ndom_yarrow;
/* Then go looking for hardware */
#if defined(__i386__) && !defined(PC98)
if (via_feature_rng & VIA_HAS_RNG) {
*systat = random_nehemiah;
}
#endif
}
--
Robert Millan
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debia
detected,
>> unless hw.nehemiah_rng_enable or hw.ivy_rng_enable are set to zero
>> to disable them.
>
> Remove, switch to kfreebsd 10. Either that, or backport the fix from
> kfreebsd 10.
I tend to favour removal. Releasing with two kernels is a PITA.
What does everyone else t
Forwarding to the other lists from original thread...
Original Message
Subject: Re: Fwd: possible /dev/random compromise (misplaced trust in RDRAND /
Padlock entropy sources)
Date: Sun, 15 Dec 2013 20:53:19 +0100
From: Yves-Alexis Perez
To: Robert Millan
CC: t
(sid):
All versions in Debian already have the fixed code, which replaces
random_adaptor_register() with live_entropy_source_register(), thereby
registering Via and Intel chips as "entropy sources" to be post
processed by Yarrow, rather than directly as &
ease also see my follwup on debian-bsd:
>>
>> https://lists.debian.org/debian-bsd/2012/06/msg00246.html
>
> In other words the current SVN is fine for release. Hopefully soon,
> because the exploit is due to be be demonstrated publicly tomorrow.
CCing debian-security. Hopeful
could be missing something.
Fix uploaded to unstable and experimental.
debian-security: Patch is available in r3480 in glibc-bsd SVN (attached
for your convenience).
--
Robert Millan
Index: debian/changelog
===
--- debian/changelog
en if security support is not available, I think it'd be a good idea to
have those generated. CCing debian-security (I think it's the appropiate
list for this request).
--
Robert Millan
The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and
how) you may a
problem can be resolved in a better way in the future when
DAK has better support for handling this kind of situation.
--
Robert Millan
The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and
how) you may access your data; but nobody's threatening your freedom
On Fri, Mar 10, 2006 at 09:37:25PM +0100, Martin Schulze wrote:
>
> For the unstable distribution (sid) this problem has been fixed in
> version 1.4.2.2-1.
ITYM 1.4.2-1
--
Robert Millan
http://linuxstolescocode.com/";>SCO http://sco.com/";>losers
http://www
On Tue, Dec 14, 2004 at 05:03:01PM +0100, Martin Schulze wrote:
>
> Adam Zabrocki discovered multiple buffer overflows in atari800, an
> Atari emulator. In order to directly access graphics hardware, one of
> the affected programs is installed setuid root. A local attacker
> could exploit this v
Hi!
Are we affected by this? I haven't seen any DSA.
On Mon, Sep 20, 2004 at 01:50:33PM +, FreeBSD Security Advisories wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> =
> FreeBSD-SA-04:14.cvs.asc
the
> /.telnetrc letters get to).
That patch is wrong. Please direct your comments at the patch for dynamic
allocation I just sent instead.
--
Robert Millan
(Debra and Ian) (Gnu's Not (UNiplexed Information and Computing System))/\
(kernel of *(Berkeley Software Distribution))
--
rcbuf[0] = '\0';
- strcat(rcbuf, "/.telnetrc");
- rcname = rcbuf;
-}
+asprintf (&rcname, "%s/.telnetrc", getenv ("HOME"));
readrc(m1, m2, port, rcname);
+free (rcname);
}
#if defined(IP_OPTIONS) && defined(HAS_IPPROTO_IP)
Le
ctness
of their packages in the Debian archive.
- Debian members who accessed a Debian machine from gnuftp are
encouraged to change their password.
--
Robert Millan
"[..] but the delight and pride of Aule is in the deed of making, and
in the thing made, and neither in possession nor in
of their packages in the Debian archive.
- Debian members who accessed a Debian machine from gnuftp are
encouraged to change their password.
--
Robert Millan
"[..] but the delight and pride of Aule is in the deed of making, and
in the thing made, and neither in possession nor in his own mast
[ Moving to debian-security ]
On Mon, Aug 18, 2003 at 12:35:44PM +1000, Russell Coker wrote:
> On Mon, 18 Aug 2003 12:51, Robert Millan wrote:
> > 2) Any unsigned sources in ftp.gnu.org could have been trojaned during
> > the March-July period, and most of GNU packages have thei
from debian-private:
On Mon, Aug 18, 2003 at 02:51:55AM +, Robert Millan wrote:
>
> Hi there,
>
> As you might have already heard, a root compromise, which presumably has been
> there for two months, was recently detected in {ftp,alpha}.gnu.org
> (read http://f
[ Moving to debian-security ]
On Mon, Aug 18, 2003 at 12:35:44PM +1000, Russell Coker wrote:
> On Mon, 18 Aug 2003 12:51, Robert Millan wrote:
> > 2) Any unsigned sources in ftp.gnu.org could have been trojaned during
> > the March-July period, and most of GNU packages have thei
from debian-private:
On Mon, Aug 18, 2003 at 02:51:55AM +, Robert Millan wrote:
>
> Hi there,
>
> As you might have already heard, a root compromise, which presumably has been
> there for two months, was recently detected in {ftp,alpha}.gnu.org
> (read http://f
Hi,
Just noticed this advisory, stating a remote vulnerability
in mozilla:
http://sec.greymagic.com/adv/gm001-ns/
It claims to affect 0.9.7+ but on 1.0 all it does
is crashing my browser.
Please CC to contact me, not subscribed.
--
Robert Millan
"5 years from now everyone will be ru
20 matches
Mail list logo