* Nico Golde [2013-01-06 18:40]:
> -
> Debian Security Advisory DSA-2600-1 secur...@debian.org
> http://www.debian.org/security/ Nico Golde
> Janu
Hi,
* Nico Golde [2012-11-17 16:29]:
> * Francesco Poli [2012-11-17 12:34]:
> > DSA-2574-1 [1] announced a stable security update for typo3-src on
> > Thursday, but I still see no trace of the announced
> > typo3-src/4.3.9+dfsg1-1+squeeze7 on security.debian.org [2] and the
the squeeze (security)
> version is 4.3.9+dfsg1-1+squeeze6...
>
> What's wrong?
> What did I fail to understand?
You didn't fail to understand anything. We are currently investigating the
issue. This certainly shouldn't have happened.
Stay tuned...
Kind regards
Nico
--
Hi,
* Arthur de Jong [2012-09-16 21:03]:
> On Fri, 2012-09-14 at 10:31 +0200, Nico Golde wrote:
> > I just want to point out though that as far as I know you can't send
> > an announcement mail to this list without a fake DSA id.
>
> Perhaps it is an idea to also
ment to
successfully communicate with us.
I'd also like to point out that DSA mails are forwarded to relevant lists like
full-disclosure and bugtraq. List people in the security industry read.
No researcher, unless he is a very dedicated Debian fan will ever read
debian-announce.
There is no p
Hi,
* David Prévot [2012-09-14 03:30]:
> Le 13/09/2012 06:33, Nico Golde a écrit :
> > -
> > Debian Security Advisory DSA-2548-1 secur...@debian.org
> > http://ww
hat:
> #668710
> #669100
> #669105
> #669106
>
> The solution is to move this os.rename inside a "if exitcode == 0:" test, to
> be
> sure convertion to png was successful.
Fix is on it's way. Thanks for the notice!
Cheers
Nico
--
Nico Golde - http://www
e signedness
issue was fixed anyway it seems pointless to not include another improvement
in the same update.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpCW7ADhMZ8q.pgp
Description: PGP signature
Hi,
* Nico Golde [2011-12-21 01:25]:
> ---
> Debian Security Advisory DSA-2368-1 secur...@debian.org
[...]
Sorry, I messed up the subject and assumed the list rejected the mail due to
some
Hi,
* Kurt Roeckx [2011-04-11 00:29]:
> On Sun, Apr 10, 2011 at 11:55:28PM +0200, Nico Golde wrote:
> >
> > We recommend that you upgrade your isc-dhcp packages.
>
> I'm guessing that for the update to be active we need to bring
> down any interface that is using
Hi,
* Nico Golde [2011-02-14 16:29]:
[...]
> We recommend that you upgrade your invalid memory access packages.
This has been a mistake during the auto-generation of the DSA template. Of
course thsi should say "your openssl packages".
Kind regards
Nico
--
Nico Golde - http://
Hi,
* Wade Richards [2010-10-10 19:08]:
> The noexecstack option has no affect on shell code or any other interpreted
> language. It only prevents native code (aka machine code) from executing.
errm http://en.wikipedia.org/wiki/Shellcode
--
Nico Golde - http://www.ngolde.
y such a workaround, despite this update?
No.
> [...]
> > We recommend that you upgrade your samba packages.
> >
> ^ - this is always a good idea, yes
> :-)
Whoops :D
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.cc
Hi,
* Moritz Muehlenhoff [2010-08-01 13:47]:
> Nico Golde wrote:
> > This has definitely been before my time then. But does this make sense give=
> > n we may=20
> > want to issue a -2? Therefore I used DSA-2078-1 as noted in the advisory. H=
> > mm :D
>
> The
Hi,
* Moritz Muehlenhoff [2010-08-01 00:58]:
> On 2010-07-31, Nico Golde wrote:
> > * Nico Golde [2010-07-31 18:48]:
> >> --
> >> Debian Security Advisory DSA-2078-1secur...@
Hi,
* Nico Golde [2010-07-31 18:48]:
> --
> Debian Security Advisory DSA-2078-1secur...@debian.org
Meh race condition. Moritz isn't dak checking the DSA number we supply to git?
If we both us
scovered in thumb.php which affects
> wikis which restrict access to private files using img_auth.php, or
> some similar scheme.
Those are already listed on:
http://security-tracker.debian.org/tracker/DSA-2022-1
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG
o testing-security? Otherwise I'd propose to upload your -11 version to
t-p-u.
Btw the testing-security team has an embargoed queue as well, so next time it
should also work to upload a fixed version prior to disclosure if the
migration is a common show stopper for this package.
Cheers
Ni
er may provide updated packages through
-proposed-updates though, no idea.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgplJpt6ap8Er.pgp
Description: PGP signature
ico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpBWUxCvZ2ZQ.pgp
Description: PGP signature
Hi,
* Nico Golde [2009-12-08 20:19]:
> --
> Debian Security Advisory DSA-1908-1secur...@debian.org
> http://www.debian.org/security/ Nico Golde
> Decemb
Hi,
* Nico Golde [2009-09-14 22:53]:
> * Jean Christophe André [2009-09-14 20:35]:
> > Nico Golde a écrit :
> > > For the stable distribution (lenny), this problem has been fixed in
> > version 0.6.32-3+lenny2.
> > There is some serious dependency problem forbid
Hi,
* Jean Christophe André [2009-09-14 20:35]:
> Nico Golde a écrit :
> > For the stable distribution (lenny), this problem has been fixed in
> version 0.6.32-3+lenny2.
> There is some serious dependency problem forbidding the upgrade:
>
> www:~# LANG= apt-cache show nginx
Hi,
* Nico Golde [2009-08-21 22:55]:
> * Frank Loeffler [2009-08-21 22:29]:
> > After a recent security update, pidgin cannot be updated on amd64
> > because it depends on libstartup-notification0 (>= 0.10) [amd64] which
> > is not in lenny. For other architecture
; should instead open another bug report.
This is a known issue, a binNMU for amd64 has been
scheduled.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpw1axK0gSv6.pgp
Description: PGP signature
inary packages
and now this. Rebuild is on it's way. Thanks for the notice.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpYWESp6FZIG.pgp
Description: PGP signature
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
* Nico Golde [2009-08-20 00:37]:
> --
> Debian Security Advisory DSA-1870-1secur...@debian.org
> http://www.debian.org
e versions automatically. I CCed Joerg
who maintains this dak code to my knowledge.
Joerg, is there any way dak could know about these version
numbers or can't it by design? If so, any idea why the
epochs are not included in the file names?
Cheers
Nico
--
Nico Golde - http://www
eam code. But I didn't
> find neither a bug nor a DSA for that flaw.
>
> Can you tell me how this bug is handled by Debian?
http://security-tracker.debian.net/tracker/CVE-2008-5161
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reas
xed rules for which events lead to a "-2" DSA mail and which don't.
Yes, exactly the reason why I didn't release another
advisory.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgp2nDrErRR0u.pgp
Description: PGP signature
Hi,
human race condition, this should have been DSA 1811-1.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpCqZJJfQaZI.pgp
Description: PGP signature
s
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpUGn8DNiNM7.pgp
Description: PGP signature
Hi,
* Nico Golde [2009-05-06 03:22]:
> * Noah Meyerhans [2009-05-05 23:28]:
> [...]
> >
> > Debian GNU/Linux 4.0 alias etch
> > ---
> >
> > Debian GNU/Linux 5.0 alias lenny
> >
>
> y
enerated by dak is somehow broken.
cheers
nico
>
> Debian (oldstable)
> ------
>
[...]
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgp2ZW3DhxKYL.pgp
Description: PGP signature
Hi,
* Cyril Brulebois [2009-05-04 16:39]:
> Nico Golde (04/05/2009):
> > * Steffen Joeris [2009-05-04 05:25]:
> > >
> > > Debian Security Advisory DSA-1786-1 secur...@debian.org
May 02, 2009 http://www.debian.org/security/faq
>
>
> Package: acpid
> Vulnerability : denial of service
> Problem type : remote
Das sollte local sein.
Gruß Nico
--
Nico Golde - http://www.ngo
Hi,
* Nico Golde [2009-03-14 09:44]:
> * Steffen Joeris [2009-03-14 08:57]:
> >
> > Debian Security Advisory DSA-1740-1 secur...@debian.org
> > http://www.debian.org/security/
rch 14, 2009 http://www.debian.org/security/faq
>
schon wieder kaputte einrückung, fix das mal :)
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail
m the
list? This is even worse than all the vacation mails.
Thanks!
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpBW4mpaMZ8B.pgp
Description: PGP signature
tus of that process?
Both fixed in 1.4.4-4etch1, the CVE ids were not known when
this package was released.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgp7HheyeJ9nW.pgp
Description: PGP signature
t, it's just strange that you think this is not
known to us.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgp74Kuz8cxIk.pgp
Description: PGP signature
t; I can see a point in logging *valid* usernames. Logging invalid
> usernames (which aren't unlikely to actually be passwords) is a
> security risk.
How would you determine valid and invalid ones? A user name
that is considered valid could still be a password.
Cheers
Nico
--
Nico Golde
shouldn't be based on nobody ever doing more or less common mistakes.
See above.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgp0KEMRDZzNA.pgp
Description: PGP signature
kage was renamed.
Added ffmpeg to this tracker entry as well so it show up on
the website soon.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpZmYQRo0REv.pgp
Description: PGP signature
Yes, this information is also available on:
http://security-tracker.debian.net/tracker/status/release/stable
Feel free to prepare updates for those issues ;-P
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is d
ee the changelog of poppler in unstable:
http://packages.debian.org/changelogs/pool/main/p/poppler/poppler_0.8.4-1/changelog
The version in unstable was fixed quite some time ago.
Maybe we should add this to the Debian security FAQ as this
question pops up every now and then?
Cheers
Nico
--
Nic
ges.debian.org shows sid as having wordpress
> 2.5.1-4 currently...
No it's not, the bug was fixed for unstable in a previous
version (2.3.3-1).
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-r
ian)
Last-Modified: Fri, 06 Jun 2008 21:25:02 GMT
ETag: "51ad48-183ea780"
Accept-Ranges: bytes
Content-Length: 5352776
Content-Type: application/x-gzip
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is dou
ose
lighttpd:
HTTP/1.1 400 Bad Request
Connection: close
Content-Type: text/html
Content-Length: 349
Date: Sun, 08 Jun 2008 11:00:23 GMT
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgp1P3eFhWKgM.pgp
Description: PGP signature
been fixed in
> > version 0.73-1.
> >
> > We recommend that you upgrade your mtr package.
>
> mtr-tiny in Etch is still vulnerable? (0.71-2)
As noted above mtr is fixed in 0.71-2etch1
(stable-security). mtr-tiny is part of this source package
so it is fixed in the same version.
C
Hi Vincent,
* Vincent Bernat <[EMAIL PROTECTED]> [2008-05-17 21:12]:
> OoO En ce début d'après-midi nuageux du samedi 17 mai 2008, vers 14:15,
> Nico Golde <[EMAIL PROTECTED]> disait:
>
> >> are there updates for this issue for old stable - sarge?
>
> &g
Hi Dimitar,
* Dimitar Dobrev <[EMAIL PROTECTED]> [2008-05-17 13:48]:
> are there updates for this issue for old stable - sarge?
sarge is not affected and besides that the security support
for sarge ended quite some time ago.
cheers
nico
--
Nico Golde - http://www.ngolde.de - [EMAIL
anyone know if this has been addressed? Are there any plans to do so?
Nope, not yet. See: http://security-tracker.debian.net/tracker/CVE-2008-1483
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail i
hp, both being owned by user bar.
> (This web site is composed of several branches, managed by different
> people.)
YFYI there is a bug about that:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=477646
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
team already got a mail by the oCert
guys about joining afaik. So be patient :)
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpiBE5Fv7JYP.pgp
Description: PGP signature
, vous avez écrit : > > > > On
> > > Mon, Mar 10, 2008 at 2:36 PM, Filipus Klutiero <[EMAIL PROTECTED]>
[...]
> > > If you don't mind, how did you get the opinion of the security team on
> > > this?
> >
> > I read their text.
> W
8-0001
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpXn222c6BOQ.pgp
Description: PGP signature
velopper and
> apparently member of the squirrelmail team) enlight us on this subject,
> please?
Have a look at: http://security-tracker.debian.net/tracker/CVE-2007-6348
No version in Debian is affected by this.
HTH
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
F
Hi Steve,
* Steve Kemp <[EMAIL PROTECTED]> [2007-12-07 20:26]:
> On Fri Dec 07, 2007 at 18:41:35 +0100, Nico Golde wrote:
> > What about those, are they unimportant?
> > They are still present in the etch code. I stumbled
> > upon them while preparing a testing-securit
pecific DSA but
please also keep in mind that it had to wait for build
daemons so you can't assume to get it on 1 Dec and of course
some testing would be also nice.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all tex
Hi Steve,
* Steve Kemp <[EMAIL PROTECTED]> [2007-12-07 20:26]:
> On Fri Dec 07, 2007 at 18:41:35 +0100, Nico Golde wrote:
>
> > What about those, are they unimportant?
> > They are still present in the etch code. I stumbled
> > upon them while preparing a testing-
Hi,
* Nico Golde <[EMAIL PROTECTED]> [2007-12-07 18:32]:
[...]
> > Rafal Wojtczuk of McAfee AVERT Research discovered that e2fsprogs,
> > ext2 file system utilities and libraries, contained multiple
> > integer overflows in memory allocations, based on sizes taken dire
ze/extent.c:retval = ext2fs_get_mem(sizeof(struct
ext2_extent_entry) *
What about those, are they unimportant? They are still present in the etch
code. I stumbled
upon them while preparing a testing-security upload.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECT
63 matches
Mail list logo
