subject:"\[SECURITY\] \[DSA 3654\-1\] quagga security update"

Re: [SECURITY] [DSA 3654-1] quagga security update

2016-08-26 Thread Hubert Chathi

On Fri, 26 Aug 2016 13:25:18 +0200, Steven Conrad Bayer 
 said:

> Hello Daniel, you can unsubscribe from list here:
> https://lists.debian.org/debian-security/

The list Daniel actually wants to unsubscribe from is:
https://lists.debian.org/debian-security-announce/

-- 
Hubert Chathi  -- Jabber: hub...@uhoreg.ca
PGP/GnuPG key: 4096R/113A1368 https://www.uhoreg.ca/
Fingerprint: F24C F749 6C73 DDB8 DCB8  72DE B2DE 88D3 113A 1368

Re: [SECURITY] [DSA 3654-1] quagga security update

2016-08-26 Thread Frank de Bruijn


Op 26-08-16 om 13:38 schreef deb...@roth.lu:

You're nice.

If the people (who probably added themselves to the ML in the first
place, as there is no other way) at least had the decency of writing
"unsubscribe" correctly, even though it can never work when just sending
it in-line to the list. (I'd not reply and leave them subscribed until
they learn for themselves: http://lmgtfy.com/?q=debian+security+unsubscribe)


They're stupid enough to think mailing the list itself will work, so 
expecting them to actually learn something after that is a very optimistic.


I always mail them the unsubscribe link privately, usually with a 
comment about their actions (very or mildly sarcastic, depending on my 
mood).


Also, keep in mind the list they want to unsubscribe from is the 
security annouce list (debian-security-announce), not the security list 
(debian-security)


Regards,
Frank

Re: [SECURITY] [DSA 3654-1] quagga security update

2016-08-26 Thread debian

You're nice.

If the people (who probably added themselves to the ML in the first 
place, as there is no other way) at least had the decency of writing 
"unsubscribe" correctly, even though it can never work when just sending 
it in-line to the list. (I'd not reply and leave them subscribed until 
they learn for themselves: http://lmgtfy.com/?q=debian+security+unsubscribe)

That said, people with autoresponders replying to mailing lists should 
be unsubscribed automatically (if that isn't already happening).

On 8/26/2016 1:25 PM, Steven Conrad Bayer wrote:

Hello Daniel,

you can unsubscribe from list here:
https://lists.debian.org/debian-security/

Regards,

Steven

Am 26.08.2016 um 13:04 schrieb Daniel Chen:
> unsubscrbe > > > On Thu, Aug 25, 2016 at 11:03 PM, Sebastien Delafond 
> wrote: >

-
Debian Security Advisory DSA-3654-1 secur...@debian.org 

https://www.debian.org/security/  
Sebastien Delafond
August 26, 2016 https://www.debian.org/security/faq 

-

Package: quagga
CVE ID : CVE-2016-4036 CVE-2016-4049
Debian Bug : 822787 835223

Two vulnerabilities were discovered in quagga, a BGP/OSPF/RIP routing
daemon.

  CVE-2016-4036

 Tamás Németh discovered that sensitive configuration files in
 /etc/quagga were world-readable despite containing sensitive
 information.

  CVE-2016-4049

Evgeny Uskov discovered that a bgpd instance handling many peers
could be crashed by a malicious user when requesting a route dump.

For the stable distribution (jessie), these problems have been fixed in
version 0.99.23.1-1+deb8u2.

We recommend that you upgrade your quagga packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/ 

Mailing list: debian-security-annou...@lists.debian.org 

> > > > > >  CAUTION - Disclaimer * > > 
*This e-mail communication (including any and all attachments 
transmitted with it) may contain legally privileged and confidential 
information and is intended solely for the use of the recipient named. 
If the reader of this e-mail communication is not the intended 
recipient, you are hereby notified that any reading, dissemination, 
distribution, copying, or other use of this e-mail communication 
(including any and all attachments), or any of its contents, is 
strictly prohibited. If you have received this e-mail communication in 
error, please notify the sender immediately by electronic mail 
(sender's e-mail address). Thereafter, immediately delete the original 
e-mail communication (including any and all attachments), all copies, 
including but not limited to, all backups thereof from your computer 
system.  Thank you* > > ** End of Disclaimer 
***OliveTech** > >

--

*
Steven Conrad Bayer*
System Administrator

Mobil:+49 (0) 157 34 81 46 53
E-Mail: steven.ba...@neunzichgrad.de 

NEUNZICHGRAD Logo

*NEUNZICHGRAD UG (haftungsbeschränkt)*
Starenweg 2 in 41564 Kaarst

Festnetz:+49 (0) 2131 79 66 11
E-Mail: i...@neunzichgrad.de 
Web: www.neunzichgrad.de 

Deutsche Bank
BIC:  DEUTDEDDXXX
IBAN:   DE52 3007 0010 0957 9590 00
Handelsregister Neuss HRB 17285

CONFIDENTIALITY NOTICE: This message (including any attachments) 
contains information that may be confidential. Unless you are the 
intended recipient
(or authorized to receive for the intended recipient, you may not 
read, print, retain, use, copy, distribute or disclose to anyone the 
message or any information contained in the message.
If you have received the message in error, please advise the sender by 
reply e-mail, and destroy all copies of the original message 
(including any attachments)

Re: [SECURITY] [DSA 3654-1] quagga security update

2016-08-26 Thread Steven Conrad Bayer

Hello Daniel,

you can unsubscribe from list here:
https://lists.debian.org/debian-security/

Regards,

Steven

Am 26.08.2016 um 13:04 schrieb Daniel Chen:
> unsubscrbe > > > On Thu, Aug 25, 2016 at 11:03 PM, Sebastien Delafond
> wrote: >
> -
> Debian Security Advisory DSA-3654-1  
> secur...@debian.org 
> https://www.debian.org/security/
>    Sebastien
> Delafond
> August 26, 2016  
> https://www.debian.org/security/faq 
> -
>
> Package: quagga
> CVE ID : CVE-2016-4036 CVE-2016-4049
> Debian Bug : 822787 835223
>
> Two vulnerabilities were discovered in quagga, a BGP/OSPF/RIP routing
> daemon.
>
>   CVE-2016-4036
>
>  Tamás Németh discovered that sensitive configuration files in
>  /etc/quagga were world-readable despite containing sensitive
>  information.
>
>   CVE-2016-4049
>
> Evgeny Uskov discovered that a bgpd instance handling many peers
> could be crashed by a malicious user when requesting a route dump.
>
> For the stable distribution (jessie), these problems have been fixed in
> version 0.99.23.1-1+deb8u2.
>
> We recommend that you upgrade your quagga packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://www.debian.org/security/
> 
>
> Mailing list: debian-security-annou...@lists.debian.org
> 
> > > > > >  CAUTION - Disclaimer * > >
*This e-mail communication (including any and all attachments
transmitted with it) may contain legally privileged and confidential
information and is intended solely for the use of the recipient named.
If the reader of this e-mail communication is not the intended
recipient, you are hereby notified that any reading, dissemination,
distribution, copying, or other use of this e-mail communication
(including any and all attachments), or any of its contents, is strictly
prohibited. If you have received this e-mail communication in error,
please notify the sender immediately by electronic mail (sender's e-mail
address). Thereafter, immediately delete the original e-mail
communication (including any and all attachments), all copies, including
but not limited to, all backups thereof from your computer system. 
Thank you* > > ** End of Disclaimer ***OliveTech** > >

-- 

*
Steven Conrad Bayer*
System Administrator

Mobil:+49 (0) 157 34 81 46 53
E-Mail:   steven.ba...@neunzichgrad.de


NEUNZICHGRAD Logo

*NEUNZICHGRAD UG (haftungsbeschränkt)*
Starenweg 2 in 41564 Kaarst

Festnetz:+49 (0) 2131 79 66 11
E-Mail:i...@neunzichgrad.de 
Web:   www.neunzichgrad.de 

Deutsche Bank
BIC:  DEUTDEDDXXX
IBAN:   DE52 3007 0010 0957 9590 00
Handelsregister Neuss HRB 17285

CONFIDENTIALITY NOTICE: This message (including any attachments)
contains information that may be confidential. Unless you are the
intended recipient
(or authorized to receive for the intended recipient, you may not read,
print, retain, use, copy, distribute or disclose to anyone the message
or any information contained in the message.
If you have received the message in error, please advise the sender by
reply e-mail, and destroy all copies of the original message (including
any attachments)

Re: [SECURITY] [DSA 3654-1] quagga security update

2016-08-26 Thread Daniel Chen

unsubscrbe

On Thu, Aug 25, 2016 at 11:03 PM, Sebastien Delafond  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> - 
> -
> Debian Security Advisory DSA-3654-1   secur...@debian.org
> https://www.debian.org/security/   Sebastien Delafond
> August 26, 2016   https://www.debian.org/security/faq
> - 
> -
>
> Package: quagga
> CVE ID : CVE-2016-4036 CVE-2016-4049
> Debian Bug : 822787 835223
>
> Two vulnerabilities were discovered in quagga, a BGP/OSPF/RIP routing
> daemon.
>
>   CVE-2016-4036
>
>  Tamás Németh discovered that sensitive configuration files in
>  /etc/quagga were world-readable despite containing sensitive
>  information.
>
>   CVE-2016-4049
>
> Evgeny Uskov discovered that a bgpd instance handling many peers
> could be crashed by a malicious user when requesting a route dump.
>
> For the stable distribution (jessie), these problems have been fixed in
> version 0.99.23.1-1+deb8u2.
>
> We recommend that you upgrade your quagga packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://www.debian.org/security/
>
> Mailing list: debian-security-annou...@lists.debian.org
> -BEGIN PGP SIGNATURE-
>
> iQEcBAEBCgAGBQJXv7uWAAoJEBC+iYPz1Z1k9gEIAIJFfP8HBGxxk0wi9VtvH8YP
> ns5vxN2NJecHqaSK9KGVq1HPn14/mlSu+ylhdSJ9tFyU7ELoqbkrGH4C4EqH3FnJ
> 2sHQLdJ82It9/W4OzXf0+WXW9gUOKS4SvkhSphuGJL9DNJRclb3LGYUnRBzP7qhB
> w5tR1/tKNYqpgMUzFauHt1dDmWhNr3T0++ejFOJv6S1VAFGTDFFBhNoLD3wT25gd
> aAgGFUfYWkGqz+vhcHGBXD1w4x8+SjBQ4jycIUoGHMNDfIu9rb/R2xVbl6XDzZXZ
> NIB9aL3c6KU4MILl9MGt2YVbKlYgf7Yuc4c7ZyrZ+YwamwveVhdZwEBwWx7Hiog=
> =SWnF
> -END PGP SIGNATURE-
>
>

-- 

 CAUTION - Disclaimer *

*This e-mail communication (including any and all attachments transmitted with 
it) may contain legally privileged and confidential information and is intended 
solely for the use of the recipient named. If the reader of this e-mail 
communication is not the intended recipient, you are hereby notified that any 
reading, dissemination, distribution, copying, or other use of this e-mail 
communication (including any and all attachments), or any of its contents, is 
strictly prohibited. If you have received this e-mail communication in error, 
please notify the sender immediately by electronic mail (sender's e-mail 
address). Thereafter, immediately delete the original e-mail communication 
(including any and all attachments), all copies, including but not limited to, 
all backups thereof from your computer system.  Thank you*
** End of Disclaimer ***OliveTech**

Re: [SECURITY] [DSA 3654-1] quagga security update

Re: [SECURITY] [DSA 3654-1] quagga security update

Re: [SECURITY] [DSA 3654-1] quagga security update

Re: [SECURITY] [DSA 3654-1] quagga security update

Re: [SECURITY] [DSA 3654-1] quagga security update

5 matches

Site Navigation

Mail list logo

Footer information