Hi Gioele--
On Thu 2023-12-21 11:02:06 +0100, Gioele Barabucci wrote:
> On 21/12/23 04:16, Daniel Kahn Gillmor wrote:
> As the Uploader of rust-sequoia-openpgp, what do you think of the
> related sequoia-chameleon-gnupg project [1] (drop-in replacement for gpg
> that uses sequoi
hey folks--
[ This message won't make sense unless the reader distinguishes clearly
between OpenPGP the protocol and GnuPG the implementation! As a
community we have a history of fuzzily conflating the two terms, which
is one of the reasons that we're in this mess today. Please read
enting security updates.
Who do I contact about the archive aspects? FTP-master or the
security-team? The security-team is in CC on the doc bugs so I'm hoping
they will see it anyway.
Thanks,
--Daniel
Hi Paul,
On Fri, Jul 21, 2023 at 10:17:28AM +0800, Paul Wise wrote:
> On Thu, 2023-07-20 at 22:12 +0200, Daniel Gröber wrote:
>
> > It seems packages from the debian-security repository are not affected by
> > this increased priority and will not get in
l a kernel update from d-security that should get installed but
doesn't.
As soon as I remove the Default-Release line from apt.conf the update gets
offered for installation. Has anyone else observed this or is something
broken in my apt config somewhere?
--Daniel
Georgi Naplatanov wrote:
> I have no opinion but found this
> https://wiki.debian.org/SourcesList
SZÉPE Viktor wrote:
> And there is this
> https://wiki.debian.org/NewInBullseye#Changes
Both of these were referenced in my original message:
.html
* https://lists.debian.org/debian-devel/2021/08/msg00167.html
* https://lists.debian.org/debian-devel/2021/08/msg00172.html
but no consensus.
Thank you!
Daniel Lewart
Urbana, Illinois
on
> paste.debian.net.
Clearly someone tries to run a command put as an address. Out of curiosity:
Which kind of vulnerability are they trying to use here?
Regards, Daniel
--
Regards,
Daniel Leidert | https://www.wgdd.de/
GPG-Key RSA4096 / BEED4DED5544A4C03E283DC74BCD0567C296D05D
GPG-Key E
supported behind an authenticated HTTP zone for trusted
users
@Florian That linked message is yours; any objections from you?
Thanks,
Daniel
P.S. Priority "important" since binutils' rdeps include dpkg-dev, gcc,
and clang, so I assume this is quite visible.
> Some of its checks look inherently dangerous, e.g. the bash -n check for
> shell syntax.
Why would bash -n be dangerous?
signature.asc
Description: OpenPGP digital signature
Hi Sophie!
El mar., 10 de dic. de 2019 a la(s) 05:24, Sophie Brun (sop...@freexian.com)
escribió:
> Hi Daniel,
>
>
> Le 26/11/2019 à 16:14, Daniel Echeverry a écrit :
> > Hi!
> > [..]
> > I wrote to the upstream, and he will make a new release this weekend,
as requested in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908678#139
we have created a data/CVE/.list repo ("v2") during MiniDebConf HH
It is mirrored at Salsa:
https://salsa.debian.org/dlange/debian_security_security-tracker_split_files_v2
Am 06.06.19 um 07:31 schrieb Salvatore Bonaccorso:
Could you again point me to your splitted up variant mirror?
https://git.faster-it.de/debian_security_security-tracker_split_files/
Zobel brought up the security-tracker git discussion in the
#debian-security irc channel again and I'd like to record a few of the
items touched there for others that were not present:
DLange has a running mirror of the git repo with split files since three
months. This is based on anarcat's
Am 13.11.18 um 23:09 schrieb Moritz Muehlenhoff:
> The current data structure works very well for us and splitting the files
> has many downsides.
Could you detail what those many downsides are besides the scripts that
need to be amended?
> The Python job finished successfully here after 10 hours.
6h40 mins here as I ported your improved logic to the python2 version :).
# git filter-branch --tree-filter '/usr/bin/python2 /split-by-year.pyc' HEAD
Rewrite 1169d256b27eb7244273671582cc08ba88002819 (68356/68357) (24226 seconds
passed,
The main issue is that we need to get clone and diff+render operations
back into normal time frames. The salsa workers (e.g. to render a
diff) time out after 60s. Similar time constraints are put onto other
rendering frond-ends. Actually you can easily get Apache to segfault
if you do not
Hi Team!
I am working a new version of wifite[1], Could someone check it out?
Thank you very much!
Regards
[1]: https://salsa.debian.org/pkg-security-team/wifite/
--
Daniel Echeverry
http://wiki.debian.org/DanielEcheverry
http://rinconinformatico.net
Linux user: #477840
Debian user
alt+tab
--
*Daniel Romo*
d4nnr.blogspot.com.co #Blog_Personal
El 11 de enero de 2018, 10:45, DANIEL ROMO<danielromogar...@gmail.com>
escribió:
> Hola
>
> puedes enviar un print screen ? (con tu celular)
>
>
> amt+tab para cambiar de ventana es una solución
>
>
Hola
puedes enviar un print screen ? (con tu celular)
amt+tab para cambiar de ventana es una solución
;)
--
*Daniel Romo*
d4nnr.blogspot.com.co #Blog_Personal
El 11 de enero de 2018, 02:42, R Calleja<rcalle...@gmail.com> escribió:
> Hola buenos dias, alquien puede ayudarme.
&g
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
You need to use the web form:
https://www.debian.org/MailingLists/unsubscribe
On 01/11/17 13:55, Donald Haley wrote:
> Please unsuscribe me. > > Thanks
-BEGIN PGP SIGNATURE-
re. Thanks for jumping in and reporting this, I wasn't sure if I
hadn't just messed up my apt-pinning...
> The 32bit i386 packages on the hand are fine, probably because they
> were built by a buildd.
On an i386 VM the upgrade ran fine here as well.
Cheers
Daniel
signature.asc
Description: OpenPGP digital signature
On 01/28/2017 03:51 PM, Holger Levsen wrote:
> On Sat, Jan 28, 2017 at 03:04:56PM +0100, Daniel Reichelt wrote:
>> I highly suspect this stems from packages' rules files supporting
>> reproducible builds.
>
> I rather think this is due to binNMUs not modifying debian/change
moving it into place
(thus retaining the inode number).
Cheers
Daniel
signature.asc
Description: OpenPGP digital signature
OpenSSL 1.0.1e-2+deb7u21 purports to have fixed CVE-2016-2107.
However, an SSL Labs check of a site running this version still comes
up with the issue:
https://www.ssllabs.com/ssltest/analyze.html?viaform=on=www.k2dls.net
So which is correct, is the issue is resolved in the referencee version
unsubscrbe
On Thu, Aug 25, 2016 at 11:03 PM, Sebastien Delafond wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> -
> -
> Debian Security Advisory DSA-3654-1
Uhpppopppiujiki
MN
I have
.. buy bio
Yg.viuuu
On 18 Jul 2016 17:32, "Salvatore Bonaccorso" wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> - -
> Debian Security Advisory DSA-3621-1
=Licensing#License_of_Fedora_SPEC_Files
The upstream repository (which includes the .spec file too) is licensed
under GPLv2+. That's probably an inconsistency that I should fix...
Regards,
--
Daniel Kopeček
Software Engineer, Special Projects
Red Hat, Inc.
On 19/05/16 03:17, Paul Wise wrote:
> On Wed, May 18, 2016 at 9:20 PM, Daniel Pocock wrote:
>
>> Can anybody comment on how Debian users will be impacted by SHA-1
>> deprecation?
>
> There is some info related to that in these two wiki pages:
>
> https://w
Can anybody comment on how Debian users will be impacted by SHA-1
deprecation?
In particular:
- will libraries like OpenSSL and GnuTLS continue to support it in
stretch and beyond?
- will web servers like Apache support it in server certificates or
certificate chains?
- will web servers and
mv tiffanyryan2...@gmail.com /dev/null
2016-03-31 9:42 GMT-05:00 Tiffany Ryan <tiffanyryan2...@gmail.com>:
> Please remove my email from you system
>
> tiffanyryan2...@gmail.com
>
--
"La imaginación es más importante que el conocimiento. Einstein"
*Daniel
e. Thanks for the quick fix!
Daniel
Hi *
the amd64 build for 0.8-3+deb8u2 seems to be missing from [1].
Is this an error or am I missing something?
Thanks
Daniel
[1] http://security.debian.org/pool/updates/main/libv/libvdpau/
On 11/02/2015 08:27 PM, Alessandro Ghedini wrote
On 09/06/2015 07:14 PM, Paul Wise wrote:
> On Sun, Sep 6, 2015 at 10:20 AM, Daniel Reichelt wrote:
>
>> [1]
>> http://ftp.nl.debian.org/debian/dists/stretch/main/installer-amd64/current/images/
>
> ftp://ftp.debian.org/debian/dists/stretch/Release
> ftp://ftp.debi
missing s.th.? Looking forward to suggestions!
If I'm really the first one to bring this up: IMHO the simplest solution would
be to gpg-sign the hash lists under [1]/[2] and provide signed hash lists for
[3] as well.
Thanks
Daniel
[1]
http://ftp.nl.debian.org/debian/dists/stretch/main
like needsrestart and
apt-listchanges, and a test suite for your applications to check if
they still work with the new packages and that every service is back to
normal afterwards.
Just sharing my thoughts about this.
- Daniel
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
On 08/12/14 21:28, Daniel Pocock wrote:
On 08/12/14 21:16, Kurt Roeckx wrote:
On Mon, Dec 08, 2014 at 08:17:53PM +0100, Daniel Pocock wrote:
If I understand your reply correctly, the version in Ubuntu and Fedora
will still talk TLS 1.0 with the version now waiting in jessie?
Yes.
Do
it would help avoid situations where the package
needs to be recompiled to deal with security patching and therefore
reduce the burden on the security updates process.
If it will help the release team, is there anybody from the security
team who could review the changes in my debdiff?
Regards,
Daniel
On 08/12/14 10:20, Adam D. Barratt wrote:
On Mon, 2014-12-08 at 09:16 +0100, Daniel Pocock wrote:
[...]
If it will help the release team, is there anybody from the security
team who could review the changes in my debdiff?
Note that debian-security@lists.debian.org is not a contact address
On 08/12/14 10:48, Thijs Kinkhorst wrote:
Hi Daniel,
On Mon, December 8, 2014 09:16, Daniel Pocock wrote:
I've made some changes to TLS code in reSIProcate
- setting OpenSSL's SSL_OP_NO_SSLv3 by default when using SSLv23_method()
- adding configuration options to override the options
On 08/12/14 11:12, Kurt Roeckx wrote:
On Mon, Dec 08, 2014 at 09:16:45AM +0100, Daniel Pocock wrote:
Hi all,
I've made some changes to TLS code in reSIProcate
- setting OpenSSL's SSL_OP_NO_SSLv3 by default when using SSLv23_method()
This has no effect in jessie. SSLv2 and SSLv3
On 08/12/14 12:04, Thijs Kinkhorst wrote:
On Mon, December 8, 2014 11:17, Daniel Pocock wrote:
In the library package (libresiprocate-1.9.deb) there is no default
SSL/TLS mode. It uses whatever the project using the library selects.
If some developer wants to enable dynamic selection of TLS
On 08/12/14 12:36, Kurt Roeckx wrote:
On Mon, Dec 08, 2014 at 11:42:28AM +0100, Daniel Pocock wrote:
On 08/12/14 11:12, Kurt Roeckx wrote:
On Mon, Dec 08, 2014 at 09:16:45AM +0100, Daniel Pocock wrote:
Hi all,
I've made some changes to TLS code in reSIProcate
- setting OpenSSL's
On 08/12/14 13:53, Kurt Roeckx wrote:
On Mon, Dec 08, 2014 at 01:20:39PM +0100, Daniel Pocock wrote:
Just one other point: if somebody is trying sending the client hello
using SSL v2 record layer but indicating support for TLS v1.0, should
TLSv1_method or SSLv23_method accept that?
I would
On 08/12/14 18:58, Kurt Roeckx wrote:
On Mon, Dec 08, 2014 at 02:35:00PM +0100, Daniel Pocock wrote:
I have no idea what technology is in use in the remote/client system.
If my server socket is using TLSv1_method it is rejecting the connection
and logging those errors on my server:
error
On 08/12/14 19:25, Kurt Roeckx wrote:
On Mon, Dec 08, 2014 at 07:22:33PM +0100, Daniel Pocock wrote:
Will the TLSv1 method be removed in jessie or while jessie is still
supported?
This is something post jessie.
Is it something that is going to happen with Ubuntu releases next year
(e.g
On 08/12/14 20:06, Kurt Roeckx wrote:
On Mon, Dec 08, 2014 at 07:42:54PM +0100, Daniel Pocock wrote:
Is it something that is going to happen with Ubuntu releases next year
(e.g. April 2015)?
If so, it means that the repro package in jessie won't talk to a repro
package in Ubuntu.
I
On 08/12/14 21:16, Kurt Roeckx wrote:
On Mon, Dec 08, 2014 at 08:17:53PM +0100, Daniel Pocock wrote:
If I understand your reply correctly, the version in Ubuntu and Fedora
will still talk TLS 1.0 with the version now waiting in jessie?
Yes.
Do you believe it would be reasonable for me
Just filed a bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770105
cheers
daniel
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/546bc6d3.9040
On 09/22/2014 04:07 AM, Elmar Stellnberger wrote:
Am 22.09.14 um 01:52 schrieb Paul Wise:
The Debian archive does not allow files to change their checksum, so
every signature addition requires a new version number. That sounds
like a bad idea to me.
Yes, that is something we definitely do
On 09/21/2014 02:04 PM, Elmar Stellnberger wrote:
a well programmed dpkg-cmp.
... and as long as the tool should not be available simply un-ar and
compare
the data.tar.gz-s.
fwiw, this suggestion fails to compare the contents of control.tar.gz,
which includes the maintainer scripts (preinst,
On 09/19/2014 06:07 AM, Elmar Stellnberger wrote:
Isn`t there really any way to include the signatures in the header of
the .deb files?
Why not simply add multiple signature files in the control.tar.gz of a
.deb just next
to the md5sums which should in deed be a sha256sums (otherwise there
On 09/19/2014 12:34 AM, Paul Wise wrote:
On Fri, Sep 19, 2014 at 9:30 AM, Hans-Christoph Steiner wrote:
Finally did this:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762153
Please note that you proposal to add signatures to .deb files will
break reproducible builds because the hash
in the
knowledge that they would not be back in the office to deal with the problem
until August 25th. Such vacation mails would make my job alot easier.
IT is fortunate for the senders of such mails that I am not a malicious
individual.
Best regards,
Daniel
On 6 Aug 2014, at 09:49, Grond wrote
Thank You S. B. very much. now all I have to do; is Buy a new PC.
Thanks again, dth
On Sun, Jul 6, 2014 at 9:16 AM, Salvatore Bonaccorso car...@debian.org
wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
I don't understand why so much noise on this subject.
Https for Debian mirrors and a server centralized, maintained and owned
by Debian for debsig-verify / debsums packages it will be enough, at
least for the next years.
PS: from now on I will filter out any email regarding nsa, debian
On Mon, Jul 07, 2014 at 02:54:15PM -0400, Hans-Christoph Steiner wrote:
Do you have another idea for making it difficult for network observers to keep
track of the software people are using?
Well, you can always mirror the entire repository and configure
your server/desktop to use that
what should I do with the Above gobble-D-GOOK? even my usb Flashdrives
Are wiped!, (not by me!).
On Fri, Jun 27, 2014 at 1:14 AM, Salvatore Bonaccorso car...@debian.org
wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
-
What am I supposed to Download this ONTO? PC I'm ON, is a PUBLIC Library
PC. all of MY USB Flash-Drive are Wiped Clean. gobble-D-Gook =
incomprehensible Material.
On Sun, Jun 29, 2014 at 10:58 AM, Moritz Muehlenhoff j...@debian.org wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
On Fri, May 30, 2014 at 11:50:32PM +1000, Alfie John wrote:
Several times (public and private) I tried to explain how the download
of APT (the binary itself) on an initial Debian install could be
compromised via MITM since it's over plaintext. Then the verification of
packages could simply be
(linked to earlier)
difficult to understand and apply in this regard.
Daniel
Cédric Lemarchand wrote:
Please, honestly, do you know what every features in this list does,
how they could be benefit for you and in which way ?
Or did your choice will *only* be based on the number of
supported
Die CVE-2014-0196 is wel interessant
Local kernel DoS || privilege escalation
Original message
From: Moritz Muehlenhoff j...@debian.org
Date: 12/05/2014 17:59 (GMT+01:00)
To: debian-security-annou...@lists.debian.org
Subject: [SECURITY] [DSA 2926-1] linux security update
exploit this vulnerability
against our site:
http://filippo.io/Heartbleed/#noflag.org.uk
https://www.ssllabs.com/ssltest/analyze.html?d=noflag.org.uk
What could be going on here?
Thanks in advance for all your help,
Daniel
Salvatore Bonaccorso wrote
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Thank you all for your help. Mod_spdy has a statically-linked vulnerable
version of OpenSSL. After the standard update we are no longer vulnerable.
Daniel
Estelmann, Christian wrote:
Your server talks spdy. Have you upgraded mod_spdy to 0.9.4.2
On 2 March 2014 10:53:51 WET, Jack j...@jackpot.uk.net wrote:
Systemd scares me. As far as I can see it does a lot of things right
(in
some cases these are things that no other contender does right); I'm
not
going to try to enumerate those things, that's been one elsewhere. But
the way systemd has
Unsubscribe
Daniel
On Feb 8, 2014 1:00 AM, Florian Weimer f...@deneb.enyo.de wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2856-1 secur...@debian.org
http
Hello everyone
Thanks for yours opinions. Yes, I know that AppArmor is
available in Debian. That's good. It's just fine, that there
is a possibilities to choose between SELinux and AppArmor.
Unfortunately, I can help only with creating profiles for a
various applications. For now, I'm trying to
Hello everyone,
Michael web site with a statistic I've watching for time to
time. Also *Debian* Hardening wiki page I studied a couple of
time.
**
*There is a lintian check for setuid binaries (...) ***
* There isn't really any group effort tackling or monitoring ***
* the assortment of useful
Hi Moritz,
90 percent of the hardening via '*dpkg-buildflags*'? That's
a good information. I'd hoped, that the majority of all base
packages and that's security-sensitive will be protected
well. It's really a huge satisfaction.
One more thing - does Debian include something like e.g.
Ubuntu or
Hello everyone,
Before Wheezy release we could find a web site, which
contained notices about update as many packages as
possible to use security hardening build flags via
'dpkg-buildflags'. Also, there could be found a note about
packages that should have build flags enabled before
the Wheezy
On Mon, Aug 5, 2013 at 9:17 AM, intrigeri intrig...@debian.org wrote:
I need a reality check, as it's unclear to me what are the goals of
this discussion.
I don't think there are any goals. I asked it just to understand if it
would be possible to do what I was thinking (apparently, it is) and
I am really sorry if you think it's rude to start a topic here without
subscribing. I thought that it was acceptable, since a lot of people do it
in debian-users (I know it has a lot more volume than this one) and it's
the default action when you click on Reply to All in most clients (well,
On Sun, Aug 4, 2013 at 2:55 PM, Michael Stone mst...@debian.org wrote:
On Sun, Aug 04, 2013 at 10:12:40AM +0200, Heimo Stranner wrote:
I think the real issue is about if the malicious patch is not part of
the source package
Why? It certainly makes your argument simpler if you arbitrarily
I was reading this [1] article and it brought a question do my mind: How
hard would it be for the FBI or the NSA or the CIA to have a couple of
agents infiltrated as package mantainers and seeding compromised packages
to the official repositories?
Could they submit an uncompromised source and
Hi Rolf.
*The information about connections is stored in
*
* /proc/net/ip_conntrack. The maximum connections
*
* (...) in /proc/sys/net/ipv4/netfilter/ip_conntrack_max*
I checked these values and it looks this way;
# cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max
55740
# cat
, at 11:34 AM, Daniel Curtis sidetripp...@gmail.com wrote:
Hi Mr Rolf
Okay, I will check these values; /proc/net/ip_conntrack etc.
Generally it is normal, that there are INVALID connections, right?
Yes, I'm seeing this syslog tag. Should I remove it from my iptables
script (e.g. -j LOG
Hi
As we know iptables INVALID state means, that
the packet is associated with no known connection,
right? So, if I have a lot of INVALID entries in my
log files, does it means, that something is wrong?
Hidden process etc.?
An example of logged entries;
t4 kernel: [18776.221378] [INVALID in]
Hi andika.
Another INVALID packet description. I read a lot of
information and I don't know what is the truth. Frankly,
the first time I see a description, which concerns RAM memory.
So, I have a 1 GB of RAM memory. Just for example; free -m
command result;
used: 640, free: 230
and top command;
thank You, Salvatore B. gonna try this today.
On Sun, Feb 24, 2013 at 2:51 AM, Salvatore Bonaccorso car...@debian.orgwrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2630-1
thank you, guys. will make use of it.
On 2/10/13, Moritz Muehlenhoff j...@debian.org wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2612-2 secur...@debian.org
Hi Mr Edwin
Yes, I have this rule and is responsible for the
established/related connections. This rule is almost
at the very end of the INPUT chain.
* (...) before the rule that logs/drops your packets?*
Do you mean those strange packages mentioned in the first
mail, right? Frankly, not; This
Hi Mr Erwan
So, everything is okay? Even these strange logs
mentioned earlier? I'm still curious about this rule;
*SYN,RST, ACK,FIN, PSH,URG, SYN,RST,ACK,
FIN,PSH,URG*
What do you mean by writing, that I should not contact servers?
Best regards!
Hi Mr Erwan
Let's summarize: these logs are normal and are not
something... *bad*. Even if there are many IP's connections
(*INVALID*) probes.
I understand, that I should have not contact with the servers.
Okay, but if those servers are providing e.g. a website, which
I visit? How to avoid them?
Hi Mr Mestnik
I'm just curious why Debian does not publish updated versions
of the packages as soon as possible. Especially, when it comes
to the security updates. Other distributions are doing it much faster.
Personally, I do not like to use the applications that I know, it is
vulnerable.
As I
Hi
Whether the Iceweasel 10.0.11 ESR package can be updated a little faster due
to several security issues? On January 8 Mozilla published about 20
Security Advisories[1]. Many distributions already have updated Firefox to
the
latest 18 and 10.0.12 ESR versions[2]. According to the website for
Hi Mr Cyril,
Thank you for pointing out this website. I completely forgot
about it and definitely, I should look there first, before writing
a message here.
I did not look over this web site (Changlelog for 3.2.X) for a long
time, because for now, I am still using a linux-2.6 on all of my
Hi,
Kernel 3.7 is officially out. This Linux release includes many improvements
practically in every aspect. Many changes also concerns security. Very
interesting are: Cryptographically-signed kernel modules and - long awaited
-
symlink and hardlink restrictions (already in Linux 3.6), but it
Hi Thijs! Okay now everything is clear. Regards!
(...) so a good umask may be set there for init.
Hi, and a good setting for umask is? I know that it depends
on many things, but what do you think?
Cheers
Hi,
Thank You, I should look there first (Security Tracker). But I see,
that two of three CVE's are marked as 'vulnerable' for all branches;
stable, testing and unstable. Frankly, only first CVE is Fixed for Squeeze.
It is normal?
Regards!
Hi,
I would like to inform about a new stack-based buffer overflow
vulnerability for MySQL. The following CVEs have been assigned
to track this MySQL vulnerability:
CVE-2012-5611 MySQL (Linux) Stack based buffer overrun PoC Zeroday
CVE-2012-5612 MySQL (Linux) Heap Based Overrun PoC Zeroday
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Moritz
Please test/report, whether the packages located at
http://people.debian.org/~jmm/ fix the problem for you.
Could you please publish the source package as well?
And is this going to go into squeeze-updates eventually?
Cheers
Daniel
Thanks guys.
I've received quite a massive response it seems. All the information I
was looking for.
Thanks again,
Dan
On Wed, Nov 24, 2010 at 10:48 AM, Daniel Hood dsmh...@gmail.com wrote:
Does anyone have a good checklist or script to harden a vanilla debian
box after installation?
Dan
Does anyone have a good checklist or script to harden a vanilla debian
box after installation?
Dan
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
Hi Debian Security folks--
On 03/10/2010 01:18 PM, dann frazier wrote:
Debian Security Advisory DSA-2010 secur...@debian.org
http://www.debian.org/security/ Dann Frazier
March 10,
On 03/10/2010 02:49 PM, dann frazier wrote:
On Wed, Mar 10, 2010 at 02:18:38PM -0500, Daniel Kahn Gillmor wrote:
It's not clear to me from the instructions above whether users should
re-build their kvm modules package as well as installing the revised
versions.
Is the vulnerability fully
sorry, this proposed boilerplate change was meant to go to the list, not
just to dann.
Thanks for all your work, folks.
--dkg
---BeginMessage---
On 03/10/2010 04:53 PM, dann frazier wrote:
On Wed, Mar 10, 2010 at 04:09:48PM -0500, Daniel Kahn Gillmor wrote:
So would the 4th be fixed
://bugs.g10code.com/gnupg/issue931 (for example)
Regards, Daniel
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
regarding this study, so I hereby start this thread).
Regards, Daniel
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Since the security team hasn't released a fix or an advisory yet for
the Ruby vulnerabilites discovered yesterday, I've rolled my own as a
stopgap. See http://dfranke.us/rubyfix.txt
--
Daniel Franke [EMAIL PROTECTED] http://www.dfranke.us
1 - 100 of 415 matches
Mail list logo