Re: Old kernel versions cleaned out of packages list
Hi, 30 août 2023, 07:19 de car...@debian.org: > They were cleaned up to make up space, as they are superseeded by > newer versions. > > In future this might even happen more automatically and the old > package auto-decrufted from the archive once new version are present > in the archive. > I totally understand that storage is not infinite and that space must be made sometimes. However, wouldn't be automatic and systematic purge contrary to the purpose of snapshot.debian.org? Or maybe would it be an exception here because we have no choice? Thanks in advance. l0f4r0
Mention of backports releases statuses in Security Tracker
Hi, Following the recent questions about Dirty-Pipe on debian-kernel@l.d.o [1] and debian-user@l.d.o [2], I was wondering if it could be possible somehow to mention backports releases statuses as well in the Security Tracker? Currently, one can see the situation regarding standard releases (Stretch, Buster, Bullseye...) and security releases (Stretch security, Buster security, Bullseye security...), but there seems to be no direct mention of backports releases (Buster backports, Bullseye backports...). I think it could help to know at first glance if one's backports package is vulnerable of fixed. NB: The Package Tracker already mentions the backports versions (bpo) when available. [1] https://lists.debian.org/debian-kernel/2022/03/msg00081.html [2] https://lists.debian.org/debian-user/2022/03/msg00323.html Thank you in advance. Best regards, l0f4r0
Re: Is chromium updated?
Hi, 13 nov. 2020 à 11:06 de ggunin...@gmail.com: > Definitely won't say "thank you" to some entity which gives > me long unpatched important component like a web browser. > I confess that having an unpatched browser is really not recommended because of all exploits that could happen on the fly (the browser is a really exposed component by nature). However, everyone is free to contribute, provide help or simply choose another package, maybe more maintained... 9 nov. 2020 à 17:30 de go...@oles.biz: > what is your opinion, what should Linux users use for their daily work? > Firefox becomes more and more buggier, Chromium project doesn't provide > binaries for any OS. > Why not using Vivaldi browser then? It comes with its own repo and updates are released regularly. This is not 100% open source, true, but it's really functional & customisable. I've been using it for 1 year on Linux/macOS/Windows and heard/read almost only good feedbacks. Best regards, l0f4r0
Re: Is chromium updated?
Hi, 8 nov. 2020 à 18:50 de ggunin...@gmail.com: > https://www.theregister.com/2020/11/04/google_chrome_critical_updates/ > > Wed 4 Nov 2020 > If you're an update laggard, buck up: Chrome zero-days are being > exploited in the wild > > Desktop and Android versions both at risk > Thanks Georgi for the link. Regarding CVE-2020-16009 <https://security.archlinux.org/CVE-2020-16009>, it seems that some distros like Arch [1] have already updated their chromium packages but no Debian yet. Right? Is it just a matter of extracting the security fix from 86.0.4240.183, packaging it accordingly and pushing in a new version in Debian repositories? For Buster, will it lead eventually to a 83.0.4103.116-1~deb10uX or a 86.0.4240.183~deb10uX version instead? Thanks in advance & Best regards, l0f4r0 [1] : https://security.archlinux.org/CVE-2020-16009
Re: Is chromium updated?
Hi, 17 oct. 2020 à 14:28 de ggunin...@gmail.com: > On Debian stable, I have chromium Version: 83.0.4103.116-1~deb10u3 > > >From Arch advisory on 2020-10-10: > The package chromium before version 86.0.4240.75-1 is vulnerable to > multiple issues including arbitrary code execution, access restriction > bypass, information disclosure and insufficient validation. > https://lists.archlinux.org/pipermail/arch-security/2020-October/001608.html > > Is Debian's chromium vulnerable now? > I would say yes for the time being indeed: https://security-tracker.debian.org/tracker/source-package/chromium See "vulnerable" in 2nd column for CVE-2020-15967 to CVE-2020-15992 + CVE-2020-6557 Best regards, l0f4r0
Re: debcheckroot v2.0 released
Hi, 5 avr. 2020 à 12:00 de william.gagn...@gmail.com: > could you please > remove > me from the debian-security mailing list? > It's been year (true story) that I'm asking for that, and I don't even know > how it is possible coming from an IT group .. :D > > Please do this ecological contribution .. > Obviously you don't know that such action must be done by yourself: https://www.debian.org/MailingLists/unsubscribe Best regards, l0f4r0
