[SECURITY] [DSA 142-1] New OpenAFS packages fix integer overflow bug

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 142-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze August 5th, 2002 -

unsubscribe

unsubscribe -- 足立章

unsubscribe

unsubscribe

unsubscribe

unsubscribe

DSA scripts

Seeing how many DSAs have been released in the last few days, I was wondering what scripts etc people had in place for dealing with them? For example, one thing I'd like to do is get the alerts forwarded to my mobile phone if I have the package installed on one or more of my machines (using dpkg

Re: port 12980/udp

On Sat, Aug 03, 2002 at 11:00:36PM +0200, Arne Schwabe wrote: Hi, today i saw lot of connection attemps to port 12980 on my machine. Because that are many[1] and they came from different hosts i am wondering what is going on here. Arne [1] [EMAIL PROTECTED]/var/log$ grep Aug 3

Re: DSA scripts

On Mon, Aug 05, 2002 at 11:35:16AM +0100, Gareth Bowker wrote: Seeing how many DSAs have been released in the last few days, I was wondering what scripts etc people had in place for dealing with them? For example, one thing I'd like to do is get the alerts forwarded to my mobile phone if I have

RE: port 12980/udp

Higher up ports like that are usually dynamically assigned for two-way connections, for instance, when I run bitchX and connect to openprojects.net #Debian, I get one or two connections back to my machine. You can use netstat to determine which program is currently listening on a given port. When

Re: DSA scripts

Previously Javier Fern?ndez-Sanguino Pe?a wrote: 'Tiger' provides a module to check for DSAs released (retrieves this info from the WWW CVS data) It would be easier to get the data from the security RDF info I suspect. on me making new packages when DSAs are generated. However, I'm

Re: apt-get in scripts

On Sun, Aug 04, 2002 at 11:50:42PM -0400, John Bazik wrote: We set priority=low and frontend=noninteractive and wrap apt-get in an expect script, and add the right answers for the packages that just won't shut up. We've been doing this since before most packages were debconf'd. For all

Re: DSA scripts

On Mon, Aug 05, 2002 at 02:57:09PM +0200, Wichert Akkerman wrote: Indeed, there is a link at http://www.debian.org/security to the RDF dataa. Are the advisories themselves in rdf format? It seems that http://www.debian.org/security/dsa.rdf points to the HTML pages themselves,

Re: DSA scripts

Previously Javier Fern?ndez-Sanguino Pe?a wrote: Are the advisories themselves in rdf format? Not afaik, but hopefully someone from debian-www (cc'ed) can arrange for that to be done. Wichert. -- _ /[EMAIL PROTECTED]

To test a OpenSSH trojaned server

Hi all, Where can i find a code that tests a vulnerable OpenSSH trojaned server. Or if i should write the code, What is this trojan server's specifications?

Re: DSA scripts

On Mon, 05 Aug 2002 at 04:02:43PM +0200, Javier Fern?ndez-Sanguino Pe?a wrote: What I was looking for was the DSAs in easy, parseable, output, so that, for example, the package information (version affected) could be easily retrieved. The email messages look pretty parseable. Just run

Re: To test a OpenSSH trojaned server

Halil Demirezen [EMAIL PROTECTED] writes: Hi all, Where can i find a code that tests a vulnerable OpenSSH trojaned server. Or if i should write the code, What is this trojan server's specifications? http://www.openssh.com/txt/trojan.adv should give you enough clue. HTH Siggy --

Re: To test a OpenSSH trojaned server

On Mon, Aug 05, 2002 at 07:40:36PM +0300, Halil Demirezen wrote: Where can i find a code that tests a vulnerable OpenSSH trojaned server. Or if i should write the code, What is this trojan server's specifications? Remember that the trojan only exists during the build process. The ssh server

Re: To test a OpenSSH trojaned server

Well, as I understand it, the trojan run only when you compile the code ... it's not in the sshd program. So, you can only have it if you compiled the code yourself. If so, you can just check the md5 sums from the advisory. -rishi On Mon, 5 Aug 2002, Halil Demirezen wrote: Hi

Re: To test a OpenSSH trojaned server

No that is not the way i wish. So think that there is a trojaned server. how can i test the connection.. something like, but not the exact way: #telnet foo.com 6667 Trying ... so what? as i read from the net.. it says Command D is for executing a command. On Mon, 5 Aug 2002,

PGP

-BEGIN PGP SIGNED MESSAGE- Dear Sirs, In pgp, how do I upload my public key to a key server? Ive read the documentation on it and I cannot seem to find a way to do it. Thanks Daniel J. Rychlik -BEGIN PGP SIGNATURE- Version: 2.6.3ia Charset: noconv

Re: PGP

On Mon, Aug 05, 2002 at 01:06:03PM -0500, Daniel Rychlik wrote: In pgp, how do I upload my public key to a key server? Ive read the documentation on it and I cannot seem to find a way to do it. --send-keys [names] Same as --export but sends the keys to a key?

Re: PGP

Noah L. Meyerhans [EMAIL PROTECTED] writes: On Mon, Aug 05, 2002 at 01:06:03PM -0500, Daniel Rychlik wrote: In pgp, how do I upload my public key to a key server? Ive read the documentation on it and I cannot seem to find a way to do it. --send-keys [names] Same

Re: PGP

must have missed that one.

Re: PGP

On Mon, Aug 05, 2002 at 01:19:45PM -0500, Daniel Rychlik wrote: must have missed that one. I am sorry for giving an RTFM-style answer. I didn't think anybody was still using PGP. Is there a specific reason you need it instead of gpg? pgp can't upload to keyservers on its own. Take a look