Re: [SECURITY] [DSA 3121-1] file security update

* Florian Weimer [2015-01-19 19:26:16 CET]: > * Henrique de Moraes Holschuh: > > > However, it would be best if we could somehow get you permission to upload > > backports of "file". > > Looks like it's being worked on: > > > > (I don't know what

Re: New Lenny Point Release

Hi! * Sander [2010-12-01 11:09:21 CET]: > Philipp Kern wrote (ao): > > a new Lenny point release is to be pushed onto the mirrors in about an hour. > > An announcement will be sent by the press team, too. > > The link "press release" on http://debian.org/releases/stable/ points to > http

Re: [SECURITY] [DSA 2038-3] New pidgin packages fix regression

Hi! * Thijs Kinkhorst [2010-11-15 13:32:16 CET]: > On Mon, November 15, 2010 12:24, Gerfried Fuchs wrote: > > * Thijs Kinkhorst [2010-11-13 20:37:28 CET]: > >> Since a few months, Microsoft's servers for MSN have changed the > >> protocol, > >>

Re: [SECURITY] [DSA 2038-3] New pidgin packages fix regression

Hi! * Thijs Kinkhorst [2010-11-13 20:37:28 CET]: > Since a few months, Microsoft's servers for MSN have changed the protocol, > making Pidgin non-functional for use with MSN. It is not feasible to port > these changes to the version of Pidgin in Debian Lenny. This update > formalises that

Re: [DSA 205x-1] ...

Hi! * [2010-06-10 10:13:46 CEST]: > [...] > CVE-2008-1391, CVE-2009-4880, CVE-2009-4881 > > Maksymilian Arciemowicz discovered that the GNU C library did not > [...] Can we pretty please get back to indented CVE text again? Otherwise conversion for the website is really becoming a tedio

Re: [Secure-testing-team] Security update for Debian Testing - 2008-12-06

Hi! * Johannes Wiedersich <[EMAIL PROTECTED]> [2008-12-06 10:03:04 CET]: > I was wondering, why I don't receive any testing security updates any more. > > # grep -v ^# /etc/apt/sources.list > deb http://ftp2.de.debian.org/debian/ lenny main contrib non-free > deb-src http://ftp2.de.debian

Re: Keeping the webserver safe

* Joe <[EMAIL PROTECTED]> [2008-10-06 19:20:27 CEST]: > How can there be any way? If you allow users to upload executable > scripts, you might as well give them ssh access and be done with it. You > must enforce file create permissions on the upload system (ftp or > whatever) which do not includ

Re: [SECURITY] [DSA-1645-1] New lighttpd packages fix various problems

* Steve Kemp <[EMAIL PROTECTED]> [2008-10-06 19:29:51 CEST]: > CVE-2008-4298 > A memory leak in the http_request_parse function could be used by > remote attackers to cause lighttpd to consume memory, and cause a > denial of service attack. > > CVE-2008-4359 > Inconsistent handling

Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

Am Mittwoch, den 14.05.2008, 09:35 +0200 schrieb Rene Mayrhofer: > rm /etc/ssh/ssh_host_* > dpkg-reconfigure openssh-server > /etc/init.d/ssh restart FWIW, the dpkg-reconfigure openssh-server does the restart implicitly, you don't need to explicitly do a restart afterwards, again. > Who is curre

Re: Broken link on Debian CVE Web page (Was: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

Am Dienstag, den 13.05.2008, 15:51 +0200 schrieb Stephane Bortzmeyer: > On Tue, May 13, 2008 at 03:44:24PM +0200, > > > packages," and this link is broken: there is no > > > security-tracker.debian.org. > > > > Just in case you don't know about it yet, try .net. > > Nice and useful but the Web pa

Re: missing security updates for powerpc

Hi! For your informations: gpg: Signature made Don 30 Aug 2007 05:14:42 CEST using DSA key ID E68C0092 gpg: BAD signature from "Simon Valiquette (Gulus) <[EMAIL PROTECTED]>" On Wed, Aug 29, 2007 at 11:15:38PM -0400, Simon Valiquette wrote: >On security.debian.org, there is no securit

Re: [SECURITY] [DSA 1145-1] New freeradius packages fix several vulnerabilities

his, I'm going to check if it still available in testing/unstable and file the appropriate release critical bugreport against it. mfg, -- Gerfried Fuchs // [EMAIL PROTECTED] // GPG 0xEC152942 // t_sysadmin // [EMAIL PROTECTED] // Tel 059

Re: Security FAQ

* Johan Haggi <[EMAIL PROTECTED]> [2004-03-07 17:30]: > Maybe you want to add this at security faq: I don't see a need for it, because: > === Question === > To use sarge's security updates I write this line in sources.list: > deb http://security.debian.org/ sarge/updates main contrib non-free >

Re: Security FAQ

* Johan Haggi <[EMAIL PROTECTED]> [2004-03-07 17:30]: > Maybe you want to add this at security faq: I don't see a need for it, because: > === Question === > To use sarge's security updates I write this line in sources.list: > deb http://security.debian.org/ sarge/updates main contrib non-free >

Re: VI wrapper for SUDO? - another bad way ??

* William R. Ward <[EMAIL PROTECTED]> [2001-12-04 11:56]: > Yes, it is difficult, but if one is conscientious enough about > checking all the environment variables and such it can be done. For oneliners, maybe. But even there it's hard. YMMV. I can find better things than trying to secure shel

Re: VI wrapper for SUDO? - another bad way ??

* William R. Ward <[EMAIL PROTECTED]> [2001-12-04 11:56]: > Yes, it is difficult, but if one is conscientious enough about > checking all the environment variables and such it can be done. For oneliners, maybe. But even there it's hard. YMMV. I can find better things than trying to secure she