Upcoming oldstable point release (6.0.9)

2014-01-23 Thread Adam D. Barratt
Hi, The next point release for "squeeze" (6.0.9) is scheduled for Saturday February 15th. Stable NEW will be frozen during the preceding weekend. As usual, base-files can be uploaded at any point before the freeze. Regards, Adam -- To UNSUBSCRIBE, email to debian-security-requ...@lists.deb

Upcoming stable point release (7.4)

2014-01-23 Thread Adam D. Barratt
Hi, The next point release for "wheezy" (7.4) is scheduled for Saturday February 8th. Stable NEW will be frozen during the preceding weekend. As usual, base-files can be uploaded at any point before the freeze. Regards, Adam -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.

Re: [SECURITY] [DSA 2848-1] mysql-5.5 security update

2014-01-23 Thread maurizio
The person you are trying to reach no longer works for e-biz Solutions and your message has not been forwarded. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/

Re: NSA software in Debian

2014-01-23 Thread Kevin Olbrich
Am 23.01.2014 um 13:31 schrieb Marko Randjelovic : > On Wed, 22 Jan 2014 16:16:21 -0800 > Andrew Merenbach wrote: > >> I installed the i386 architecture and installed the `paxtest' suite. My >> results were fairly disappointing, to be honest: > >>> $ sudo paxtest blackhat >>> Executable anon

Re: NSA software in Debian

2014-01-23 Thread Marco Saller
I dont say that we should not include software, which comes from the government. I just wanted to note a possible vulnerability and a easy access for the secret services to include software in linux. If i only believed in the bad sides of people and their governments, i had already stopped goin

Re: NSA software in Debian

2014-01-23 Thread Marko Randjelovic
On Wed, 22 Jan 2014 16:16:21 -0800 Andrew Merenbach wrote: > I installed the i386 architecture and installed the `paxtest' suite. My > results were fairly disappointing, to be honest: > > $ sudo paxtest blackhat > > Executable anonymous mapping (mprotect) : Vulnerable > > Executable bss (mpro

Re: finding a process that bind a spcific port

2014-01-23 Thread Nicolas Rachinsky
* emmanuel segura [2014-01-22 15:06 +0100]: > if you think you are been hacked, you can use ps, lsof and others commands > from other not hacked server, for example scp goodserver:/bin/ps /tmp/ps > and use /tmp/ps, this isn't secure, because maybe the attacker installed > one rootkit If you have