On Mon, 06 Oct 2014 03:25:27 +0200
Carlos Alberto Lopez Perez clo...@igalia.com wrote:
I have built patched packages for lenny. You can download them from here:
http://people.igalia.com/clopez/bash-shellshock-lenny/
If you are not willing to use the binaries, you can rebuild it from
On 06/10/14 17:59, Marko Randjelovic wrote:
On Mon, 06 Oct 2014 03:25:27 +0200
Carlos Alberto Lopez Perez clo...@igalia.com wrote:
I have built patched packages for lenny. You can download them from here:
http://people.igalia.com/clopez/bash-shellshock-lenny/
If you are not willing to
Carlos Alberto Lopez Perez un jour écrivit:
Maybe your http client is unable to understand Content-Encoding: gzip ?
I downloaded the files from the provided location with Links2 web
browser. The file bash_3.2-4+deb5u1.dsc was a gzipped file. After
decompressing it became standard .dsc file.
On 06/10/14 20:40, Simon Valiquette wrote:
Carlos Alberto Lopez Perez un jour écrivit:
Maybe your http client is unable to understand Content-Encoding: gzip ?
I downloaded the files from the provided location with Links2 web
browser. The file bash_3.2-4+deb5u1.dsc was a gzipped file. After
On 04/10/14 06:44, Marko Randjelovic wrote:
On Wed, 01 Oct 2014 17:30:11 +0200
Carlos Alberto Lopez Perez clo...@igalia.com wrote:
On 01/10/14 13:28, Nikolay Hristov wrote:
Hello there,
I know that this is outdated debian release and it is in the archives
but I still have 6 servers
On Wed, 01 Oct 2014 17:30:11 +0200
Carlos Alberto Lopez Perez clo...@igalia.com wrote:
On 01/10/14 13:28, Nikolay Hristov wrote:
Hello there,
I know that this is outdated debian release and it is in the archives
but I still have 6 servers running Lenny and I don't want to upgrade
them
Paul Wise p...@debian.org wrote:
On Thu, Oct 2, 2014 at 1:37 AM, Jann Horn wrote:
You're doing this the wrong way - as others have already said, upgrade your
server to a supported release.
Based on our off-list discussions, Nikolay has valid reasons for not
upgrading.
Oh dear! Pabs,
Shellshock has such big impact on the internet so please give us Lenny
package.
You need to remember that Debian is a project staffed by volunteers,
some of whom have already offered packages. If you cannot trust random
binaries then the patches are available.
If you do have a
Hello there,
I know that this is outdated debian release and it is in the archives
but I still have 6 servers running Lenny and I don't want to upgrade
them to newer versions for several reasons.
Any chance that we will get official debian package for Lenny? I'm sure
that I'm not the only one
On Wed, Oct 01, 2014 at 02:28:17PM +0300, Nikolay Hristov wrote:
Hello there,
I know that this is outdated debian release and it is in the archives but I
still have 6 servers running Lenny and I don't want to upgrade them to newer
versions for several reasons.
Any chance that we will get
I made lenny packages for my machines. I could share them if you want?
On Wed, Oct 1, 2014 at 1:28 PM, Nikolay Hristov ge...@stemo.bg wrote:
Hello there,
I know that this is outdated debian release and it is in the archives but
I still have 6 servers running Lenny and I don't want to upgrade
On 10/01/2014 02:37 PM, Izak Burger wrote:
I made lenny packages for my machines. I could share them if you want?
On Wed, Oct 1, 2014 at 1:28 PM, Nikolay Hristov ge...@stemo.bg
mailto:ge...@stemo.bg wrote:
Hello there,
I know that this is outdated debian release and it is in the
What part of:
Debian GNU/Linux 5.0 has been superseded by Debian 6.0 (squeeze).
Security updates have been discontinued as of February 6th, 2012.
http://www.debian.org/releases/lenny/index.en.html
, didnt you understand? :)
There are much more security issues than shellshock alone with Debian
On 10/01/2014 02:59 PM, David Dejaeghere wrote:
What part of:
Debian GNU/Linux 5.0 has been superseded by Debian 6.0 (squeeze).
Security updates have been discontinued as of February 6th, 2012.
http://www.debian.org/releases/lenny/index.en.html
, didnt you understand? :)
There are much more
Still, when someone offers their help there really is no need
to play a smart ass as you did. The only thing you might achieve doing
that is a) direct rebuttals (my e-mail) and b) mild propositions to
build patched packages yourself.
Admittedly I didn't read the email as properly as I
On 10/01/2014 02:58 PM, Konstantin Khomoutov wrote:
On Wed, 1 Oct 2014 14:45:55 +0300
Nikolay Hristov ge...@stemo.bg wrote:
I made lenny packages for my machines. I could share them if you
want?
[...]
Which part of I don't want to use deb packages from different
sources because I cannot
On Wed, 1 Oct 2014 14:45:55 +0300
Nikolay Hristov ge...@stemo.bg wrote:
I made lenny packages for my machines. I could share them if you
want?
[...]
Which part of I don't want to use deb packages from different
sources because I cannot trust them you didnt understand? ;-)
Still, when
With Qmail exposed and being an attack vector I would advice to build your
own updated bash package.
You wont get official security updates.
2014-10-01 14:06 GMT+02:00 Nikolay Hristov ge...@stemo.bg:
On 10/01/2014 02:58 PM, Konstantin Khomoutov wrote:
On Wed, 1 Oct 2014 14:45:55 +0300
Also about not thrusting people, you are sending to this list with your
company email address and tell everyone here you have an exploitable qmail
setup running. Be carefull with the information you make public.
Regards,
David
2014-10-01 14:17 GMT+02:00 David Dejaeghere
On mer., 2014-10-01 at 15:03 +0300, Nikolay Hristov wrote:
In other words we
need security update for older debian distributions.
That won't happen.
--
Yves-Alexis Perez - Debian Security
signature.asc
Description: This is a digitally signed message part
* Nikolay Hristov ge...@stemo.bg wrote:
On 10/01/2014 02:58 PM, Konstantin Khomoutov wrote:
On Wed, 1 Oct 2014 14:45:55 +0300
Nikolay Hristov ge...@stemo.bg wrote:
I made lenny packages for my machines. I could share them if you
want?
[...]
Which part of I don't want to use deb packages
On Wed, Oct 1, 2014 at 7:28 PM, Nikolay Hristov wrote:
I still have 6 servers running Lenny and I don't want to upgrade them to newer
versions for several reasons.
Could you mention these on the list? If so perhaps we can provide some
advice. If not perhaps you can find a Debian consultant who
On 01/10/14 13:28, Nikolay Hristov wrote:
Hello there,
I know that this is outdated debian release and it is in the archives
but I still have 6 servers running Lenny and I don't want to upgrade
them to newer versions for several reasons.
Any chance that we will get official debian package
On Wed, Oct 01, 2014 at 02:28:17PM +0300, Nikolay Hristov wrote:
Hello there,
I know that this is outdated debian release and it is in the archives but I
still have 6 servers running Lenny and I don't want to upgrade them to newer
versions for several reasons.
Any chance that we will get
On Thu, Oct 2, 2014 at 1:37 AM, Jann Horn wrote:
You're doing this the wrong way - as others have already said, upgrade your
server to a supported release.
Based on our off-list discussions, Nikolay has valid reasons for not upgrading.
--
bye,
pabs
https://wiki.debian.org/PaulWise
--
To
25 matches
Mail list logo