On 2023-06-23 20:59:07 +0200 (+0200), Julian Schreck wrote:
> Where to find the former? (Or do I not need it for checking the
> integrity of the download(s)?)
[...]
> > > [1] : https://www.debian.org/CD/verify, e. g. 2011-01-05 [SC]
[...]
Please restate your question more precisely if this
Thank you all for your replies!
@Moritz, could you please create an issue with a
the possible proposal, how it should look like?
Best regards
Anton
Am Fr., 23. Juni 2023 um 20:49 Uhr schrieb Ola Lundqvist :
>
> Hi Anton, all
>
> Well even if there are some systems affected I must say that if
>
Hi Anton, all
Well even if there are some systems affected I must say that if
someone have removed urandom the behavior described is expected. I
mean /dev/urandom is there for a reason. And yes there are better
functions than rand() but I can hardly see this as a vulnerability. Or
well it is, but
Where to find the former? (Or do I not need it for checking the integrity of
the download(s)?)
--
> On Fri, 2023-06-23 at 16:53 +0200, Julian Schreck wrote:
> > I was downloading the netimage of bookworm, the signing key(s) and
> > sha sums when I noticed that my timestamp of the signature [0]
>
On 23 June 2023 15:53:08 BST, Julian Schreck wrote:
>Dear all,
>I was downloading the netimage of bookworm, the signing key(s) and sha sums
>when I noticed that my timestamp of the signature [0] differs from the one on
>the website. [1]
>Is this a security issue or just a website not updated?
>
On Fri, 2023-06-23 at 16:53 +0200, Julian Schreck wrote:
> I was downloading the netimage of bookworm, the signing key(s) and
> sha sums when I noticed that my timestamp of the signature [0]
> differs from the one on the website. [1]
> Is this a security issue or just a website not updated?
>
On Fri, Jun 23, 2023 at 12:40:19PM +0200, Stephan Seitz wrote:
> I found the Securing Debian Manual
> (https://www.debian.org/doc/manuals/securing-debian-manual/index.en.html).
> This version is from 2017.
>
> It has „Chapter 6. Automatic hardening of Debian systems” which mentions
> Harden
Dear all,
I was downloading the netimage of bookworm, the signing key(s) and sha sums
when I noticed that my timestamp of the signature [0] differs from the one on
the website. [1]
Is this a security issue or just a website not updated?
Kind regards
Julian
--
[0] :
$ LC_ALL=C gpg --verify-files
Hi!
I found the Securing Debian Manual
(https://www.debian.org/doc/manuals/securing-debian-manual/index.en.html).
This version is from 2017.
It has „Chapter 6. Automatic hardening of Debian systems” which mentions
Harden packages and Bastille. None of these packages exist anymore in
On Fri, Jun 23, 2023 at 06:48:23AM +0200, Anton Gladky wrote:
> Hi,
>
> two CVEs might be irrelevant for Debian systems. Can they be
> tagged as "unaffected"? Or we have some systems, where
> /dev/urandom is not existing?
They are already marked as non-issues:
CVE-2023-31124 (c-ares is an
CVE-2023-1943: RESERVED
CVE-2023-3128: missing from list
CVE-2023-3361: missing from list
--
The output might be a bit terse, but the above ids are known elsewhere,
check the references in the tracker. The second part indicates the status
of that id in the tracker at the moment the script was
11 matches
Mail list logo
