Am 22.01.22 um 21:07 schrieb Bjørn Mork:
Stefan Fritsch writes:
# cat /etc/apt/apt.conf.d/11-default-release
APT::Default-Release "bullseye";
Just don't do that. It breaks all normal preferences and will end up
preferring "bullseye" over anything else. Includin
Hi Viktor,
Am 22.01.22 um 11:34 schrieb SZÉPE Viktor:
Idézem/Quoting Stefan Fritsch :
I have noticed that the latest linux security update is not installed
on my box. The package is available in
# apt-cache policy linux-image-amd64
linux-image-amd64:
Installed: 5.10.84-1
Candidate
Hi,
I have noticed that the latest linux security update is not installed on
my box. The package is available in
# apt-cache policy linux-image-amd64
linux-image-amd64:
Installed: 5.10.84-1
Candidate: 5.10.84-1
Version table:
5.15.15-1 500
500
lash security updates)
> On Wed, Aug 03, 2016 at 10:46:33PM +0200, Stefan Fritsch wrote:
> > Maybe the flashplugin-nonfree package should even be replaced by a package
> > that installs the ubuntu archive signing key, sets up the sources.list
> > line, and tweaks the unattended-
On Mittwoch, 3. August 2016 20:43:29 CEST Rob van der Putten wrote:
> You can download the plugin manually. For i396 it's;
> http://fpdownload.macromedia.com/get/flashplayer/pdc/11.2.202.429/install_fl
> ash_player_11_linux.i386.tar.gz
An alternative that has worked quite well for me on some of
On Wednesday 03 June 2015 16:07:56, Thorsten Glaser wrote:
I’ve just done so: both the “precomputed, up to 8192 bits” part
(which already makes Qualys not cap the grade to B, but is not
the proper fix, because, in the end, people will just pregenerate
for the Debian-shipped group too) and the
On Wednesday 20 May 2015 12:47:35, Dan Ritter wrote:
In particular, Apache 2.2 does not have
SSLOpenSSLConfCmd DHParameters
as a configurable option. It looks like that only shows up in
2.4, which is not in wheezy-backports.
So I guess this is a request for either a fix for Apache 2.2 or a
On Sunday 21 September 2014 21:13:50, Richard van den Berg wrote:
Package formats like apk and jar avoid this chicken and egg problem
by hashing the files inside a package, and storing those hashes in
a manifest file. Signatures only sign the manifest file. The
manifest itself and the
On Saturday 06 August 2011, Henri Salo wrote:
Does someone have more information about this issue than:
Committed by stef-guest at 2008-01-22 23:47:35 +0200 (Tue, 22 Jan
2008):
CVE-2008- [apt-cacher arbitrary command execution]
- apt-cacher 1.6.1
[etch] - apt-cacher
questions, but the instructions are a
little ambiguous there...
Yes, that's what I meant with The Debian default configuration is not
affected by the changes. How would you have worded it to be less
ambigous?
On Sun, Jan 30, 2011 at 10:41:58AM +, Stefan Fritsch wrote:
A design flaw (CVE
Unfortunately, the latest update introduced a regression: Testing of
user filters with -bf as normal user no longer works:
$ /usr/sbin/exim4 -bf .forward
exim: changing group failed: Operation not permitted
$
See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611572
Hi,
On Fri, 14 Jan 2011, Francesco Poli wrote:
DSA-2141-4 was issued on last wednesday [1], but it's still unknown to
the tracker (the URL [2] still redirects to DSA-2141-3 page [3]).
Neither DSA-2141-3 nor DSA-2141-4 has fixed a security issue, so they
should not appear on the tracker. I
On Monday 03 January 2011, Yves-Alexis Perez wrote:
On mar., 2010-12-21 at 22:52 +0100, Yves-Alexis Perez wrote:
Starting january, I think I'll be able to dedicate some time to
debian security team.
Very nice.
Ok, so we're now at beginning of january :)
Is there any starting specific
On Tuesday 21 December 2010, John Goerzen wrote:
I reported bug #605484 regarding a security hole in lenny. I
believe the security team was CC'd.
Prior to my report,
http://security-tracker.debian.org/tracker/CVE-2010-3872 said that
Debian/stable was not vulnerable. I also notified them
On Thursday 11 November 2010, Kurt Roeckx wrote:
So I've prepared a package based on the ubuntu patch. I also went
over every commit between the 0.9.8l and 0.9.8m release and am
reasonly confident this patch should work properly.
The current package is available at:
On Monday 22 September 2008, Felipe Figueiredo wrote:
Try modsecurity, it should block invalid URI
Speaking of which, shouldn't it be re-included in Debian now that
the licensing issue[1] is supposed to be over[2]?
There is already an ITP bug, but I don't know the current status.
On Monday 22 September 2008, Francesco Poli wrote:
Why is there no tracker page [1] for DSA-1639-1 [2]?
I have added it to SVN. It should appear in the tracker shortly.
Thanks for the hint.
Cheers,
Stefan
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble?
On Monday 19 May 2008, Florian Weimer wrote:
BTW, it appears that the same blacklist can be used for -3 and -F4
keys. (Just in case you haven't checked that already.)
RSA keys with exponent 3 should probably not be used at all, because
multiple implementations did not verify the signatures
On Wednesday 27 February 2008, Nick Boyce wrote:
But it seems to me that simply enabling the --unrar parameter of
clamscan would not entail incorporating or distributing any unrar
code at all - the code to parse the --unrar parameter and call the
non-free unrar binary if specified surely
On Tuesday 12 February 2008, Jens Schüßler wrote:
* Florian Weimer [EMAIL PROTECTED] wrote:
* Jens Schüßler:
I just upgraded my linux-source-2.6.18 to
2.6.18.dfsg.1-18etch1_all and build a new linux-image. But
after installing an rebooting I still was able to become root
with this
On Thursday 03 January 2008, [EMAIL PROTECTED] wrote:
CVE-2007-6590 (Mozilla 1.9 M8 and earlier, Mozilla Firefox 2, SeaMonkey
1.1.5, ...)
- - iceape unfixed (medium)
- - iceweasel unfixed (medium)
- TODO: check mozilla derivatives/xulrunner
+ - iceape unfixed (low)
Hi,
many wrapper scripts contain things like
export LD_LIBRARY_PATH=foo:$LD_LIBRARY_PATH
This is bad because if LD_LIBRARY_PATH is unset, it will expand to
LD_LIBRARY_PATH=foo:
which is interpreted as
LD_LIBRARY_PATH=foo:.
This means that the current
Hi,
Alexander Konovalenko wrote:
I couldn't find any existing solutions to the problem described
above. The testing security team does publish some of the
information in their Secure-testing-commits, but it lacks more
verbose explanations and is more of a tool for team members than a
source
Hi,
On Mittwoch, 2. Mai 2007, Celejar wrote:
Dann Frazier [EMAIL PROTECTED] wrote:
Package: linux-2.6
Vulnerability : several
Problem-Type : local/remote
Debian-specific: no
CVE ID : CVE-2007-0005 CVE-2007-0958 CVE-2007-1357
CVE-2007-1592
1) DSA 1286-1 isn't
On Sunday 14 January 2007 14:36, Adrian von Bidder wrote:
I have users a, b, c, d, e. All users except e can have shell
access, but beecause shell access is powerful, must not be able to
log in with password, but only with public key. User e is allowed
to log in with password and is
Hi,
The attacks ceased before I noticed, so I was not able to capture a TCP
stream. I would just like to alert people that there is still some
vulnerability in the ProFTPD code that was not fixed by DSA-1218-1.
yes, there are two open vulnerabilites in proftpd. A DSA should be in the
works,
Hi,
One is CVE-2006-5815 and the other is a mod_tls vulnerability without
CVE
id yet. AFAIK there is no exploit for sarge's 1.2.x for CVE-2006-5815
yet.
So I would expect this to be the mod_tls vulnerability. Do you have
mod_tls enabled? Try connecting to your server with telnet and enter
Hi,
On Tuesday 09 May 2006 18:30, Daniel Schröter wrote:
For the unstable distribution (sid) this problem will be fixed
soon.
Isn't it fixed since FF 1.5.dfsg+1.5.0.3-1?
http://lists.debian.org/debian-devel-changes/2006/05/msg00197.html
the DSA is about the old mozilla, not firefox.
On Thursday 25 August 2005 23:33, Peer Janssen wrote:
Do they have some monitoring script? Or some monitoring people?
(Might be interesting to know who: [disgruntled users? the
competition?])
cron-apt will send you a mail.
Aug 25 05:16:31 xxx cron-apt: Failed to fetch
On Thursday 14 July 2005 22:03, Fredrik Demonen Vold wrote:
I think it's possible for a script to list all installed packages,
then check each of them against the bug report system to see if the
installed version has a security bug filed against it.
Maybe if some autmated system on the server
Hi!
On Tuesday 05 July 2005 14:00, Daniel Pittman wrote:
/sbin/iptables -t filter -A in_world_http_s1 -p tcp --sport 1024:65535
--dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
/sbin/iptables -t filter -A out_world_http_s1 -p tcp --sport 80 --dport
1024:65535 -m state --state
On Monday 27 June 2005 20:26, Matt Zimmerman wrote:
I expect it would be enough if they were all active, but that has
never been the case for this group. Wichert, Daniel, Michael and
myself are all de facto inactive for various reasons, and have been
for some time.
And according to Steve
Hi!
On Friday 05 November 2004 12:27, Baruch Even wrote:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --tcp-flags ALL SYN -j ACCEPT
Please dont do that!
You can use SYN,ACK,FIN,RST SYN to check for illegal flags.
Shouldn't
Hi!
Am Dienstag, 20. April 2004 15:27 schrieb Adrian 'Dagurashibanipal'
von Bidder:
So, to rephrase the question, is
there a way to have PAM set up my session (specifically, pam_env)
without allowing users to log in with their password?
I think you can do this by removing a line in
Hi!
Am Dienstag, 20. April 2004 15:27 schrieb Adrian 'Dagurashibanipal'
von Bidder:
So, to rephrase the question, is
there a way to have PAM set up my session (specifically, pam_env)
without allowing users to log in with their password?
I think you can do this by removing a line in
35 matches
Mail list logo