Hi,
This one time, at band camp, Florian Weimer said:
* Stephen Gran:
This one time, at band camp, Florian Weimer said:
Hi,
I plan to switch the debsecan data source to URLs below:
https://security-tracker.debian.org/tracker/debsecan/release/1/
I don't know how much
,
--
-
| ,''`.Stephen Gran |
| : :' :sg...@debian.org |
| `. `'Debian user, admin, and developer |
|`- http://www.debian.org |
-
signature.asc
if they would issue
certificates to us in a convenient way.
What? This is precisely what wildcard certs are for.
Cheers,
--
-
| ,''`.Stephen Gran
with a 'purpose' field set to 'security.debian.org mirror', and
hope that you can keep up to date, or you can use a web proxy for
outbound access.
Cheersm
--
-
| ,''`.Stephen Gran
,
--
-
| ,''`.Stephen Gran |
| : :' :sg...@debian.org |
| `. `'Debian user, admin, and developer |
|`- http
,
--
-
| ,''`.Stephen Gran |
| : :' :sg...@debian.org |
| `. `'Debian user, admin, and developer
, not a
clamd one. The clamd one is harder to get right and the change set is
much larger.
Cheers,
--
-
| ,''`.Stephen Gran |
| : :' :sg
not a
maintainer for the package in question, but I certainly wouldn't make
any changes based on that argument.
--
-
| ,''`.Stephen Gran
.
--
-
| ,''`.Stephen Gran |
| : :' :[EMAIL PROTECTED] |
| `. `'Debian user, admin, and developer |
|`- http://www.debian.org
.
--
-
| ,''`.Stephen Gran |
| : :' :[EMAIL PROTECTED] |
| `. `'Debian user, admin, and developer |
|`- http://www.debian.org
(no need to cc me, I read both lists)
This one time, at band camp, Richard A Nelson said:
On Fri, 30 May 2008, Stephen Gran wrote:
Good luck, and please feel free to tell upstream this was an unhelpful
change.
hrm, I wonder if/when the other (3rd party) dbs will get upgraded
.
--
-
| ,''`.Stephen Gran |
| : :' :[EMAIL PROTECTED] |
| `. `'Debian user, admin, and developer
.
--
-
| ,''`.Stephen Gran |
| : :' :[EMAIL PROTECTED] |
| `. `'Debian user, admin, and developer
?
--
-
| ,''`.Stephen Gran |
| : :' :[EMAIL PROTECTED] |
| `. `'Debian user, admin, and developer |
|`- http://www.debian.org
the work they do and telling them they
have nothing to be proud of is good why?
--
-
| ,''`.Stephen Gran |
| : :' :[EMAIL PROTECTED
to counter
things that are just absolutely made up is a waste of time.
--
-
| ,''`.Stephen Gran |
| : :' :[EMAIL PROTECTED
This one time, at band camp, Johann Spies said:
On Wed, Feb 27, 2008 at 01:06:33PM +, Stephen Gran wrote:
This one time, at band camp, Johann Spies said:
On Wed, Feb 27, 2008 at 11:54:19AM +, Stephen Gran wrote:
report to say:
There is a hard coded path in clamscan
This one time, at band camp, Nick Boyce said:
Stephen Gran wrote:
There is a hard coded path in clamscan that calls internal unpackers
for zip and rar before trying the specified external unpackers. This
breaks rar and some zip scanning for no clearly good reason. I am
talking
,
--
-
| ,''`.Stephen Gran |
| : :' :[EMAIL PROTECTED] |
| `. `'Debian user, admin, and developer
This one time, at band camp, Johann Spies said:
On Wed, Feb 27, 2008 at 11:54:19AM +, Stephen Gran wrote:
report to say:
There is a hard coded path in clamscan that calls internal unpackers
for zip and rar before trying the specified external unpackers. This
breaks rar and some
, ps shows UID , not username.
It's normal?
Yes, ps truncates username output when it's longer than 8 characters.
--
-
| ,''`.Stephen Gran
This one time, at band camp, Jim Popovitch said:
On Thu, 2007-12-20 at 01:12 +, Stephen Gran wrote:
This one time, at band camp, Dominic Hargreaves said:
Are there any updates planned for sarge in volatile.debian.org?
Yes, and they're uploaded.
Where?
http
,
--
-
| ,''`.Stephen Gran |
| : :' :[EMAIL PROTECTED] |
| `. `'Debian user, admin, and developer |
|`- http://www.debian.org
This one time, at band camp, Dominic Hargreaves said:
Are there any updates planned for sarge in volatile.debian.org?
Yes, and they're uploaded.
--
-
| ,''`.Stephen Gran
This one time, at band camp, Maxim Kammerer said:
I have no clue what this patch looks like.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440037
--
-
| ,''`.Stephen Gran
.
--
-
| ,''`.Stephen Gran |
| : :' :[EMAIL PROTECTED] |
| `. `'Debian user, admin, and developer |
|`- http://www.debian.org
, but they
decided for procedural reasons that it would be better to go ahead and
get a CVE for the issue anyway.
Sorry about the fuss,
--
-
| ,''`.Stephen Gran
. That was the point of
that statement.
--
-
| ,''`.Stephen Gran |
| : :' :[EMAIL PROTECTED] |
| `. `'Debian user, admin
.
--
-
| ,''`.Stephen Gran |
| : :' :[EMAIL PROTECTED] |
| `. `'Debian user, admin, and developer |
|`- http://www.debian.org
.
--
-
| ,''`.Stephen Gran |
| : :' :[EMAIL PROTECTED] |
| `. `'Debian user, admin, and developer |
|`- http://www.debian.org
This one time, at band camp, martin f krafft said:
also sprach Stephen Gran [EMAIL PROTECTED] [2006.11.03.1227 +0100]:
net.ipv4.conf.all.accept_redirects = 0
That looks like overkill, see below.
Right, it may not be needed, but it's probably not overkill to
disable a feature
This one time, at band camp, martin f krafft said:
also sprach Stephen Gran [EMAIL PROTECTED] [2006.11.03.1246 +0100]:
I see them at one installation at work. There, the gateway is
10.103.4.3 or something, but some machines have their gateway
still set to the old router, 10.103.4.1. When
[EMAIL PROTECTED]
--
-
| ,''`.Stephen Gran |
| : :' :[EMAIL PROTECTED] |
| `. `'Debian user, admin, and developer
be either on
the mirrors page or the organization page of debian.org.
--
-
| ,''`.Stephen Gran |
| : :' :[EMAIL PROTECTED
it's world
readable).
I'm not discouraging you from filing the bug, mind you - just letting
you know we are aware of it and actively trying to fix it.
Take care,
--
-
| ,''`.Stephen Gran
problems. Security is now round
robin, so just try again. I do believe this has been reported before,
but I'm not sure where.
Take care,
--
-
| ,''`.Stephen Gran
friend. No need to reinvent the wheel.
--
-
| ,''`.Stephen Gran |
| : :' :[EMAIL PROTECTED] |
| `. `'Debian user, admin
?
--
-
| ,''`.Stephen Gran |
| : :' :[EMAIL PROTECTED] |
| `. `'Debian user, admin, and developer |
|`- http
if this is the case.
Thanks,
--
-
| ,''`.Stephen Gran |
| : :' :[EMAIL PROTECTED] |
| `. `'Debian user, admin, and developer
]
--
-
| ,''`.Stephen Gran |
| : :' :[EMAIL PROTECTED] |
| `. `'Debian user, admin, and developer |
|`- http://www.debian.org
an
'accepted' email from stable-proposed-updates. I also heard that the
update was only waiting on one more architecture, so I expect them
shortly.
HTH,
--
-
| ,''`.Stephen Gran
it.
--
-
| ,''`.Stephen Gran |
| : :' :[EMAIL PROTECTED] |
| `. `'Debian user, admin, and developer |
|`- http://www.debian.org |
-
signature.asc
. There
is a difference between who owns it, and what their permissions are.
Basic *nix stuff here, people.
--
-
| ,''`.Stephen Gran |
| : :' :[EMAIL PROTECTED
, though, I don't see the need for it.
--
-
| ,''`.Stephen Gran |
| : :' :[EMAIL PROTECTED] |
| `. `'Debian user, admin
get
upgraded. apache-ssl and apache-perl have different source packages,
and so are unaffected.
HTH,
--
-
| ,''`.Stephen Gran |
| : :' :[EMAIL
.
--
-
| ,''`.Stephen Gran |
| : :' :[EMAIL PROTECTED] |
| `. `'Debian user, admin, and developer
This one time, at band camp, Stephen Frost said:
* Stephen Gran ([EMAIL PROTECTED]) wrote:
A sensible greylisting scheme will auto-whitelist a sending IP after
so many whitelisted entries (successful retries) - the only point of
greylisting is that we know that the remote end won't retry
because of a potential
Denial of Service vulnerability in previous 3.0.x releases
(CAN-2004-0930). (Eloy)
It has been fixed for unstable at least.
--
-
| ,''`.Stephen Gran
- it shouldn't be doing that,
I wouldn't think.
--
-
| ,''`.Stephen Gran |
| : :' :[EMAIL PROTECTED] |
| `. `'Debian user
.
--
-
| ,''`.Stephen Gran |
| : :' :[EMAIL PROTECTED] |
| `. `'Debian user, admin, and developer |
|`- http://www.debian.org
,
--
-
| ,''`.Stephen Gran |
| : :' :[EMAIL PROTECTED] |
| `. `'Debian user, admin, and developer |
|`- http://www.debian.org
that in Security Violations. Try changing the
name of the script, or adding that regex to a file under
violations.ignore.d/
HTH,
--
-
| ,''`.Stephen Gran
enough to do. A patch would probably not
hurt.
--
-
| ,''`.Stephen Gran |
| : :' :[EMAIL PROTECTED] |
| `. `'Debian user
enough to do. A patch would probably not
hurt.
--
-
| ,''`.Stephen Gran |
| : :' :[EMAIL PROTECTED] |
| `. `'Debian user
this be fixed?
Hopefully. It is irksome, but not the end of the world.
--
-
| ,''`.Stephen Gran |
| : :' :[EMAIL PROTECTED
this be fixed?
Hopefully. It is irksome, but not the end of the world.
--
-
| ,''`.Stephen Gran |
| : :' :[EMAIL PROTECTED
it for FTP.
Any recommendations, experiences, thoughts?
--
--
| Stephen Gran | The proof of the pudding is in the |
| [EMAIL PROTECTED] | eating. -- Miguel de Cervantes|
| http
This one time, at band camp, Matt Zimmerman said:
On Fri, Jun 20, 2003 at 12:56:01PM -0400, Stephen Gran wrote:
I'd like the FTP server to not allow anonymous logins (which I assume
most can do), chroot users to their home directories, and have some sort
of encrypted connections (over SSL
it for FTP.
Any recommendations, experiences, thoughts?
--
--
| Stephen Gran | The proof of the pudding is in the |
| [EMAIL PROTECTED] | eating. -- Miguel de Cervantes|
| http
This one time, at band camp, Matt Zimmerman said:
On Fri, Jun 20, 2003 at 12:56:01PM -0400, Stephen Gran wrote:
I'd like the FTP server to not allow anonymous logins (which I assume
most can do), chroot users to their home directories, and have some sort
of encrypted connections (over SSL
that kdewallpapers is perhaps a bit silly, but it's a by-product
of the automated build process.
--
--
| Stephen Gran | Buck-passing usually turns out to be a |
| [EMAIL PROTECTED] | boomerang
This one time, at band camp, Will Aoki said:
On Mon, Dec 30, 2002 at 02:20:25PM -0500, Stephen Gran wrote:
Hello all,
I'm seeing the following in my logs (fairly frequently):
66.140.25.156 - - [30/Dec/2002:13:31:21 -0500] CONNECT 213.92.8.4:6667 HTTP/1.0
405 303 - -
66.140.25.156
,
--
--
| Stephen Gran | A woman should have compassion. --|
| [EMAIL PROTECTED] | Kirk, Catspaw, stardate 3018.2|
| http://www.lobefin.net/~steve
This one time, at band camp, Will Aoki said:
On Mon, Dec 30, 2002 at 02:20:25PM -0500, Stephen Gran wrote:
Hello all,
I'm seeing the following in my logs (fairly frequently):
66.140.25.156 - - [30/Dec/2002:13:31:21 -0500] CONNECT 213.92.8.4:6667
HTTP/1.0 405 303 - -
66.140.25.156
on it for security.
--
|Stephen Gran | You will inherit millions of dollars. |
|[EMAIL PROTECTED] | |
|http://www.lobefin.net/~steve
on it for security.
--
|Stephen Gran | You will inherit millions of dollars. |
|[EMAIL PROTECTED] | |
|http://www.lobefin.net/~steve
their tracks from ps and such, but over
ssh?
Anybody seen this kind of thing before? Should I be worried? I suppose
I should mention that chkrootkit came back clean, FWIW.
--
--
|Stephen Gran | Don't abandon
their tracks from ps and such, but over
ssh?
Anybody seen this kind of thing before? Should I be worried? I suppose
I should mention that chkrootkit came back clean, FWIW.
--
--
|Stephen Gran | Don't abandon
This one time, at band camp, Hanasaki JiJi said:
I have installed the woody spam package on a woody box and cannot find
the config file to fix the below output in syslog.
Can someone help out w/ this?
Thanks
Nov 9 08:13:16 portal spamd[1290]: Still running as root: user not
This one time, at band camp, Hanasaki JiJi said:
I have installed the woody spam package on a woody box and cannot find
the config file to fix the below output in syslog.
Can someone help out w/ this?
Thanks
Nov 9 08:13:16 portal spamd[1290]: Still running as root: user not
This one time, at band camp, Steve Johnson said:
No, but I have noticed when i open an xterm, su to root and run
vi(vim-gtk), whenever I quit vi, i get this.
Xlib: connection to :0.0 refused by server
Xlib: Client is not authorized to connect to Server
Xlib: connection to :0.0 refused by
This one time, at band camp, Michael Ablassmeier said:
hi !..
i did some apache chroot environment (php,perl,ssl), and now
some users want to use the php mail command, so i have to
include some mta into the chroot.
As far as i know, Sendmail is not a good candiate to chroot.
What mta
This one time, at band camp, Steve Johnson said:
No, but I have noticed when i open an xterm, su to root and run
vi(vim-gtk), whenever I quit vi, i get this.
Xlib: connection to :0.0 refused by server
Xlib: Client is not authorized to connect to Server
Xlib: connection to :0.0 refused by
This one time, at band camp, Michael Ablassmeier said:
hi !..
i did some apache chroot environment (php,perl,ssl), and now
some users want to use the php mail command, so i have to
include some mta into the chroot.
As far as i know, Sendmail is not a good candiate to chroot.
What mta
This one time, at band camp, Carlos Sousa said:
On Sun, 3 Nov 2002 20:56:34 +0100 Javier Fernández-Sanguino Peña [EMAIL PROTECTED]
wrote:
On Sat, Nov 02, 2002 at 01:18:03PM +, Carlos Sousa wrote:
# pwck -r
user news: directory /var/spool/news does not exist
user uucp:
This one time, at band camp, Carlos Sousa said:
On Sun, 3 Nov 2002 20:56:34 +0100 Javier Fernández-Sanguino Peña [EMAIL
PROTECTED] wrote:
On Sat, Nov 02, 2002 at 01:18:03PM +, Carlos Sousa wrote:
# pwck -r
user news: directory /var/spool/news does not exist
user uucp:
Hello all,
I'm getting ready to set up a mail server, and I have a few questions
that I was hoping people would have opinions on. Right now I have a box
that collects my mail with fetchmail, and then allows other boxes on the
LAN to collect from it via qpopper. All direct outside access is
This one time, at band camp, Andy Coates said:
Hello all,
[snip]
Now I find myself in the position of changing the setup, so
that it is a
real internet-facing mail server. It will act as the MX for
my domain,
using exim, and will distribute the mail to people, either still with
This one time, at band camp, Raymond Wood said:
Potato and Woody are both patched then. What is the recommended
course of action for those running Sid? Should Sid users
install the Woody patch, or is this a bad idea?
Thanks for all the hard work Debian Security people!
Cheers,
Raymond
This one time, at band camp, Gary MacDougall said:
Giacomo,
How about an example!?!
I'm a little surprise as to why you'd point out an exploit and
not tell people how to fix it...
On Mon, 6 May 2002, Michal Melewski wrote:
Hello
Try to add following lines into your firewall
This one time, at band camp, Gary MacDougall said:
Giacomo,
How about an example!?!
I'm a little surprise as to why you'd point out an exploit and
not tell people how to fix it...
On Mon, 6 May 2002, Michal Melewski wrote:
Hello
Try to add following lines into your firewall
This one time, at band camp, Brian Furry said:
(Speaking as the Net Admin)
I have described the Linux project, its uses, and its physical placement
within our network, to four knowledgeable people, and asked for their
thoughts and recommendations.
A. Partner in a consulting company based in
This one time, at band camp, Hal said:
I run a potato server on an ethernet behind a firewall connected by dsl to the
internet. The only service exposed is ftp, In the middle of last night ippl
reported an ftp connection attempt from 192.168.1,1 The network behind my firewall
uses
This one time, at band camp, Hal said:
I run a potato server on an ethernet behind a firewall connected by dsl to
the internet. The only service exposed is ftp, In the middle of last night
ippl reported an ftp connection attempt from 192.168.1,1 The network behind
my firewall uses
Thus spake Stefan Srdic:
Hi,
I was going through the Securing Debian HOW-TO and noticed the section on
setuid check (4.11). I would like for the checksecurity script to email root
of any changes to the system. Will this work if I have exim installed?
Currently, exim forwards
Thus spake Stefan Srdic:
On January 12, 2002 02:28 pm, Stephen Gran wrote:
Thus spake Stefan Srdic:
Hi,
I was going through the Securing Debian HOW-TO and noticed the section
on setuid check (4.11). I would like for the checksecurity script to
email root of any changes
Thus spake Stefan Srdic:
Hi,
I was going through the Securing Debian HOW-TO and noticed the section
on
setuid check (4.11). I would like for the checksecurity script to email root
of any changes to the system. Will this work if I have exim installed?
Currently, exim forwards
Thus spake Stefan Srdic:
On January 12, 2002 02:28 pm, Stephen Gran wrote:
Thus spake Stefan Srdic:
Hi,
I was going through the Securing Debian HOW-TO and noticed the section
on setuid check (4.11). I would like for the checksecurity script to
email root of any changes
88 matches
Mail list logo