Re: [SECURITY] [DSA 1103-1] New Linux kernel 2.6.8 packages fix several vulnerabilities

On Wednesday 28 June 2006 22:24, Wolfgang Jeltsch wrote: > > http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i38 > >6/ kernel-image-2.6.8-2-386_2.6.8-16sarge1_i386.deb > > Size/MD5 checksum: 14058198 fd607b13caf99093ef31071ff7395d6d > > This package is actually not new. I install

Re: So many patches!

On Saturday 17 December 2005 07:35, curby . wrote: > Within the last hour or so, I've gotten about 130 announcements of > accepted patches/upgrades of packages on debian-changes. Before then, > I'd only usually get a few such announcements per day. Is some > backlog clearing up, did I miss some a

Re: CAN to CVE: changing changelogs?

On Thursday 27 October 2005 23:34, Henrique de Moraes Holschuh wrote: > To me it is a technical matter, as the changelogs are a tool for a > technical job. To me, changelogs are primarily a way of informing the user of changes in a package. Including references to fixed security issues is definit

Re: CAN to CVE: changing changelogs?

On Thursday 27 October 2005 22:30, Henrique de Moraes Holschuh wrote: > When dealing with Debian matters of a technical nature, yes. When > dealing with matters outside Debian, or of a non-technical nature, I > may decide to not take such an instance. And frankly, as long as it is > a rule of min

Re: Woody End of Support - When?

On Tuesday 25 October 2005 00:57, Shane Machon wrote: > Has there been an official announcement on this end of patches/support > date or is it simply: release date + 6 months? http://www.debian.org/releases/woody/ Release date + 1 year unless a new release happens sooner (which it will not). Ch

Re: Sarge's FireHOL fails to start if previously stopped

On Tuesday 25 October 2005 00:27, Tilman Koschnick wrote: > According to the changelog, this is fixed in firehol 1.231-3; Sarge has > 1.231-2. This bug could possibly leave a system without a firewall > activated, so I'm wondering if the bugfix would warrant an upload to > the security archive. Pr

Re: Kernel Security Support

On Wednesday 07 September 2005 19:07, peace bwitchu wrote: > Are the kernel packages in Sarge currently supported > by the security team? I know that support for the > kernel packages in Woody were dropped and you needed > to roll your own for security updates. Is this how it > is going to be in

Re: Bad press again...

On Tuesday 30 August 2005 10:34, Antti-Juhani Kaijanaho wrote: > Frans Pop wrote: > > On Monday 29 August 2005 22:23, Florian Weimer wrote: > >>I've obtained permission from tbm to quote the message reproduced > >>below in public. This should make it clear tha

Re: Bad press again...

On Monday 29 August 2005 22:23, Florian Weimer wrote: > I've obtained permission from tbm to quote the message reproduced > below in public. This should make it clear that the intent was to > delegate: "Nach [URL] hat debian-admin klar die Authorität" -- > "according to [URL], debian-admin clearly

Re: Bad press again...

On Monday 29 August 2005 21:40, Florian Weimer wrote: > > I see no "(as DPL) I appoint" or "I delegate" in that mail. > > This is not necessary. I'm sorry, but I still think you're doing creative reading. There is only an announcement of the addition of a new member to an existing team. There is

Re: Bad press again...

On Monday 29 August 2005 20:13, Florian Weimer wrote: > Martin Michlmayr has made the security team a delegate by this > message: > Huh? I read no formal delegation in that message. It just states that he talked to some people a

Re: [SECURITY] [DSA 773-1] New amd64 packages fix several bugs

On Thursday 11 August 2005 21:24, Martin Schulze wrote: > Package: several > Vulnerability : several > Problem-Type : local and remote > Debian-specific: no > > This advisory adds security support for the stable amd64 distribution. Great job! Another major step for AMD64. pgpyG9e9LhvG

Re: On Mozilla-* updates

On Thursday 04 August 2005 00:39, Thomas Bushnell BSG wrote: > Frans Pop <[EMAIL PROTECTED]> writes: > > On Thursday 04 August 2005 00:25, Thomas Bushnell BSG wrote: > >> What is wrong with volatile? It's for exactly this case. > > > > No it is n

Re: On Mozilla-* updates

On Thursday 04 August 2005 00:25, Thomas Bushnell BSG wrote: > What is wrong with volatile? It's for exactly this case. No it is not. volatile-sloppy [1] may be (if that's implemented). [1] http://lists.debian.org/debian-devel-announce/2005/05/msg00016.html pgpQYcm3oGbIO.pgp Description: PGP s

Re: [SECURITY] [DSA 741-1] New bzip2 packages prevent decompression bomb

On Thursday 07 July 2005 15:17, Christina Miller wrote: > Do you know how I can get myself off of this list? Somehow I signed up > under my alias, so I can't just send a message from my email account. Use the unsubscribe button on this page after filling in the address you used to subscribe: htt

Re: Bad press related to (missing) Debian security - action

On Tuesday 28 June 2005 11:02, martin f krafft wrote: > > instead of adding to the security team's tasks, and instead of > > writting emails, why don't we spend the time to write some scripts > > to do what we're expecting to be done by the security team ?? > > thanks for the proposal. why did you

Re: Bad press related to (missing) Debian security

On Monday 27 June 2005 20:39, Marek Olejniczak wrote: > I don't understand the philosophy of Debian security team. It's really > so difficult to push into sarge spamassassin 3.0.4 which is not > vulnerable? This version is in Debian testing and why this version > can't be push into stable? Seems t

Re: Security status of orphaned woody packages when upgraded to sarge?

On Tuesday 10 May 2005 20:56, David Stanaway wrote: > The problem I see is that there is no warning that the package no > longer exists, and could potentially have security problems that go > unnoticed even if you check debian security advisories diligently. If you use dselect or aptitude, such pa

Re: post-fix-upgrade procedures notification

. (It's not extremely pretty, but does the job.) Cheers, Frans Pop checkdeleted Description: application/shellscript pgpIUjWB1shyE.pgp Description: PGP signature

Re: debian security support history

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wednesday 24 November 2004 16:50, Robert Lemmen wrote: > - was there really no 2.1r1 to 2.1r3? the first point release i can see > there is r4... Guess no formal announcements for point releases were made back then. [1] will give you an approximat

Woody packages on security.d.o/ _testing_?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, Is there a good reason why I find Woody packages here? http://security.debian.org/dists/testing/updates/main/binary-i386/Packages It gave me some problems during a test installation with Debian Installer. Cheers, Frans Pop -BEGIN PGP

Re: what process is using a port

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Monday 03 May 2004 19:14, LeVA wrote: > Is there a way to figure out what program is using a port. For example I > want to know which process is using port 80. How can I do this? > # info lsof # lsof -i : Cheers, FJP -BEGIN PGP SIGNATURE-

Re: what process is using a port

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Monday 03 May 2004 19:14, LeVA wrote: > Is there a way to figure out what program is using a port. For example I > want to know which process is using port 80. How can I do this? > # info lsof # lsof -i : Cheers, FJP -BEGIN PGP SIGNATURE-

Re: strange PIDs on kernel threads

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sunday 26 October 2003 22:12, Laurent Corbes {Caf'} wrote: > > see bug #217525 > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=217525 > > it's a kernel bug :/ > Not sure about that. I have same kernel (2.4.20) but different procps (2.0.7-8 fro

Re: strange PIDs on kernel threads

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sunday 26 October 2003 22:12, Laurent Corbes {Caf'} wrote: > > see bug #217525 > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=217525 > > it's a kernel bug :/ > Not sure about that. I have same kernel (2.4.20) but different procps (2.0.7-8 fro

Ideas for logcheck overhaul

it is still readable.) Hope you can use some of it. Frans Pop -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/moYXgm/Kwh6ICoQRAo8nAKCNKmnIukkLLRHJFQ+VK06uutyAzQCgpwNt W4IA10ze+srZ8YJDCcGtEL0= =6DLx -END PGP SIGNATURE-

Ideas for logcheck overhaul

it is still readable.) Hope you can use some of it. Frans Pop -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/moYXgm/Kwh6ICoQRAo8nAKCNKmnIukkLLRHJFQ+VK06uutyAzQCgpwNt W4IA10ze+srZ8YJDCcGtEL0= =6DLx -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] wi

Re: Verisign does hijack 'country' domains !!!

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sorry Michelle, If I try the domain you entered, I get "Welcome to Wendy!". I have also tried most other examples you have given of problems and never yet been redirected to Verisign. Obviously there is something very wrong with your browser or DNS(

Re: Verisign does hijack 'country' domains !!!

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sorry Michelle, If I try the domain you entered, I get "Welcome to Wendy!". I have also tried most other examples you have given of problems and never yet been redirected to Verisign. Obviously there is something very wrong with your browser or DNS(

Re: Wrong manpage/doc file modes in exim-3.35-1woody1 [DSA 377-1]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Same on my boxes. Thanks for pointing out the cause. I did sudo chmod 644 `find . -perm 640` in /usr/share/man and /usr/share/doc/exim to fix the problem. I guess a new package will be made? Frans Pop On Sunday 07 September 2003 14:26, Jeremie

Re: Wrong manpage/doc file modes in exim-3.35-1woody1 [DSA 377-1]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Same on my boxes. Thanks for pointing out the cause. I did sudo chmod 644 `find . -perm 640` in /usr/share/man and /usr/share/doc/exim to fix the problem. I guess a new package will be made? Frans Pop On Sunday 07 September 2003 14:26, Jeremie

Re: Strange email from debian list

On Monday 01 September 2003 22:42, Santiago Vila wrote: > On Mon, 1 Sep 2003, Frans Pop wrote: > > Can anyone explain why the mail below was bounced(?) by murphy.debian.org > > to me? > > I did not send the original mail, I am not listed anywhere in the > > original mail

Strange email from debian list

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, Can anyone explain why the mail below was bounced(?) by murphy.debian.org to me? I did not send the original mail, I am not listed anywhere in the original mail and I am not subscribed to debian-i386-changes (nor have been in the past). Th

Re: Strange email from debian list

On Monday 01 September 2003 22:42, Santiago Vila wrote: > On Mon, 1 Sep 2003, Frans Pop wrote: > > Can anyone explain why the mail below was bounced(?) by murphy.debian.org > > to me? > > I did not send the original mail, I am not listed anywhere in the > > original mail

Strange email from debian list

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, Can anyone explain why the mail below was bounced(?) by murphy.debian.org to me? I did not send the original mail, I am not listed anywhere in the original mail and I am not subscribed to debian-i386-changes (nor have been in the past). Th