Upcoming stable point release (9.7)

Hi, The next point release for "stretch" (9.7) is in progress just now and should hit the mirrors in the next hours. Regards, Martin -- Martin Zobel-Helas Debian System Administrator Debian & GNU/Linux Developer Debian Listmaster http://

Re: HTTPS needs to be implemented for updating

ub.com/rgeissert/http-redirector/issues/78 httpredir is a dead horse. -- Martin Zobel-Helas <zo...@spi-inc.org> Software in the Public Interest, Inc. | Member of the Board of Directors GPG Fingerprint: 6B18 5642 8E41 EC89 3D5D BDBB 53B1 AC6D B11B 627B

Re: Ticket received- [SECURITY] [DSA 3055-1] pidgin security update

Hi, On Thu Oct 23, 2014 at 23:15:54 +0100, Jack wrote: On 23/10/2014 22:14, Multapplied Networks Technical Services wrote: Dear Debian-security, Ban the bots! already kicked. Martin Zobel-Helas -- Debian Listmaster -- Martin Zobel-Helas zo...@debian.orgDebian System

Re: security-tracker now on https?

server. http://www.digicert.com/wildcard-ssl-certificates.htm And every DigiCert wildcard certificate comes with an unlimited server license, so you only pay once—whether you have one server or one hundred. Cheers, Martin -- Martin Zobel-Helas zo...@debian.orgDebian System Administrator Debian

Re: security-tracker now on https?

Hi, On Fri May 24, 2013 at 21:42:27 +0200, Florian Weimer wrote: * Martin Zobel-Helas: No, wildcards certificates are generally only licensed for installation on a single server. http://www.digicert.com/wildcard-ssl-certificates.htm And every DigiCert wildcard certificate comes

Re: Long Exim break-in analysis

{if mount | awk '{print $3}' | grep -q '^/tmp$'; then /bin/mount -o remount,exec /tmp; fi;}; DPkg::Post-Invoke {if mount | awk '{print $3}' | grep -q '^/tmp$'; then /bin/mount -o remount,noexec /tmp; fi;}; -- Martin Zobel-Helas zo...@debian.org | Debian System Administrator Debian GNU/Linux

Re: [SECURITY] [DSA 2134-1] Upcoming changes in advisory format

? -- Martin Zobel-Helas zo...@debian.org | Debian System Administrator Debian GNU/Linux Developer | Debian Listmaster Public key http://zobel.ftbfs.de/5d64f870.asc - KeyID: 5D64 F870 GPG Fingerprint: 5DB3 1301 375A A50F 07E7 302F 493E FB8E 5D64 F870 -- To UNSUBSCRIBE

Re: Upcoming etch point release

move DSAs into archive seperatly without breaking the GPG signature of the Release file. Cheers, Martin -- Martin Zobel-Helas zo...@debian.org | Debian System Administrator Debian GNU/Linux Developer | Debian Listmaster Public key http://zobel.ftbfs.de/5d64f870.asc

Re: ipv6 and security.debian.org

Martin -- Martin Zobel-Helas zo...@debian.org | Debian System Administrator Debian GNU/Linux Developer | Debian Listmaster Public key http://zobel.ftbfs.de/5d64f870.asc - KeyID: 5D64 F870 GPG Fingerprint: 5DB3 1301 375A A50F 07E7 302F 493E FB8E 5D64 F870

Re: [SECURITY] [DSA 1633-1] New slash packages fix multiple vulnerabilities

Hi, On Mon Sep 01, 2008 at 20:55:11 +0200, [EMAIL PROTECTED] wrote: *** out of office auto-reply *** unsubscribed. -- Martin Zobel-Helas [EMAIL PROTECTED] | Debian System Administrator Debian GNU/Linux Developer | Debian Listmaster Public key http://zobel.ftbfs.de

Re: [SECURITY] [DSA 1615-1] New xulrunner packages fix several vulnerabilities

with Danny Beckett or Ray Brown at 616-301-1037. If you have any other questions or messages, please leave a detailed message at 616-301-1037. Please unsubscribe [EMAIL PROTECTED] from the mailing list. done. please report such persons to [EMAIL PROTECTED] -- Martin Zobel-Helas

Re: clamav.* package versions (etch)

someone know. Is is already escalated, and we are working on that problem getting fixed. clamav will be available in a few minutes. Greetings Martin -- Martin Zobel-Helas [EMAIL PROTECTED] | Debian Release Team Member Debian GNU/Linux Developer | Debian Listmaster Public

Re: [SECURITY] [DSA 1438-1] New tar packages fix several vulnerabilities

Hi, On Fri Dec 28, 2007 at 19:19:50 -0500, Jim Popovitch wrote: On Fri, 2007-12-28 at 22:36 +0100, Martin Zobel-Helas wrote: On Fri Dec 28, 2007 at 22:10:08 +0100, Wolfgang Jeltsch wrote: However, I cannot see any security announcement for most of these. Were they updated because

Re: [SECURITY] [DSA 1438-1] New tar packages fix several vulnerabilities

Hi, On Fri Dec 28, 2007 at 22:10:08 +0100, Wolfgang Jeltsch wrote: Am Freitag, 28. Dezember 2007 16:29 schrieb Florian Weimer: Debian Security Advisory DSA-1438-1 [EMAIL PROTECTED]

Re: security.debian.org: MD5Sum mismatch

Hi, On Fri Aug 17, 2007 at 13:12:34 +0200, Lupe Christoph wrote: On Friday, 2007-08-17 at 10:46:32 +, [EMAIL PROTECTED] wrote: On Fri, Aug 17, 2007 at 12:20:34PM +0200, Lupe Christoph wrote: I *wish* those updates were atomic, but they probably arent'. why not though ?

Re: security mirror out of date: 128.101.240.212

Hi, On Mon May 14, 2007 at 17:17:13 -0400, Jim Popovitch wrote: On Tue, 2007-05-15 at 00:14 +0300, Tomas Nykung wrote: What I don't understand is why I always got the bad mirror, regardless how many times I tried to rerun aptitude/apt-get update both yesterday and today (and on two

Bug#417328: links2: should not be part of any stable release

Package: links2 Version: 2.1pre16-1 Severity: serious Tags: security Justification: seem to buggy to be supported by the security team Hi, on December 21st, DSA 1240 was released from a member of the security team. It was issued to fix 'arbitrary shell command execution'. Within a week the

Re: Fabien Trauchessec est absent(e).

Hi Fabien, On Mon Nov 27, 2006 at 10:31:59 -0500, [EMAIL PROTECTED] wrote: My auto-reply software sends severals messages to the debian-security mailing-list. Now my address is on google and I began to recieve some spam. The Debian-Listarchives-Policy is to NOT remove or alter any postings

Re: bind9 security problem?

On Sat Nov 04, 2006 at 10:30:55 +0100, Adrian von Bidder wrote: Yodel! Is there a security problem in some bind version? Or in some syncml-related application? Or is somebody just being silly? I have these in my logs: === Nov 3 15:35:03 myhost named[8286]: unexpected RCODE (SERVFAIL)

Re: bug in tar 1.14-2.1

Hi Andi, On Monday, 27 Mar 2006, you wrote: * Martin Zobel-Helas ([EMAIL PROTECTED]) [060324 16:00]: Looks like just rebuilding the security version resolves that error, for whatever reason. Julien and me just cross checked that and got the same result. If noone minds we reupload tar

Re: bug in tar 1.14-2.1

Hi mollo, On Sunday, 19 Mar 2006, you wrote: On Tue, 7 Mar 2006 15:19:58 +0100 using tar 1.14-2.1 fw:/home/mathieu# tar --rmt-command=/usr/sbin/rmt -cvf '[EMAIL PROTECTED]:/home/mathieu/test.tgz' /etc tar: [EMAIL PROTECTED]:/home/mathieu/test.tgz: Cannot open: Input/output error tar:

Re: problem with unsubscribe

Hi Thomas, looks like you are subscribed to debian-security-announce@lists.debian.org You can either go to http://lists.debian.org/debian-security-announce/ and use the unsubscribe function there or you send a mail to [EMAIL PROTECTED] with the subject unsubscribe. If you are not sure with

Re: [SECURITY] [DSA 930-1] New smstools packages fix format string vulnerability

Hi Thijs, On Monday, 09 Jan 2006, you wrote: Michael Stone wrote: Vulnerability : format string attack Problem-Type : local Debian-specific: no CVE ID : CVE-2006-0083 Ulf Harnhammar from the Debian Security Audit project discovered a format string attack in the logging code of

Re: [SECURITY] [DSA 701-1] New samba packages fix arbitrary code execution (fwd)

Hi Rolf.Joschke, On Monday, 04 Apr 2005, you wrote: Dear Martin, I have been unable to find the security-fixed version samba 3.0.10-1. Can you mail me the URL where to get it from. have a look on http://packages.debian.org/testing/net/samba and choose your architecture. Greetings Martin