Re: Debian Kernel security status?
On Thu, Apr 20, 2006 at 04:18:28PM +0200, Jan Luehr wrote: > Well, looking back at woody, kernel updates appear infrequently and not that > often. I can remeber that we asked for a kernel-update but nothing came > around. I can't speak for the stable security team; but I suspect it was a lack of resources. The kernel story in woody was a mess - 10 kernel-source packages, plus at least two architectures that included their own source. Sarge is a lot more sane (2 kernel-source packages), and etch is looking like it will be even more manageable (1 source package with autobuildable images). > Btw. Why do a lot of DSAs care about oldstable, while kernel-updates avoid > woody? We've prepared updates for oldstable: http://wiki.debian.org/DebianKernelWoodyUpdateStatus Though there were problems with these getting uploaded - I'm not sure what the current status of this is. I also haven't heard any feedback from users about woody updates - I can only assume that there are not many security-concerned users running woody kernels these days, or they just don't read d-d-a/planet... or they just remain silent. Note that woody security support ends next month, so there probably won't be anything beyond this update. -- dann frazier -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: postfix in qmail out proftpd in pureftpd
*> I found you in a search and thought you could help. I am unable to get in > touch with the webmaster at qmail. If you can answer this question it would > be > greatly appreciated. Many thanks for your help. diane > > "We have been receiving mail from several people being sent under different > screen names and we think they are all from the same person. When checking > the "internet details" of each mail we find same information in all of them > which is the line below. Does this mean that all of the mails are > originating > from the same person? Does the "uid 60001" signify the qmail user? Thank you > for your help. > > > Received: (qmail 77869 invoked by uid 60001); 23 Mar 2006 21:21:02" This is just an indication that the message has been processed by qmail. It can be forged easily and by itself does not provide any information regarding who actually sent the message. debian-security, the mailing list you posted to, deals with security in the Debian Operating System. This mailing list is not related to qmail in any way. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Security status of mozilla-* packages
Holger Mense wrote: >> the Mozilla team has recently released new versions of Firefox, Mozilla >> Suite, Thunderbird, which also fix several security issues >> (http://www.mozilla.org/projects/security/known-vulnerabilities.html) >> >> How far are these issues affected by the Debian packages? Will there be= > a >> security release for the current packages to fix them? > > I forgot to clarify, that I am explicit asking for Debian Sarge. Mozilla-* isn't supportable with isolated security fixes, so like for the previous DSAs the update will contain backports. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Security status of mozilla-* packages
On Thu, Apr 20, 2006 at 11:02:20AM +0100, James Davis wrote: > Actually, the release of Thunderbird which fixes these vulnerabilities > (1.5.0.2) has not completed testing and is not a 'release' yet. The > vulnerability report is confusing, in that it implies that Thunderbird > 1.5.0.2 should be available. > > I e-mailed Mozilla's security team yesterday and they said that it > should be released shortly (within a day or so). It's out now... ftp://ftp.mozilla.org/pub/mozilla.org/thunderbird/releases/1.5.0.2/source/ signature.asc Description: Digital signature
Re: Debian Kernel security status?
On Thu, Apr 20, 2006 at 04:18:28PM +0200, Jan Luehr wrote: Btw. Why do a lot of DSAs care about oldstable, while kernel-updates avoid woody? Because the kernel build process for woody is even worse than for sarge. Mike Stone -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debian Kernel security status?
On Thu, Apr 20, 2006 at 04:18:28PM +0200, Jan Luehr wrote: > Btw. Why do a lot of DSAs care about oldstable, while kernel-updates avoid > woody? Because building kernels is hard for Sarge and very hard for Woody. I seem to recall Joey asking for volunteers to help work on kernels a good few months back ... DSAs for woody will probably cease soon as well. From memory we promised a year of support after the release of Sarge. Sarge was released early June, so that gives us the end of this month and then just May to continue with. Of course if it isn't too hard, or there is a lot of demand, it may be possible to continue supporting it for a little longer. Steve -- # The Debian Security Audit Project. http://www.debian.org/security/audit signature.asc Description: Digital signature