❦ 2 novembre 2015 20:00 +0100, Moritz Mühlenhoff :
>> There are many tradeoffs recently with projects that do not want to
>> provide a sensible security track for stable releases:
>>
>> - always package the latest release (Chromium)
>
> For chromium and iceweasel the vast amount of security is
❦ 1 novembre 2015 23:22 +0100, Moritz Muehlenhoff :
> Security support for elasticsearch in jessie is hereby discontinued. The
> project no longer releases information on fixed security issues which
> allow backporting them to released versions of Debian and actively
> discourages from doing so
tion available is to fallback to RC4 and that's what happen
with the provided configuration.
--
Vincent Bernat ☯ http://vincent.bernat.im
panic("Attempted to kill the idle task!");
2.2.16 /usr/src/linux/kernel/exit.c
pgppr0EkB7n7u.pgp
Description: PGP signature
utput of "openssl ciphers")
I also think that "this will break older clients" is a bit
alarming. Even IE6 supports RC4-SHA. It would be better to say "it may
break very old clients".
--
Vincent Bernat ☯ http://vincent.bernat.im
panic("bad_
OoO En cette nuit nuageuse du mercredi 21 mai 2008, vers 01:32, Kees
Cook <[EMAIL PROTECTED]> disait:
> * Add empty DSA-2048, since they weren't any bad ones.
How is it possible?
Thanks.
--
BOFH excuse #63:
not properly grounded, please bury computer
pgp3twM6bO48f.pgp
Description: PGP sig
OoO En ce début de soirée du mardi 20 mai 2008, vers 21:45, "Alexandros
Papadopoulos" <[EMAIL PROTECTED]> disait:
> 3. Testing to see if you can still get on to a server is exactly what
> I would have done, if my connection had not been killed by the server
> itself a few seconds after upgrading
OoO En ce début d'après-midi nuageux du samedi 17 mai 2008, vers 14:15,
Nico Golde <[EMAIL PROTECTED]> disait:
>> are there updates for this issue for old stable - sarge?
> sarge is not affected
I suppose that people may still be interested in blacklist support.
> and besides that the security
OoO En cette soirée bien amorcée du mardi 13 mai 2008, vers 22:38, "John
Keimel" <[EMAIL PROTECTED]> disait:
>> Restarting OpenSSH do not close existing connections.
> Yes, that's correct. I agree.
> But the instructions I saw were for 'shutting down the SSHD server' -
> not just 'restarting it
OoO En cette soirée bien amorcée du mardi 13 mai 2008, vers 22:21, "John
Keimel" <[EMAIL PROTECTED]> disait:
>> Since some keys are generated automatically, (e.g. ssh host keys) users will
>> have to regenerate keys,they haven't generated in the first place and might
>> not be aware of their exist
OoO En ce début d'après-midi nuageux du mardi 13 mai 2008, vers 14:06,
Florian Weimer <[EMAIL PROTECTED]> disait:
> Package: openssl
> Vulnerability : predictable random number generator
Some other random questions:
- It seems that firefox does not handle CRL unless manually imported
On Tue, 13 May 2008 14:06:39 +0200, Florian Weimer <[EMAIL PROTECTED]>
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> -
> Debian Security Advisory DSA-1571-1 [EMAIL PROTECTED]
> http://www.debi
OoO En cette soirée bien amorcée du dimanche 28 janvier 2007, vers
22:44, "Alison Hobbs" <[EMAIL PROTECTED]> disait:
> What on earth does this all mean. Please may I "unsubscribe"?
Yes, follow the instructions at the end of every email you receive.
--
NO ONE WANTS TO HEAR FROM MY ARMPITS
NO
OoO En ce début d'après-midi ensoleillé du lundi 17 juillet 2006, vers
15:45, Arnd Hannemann <[EMAIL PROTECTED]> disait:
> Why is the package name still "kernel-image-2.6.8-3-686" instead of
> "kernel-image-2.6.8-4-686"?
Because there is no change in ABI. This number is increased only in
this
Hi !
proftpd in Sarge is vulnerable to a format string vulnerability. The
corresponding bug is marked as fixed in 1.2.10-20 and found in
1.2.10-15 (which is the Sarge version). This means that the Sarge
version is still vulnerable. However, the bug is closed and not tagged
security.
OoO Pendant le journal télévisé du dimanche 31 juillet 2005, vers
20:29, "Nikita V. Youshchenko" <[EMAIL PROTECTED]> disait:
> Requiring users to install an important component (which Mozilla is) from
> other sources is a bad idea in this context. I think it should not be the
> way how Debian
OoO En cette fin de matinée radieuse du mercredi 27 juillet 2005, vers
11:21, martin f krafft <[EMAIL PROTECTED]> disait:
>> security-announce seems unavailable too.
> How so? lists.debian.org is up and a message sent and signed by the
> security team to -security-announce should show up. Or am I
OoO En cette fin de matinée radieuse du mardi 26 juillet 2005, vers
11:02, martin f krafft <[EMAIL PROTECTED]> disait:
> However, I feel that our users should be told about the problem, and
> not just through Joey's blog entry. Thus, can I please urge the
> security team to release an appropria
OoO Peu avant le début de l'après-midi du dimanche 07 mars 2004, vers
13:13, E&Erdem <[EMAIL PROTECTED]> disait:
> I've searched, but couldn't find kernel patch for bf2.4. Is there a
> patch for this or i have to change kernel.
You should use cryptoloop patches. They are available as Debian
pack
OoO Peu avant le début de l'après-midi du dimanche 07 mars 2004, vers
13:13, E&Erdem <[EMAIL PROTECTED]> disait:
> I've searched, but couldn't find kernel patch for bf2.4. Is there a
> patch for this or i have to change kernel.
You should use cryptoloop patches. They are available as Debian
pack
OoO En cette nuit striée d'éclairs du samedi 09 novembre 2002, vers
02:02, Michael Ablassmeier <[EMAIL PROTECTED]> disait:
> i did some apache chroot environment (php,perl,ssl), and now
> some users want to use the php "mail" command, so i have to
> include some mta into the chroot.
> As far as i
OoO En cette nuit striée d'éclairs du samedi 09 novembre 2002, vers
02:02, Michael Ablassmeier <[EMAIL PROTECTED]> disait:
> i did some apache chroot environment (php,perl,ssl), and now
> some users want to use the php "mail" command, so i have to
> include some mta into the chroot.
> As far as i
21 matches
Mail list logo
