Unidentified subject!
-- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100923164127.ga5...@deeebian
[SECURITY] [DSA 1751-1] New xulrunner packages fix several vulnerabilities
Hello all, I'm running Etch, and use Iceweasel. I'm concerned about this security advisory. It says that the Etch release notes said that the Mozilla products would have to be stopped prior to the end of the Etch support period. I don't see this. In fact, the Lenny release notes only mention the possibility of the need to stop support at some time in the future, they make no mention of it having happened. I've copied in the relavent section from the release note below. Debian Security Advisory DSA-1751-1 secur...@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 22, 2009http://www.debian.org/security/faq - Package: xulrunner Vulnerability : several Problem-Type : remote Debian-specific: no CVE ID : CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0775 CVE-2009-0776 Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: snip For the stable distribution (lenny), these problems have been fixed in version 1.9.0.7-0lenny1. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser. For the unstable distribution (sid), these problems have been fixed in version 1.9.0.7-1. We recommend that you upgrade your xulrunner packages. Upgrade instructions - snip --- Here's the Lenny release note section: 5.6.??Security status of Mozilla products The Mozilla programs firefox, thunderbird, and sunbird (rebranded in Debian to iceweasel, icedove, and iceowl, respectively), are important tools for many users. Unfortunately the upstream security policy is to urge users to update to new upstream versions, which conflicts with Debian's policy of not shipping ?? large functional changes in security updates. We cannot predict it today, but during the lifetime of lenny the Debian Security Team may come to a point where supporting Mozilla products is no longer feasible and announce the end of security support for Mozilla products. You should take this into account when deploying Mozilla and consider alternatives available in Debian if the absence of security support would pose a problem for you. iceape, the unbranded version of the seamonkey internet suite has ?? been removed from lenny (with the exception of a few internal library packages). Did anyone hear that Iceweasel has stopped getting security updates in Etch? Doug. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: disassembling machine code
On Wed, Mar 19, 2008 at 12:26:19PM -0700, PETER EASTHOPE wrote: I have these 5 bytes of machine code to disassemble. b8 12 00 cd 10 I've looked at gdb and objdump. Appears they need a complete object file. Someone please give a clue. Write the machine code to a file: $ perl -e 'print pack H*, b81200cd10;' /tmp/binfile $ hd /tmp/binfile b8 12 00 cd 10|¸..Í.| 0005 Then use objdump, specifying the object file format as raw. Because the raw file has no metadata, you need to give the CPU architecture as well. $ objdump -m i386 -b binary -D /tmp/binfile int 10h is a VESA BIOS call - you should be able to figure out the rest yourself. Regards, MIrko -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
question about my .muttrc and mutt
I have been working on debugging my print services. I have made several posts to this list on that subject. Several of you have suggested that this or that thing that I was complaining about worked fine on their system. So I decided to install a fresh copy of Debian with a view to testing in a whole new clean environment. Now comes the details of a strange issue with mutt. Of course, I did not wipe my system clean and install all new. What I really did was to free up a partition that is big enough (7G) to hold a generous Debian system, reformat it and install on that. My /home was already in a partition by itself, and my various personal projects were in other partitions where I could easily arrange to keep them all untouched. And I did preserve them all and mount them in the new installation. My original root partition became a subdirectory in the new system. The new root directory was already accessable from the old root as a subdirectory, but now with very different size and contents. At the end of yesterday evening, I had a second installation of Sarge that contained the same software as the original. But with the same /home. But its not so. Mutt behaves differently in the two. For example, in one installation my posts to this list are listed as To: debian-user... and in the other they are listed as From: pecondon ... Why? My reading of the man page is that mutt configuration is all done in ~/.muttrc and that there is not a master config file in /etc. Am I mistaken? Where is another that mutt config is stored? What is the source of this difference in behavior? Of course, I don't really care about such a petty detail of mutt configuration, but it is absolute proof that I don't have control over the configuration of my environment, and I need control if I am ever to solve my print problems where my queries to this list frequently get It works for me. as a response. I need help, please. -- Paul E Condon [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Software and kernel modules for Linksys WPC54G / WPC54GS
On Fri, Nov 25, 2005 at 12:22:51PM +0100, Nico Gulden wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello all, I plan to set up a WLAN environment und I'm looking for the right componenents. I'd like to use the Linksys WPC54GS or WPC54G WLAN adapter. How are your experiences with these devices? Do they work easily with debian? What chipset do the devices use and what modules or extra software do I need in order to get it working. I acquired one of these from a windows using friend (who has sinced switched to Debian!). Getting the device to work was a simple matter of: $ sudo apt-get install ndiswrapper $ sudo ndiswrapper -i windows_driver.inf $ sudo modprobe ndiswrapper $ sudo sh -c 'echo ndiswrapper /etc/modules' Of course, you also have to edit /etc/network/interfaces and bring up the interface -- note that ndiswrapper by default will use wlan0 (not eth?) as the interface name. However, DO NOT BUY WPC54G*. Use free software drivers. Proprietary XP drivers cannot be trusted. They cannot even be trusted to obey FCC regulations -- their use may well be illegal -- there is no way to know. Nor should Linksys/broadcom be rewarded in any way for their unnecessary and counter-productive secrecy. Such rewards only hurt the progress of free software. Note that Linksys has actually written Linux drivers for the Broadcom chipset, but these are not free software. See link: http://linux-bcom4301.sourceforge.net/ There are wireless PCMCIA devices with free software drivers. I do not know of any particular wireless-G cards which have them, but there are wireless-B cards which do (those using the Intersil Prism chipset, at least). See http://www.fsf.org/campaigns/hardware.html for a list which, unfortunately, does not distinguish PCMCIA cards from PCI. There is more information here: http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/#whard If you must buy WPC54G*, at least try to buy one used. Even if this behavior is multiplied, it is not likely to benefit linksys/broadcom in any way, since the used market is probably undifferentiated. While prices of new cards may go up as the used cards leave the market, prices of new or even used linksys cards are unlikely to go up any faster than the market as a whole. The Windows-using masses will just buy competing used cards if they can't find used linksys ones. At least, this will work unless Linux users start buying them new once the used market dries up -- but we can hope that Linux users are not so short-sighted. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]