On Mon, 2016-02-15 at 13:25 +0100, Yves-Alexis Perez wrote:
> >
> > 2) It prevents users from rebuilding kernel modules as the
> > source packaged is distributed "cleaned".
>
> I fail to parse this. Did you try DKMS modules with RANDKSTRUCT=n and
> did it work?
It won't work as long as the
Source: linux-grsec
Severity: important
GRKERNSEC_RANDSTRUCT shouldn't be enabled on binary distro packages.
1) It's compile-time randomization, making it useless security wise
(the attacker can fetch the binary from a mirror too!).
2) It prevents users from rebuilding kernel modules as the
On Mon, 2015-09-07 at 13:00 +0100, Ben Hutchings wrote:
>
> openssl s_client doesn't check the certificate's names either, and
> never has. It should only be used for debugging, not to make a
> secure
> tunnel. For secure tunnelling see the example in
>
Package: openssl
Version: 1.0.2d-1
Severity: grave
Tags: security
Justification: user security hole
Dear Maintainer,
It looks like openssl s_client is not providing any way to disregard the
system's trusted CAs anymore... and this is a regression from Jessie.
with 1.0.2d-1 (sid)
$strace -f -e
The following works (returns ok), showing that my google.crt file is
not bogus:
openssl s_client -CAfile /tmp/google.crt -connect imap.gmail.com:imaps
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
Package: network-manager
Version: 0.9.8.10-3
Severity: wishlist
Tags: patch
The patches attached work for me and apply cleanly against
network-manager and network-manager-applet respectively.
They implement EAP-PWD support (patch has been submitted and merged
upstream already).
I'd be great if
Hi,
As of today, with current Sid on amd64:
$hardening-check /usr/bin/iceweasel
/usr/bin/iceweasel:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes (some protected functions found)
Read-only relocations: no, not found!
Immediate
On Wed, 2013-10-09 at 10:54 +0200, intrigeri wrote:
Summing up previous discussion so that we don't have to rehash it:
* Mike Hommey wrote: I'm really not a big fan of -Wl,-z,relro
and -Wl,-z,now. For instance, I'm not sure -z relro buys anything
worth, while it may have a
Package: wpasupplicant
Version: 1.0-3
Severity: wishlist
Tags: patch security
Hi,
Please consider the following patch to enable hardening options as
described on:
https://wiki.debian.org/Hardening
The patch works for me
Regards,
Florent
-- System Information:
Debian Release:
On Wed, 2013-10-09 at 16:51 +, Stefan Lippers-Hollmann wrote:
Hi
I'm relatively confident that the actual problem has already been fixed
in svn with r1798[1], do you agree?
The afforementioned change will be part of the next wpa upload, which
will likely happen when v2.1 gets
Package: evolution
Version: 3.2.2-1
Followup-For: Bug #662981
tag 662981 + patch security
thanks
In fact the current debian/rules is sourcing
/usr/share/hardening-includes/hardening.make but never updating the CFLAGS
LDFLAGS.
You might prever this version of the patch (what ubuntu is doing)
Package: openjdk-7-jre
Version: 7~u3-2.1-3
Followup-For: Bug #660021
reopen 660021
found openjdk-7/7~u3-2.1-3
thanks
Dear Maintainer,
It seems that the bug has been re-introduced in 7~u3-2.1-3.
$dpkg -l openjdk-\*
Desired=Unknown/Install/Remove/Purge/Hold
|
Package: evolution
Version: 3.2.2-1
Severity: important
Tags: patch
Dear Maintainer,
It seems like the current debian/rules file attempts to enable some hardening
flags... but it's not working at all.
root@neutron:/tmp/ev2# dpkg -l evolution
Desired=Unknown/Install/Remove/Purge/Hold
|
Package: iceweasel
Version: 10.0.2-1
Followup-For: Bug #653191
Dear Maintainer,
Can you start building packages with the other hardening options, even if RELRO
is left behind for now?
Regards,
Florent
-- Package-specific info:
-- Extensions information
Name: Adblock Plus
Package: bc
Version: 1.06.95-2
Severity: minor
Tags: patch upstream
There is a typo in the banner: it reads `warranty' instead of 'warranty'
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux
Package: iscsitarget
Version: 0.4.16+svn162-3
Severity: critical
Tags: security
Justification: root security hole
There is at least two remotely exploitable format string vulnerabilities in the
debian stable package... which have been fixed upstream.
isns.c:302
isns.c:690
The default init
Package: pcsc-tools
Version: 1.4.15-1
Severity: important
Hi,
I am attempting to use pcsc_scan with an ACR112 reader and it doesn't
work... I am unsure whether the problem comes from pcsc-tools, pcscd or
libccid but the ill effects are shown when using pcsc_scan.
$pcsc_scan |head
PC/SC device
Package: pcsc-tools
Version: 1.4.15-1
Severity: normal
Hi,
pcsc_scan expects /var/run/pcscd.pub to exist whereas the debian package
of pcscd uses /var/run/pcscd/pcscd.pub ... Meaning that it can't be used
out of the box.
$pcsc_scan
PC/SC device scanner
V 1.4.15 (c) 2001-2009, Ludovic Rousseau
18 matches
Mail list logo