[HITB-Announce] HITBGSEC CFP Closes in 2 Weeks!

REMINDER: The Call for Papers for the 2nd annual Hack In The Box GSEC conference in Singapore closes on the 1st of May. Call for Papers: http://gsec.hitb.org/cfp/ Event Website: http://gsec.hitb.org/sg2016/ HITB GSEC is a new single track 2-day deep knowledge security conference where attendees

Re: [SECURITY] [DSA 3519-1] xen security update

On Thu, Mar 17, 2016 at 10:52:03PM +0100, Moritz Muehlenhoff wrote: > Multiple security issues have been found in the Xen virtualisation > solution, which may result in denial of service or information disclosure. > > The oldstable distribution (wheezy) will be updated in a separate

Re: [SECURITY] [DSA 3547-1] imagemagick security update

On 4/13/16 1:50 AM, Peter Palfrader wrote: > On Wed, 13 Apr 2016, Bjoern Nyjorden wrote: > (4) The nagios warning was missed in all the noise, and the relevant > teams are overworked and busy. > >> what options does the Debian >> community have

Re: [SECURITY] [DSA 3547-1] imagemagick security update

On Wed, Apr 13, 2016, at 02:32, Peter Palfrader wrote: > On Tue, 12 Apr 2016, Michael Stone wrote: > > > On Tue, Apr 12, 2016 at 08:56:35PM -0300, Henrique de Moraes Holschuh wrote: > > >Then, maybe we should consider a better way to deal with areas where you > > >get only one choice out of

Re: [SECURITY] [DSA 3547-1] imagemagick security update

On Wed, Apr 13, 2016, at 03:50, Peter Palfrader wrote: > We can identify at least four causal factors. Probably more, if we > look a bit further. > (1) The scripts Debian uses to mirror repositories treat the mirroring > hierarchy as a tree. The failure of any node or link will cause >

Re: [SECURITY] [DSA 3547-1] imagemagick security update

On Wed, Apr 13, 2016, at 05:50, Julien Cristau wrote: > On Tue, Apr 12, 2016 at 20:29:21 -0300, Henrique de Moraes Holschuh > wrote: > > On Tue, Apr 12, 2016, at 16:37, Michael Stone wrote: > > > On Tue, Apr 12, 2016 at 04:19:20PM -0300, Henrique de Moraes Holschuh > > > wrote: > > > >And if you

Re: [SECURITY] [DSA 3547-1] imagemagick security update

> On 13/04/2016, at 18:50, Peter Palfrader wrote: > >> On Wed, 13 Apr 2016, Bjoern Nyjorden wrote: >> >> Given that this is not the first occurrence, > > I think it is, actually. As often is the case in the swiss-cheese > model, here all the holes lined up and the update

Re: [SECURITY] [DSA 3547-1] imagemagick security update

On Tue, Apr 12, 2016 at 20:29:21 -0300, Henrique de Moraes Holschuh wrote: > On Tue, Apr 12, 2016, at 16:37, Michael Stone wrote: > > On Tue, Apr 12, 2016 at 04:19:20PM -0300, Henrique de Moraes Holschuh > > wrote: > > >And if you need to access security.debian.org over IPv6, "too bad". > > > >

Re: [SECURITY] [DSA 3547-1] imagemagick security update

On Wed, 13 Apr 2016, Bjoern Nyjorden wrote: > Given that this is not the first occurrence, I think it is, actually. As often is the case in the swiss-cheese model, here all the holes lined up and the update of this security mirror was delayed for about two days. We can identify at least four

Re: [SECURITY] [DSA 3547-1] imagemagick security update

Free as in "freedom" operating systems, and a free-ish and open internet are global, vital and empowering assets that I guess a lot of us tend to take for granted. Keep up the good work. I hope to be in a better position in the future, to have something worthwhile to contribute to the

Re: [SECURITY] [DSA 3547-1] imagemagick security update

Hi again, Yes, as at ~ 0810 +0800 (0010 UTC) today; the server address below was resolving to the IP Address that you correctly assumed: URI: http://security.debian.org/debian-security/pool/updates/main/i/imagemagick/ IP Address: 150.203.164.61 (at my Australian location). The