On Wed, Nov 7, 2018 at 6:28 AM Moritz Mühlenhoff wrote:
> E.g. your specific example of busybox/CVE-2011-5325 is fixed in the
> upcoming stretch point release.
I noticed that this isn't reflected in the security tracker website
but it is in data/next-point-update.txt.
If anyone wants to get
John Goerzen schrieb:
Hi John,
> So I recently started running debsecan on one of my boxes.
debsecan hasn't seen any feature work for about a decade and is
far too noisy to the point of being useless these days.
> It's a
> fairly barebones server install, uses unattended-upgrades and is fully
On 06/11/2018 02:34, Paul Wise wrote:
On Mon, Nov 5, 2018 at 10:29 PM John Goerzen wrote:
So I recently started running debsecan on one of my boxes. It's a
fairly barebones server install, uses unattended-upgrades and is fully
up-to-date. I expected a clean bill of health, but didn't get
On Tue, Nov 06, 2018 at 07:08:20PM +0800, Paul Wise wrote:
> Bug#908678: security-tracker - Breaks salsa.d.o
thank you.
--
cheers,
Holger
---
holger@(debian|reproducible-builds|layer-acht).org
On Tue, Nov 6, 2018 at 7:01 PM Holger Levsen wrote:
> is there a bug or wiki page describing the issues/requirements for that and
> what has been tried / the status?
Woops, I should have included that in the mail:
Bug#908678: security-tracker - Breaks salsa.d.o
https://bugs.debian.org/908678
On Tue, Nov 06, 2018 at 02:42:59PM +0800, Paul Wise wrote:
> Also, a much more important task is restructuring the git repo so that
> it doesn't cause responsiveness and resource usage issues with salsa.
is there a bug or wiki page describing the issues/requirements for that and
what has been
On Mon, 2018-11-05 at 20:52 -0600, John Goerzen wrote:
> That is good advice, thanks. I've been a DD for a long while, but it's
> been awhile (years) since I've been involved in the security process and
> wasn't quite sure what the flow was anymore.
It is still mostly the same but the security
On Tue, Nov 06 2018, Paul Wise wrote:
> On Mon, Nov 5, 2018 at 10:29 PM John Goerzen wrote:
>
>> Hi folks,
>
> FTR, in case you were trying to contact the Debian Security Team
> directly I suggest using secur...@debian.org or
> t...@security.debian.org instead, debian-security is more of a
On Mon, Nov 5, 2018 at 10:29 PM John Goerzen wrote:
> Hi folks,
FTR, in case you were trying to contact the Debian Security Team
directly I suggest using secur...@debian.org or
t...@security.debian.org instead, debian-security is more of a general
security discussion list than a Debian Security
Hi folks,
So I recently started running debsecan on one of my boxes. It's a
fairly barebones server install, uses unattended-upgrades and is fully
up-to-date. I expected a clean bill of health, but didn't get that. I
got pages and pages and pages of output. Some of it (especially kernel
10 matches
Mail list logo