Re: [SECURITY] [DSA 2761-1] puppet security update

2013-09-22 Thread ekoz
please unsuscribe be. regards 2013/9/19 Raphael Geissert geiss...@debian.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2761-1 secur...@debian.org

Re: Script to System Check Integrity against Debian Package Repository

2013-09-22 Thread Marko Randjelovic
On Wed, 18 Sep 2013 09:47:27 +0200 Paul Wise p...@debian.org wrote: On Wed, Sep 18, 2013 at 9:36 AM, Török Edwin wrote: Why not just reinstall from a trusted source, then restore /etc, /home and /var from backups and audit the changes introduced by that only? That is a slightly

Upcoming stable point release (7.2)

2013-09-22 Thread Adam D. Barratt
Hi, The next point release for wheezy (7.2) is scheduled for Saturday October 12th. Stable NEW will be frozen during the preceding weekend. As usual, base-files can be uploaded at any point before the freeze. Regards, Adam -- To UNSUBSCRIBE, email to

Upcoming oldstable point release (6.0.8)

2013-09-22 Thread Adam D. Barratt
Hi, The next point release for squeeze (6.0.8) is scheduled for Saturday October 19th. Oldstable NEW will be frozen during the preceding weekend. As usual, base-files can be uploaded at any point before the freeze. Regards, Adam -- To UNSUBSCRIBE, email to

Re: Upcoming oldstable point release (6.0.8)

2013-09-22 Thread Cyril Brulebois
Adam D. Barratt a...@adam-barratt.org.uk (2013-09-22): The next point release for squeeze (6.0.8) is scheduled for Saturday October 19th. Oldstable NEW will be frozen during the preceding weekend. As usual, base-files can be uploaded at any point before the freeze. I don't think I have

Re: Upcoming stable point release (7.2)

2013-09-22 Thread Cyril Brulebois
Adam D. Barratt a...@adam-barratt.org.uk (2013-09-22): The next point release for wheezy (7.2) is scheduled for Saturday October 12th. Stable NEW will be frozen during the preceding weekend. So there's a new linux kernel for that one:

Re: Script to System Check Integrity against Debian Package Repository

2013-09-22 Thread Paul Wise
On Sun, Sep 22, 2013 at 6:18 PM, Marko Randjelovic wrote: And say there are no traces how they did it. Then what are your options? Audit possible entry points (webapps etc), general hardening, firewall things off, switch software, switch OS kernel, switch hardware, change passwords, change keys

Re: Script to System Check Integrity against Debian Package Repository

2013-09-22 Thread Paul Wise
Actually a better option might be to turn the exploited system into a honeypot to try to gain some information about the attackers, their methods and so on. -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of