Quoting Nick Boyce ([EMAIL PROTECTED]):
Sander's preferred option would be to remove the Snort package
altogether in these circumstances. What would be quicker : remove the
package, or add the warning to the web-page ? I guess we ought to do
*something*.
Hmm...
IMHO, nobody reads the
On Tue, 2002-12-17 at 00:06, Kilian CAVALOTTI wrote:
I'll start to point these things out cause I'm wondering if it's certain
MUA combinations that always fail:
gpg: armor header: Version: GnuPG v1.2.1 (MingW32) - GPGrelay v0.90
gpg: Signature made Tue Dec 17 00:06:47 2002 CET using DSA key ID
On Tue, 2002-12-17 at 00:24, Edward Guldemond wrote:
On Mon, Dec 16, 2002 at 05:52:15PM -0500, Phillip Hofmeister wrote:
Hi all,
I am sure you have seen the SSH CERT. Are we vulnerable? If so is
there a time line for an update?
Sorry for the last email. Spoke before I read. :-)
Am Die, 2002-12-17 um 11.00 schrieb Adrian 'Dagurashibanipal' von
Bidder:
On Tue, 2002-12-17 at 00:06, Kilian CAVALOTTI wrote:
I'll start to point these things out cause I'm wondering if it's certain
MUA combinations that always fail:
gpg: armor header: Version: GnuPG v1.2.1 (MingW32) -
On Tuesday 17 December 2002 10:36, Sander Smeenk wrote:
A prospective user wants an IDS so he/she does 'apt-cache
search intrusion detection' sees 'snort - lightweight intrusion
detection system' and decides to install it. Atleast, that is what I
have seen most people doing.
*raises hand*
I
'ello Debian
On Tue, Dec 17, 2002 at 11:29:36AM +0100, Matthias Hentges wrote:
Am Die, 2002-12-17 um 11.00 schrieb Adrian 'Dagurashibanipal' von
Bidder:
On Tue, 2002-12-17 at 00:06, Kilian CAVALOTTI wrote:
I'll start to point these things out cause I'm wondering if it's certain
MUA
Simon Huggins wrote:
This is Evolution 1.2.1 / GPG 1.0.6
And i can't verify Kilians mail, too.
I can.
Thanks, Simon. I began to doubt about my own signature authenticity. :)
IIRC OE is using a non-standard way to attach the sig. That's the
reason Evo is failing to verify the sig.
By
On Tue, 2002-12-17 at 10:05, Adrian 'Dagurashibanipal' von Bidder wrote:
Well, SSH1 is still vulnerable. It's nothing to do with the current
advisory. So the advice not to run SSH1 is still valid.
does this affect the ssh1 option in OpenSSH?
(as in on a woody/sarge box, running OpenSSH, if
Quoting Kjetil Kjernsmo ([EMAIL PROTECTED]):
Atleast, that is what I have seen most people doing.
*raises hand*
:)
I wondering, could it be an idea to have a fast-moving archive for
things like SpamAssassin rules, Nessus plugins, Snort signatures,
perhaps virus signatures in the future,
On Tue, 2002-12-17 at 08:44, Christian Hammers wrote:
Hello,
look at http://security.e-matters.de/advisories/042002.html,
it seems like the the debian woody version is affected.
Is there any DSA in preparation?
A DSA is in preparation by the security team. The unstable version is
already
On Mon, 16 Dec 2002, Phillip Hofmeister wrote:
Hi all,
I am sure you have seen the SSH CERT. Are we vulnerable? If so is
there a time line for an update?
Thanks,
The vendor response in the CERT advisory said OpenSSH was not vulnerable.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
Edward Guldemond [EMAIL PROTECTED] writes:
does this affect the ssh1 option in OpenSSH?
(as in on a woody/sarge box, running OpenSSH, if I've the ssh1 option
enabled, am I vulnerable? :)
The CERT Vulnerability Note is number VU#945216,
This is a very old issue which has been addressed by
On Tue, 2002-12-17 at 05:00, Adrian 'Dagurashibanipal' von Bidder wrote:
On Tue, 2002-12-17 at 00:06, Kilian CAVALOTTI wrote:
I'll start to point these things out cause I'm wondering if it's certain
MUA combinations that always fail:
gpg: armor header: Version: GnuPG v1.2.1 (MingW32) -
look at http://security.e-matters.de/advisories/042002.html,
it seems like the the debian woody version is affected.
Is there any DSA in preparation?
Thanks,
Benjamin
On Tue, Dec 17, 2002 at 08:07:57AM +0100, Schüle Benjamin wrote:
look at http://security.e-matters.de/advisories/042002.html,
it seems like the the debian woody version is affected.
Is there any DSA in preparation?
A DSA is in preparation by the security team. The unstable version is
already
Quoting Nick Boyce ([EMAIL PROTECTED]):
Sander's preferred option would be to remove the Snort package
altogether in these circumstances. What would be quicker : remove the
package, or add the warning to the web-page ? I guess we ought to do
*something*.
Hmm...
IMHO, nobody reads the
On Tue, 2002-12-17 at 00:06, Kilian CAVALOTTI wrote:
I'll start to point these things out cause I'm wondering if it's certain
MUA combinations that always fail:
gpg: armor header: Version: GnuPG v1.2.1 (MingW32) - GPGrelay v0.90
gpg: Signature made Tue Dec 17 00:06:47 2002 CET using DSA key ID
On Tue, 2002-12-17 at 00:24, Edward Guldemond wrote:
On Mon, Dec 16, 2002 at 05:52:15PM -0500, Phillip Hofmeister wrote:
Hi all,
I am sure you have seen the SSH CERT. Are we vulnerable? If so is
there a time line for an update?
Sorry for the last email. Spoke before I read. :-)
Am Die, 2002-12-17 um 11.00 schrieb Adrian 'Dagurashibanipal' von
Bidder:
On Tue, 2002-12-17 at 00:06, Kilian CAVALOTTI wrote:
I'll start to point these things out cause I'm wondering if it's certain
MUA combinations that always fail:
gpg: armor header: Version: GnuPG v1.2.1 (MingW32) -
On Tuesday 17 December 2002 10:36, Sander Smeenk wrote:
A prospective user wants an IDS so he/she does 'apt-cache
search intrusion detection' sees 'snort - lightweight intrusion
detection system' and decides to install it. Atleast, that is what I
have seen most people doing.
*raises hand*
I
'ello Debian
On Tue, Dec 17, 2002 at 11:29:36AM +0100, Matthias Hentges wrote:
Am Die, 2002-12-17 um 11.00 schrieb Adrian 'Dagurashibanipal' von
Bidder:
On Tue, 2002-12-17 at 00:06, Kilian CAVALOTTI wrote:
I'll start to point these things out cause I'm wondering if it's certain
MUA
Simon Huggins wrote:
This is Evolution 1.2.1 / GPG 1.0.6
And i can't verify Kilians mail, too.
I can.
Thanks, Simon. I began to doubt about my own signature authenticity. :)
IIRC OE is using a non-standard way to attach the sig. That's the
reason Evo is failing to verify the sig.
By
On Tue, 2002-12-17 at 10:05, Adrian 'Dagurashibanipal' von Bidder wrote:
Well, SSH1 is still vulnerable. It's nothing to do with the current
advisory. So the advice not to run SSH1 is still valid.
does this affect the ssh1 option in OpenSSH?
(as in on a woody/sarge box, running OpenSSH, if
Quoting Kjetil Kjernsmo ([EMAIL PROTECTED]):
Atleast, that is what I have seen most people doing.
*raises hand*
:)
I wondering, could it be an idea to have a fast-moving archive for
things like SpamAssassin rules, Nessus plugins, Snort signatures,
perhaps virus signatures in the future,
On Tue, 2002-12-17 at 08:44, Christian Hammers wrote:
Hello,
look at http://security.e-matters.de/advisories/042002.html,
it seems like the the debian woody version is affected.
Is there any DSA in preparation?
A DSA is in preparation by the security team. The unstable version is
already
Hello Noèl
On Tue, Dec 17, 2002 at 01:53:13PM +0100, Noèl Köthe wrote:
Those who do not want to wait can apply the patch from
http://people.debian.org/~ch/ theirselves.
As Debian Security doesn't cover proposed-updates :(
will you upload a fixed proposed-updates version
(it currently
On Mon, 16 Dec 2002, Phillip Hofmeister wrote:
Hi all,
I am sure you have seen the SSH CERT. Are we vulnerable? If so is
there a time line for an update?
Thanks,
The vendor response in the CERT advisory said OpenSSH was not vulnerable.
On Tue, Dec 17, 2002 at 12:02:57PM +, Andrew Mulholland wrote:
On Tue, 2002-12-17 at 10:05, Adrian 'Dagurashibanipal' von Bidder wrote:
Well, SSH1 is still vulnerable. It's nothing to do with the current
advisory. So the advice not to run SSH1 is still valid.
does this affect the
Edward Guldemond [EMAIL PROTECTED] writes:
does this affect the ssh1 option in OpenSSH?
(as in on a woody/sarge box, running OpenSSH, if I've the ssh1 option
enabled, am I vulnerable? :)
The CERT Vulnerability Note is number VU#945216,
This is a very old issue which has been addressed by
On Tue, Dec 17, 2002 at 10:36:52AM +0100, Sander Smeenk wrote:
Therefore I would more like to either remove the entire package *OR* add
a debconf / other intrusive warning that tells users that the package
gives them a fake sense of security and instead they should considder
installing snort
On Tue, 2002-12-17 at 05:00, Adrian 'Dagurashibanipal' von Bidder wrote:
On Tue, 2002-12-17 at 00:06, Kilian CAVALOTTI wrote:
I'll start to point these things out cause I'm wondering if it's certain
MUA combinations that always fail:
gpg: armor header: Version: GnuPG v1.2.1 (MingW32) -
31 matches
Mail list logo