-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 374-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Matt Zimmerman
August 26th, 2003
- Original Message -
From: Tarjei Huse [EMAIL PROTECTED]
To: Noah L. Meyerhans [EMAIL PROTECTED];
[EMAIL PROTECTED]
Sent: Sunday, August 24, 2003 1:51 PM
Subject: Re: Looking for a simple SSL-CA package
I think I'll end up with pyca (www.pyca.org) as it seems to have most of
these
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Fellow Information Security Professionals,
Bottom line: I'd like your help in shaping a usable taxonomy of
Information Assurance.*
This taxonomy is part of my graduate studies, and will not be used for
any commercial purposes. It will remain an open source open project.
I am presently
Mike Lewis
Business Systems Analyst
Mississippi Band of Choctaw Indians dba
Chahta Enterprise
Enterprise Headquarters for our
Wiring Harness Manufacturing Division
Commercial Laundry Division
Geospatial and Information Technology Division
390
As I am sure most of you on this list are aware, GNU recently discovered
that their ftp file server was owned for many months by a cracker. They
rightly withdrew all their many source tarballs to check for malicious code.
The old tarballs were quickly reinstated (presumably because they had
On Tue, Aug 26, 2003 at 08:23:44AM -0700, Alan W. Irwin wrote:
Thus, wouldn't it be the right thing to do to withdraw the Debian unstable
libtool-1.5 package until GNU has a chance to check the tarball? (And of
course after the checked version is available, the tarball used to create
the
On Tue, 2003-08-26 at 16:23, Alan W. Irwin wrote:
As I am sure most of you on this list are aware, GNU recently discovered
that their ftp file server was owned for many months by a cracker.
Indeed, I was the one who did a bulk-check of the easy MD5 sums and
posted it to the list :-)
On 26 Aug 2003, Scott James Remnant wrote:
The Debian package is actually Libtool 1.5.0a and is taken from their
CVS repository, which wasn't compromised.
The _orig.tar.gz *is* the potentially compromised one from the FTP site,
however any compromise would be reverted back to the
On Tue, 2003-08-26 at 17:38, Alan W. Irwin wrote:
On 26 Aug 2003, Scott James Remnant wrote:
The Debian package is actually Libtool 1.5.0a and is taken from their
CVS repository, which wasn't compromised.
I agree it takes extreme care to leave no tracks behind so it is fairly
- Original Message -
From: Tarjei Huse [EMAIL PROTECTED]
To: Noah L. Meyerhans [EMAIL PROTECTED];
debian-security@lists.debian.org
Sent: Sunday, August 24, 2003 1:51 PM
Subject: Re: Looking for a simple SSL-CA package
I think I'll end up with pyca (www.pyca.org) as it seems to have
Fellow Information Security Professionals,
Bottom line: I'd like your help in shaping a usable taxonomy of
Information Assurance.*
This taxonomy is part of my graduate studies, and will not be used for
any commercial purposes. It will remain an open source open project.
I am presently
Mike Lewis
Business Systems Analyst
Mississippi Band of Choctaw Indians dba
Chahta Enterprise
Enterprise Headquarters for our
Wiring Harness Manufacturing Division
Commercial Laundry Division
Geospatial and Information Technology Division
390
As I am sure most of you on this list are aware, GNU recently discovered
that their ftp file server was owned for many months by a cracker. They
rightly withdrew all their many source tarballs to check for malicious code.
The old tarballs were quickly reinstated (presumably because they had
On Tue, Aug 26, 2003 at 08:23:44AM -0700, Alan W. Irwin wrote:
Thus, wouldn't it be the right thing to do to withdraw the Debian unstable
libtool-1.5 package until GNU has a chance to check the tarball? (And of
course after the checked version is available, the tarball used to create
the
On 26 Aug 2003, Scott James Remnant wrote:
The Debian package is actually Libtool 1.5.0a and is taken from their
CVS repository, which wasn't compromised.
The _orig.tar.gz *is* the potentially compromised one from the FTP site,
however any compromise would be reverted back to the
On Tue, 2003-08-26 at 17:38, Alan W. Irwin wrote:
On 26 Aug 2003, Scott James Remnant wrote:
The Debian package is actually Libtool 1.5.0a and is taken from their
CVS repository, which wasn't compromised.
I agree it takes extreme care to leave no tracks behind so it is fairly
On 26 Aug 2003, Scott James Remnant wrote:
My tracking of the libtool 1.5 branch of CVS predates the compromise,
trust me, there's no naughty code in there.
Thanks for that strong public reassurance and the useful discussion that
preceded it.
Alan
__
Alan W. Irwin
On Fri, Aug 22, 2003 at 06:35:37PM -0400, Phillip Hofmeister wrote:
On Fri, 22 Aug 2003 at 10:32:27AM -0400, Matt Zimmerman wrote:
It is often the case that the attacker doesn't know the exact location
of structures in memory; there are techniques for finding out. I'm sure
that the
* Matt Zimmerman ([EMAIL PROTECTED]) wrote:
On Fri, Aug 22, 2003 at 06:35:37PM -0400, Phillip Hofmeister wrote:
I would be willing to maintain a grsec kernel image with PaX and temp.
file symlink blocking if someone would be willing to sponsor it (hint,
hint)
I really do not have the
Title: vGbpJdd
Hello, Debian-security!
abTwaTv WATCH CNN Ka
Ajw ANALYSIS NYTimes AFcBV
'Don't listen to' gossip MF
22 matches
Mail list logo
