + kernel updated today? Point release, see [1]. I guess the announcement is on its way. Might be sent once most architectures have all packages built. 1. http://www.philkern.de/weblog/en/debian/etch_4.0r4.html Mraw, KiBi. signature.asc Description: Digital signature
Re: Broken link on Debian CVE Web page (Was: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
On 13/05/2008, Stephane Bortzmeyer wrote: By the way, the page http://www.debian.org/security/cve-compatibility has a link http://security-tracker.debian.org/, labeled The Debian Security Tracker has the canonical list of CVE names, corresponding Debian packages, and this link is broken: there is no security-tracker.debian.org. Just in case you don't know about it yet, try .net. Mraw, KiBi. pgpGke0BxVdhq.pgp Description: PGP signature
Re: [SECURITY] [DSA 1466-1] New xorg-server packages fix several vulnerabilities
On 18/01/2008, Adrian Minta wrote: After this update vlc and possible other programs will not work anymore. #461410. Cheers, -- Cyril Brulebois pgpnq1t4YITN1.pgp Description: PGP signature