Hi,
On 07.01. 13:54, Adam Majer wrote:
Moritz Muehlenhoff wrote:
CVE-2007-3382
It was discovered that single quotes (') in cookies were treated
as a delimiter, which could lead to an information leak.
CVE-2007-3385
It was discovered that the character sequence \ in
Hi,
On 15.05. 17:09, Uwe Hermann wrote:
What is the Debian way to prevent any daemon from ever starting,
whether upon reboot, upon upgrade, upon new install etc.
If your default runlevel is 2, delete the symlink to the respective init
script in /etc/rc2.d or even in /etc/rc[2345].d. Just make
Hi,
On 23.01. 07:46, Jose Marrero wrote:
Apache configured with mod_rewrite to deny blank or fake referers is a
good idea.
How can you tell that a referrer is fake?
Regards,
uLI
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Hi,
On Sun Feb 29, 2004 at 21:15:39 +0100, Nejc Novak wrote:
I would like to make users avaiable some kind of 'web control panel'. I
have created a design and also already intergrated squirrelmail into it.
Now i would also them to have a web form for password changing. I've
browsd
Hi,
On Sun Feb 29, 2004 at 21:15:39 +0100, Nejc Novak wrote:
I would like to make users avaiable some kind of 'web control panel'. I
have created a design and also already intergrated squirrelmail into it.
Now i would also them to have a web form for password changing. I've
browsd
Hi Bruce,
On Mon Jul 28, 2003 at 11:38:51 -0700, Bruce Banner wrote:
When were they patched? And how do I know when they
are patched and when they are available? Is there
somewhere I can find this info? I found the Red Hat
info on Bugtraq but there was no mention of Debian
Source anywhere.
Hi Bruce,
On Mon Jul 28, 2003 at 11:38:51 -0700, Bruce Banner wrote:
When were they patched? And how do I know when they
are patched and when they are available? Is there
somewhere I can find this info? I found the Red Hat
info on Bugtraq but there was no mention of Debian
Source anywhere.
Hi,
On Wed Jul 09, 2003 at 23:16:51 +0200, François TOURDE wrote:
By allowing connections from only a
few IP address blocks, you cut out most of the crackers in the world, but
don't have to mess with dynamic DNS and lack of reverse lookup; A good
tradeoff between security and
Hi,
On Wed Jul 09, 2003 at 23:16:51 +0200, François TOURDE wrote:
By allowing connections from only a
few IP address blocks, you cut out most of the crackers in the world, but
don't have to mess with dynamic DNS and lack of reverse lookup; A good
tradeoff between security and
Hi,
On Wed Jul 02, 2003 at 22:50:20 -0300, Peter Cordes wrote:
Luckily, that's a solved problem. Con Kolivas's -ck3 patch for 2.4.21
includes grsecurity and XFS. (I didn't mention it before because I didn't
realize it was significant. (I'm not using ACLs).) Con's webpage is
Hi,
On Tue Jun 17, 2003 at 10:44:01 -0400, Phillip Hofmeister wrote:
On Tue, 17 Jun 2003 at 11:56:36PM +1000, Mark Devin wrote:
I was going to say exactly this earlier in the thread. I put this
in My
Apache config quite some time ago when I realised I could. There
should
be something
Hi,
On Tue Jun 17, 2003 at 10:44:01 -0400, Phillip Hofmeister wrote:
On Tue, 17 Jun 2003 at 11:56:36PM +1000, Mark Devin wrote:
I was going to say exactly this earlier in the thread. I put this
in My
Apache config quite some time ago when I realised I could. There
should
be something
hi,
On Thu Feb 13, 2003 at 08:30:27 +0100, Lupe Christoph wrote:
Does anybody know why stable/updates/main on http://security.debian.org
has a package that depends on a libc that is not available for Stable?
yes, because the package you are trying to install is neither in stable
nor in its
hi,
On Thu Feb 13, 2003 at 08:30:27 +0100, Lupe Christoph wrote:
Does anybody know why stable/updates/main on http://security.debian.org
has a package that depends on a libc that is not available for Stable?
yes, because the package you are trying to install is neither in stable
nor in its
On Wed, Jun 26, 2002 at 02:11:00PM +0200 or thereabouts, InfoEmergencias - Luis
Gómez wrote:
Messing up with sshd_config for all the privsep stuff, I've noticed that
PermitRootLogin was set to yes in my three woody boxes. I usually
consider this a problem (although it has been my fault - i
hi,
maybe i misunderstand the intention here, but isn't it pointless to
restrict privileges of the editing process of /etc/aliases if you could
just as well change root's alias to a program that's run whenever root
receives email and, e. g., puts one's most favourite /etc/passwd in
place of the
hi,
maybe i misunderstand the intention here, but isn't it pointless to
restrict privileges of the editing process of /etc/aliases if you could
just as well change root's alias to a program that's run whenever root
receives email and, e. g., puts one's most favourite /etc/passwd in
place of the
On Fri, Nov 23, 2001 at 05:32:04PM + or thereabouts, Martin WHEELER wrote:
Is anyone else having problems with the robot from
openfind.com.tw
...
Anyone know of a sure-fire robot killer under woody?
as a first recourse you could instruct your firewall to deny all access
from
18 matches
Mail list logo