Re: [SECURITY] [DSA 3654-1] quagga security update
On Fri, 26 Aug 2016 13:25:18 +0200, Steven Conrad Bayer <steven.ba...@neunzichgrad.de> said: > Hello Daniel, you can unsubscribe from list here: > https://lists.debian.org/debian-security/ The list Daniel actually wants to unsubscribe from is: https://lists.debian.org/debian-security-announce/ -- Hubert Chathi <uho...@debian.org> -- Jabber: hub...@uhoreg.ca PGP/GnuPG key: 4096R/113A1368 https://www.uhoreg.ca/ Fingerprint: F24C F749 6C73 DDB8 DCB8 72DE B2DE 88D3 113A 1368
Re: Debian Users Can't Download CD's Integrity/Sign or file-Signing PubKey, Over HTTPS/HKPS Encrypted Connection
On Tue, 12 Jul 2016 02:06:58 + (UTC), <ater...@yahoo.com> said: > in https://www.debian.org/CD/verify webpage: (1a) please Show+Enable > HKPS based GPG KeyServer, or (1b) Allow Single GPG PUBKEY File > Download (which is including all file-signing pubkeys), Over (HTTPS) > ENCRYPTED CONNECTION. For what purpose? Deliviring the public key over an encrypted connection doesn't help in ensuring the validity of the key when the fingerprint is already delivered over an HTTPS connection. The only thing that it would help is in hiding what key(s) are being requested. [...] > CD/DVD image ISO file's GPG-SIGNATURE (sig/sign) FILE or SHAnnnSUMS > INTEGRITY FILES (all of these files are very very TINY SIZED FILES > (few KILOBYTES only), compared to the VERY large-sized main file, the > ISO files). So AT-LEAST sig/sign file + Sums/Hash code files, need to > be shared with all users (from "https://cdimage.debian.org; or > https://www.debian.org/CD/ website) over HTTPS encrypted > connection/transfer. Again, for what purpose? Delivering the signature files over HTTPS doesn't help in ensuring the validity of the file, since it is validated using GnuPG. -- Hubert Chathi <uho...@debian.org> -- Jabber: hub...@uhoreg.ca PGP/GnuPG key: 4096R/113A1368 https://www.uhoreg.ca/ Fingerprint: F24C F749 6C73 DDB8 DCB8 72DE B2DE 88D3 113A 1368
Re: [SECURITY] [DSA 3576-1] icedove security update
On Sat, 14 May 2016 00:41:16 +0200, Davide Prina <davide.pr...@gmail.com> said: > To ckeck > $ grep icedove /var/log/dpkg.log [...] Or just run "apt-cache policy icedove", which will show you what version you have installed and what versions are available. You should see a couple of lines that look like: 38.8.0-1~deb8u1 500 http://security.debian.org/ jessie/updates/main amd64 Packages If not, then check your sources.list as Davide suggested. -- Hubert Chathi <uho...@debian.org> -- Jabber: hub...@uhoreg.ca PGP/GnuPG key: 4096R/113A1368 https://www.uhoreg.ca/ Fingerprint: F24C F749 6C73 DDB8 DCB8 72DE B2DE 88D3 113A 1368
Re: Unverifiable Signature on Debian Security Advisory Emails
On Fri, 12 Dec 2014 10:17:25 +0100, Sébastien NOBILI sebnewslet...@free.fr said: Hi, Le jeudi 11 décembre 2014 à 21:46, Hubert Chathi a écrit : On Thu, 11 Dec 2014 17:28:32 -0800, Jeremie Marguerie jere...@marguerie.org said: I guess there might/should be something on the official website with the key ID of official members. apt-get install debian-keyring? Thanks for pointing this package. I'm using stable branch and its contents is outdated (april 2013), so many of announces can't be verified this way… The same applies to Jessie version (august 2014)… Shouldn't this package follow Sid version even for stable branch ? What's the use for outdated keys that aren't used anymore ? Yeah, and it should probably be added to stable-updates. I'll backport Sid version for my stable system, hope there won't be any side effect… Given that it's purely data and it has no dependencies, there shouldn't be any side effects. However, remember that if you download the package manually, you lose the benefit of the apt archive signing. But it should be safe to add sid to your apt, and use pinning to only allow that package to be updated. -- Hubert Chathi uho...@debian.org -- Jabber: hub...@uhoreg.ca PGP/GnuPG key: 1024D/124B61FA http://www.uhoreg.ca/ Fingerprint: 96C5 012F 5F74 A5F7 1FF7 5291 AF29 C719 124B 61FA -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/8761dgon5v@desiato.home.uhoreg.ca
Re: Unverifiable Signature on Debian Security Advisory Emails
On Thu, 11 Dec 2014 17:28:32 -0800, Jeremie Marguerie jere...@marguerie.org said: I guess there might/should be something on the official website with the key ID of official members. apt-get install debian-keyring? -- Hubert Chathi uho...@debian.org -- Jabber: hub...@uhoreg.ca PGP/GnuPG key: 1024D/124B61FA http://www.uhoreg.ca/ Fingerprint: 96C5 012F 5F74 A5F7 1FF7 5291 AF29 C719 124B 61FA -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87388ld1qe@desiato.home.uhoreg.ca
Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
On Wed, 9 Jul 2008 15:45:12 -0700 Rick Moen [EMAIL PROTECTED] wrote: Quoting Hubert Chathi ([EMAIL PROTECTED]): Hmm... libnss-lwres is orphaned (#475089), and is uninstallable on sid. I'll bet the version of the missing dependency package (liblwres30) in lenny would suffice. I'm really more concerned about the fact that it's orphaned. And it appears to be unmaintained upstream (last release in 2001, and upstream moved it from the releases directory to the old-releases directory). -- Hubert Chathi [EMAIL PROTECTED] -- Jabber: [EMAIL PROTECTED] PGP/GnuPG key: 1024D/124B61FA http://www.uhoreg.ca/ Fingerprint: 96C5 012F 5F74 A5F7 1FF7 5291 AF29 C719 124B 61FA -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: pam_unix2 and xscreensaver password to restrictive
On Wed, 23 Apr 2008 18:01:12 +1000 Alex Samad [EMAIL PROTECTED] wrote: This is an error I was getting on xscreensaver that i noticed was being caused by pam. This is probably bugs #295526, #309037, #362954, #440955, (have I missed any?). From #295526, it looks like the pam_unix2 maintainer agrees to the unix2_chkpwd helper binary, but has requested help. So it would be nice if someone could give him a hand. -- Hubert Chathi [EMAIL PROTECTED] -- Jabber: [EMAIL PROTECTED] PGP/GnuPG key: 1024D/124B61FA http://www.uhoreg.ca/ Fingerprint: 96C5 012F 5F74 A5F7 1FF7 5291 AF29 C719 124B 61FA
Re: setuid binary in ktsuss
On Sat, 09 Feb 2008 14:13:30 -0800 Russ Allbery [EMAIL PROTECTED] wrote: Yves-Alexis Perez [EMAIL PROTECTED] writes: I'm about to upload ktsuss to debian, wich is a graphical wrapper around su (much like gksu but without any gnome dependency). One point puzzles me, the ktsuss binary is setuid root (so it can read the root password). gksu doesn't do this (it calls su, I guess). I would expect it to use PAM, which uses the setuid unix_chkpwd ^^^ As long as you're using pam_unix. It appears that if you use pam_unix2, you still need to be suid, since pam_unix2 doesn't have its own suid wrapper [1]. (I don't know what it's like with pam_pwdfile, etc.) Now, whether pam_unix2 should use a wrapper or not is the subject of a different flamewar... [1] http://bugs.debian.org/295526 http://bugs.debian.org/362954 binary. If it's not using PAM, that's probably a bug. -- Hubert Chathi [EMAIL PROTECTED] -- Jabber: [EMAIL PROTECTED] PGP/GnuPG key: 1024D/124B61FA http://www.uhoreg.ca/ Fingerprint: 96C5 012F 5F74 A5F7 1FF7 5291 AF29 C719 124B 61FA -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ping22: can not kill this process
On Fri, 04 Jan 2008 08:23:45 +0100 Bernd Eckenfels [EMAIL PROTECTED] wrote: what kind applications are using /dev/shm? I googled around,seem not find much information. right now I mount i as rw,noexec,nosuid. It is for example used to map shared memory. ... No, it is a tmpfs directory for temporary files. It has nothing to do with shared memory. -- Hubert Chathi [EMAIL PROTECTED] -- Jabber: [EMAIL PROTECTED] PGP/GnuPG key: 1024D/124B61FA http://www.uhoreg.ca/ Fingerprint: 96C5 012F 5F74 A5F7 1FF7 5291 AF29 C719 124B 61FA -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ping22: can not kill this process
On Fri, 04 Jan 2008 22:30:18 +0100 Bernd Eckenfels [EMAIL PROTECTED] wrote: why do you think it is named shm? it is used for shm_open and shm_unlink. (where glibc used temporary files to mmap them) Ah, I see. I have never come across a program (yet) that uses it for shared memory. Perhaps I'm just running the wrong programs. On some systems (like mine) tmp is a symlink to it, or you use a second instance of tmpfs. However is still is used for share memory (only). Actually, some things use /dev/shm for non-shared-memory purposes. Like the resolvconf package. -- Hubert Chathi [EMAIL PROTECTED] -- Jabber: [EMAIL PROTECTED] PGP/GnuPG key: 1024D/124B61FA http://www.uhoreg.ca/ Fingerprint: 96C5 012F 5F74 A5F7 1FF7 5291 AF29 C719 124B 61FA -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
