Hi Gioele--
On Thu 2023-12-21 11:02:06 +0100, Gioele Barabucci wrote:
> On 21/12/23 04:16, Daniel Kahn Gillmor wrote:
> As the Uploader of rust-sequoia-openpgp, what do you think of the
> related sequoia-chameleon-gnupg project [1] (drop-in replacement for gpg
> that uses sequoi
hey folks--
[ This message won't make sense unless the reader distinguishes clearly
between OpenPGP the protocol and GnuPG the implementation! As a
community we have a history of fuzzily conflating the two terms, which
is one of the reasons that we're in this mess today. Please read
expli
have wrong advice on APT::Default-Release
preventing security updates.
Who do I contact about the archive aspects? FTP-master or the
security-team? The security-team is in CC on the doc bugs so I'm hoping
they will see it anyway.
Thanks,
--Daniel
Hi Paul,
On Fri, Jul 21, 2023 at 10:17:28AM +0800, Paul Wise wrote:
> On Thu, 2023-07-20 at 22:12 +0200, Daniel Gröber wrote:
>
> > It seems packages from the debian-security repository are not affected by
> > this increased priority and will not get intalled as a res
to
install a kernel update from d-security that should get installed but
doesn't.
As soon as I remove the Default-Release line from apt.conf the update gets
offered for installation. Has anyone else observed this or is something
broken in my apt config somewhere?
--Daniel
Georgi Naplatanov wrote:
> I have no opinion but found this
> https://wiki.debian.org/SourcesList
SZÉPE Viktor wrote:
> And there is this
> https://wiki.debian.org/NewInBullseye#Changes
Both of these were referenced in my original message:
https://lists.debian.org/debian-devel/2021/08/msg00
.html
* https://lists.debian.org/debian-devel/2021/08/msg00167.html
* https://lists.debian.org/debian-devel/2021/08/msg00172.html
but no consensus.
Thank you!
Daniel Lewart
Urbana, Illinois
le on
> paste.debian.net.
Clearly someone tries to run a command put as an address. Out of curiosity:
Which kind of vulnerability are they trying to use here?
Regards, Daniel
--
Regards,
Daniel Leidert | https://www.wgdd.de/
GPG-Key RSA4096 / BEED4DED5544A4C03E283DC74BCD0567C296D05D
GPG-
Only supported behind an authenticated HTTP zone for trusted
users
@Florian That linked message is yours; any objections from you?
Thanks,
Daniel
P.S. Priority "important" since binutils' rdeps include dpkg-dev, gcc,
and clang, so I assume this is quite visible.
> Some of its checks look inherently dangerous, e.g. the bash -n check for
> shell syntax.
Why would bash -n be dangerous?
signature.asc
Description: OpenPGP digital signature
alt+tab
--
*Daniel Romo*
d4nnr.blogspot.com.co #Blog_Personal
El 11 de enero de 2018, 10:45, DANIEL ROMO
escribió:
> Hola
>
> puedes enviar un print screen ? (con tu celular)
>
>
> amt+tab para cambiar de ventana es una solución
>
> ;)
>
>
>
> --
>
&g
Hola
puedes enviar un print screen ? (con tu celular)
amt+tab para cambiar de ventana es una solución
;)
--
*Daniel Romo*
d4nnr.blogspot.com.co #Blog_Personal
El 11 de enero de 2018, 02:42, R Calleja escribió:
> Hola buenos dias, alquien puede ayudarme.
> De vez en cuando, al ab
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
You need to use the web form:
https://www.debian.org/MailingLists/unsubscribe
On 01/11/17 13:55, Donald Haley wrote:
> Please unsuscribe me. > > Thanks
-BEGIN PGP SIGNATURE-
iQFIBAEBCgAyFiEErEVwVy+FOWKYCpbdrygR60hkMfgFAln53I0UHGRhbkBwaW5n
hanks for jumping in and reporting this, I wasn't sure if I
hadn't just messed up my apt-pinning...
> The 32bit i386 packages on the hand are fine, probably because they
> were built by a buildd.
On an i386 VM the upgrade ran fine here as well.
Cheers
Daniel
signature.asc
Description: OpenPGP digital signature
On 01/28/2017 03:51 PM, Holger Levsen wrote:
> On Sat, Jan 28, 2017 at 03:04:56PM +0100, Daniel Reichelt wrote:
>> I highly suspect this stems from packages' rules files supporting
>> reproducible builds.
>
> I rather think this is due to binNMUs not modifying debian/c
and moving it into place
(thus retaining the inode number).
Cheers
Daniel
signature.asc
Description: OpenPGP digital signature
unsubscrbe
On Thu, Aug 25, 2016 at 11:03 PM, Sebastien Delafond wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> -
> -
> Debian Security Advisory DSA-3654-1 secur...@debian.org
> https://www
Uhpppopppiujiki
MN
I have
.. buy bio
Yg.viuuu
😗
On 18 Jul 2016 17:32, "Salvatore Bonaccorso" wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> - -
> Debian Security Advisory DSA-3621-1 secur...
ps://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#License_of_Fedora_SPEC_Files
The upstream repository (which includes the .spec file too) is licensed
under GPLv2+. That's probably an inconsistency that I should fix...
Regards,
--
Daniel Kopeček
Software Engineer, Special Projects
Red Hat, Inc.
On 19/05/16 03:17, Paul Wise wrote:
> On Wed, May 18, 2016 at 9:20 PM, Daniel Pocock wrote:
>
>> Can anybody comment on how Debian users will be impacted by SHA-1
>> deprecation?
>
> There is some info related to that in these two wiki pages:
>
> https://wiki.d
Can anybody comment on how Debian users will be impacted by SHA-1
deprecation?
In particular:
- will libraries like OpenSSL and GnuTLS continue to support it in
stretch and beyond?
- will web servers like Apache support it in server certificates or
certificate chains?
- will web servers and o
mv tiffanyryan2...@gmail.com /dev/null
2016-03-31 9:42 GMT-05:00 Tiffany Ryan :
> Please remove my email from you system
>
> tiffanyryan2...@gmail.com
>
--
"La imaginación es más importante que el conocimiento. Einstein"
*Daniel Romo*
*SysAdmin* / Linit
hanks for the quick fix!
Daniel
Hi *
the amd64 build for 0.8-3+deb8u2 seems to be missing from [1].
Is this an error or am I missing something?
Thanks
Daniel
[1] http://security.debian.org/pool/updates/main/libv/libvdpau/
On 11/02/2015 08:27 PM, Alessandro Ghedini wrote
On 09/06/2015 07:14 PM, Paul Wise wrote:
> On Sun, Sep 6, 2015 at 10:20 AM, Daniel Reichelt wrote:
>
>> [1]
>> http://ftp.nl.debian.org/debian/dists/stretch/main/installer-amd64/current/images/
>
> ftp://ftp.debian.org/debian/dists/stretch/Release
> ftp://ftp.debi
fication.
Am I missing s.th.? Looking forward to suggestions!
If I'm really the first one to bring this up: IMHO the simplest solution would
be to gpg-sign the hash lists under [1]/[2] and provide signed hash lists for
[3] as well.
Thanks
Daniel
[1]
http://ftp.nl.debian.org/debia
t though, so this seems to be a smaller problem. Still, you
should consider having a test server with tools like "needsrestart" and
"apt-listchanges", and a test suite for your applications to check if
they still work with the new packages and that every service is back to
no
On 08/12/14 21:28, Daniel Pocock wrote:
>
>
> On 08/12/14 21:16, Kurt Roeckx wrote:
>> On Mon, Dec 08, 2014 at 08:17:53PM +0100, Daniel Pocock wrote:
>>>
>>> If I understand your reply correctly, the version in Ubuntu and Fedora
>>> will still ta
On 08/12/14 21:16, Kurt Roeckx wrote:
> On Mon, Dec 08, 2014 at 08:17:53PM +0100, Daniel Pocock wrote:
>>
>> If I understand your reply correctly, the version in Ubuntu and Fedora
>> will still talk TLS 1.0 with the version now waiting in jessie?
>
> Yes.
>
On 08/12/14 20:06, Kurt Roeckx wrote:
> On Mon, Dec 08, 2014 at 07:42:54PM +0100, Daniel Pocock wrote:
>>
>> Is it something that is going to happen with Ubuntu releases next year
>> (e.g. April 2015)?
>>
>> If so, it means that the repro package in jessie wo
On 08/12/14 19:25, Kurt Roeckx wrote:
> On Mon, Dec 08, 2014 at 07:22:33PM +0100, Daniel Pocock wrote:
>>
>> Will the TLSv1 method be removed in jessie or while jessie is still
>> supported?
>
> This is something post jessie.
>
Is it something that is going to ha
On 08/12/14 18:58, Kurt Roeckx wrote:
> On Mon, Dec 08, 2014 at 02:35:00PM +0100, Daniel Pocock wrote:
>>
>> I have no idea what technology is in use in the remote/client system.
>>
>> If my server socket is using TLSv1_method it is rejecting the connection
>&g
On 08/12/14 13:53, Kurt Roeckx wrote:
> On Mon, Dec 08, 2014 at 01:20:39PM +0100, Daniel Pocock wrote:
>>>> Just one other point: if somebody is trying sending the client hello
>>>> using SSL v2 record layer but indicating support for TLS v1.0, should
>>>> TL
On 08/12/14 12:36, Kurt Roeckx wrote:
> On Mon, Dec 08, 2014 at 11:42:28AM +0100, Daniel Pocock wrote:
>> On 08/12/14 11:12, Kurt Roeckx wrote:
>>> On Mon, Dec 08, 2014 at 09:16:45AM +0100, Daniel Pocock wrote:
>>>> Hi all,
>>>>
>>>
On 08/12/14 12:04, Thijs Kinkhorst wrote:
> On Mon, December 8, 2014 11:17, Daniel Pocock wrote:
>> In the library package (libresiprocate-1.9.deb) there is no default
>> SSL/TLS mode. It uses whatever the project using the library selects.
>> If some developer wants to ena
On 08/12/14 11:12, Kurt Roeckx wrote:
> On Mon, Dec 08, 2014 at 09:16:45AM +0100, Daniel Pocock wrote:
>> Hi all,
>>
>> I've made some changes to TLS code in reSIProcate
>>
>> - setting OpenSSL's SSL_OP_NO_SSLv3 by default when using SSLv23_method()
>
On 08/12/14 10:48, Thijs Kinkhorst wrote:
> Hi Daniel,
>
> On Mon, December 8, 2014 09:16, Daniel Pocock wrote:
>> I've made some changes to TLS code in reSIProcate
>>
>> - setting OpenSSL's SSL_OP_NO_SSLv3 by default when using SSLv23_method()
>>
>&g
On 08/12/14 10:20, Adam D. Barratt wrote:
> On Mon, 2014-12-08 at 09:16 +0100, Daniel Pocock wrote:
> [...]
>> If it will help the release team, is there anybody from the security
>> team who could review the changes in my debdiff?
> Note that debian-security@lists.debian
repro.config file it would help avoid situations where the package
needs to be recompiled to deal with security patching and therefore
reduce the burden on the security updates process.
If it will help the release team, is there anybody from the security
team who could review the changes in my debdif
Just filed a bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770105
cheers
daniel
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/546
On 09/21/2014 02:04 PM, Elmar Stellnberger wrote:
> a well programmed dpkg-cmp.
> ... and as long as the tool should not be available simply un-ar and
> compare
> the data.tar.gz-s.
fwiw, this suggestion fails to compare the contents of control.tar.gz,
which includes the maintainer scripts (preins
On 09/22/2014 04:07 AM, Elmar Stellnberger wrote:
> Am 22.09.14 um 01:52 schrieb Paul Wise:
>> The Debian archive does not allow files to change their checksum, so
>> every signature addition requires a new version number. That sounds
>> like a bad idea to me.
> Yes, that is something we definitel
On 09/19/2014 06:07 AM, Elmar Stellnberger wrote:
>Isn`t there really any way to include the signatures in the header of
> the .deb files?
> Why not simply add multiple signature files in the control.tar.gz of a
> .deb just next
> to the md5sums which should in deed be a sha256sums (otherwise t
On 09/19/2014 12:34 AM, Paul Wise wrote:
> On Fri, Sep 19, 2014 at 9:30 AM, Hans-Christoph Steiner wrote:
>
>> Finally did this:
>> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762153
>
> Please note that you proposal to add signatures to .deb files will
> break reproducible builds because th
on, safe in the
knowledge that they would not be back in the office to deal with the problem
until August 25th. Such vacation mails would make my job alot easier.
IT is fortunate for the senders of such mails that I am not a malicious
individual.
Best regards,
Daniel
On 6 Aug 2014, at 09:
Thank You S. B. very much. now all I have to do; is Buy a new PC.
Thanks again, dth
On Sun, Jul 6, 2014 at 9:16 AM, Salvatore Bonaccorso
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> - -
> Debian Securi
On Mon, Jul 07, 2014 at 02:54:15PM -0400, Hans-Christoph Steiner wrote:
>
> Do you have another idea for making it difficult for network observers to keep
> track of the software people are using?
>
Well, you can always mirror the entire repository and configure
your server/desktop to use that in
I don't understand why so much noise on this subject.
Https for Debian mirrors and a server centralized, maintained and owned
by Debian for debsig-verify / debsums packages it will be enough, at
least for the next years.
PS: from now on I will filter out any email regarding nsa, debian
mirr
What am I supposed to Download this ONTO? PC I'm ON, is a PUBLIC Library
PC. & all of MY USB Flash-Drive are Wiped Clean. & "gobble-D-Gook" =
incomprehensible Material.
On Sun, Jun 29, 2014 at 10:58 AM, Moritz Muehlenhoff wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> -
& what should I do with the Above "gobble-D-GOOK? even my usb Flashdrives
Are wiped!, (not by me!).
On Fri, Jun 27, 2014 at 1:14 AM, Salvatore Bonaccorso
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> - -
>
On Fri, May 30, 2014 at 11:50:32PM +1000, Alfie John wrote:
> Several times (public and private) I tried to explain how the download
> of APT (the binary itself) on an initial Debian install could be
> compromised via MITM since it's over plaintext. Then the verification of
> packages could simply
(linked to earlier)
difficult to understand and apply in this regard.
Daniel
Cédric Lemarchand wrote:
> Please, honestly, do you know what every features in this list does,
> how they could be benefit for you and in which way ?
>
> Or did your choice will *only* be based on the number of
Die CVE-2014-0196 is wel interessant
Local kernel DoS || privilege escalation
Original message
From: Moritz Muehlenhoff
Date: 12/05/2014 17:59 (GMT+01:00)
To: debian-security-annou...@lists.debian.org
Subject: [SECURITY] [DSA 2926-1] linux security update
-BEGIN PGP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Thank you all for your help. Mod_spdy has a statically-linked vulnerable
version of OpenSSL. After the standard update we are no longer vulnerable.
Daniel
Estelmann, Christian wrote:
> Your server talks spdy. Have you upgraded mod_spdy to 0.9.
ccessfully exploit this vulnerability
against our site:
http://filippo.io/Heartbleed/#noflag.org.uk
https://www.ssllabs.com/ssltest/analyze.html?d=noflag.org.uk
What could be going on here?
Thanks in advance for all your help,
Daniel
Salvatore Bonacc
On 2 March 2014 10:53:51 WET, Jack wrote:
>Systemd scares me. As far as I can see it does a lot of things right
>(in
>some cases these are things that no other contender does right); I'm
>not
>going to try to enumerate those things, that's been one elsewhere. But
>the way systemd has been designed
Unsubscribe
Daniel
On Feb 8, 2014 1:00 AM, "Florian Weimer" wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> - -
> Debian Security Advisory DSA-2856-1 s
Hello everyone
Thanks for yours opinions. Yes, I know that AppArmor is
available in Debian. That's good. It's just fine, that there
is a possibilities to choose between SELinux and AppArmor.
Unfortunately, I can help only with creating profiles for a
various applications. For now, I'm trying to
Hello everyone,
Michael web site with a statistic I've watching for time to
time. Also *Debian* Hardening wiki page I studied a couple of
time.
*>*
*There is a lintian check for setuid binaries (...) **>*
* There isn't really any group effort tackling or monitoring **>*
* the assortment of useful
Hi Moritz,
90 percent of the hardening via '*dpkg-buildflags*'? That's
a good information. I'd hoped, that the majority of all base
packages and that's security-sensitive will be protected
well. It's really a huge satisfaction.
One more thing - does Debian include something like e.g.
Ubuntu or op
Hello everyone,
Before Wheezy release we could find a web site, which
contained notices about update as many packages as
possible to use security hardening build flags via
'dpkg-buildflags'. Also, there could be found a note about
packages that should have build flags enabled before
the Wheezy rel
On Mon, Aug 5, 2013 at 9:17 AM, intrigeri wrote:
> I need a reality check, as it's unclear to me what are the goals of
> this discussion.
I don't think there are any goals. I asked it just to understand if it
would be possible to do what I was thinking (apparently, it is) and the
discussion con
On Sun, Aug 4, 2013 at 2:55 PM, Michael Stone wrote:
> On Sun, Aug 04, 2013 at 10:12:40AM +0200, Heimo Stranner wrote:
>
>> I think the real issue is about if the malicious patch is not part of
>> the source package
>>
>
> Why? It certainly makes your argument simpler if you arbitrarily restrict
I am really sorry if you think it's rude to start a topic here without
subscribing. I thought that it was acceptable, since a lot of people do it
in debian-users (I know it has a lot more volume than this one) and it's
the default action when you click on "Reply to All" in most clients (well,
proba
I was reading this [1] article and it brought a question do my mind: How
hard would it be for the FBI or the NSA or the CIA to have a couple of
agents infiltrated as package mantainers and seeding compromised packages
to the official repositories?
Could they submit an uncompromised source and keep
Hi Rolf.
>> *The information about connections is stored in
*
*>> /proc/net/ip_conntrack. The maximum connections
*
*>> (...) in /proc/sys/net/ipv4/netfilter/ip_conntrack_max*
I checked these values and it looks this way;
# cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max
55740
# cat /proc/net/
; On 2013-04-10, at 11:34 AM, Daniel Curtis wrote:
>
> > Hi Mr Rolf
> >
> > Okay, I will check these values; /proc/net/ip_conntrack etc.
> > Generally it is normal, that there are INVALID connections, right?
> >
> > Yes, I'm seeing this syslog tag. Should I remove it from my iptables
> > script (e.g. -j LOG --log-prefix etc.)?
>
>
Hi Mr Rolf
Okay, I will check these values; /proc/net/ip_conntrack etc.
Generally it is normal, that there are INVALID connections, right?
Yes, I'm seeing this syslog tag. Should I remove it from my iptables
script (e.g. -j LOG --log-prefix etc.)?
Hi andika.
Another INVALID packet description. I read a lot of
information and I don't know what is the truth. Frankly,
the first time I see a description, which concerns RAM memory.
So, I have a 1 GB of RAM memory. Just for example; free -m
command result;
used: 640, free: 230
and top command;
Hi
As we know iptables INVALID state means, that
the packet is associated with no known connection,
right? So, if I have a lot of INVALID entries in my
log files, does it means, that something is wrong?
Hidden process etc.?
An example of logged entries;
t4 kernel: [18776.221378] [INVALID in] IN=
thank You, Salvatore B. gonna try this today.
On Sun, Feb 24, 2013 at 2:51 AM, Salvatore Bonaccorso wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> - -
> Debian Security Advisory DSA-2630-1 se
thank You, folks. this is a lot 2 wrap my mind around 4 a few days.
On 2/13/13, Thijs Kinkhorst wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> - -
> Debian Security Advisory DSA-2622-1 secur..
thank you, guys. will make use of it.
On 2/10/13, Moritz Muehlenhoff wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> - -
> Debian Security Advisory DSA-2612-2 secur...@debian.org
> http://www.de
Hi Mr Edwin
Yes, I have this rule and is responsible for the
established/related connections. This rule is almost
at the very end of the INPUT chain.
*>> (...) before the rule that logs/drops your packets?*
Do you mean those strange packages mentioned in the first
mail, right? Frankly, not; This
Hi Mr Erwan
Let's summarize: these logs are normal and are not
something... *bad*. Even if there are many IP's connections
(*INVALID*) probes.
I understand, that I should have not contact with the servers.
Okay, but if those servers are providing e.g. a website, which
I visit? How to avoid them? I
Hi Mr Erwan
So, everything is okay? Even these strange logs
mentioned earlier? I'm still curious about this rule;
*SYN,RST, ACK,FIN, PSH,URG, SYN,RST,ACK,
FIN,PSH,URG*
What do you mean by writing, that I should not contact servers?
Best regards!
Hi Mr Mestnik
I'm just curious why Debian does not publish updated versions
of the packages as soon as possible. Especially, when it comes
to the security updates. Other distributions are doing it much faster.
Personally, I do not like to use the applications that I know, it is
vulnerable.
As I a
Hi
Whether the Iceweasel 10.0.11 ESR package can be updated a little faster due
to several security issues? On January 8 Mozilla published about 20
Security Advisories[1]. Many distributions already have updated Firefox to
the
latest 18 and 10.0.12 ESR versions[2]. According to the website for
dev
Hi Mr Cyril,
Thank you for pointing out this website. I completely forgot
about it and definitely, I should look there first, before writing
a message here.
I did not look over this web site (Changlelog for 3.2.X) for a long
time, because for now, I am still using a linux-2.6 on all of my systems.
Hi,
Kernel 3.7 is officially out. This Linux release includes many improvements
practically in every aspect. Many changes also concerns security. Very
interesting are: Cryptographically-signed kernel modules and - long awaited
-
symlink and hardlink restrictions (already in Linux 3.6), but it brok
> > (...) so a good umask may be set there for init.
>
Hi, and a good setting for umask is? I know that it depends
on many things, but what do you think?
Cheers
Hi Thijs! Okay now everything is clear. Regards!
Hi,
Thank You, I should look there first (Security Tracker). But I see,
that two of three CVE's are marked as 'vulnerable' for all branches;
stable, testing and unstable. Frankly, only first CVE is Fixed for Squeeze.
It is normal?
Regards!
Hi,
I would like to inform about a new stack-based buffer overflow
vulnerability for MySQL. The following CVEs have been assigned
to track this MySQL vulnerability:
CVE-2012-5611 MySQL (Linux) Stack based buffer overrun PoC Zeroday
CVE-2012-5612 MySQL (Linux) Heap Based Overrun PoC Zeroday
CVE-20
ly?
Cheers
Daniel
(@moritz: sry for double-posting...)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJQYuUBAAoJEIWTgWPaKFdzzTgP+QFfFGoV832ZwcAmhxJvwGko
UTh+q4m+HLnpZSmRMJMQsXD1yaL7aPxdX/ro0ZWlE7b4cKYnQJ50
Thanks guys.
I've received quite a massive response it seems. All the information I
was looking for.
Thanks again,
Dan
On Wed, Nov 24, 2010 at 10:48 AM, Daniel Hood wrote:
> Does anyone have a good checklist or script to harden a vanilla debian
> box after installation?
>
&g
Does anyone have a good checklist or script to harden a vanilla debian
box after installation?
Dan
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/aanlktinouo_zt2
sorry, this proposed boilerplate change was meant to go to the list, not
just to dann.
Thanks for all your work, folks.
--dkg
--- Begin Message ---
On 03/10/2010 04:53 PM, dann frazier wrote:
> On Wed, Mar 10, 2010 at 04:09:48PM -0500, Daniel Kahn Gillmor wrote:
>> So would t
On 03/10/2010 02:49 PM, dann frazier wrote:
> On Wed, Mar 10, 2010 at 02:18:38PM -0500, Daniel Kahn Gillmor wrote:
>> It's not clear to me from the instructions above whether users should
>> re-build their kvm modules package as well as installing the revised
>&
Hi Debian Security folks--
On 03/10/2010 01:18 PM, dann frazier wrote:
>
> Debian Security Advisory DSA-2010 secur...@debian.org
> http://www.debian.org/security/ Dann Frazier
> March
289.html
[2] http://bugs.debian.org/519333
[3] https://bugs.g10code.com/gnupg/issue931 (for example)
Regards, Daniel
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
d not find a posting
regarding this study, so I hereby start this thread).
Regards, Daniel
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Since the security team hasn't released a fix or an advisory yet for
the Ruby vulnerabilites discovered yesterday, I've rolled my own as a
stopgap. See http://dfranke.us/rubyfix.txt
--
Daniel Franke [EMAIL PROTECTED] http://www.
Am Dienstag, den 13.05.2008, 16:02 +0200 schrieb Daniel Leidert:
> Am Dienstag, den 13.05.2008, 15:27 +0200 schrieb Philipp Kern:
> > On Tue, May 13, 2008 at 02:06:39PM +0200, Florian Weimer wrote:
> > > A detector for known weak key material will be published at:
&g
dowkd.pl.gz>
> > <http://security.debian.org/project/extra/dowkd/dowkd.pl.gz.asc>
> > (OpenPGP signature)
>
> On stable I get "close is not a valid DB_File macro at
> /home/pkern/dowkd.pl line 51".
$ ./dowkd.pl help
close is not a valid DB_File macro at ./dowkd.pl line 51
very bad news
On Tue, 13 May 2008 14:06:39 +0200, Florian Weimer <[EMAIL PROTECTED]>
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> -
> Debian Security Advisory DSA-1571-1 [EMAIL PROTECTED]
> h
with a vulnerable
(or weakly password protected) service on a non-standard port than on a
standard port?
Regards, Daniel
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
gt; "SECURITY: 1.4.12 Package Compromise"
Regards, Daniel
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Sehr geehrte Geschäftspartnerin, sehr geehrter Geschäftspartner,
Ich werde ab 28.11.2007 nicht im Büro sein. Ich kehre zurück am
10.12.2007.
Ich werde Ihre Nachricht nach meiner Rückkehr beantworten.
s
the read-only security.
[1] http://packages.debian.org/stable/admin/debsums
Cheers,
Daniel van Eeden
On Sun, 2007-06-24 at 15:23 +0100, andy baxter wrote:
> hello,
>
> I am writing to ask what you think of the following idea? Something that
> I would like to see is a bootable CDROM w
1 - 100 of 462 matches
Mail list logo
