Re: Intel Microcode updates

Hi there On 18/06/2019 20:21, Andrew McGlashan wrote: It doesn't have to be JavaScript, it can be ANY scripting. Or any code. The whole idea of running software you don't know anything about is insane. When it comes to an updated browser, the exploit relies upon very precise timing differ

Re: HTTPS enabled Debian Security repository

Hi there On 30/10/17 12:24, Russell Coker wrote: I agree. There's little downside nowadays. Squid doesn't work particularly well caching APT repositories nowadays (strange timeouts and hangs during downloads) so the caching benefit of non-SSL has mostly gone away. I have no problems with

Re: flashplugin-nonfree and latest Flash security updates

Hi there On 03/08/16 11:55, Paul Wise wrote: I'm not part of the team, Me neither. but I do know that contrib and non-free are not supported by the Debian security team, so they are unlikely to make any fixes nor announcements. https://www.debian.org/security/faq#contrib You can downl

Re: DSA 2896-2 openssl - Apache 2 not detected as service to restart by postinst?

Hi there Vladislav Kurz wrote: So, why does openssh-server depend on libssl ? ldd /usr/sbin/sshd says it needs libcrypto.so, which is part of openssl? Maybe the question should be does SSH use a heartbeat? Regards, Rob -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org

Re: DSA 2896-2 openssl - Apache 2 not detected as service to restart by postinst?

Hi there Salvatore Bonaccorso wrote: Yes this is unfortunately a bug in that part of the libssl1.0.0 postinst! apache2 is also affected and should be restarted after the openssl update. AFAIK all services that use TLS + open-ssl are effected. I generated new keys for Apache, Asterisk, Exim a