Re: "Ian Murdock" Death
Header CONFIDENTIAL for public list go investigate your ass! Coule some moderator ban this troll Guy please Regards Original Message On 16 juil. 2016 21:53, Emiliano del Peon wrote: Can you stop flooding this mail list with conspiracy theories that has no relationship with debian's security? Thank you El 16/7/2016 4:02 p. m., "Rick Moen" < r...@linuxmafia.com> escribió: Quoting Giacomo Mulas ( giacomo.mula...@gmail.com): > Serious? Seriously you send an email about your conspiracy theory (about a > highly respected, deceased person) worldwide, to an entire mailing list, > starting it by "CONFIDENTIAL", and you expect people to take that, well... > seriously? The Internet famously contains people who, um, think different. Have a look at this gentleman's Twitter stream, for context. https://twitter.com/cvaillance -- Cheers, "Why struggle to open a door between us, Rick Moen when the whole wall is an illusion?" r...@linuxmafia.com -- Rumi McQ! (4x80)
Re: "Ian Murdock" Death
Can you stop flooding this mail list with conspiracy theories that has no relationship with debian's security? Thank you El 16/7/2016 4:02 p. m., "Rick Moen"escribió: > Quoting Giacomo Mulas (giacomo.mula...@gmail.com): > > > Serious? Seriously you send an email about your conspiracy theory > (about a > > highly respected, deceased person) worldwide, to an entire mailing list, > > starting it by "CONFIDENTIAL", and you expect people to take that, > well... > > seriously? > > The Internet famously contains people who, um, think different. Have a > look at this gentleman's Twitter stream, for context. > https://twitter.com/cvaillance > > -- > Cheers,"Why struggle to open a door > between us, > Rick Moen when the whole wall is an illusion?" > r...@linuxmafia.com > -- Rumi > McQ! (4x80) > >
Re: "Ian Murdock" Death
Quoting Giacomo Mulas (giacomo.mula...@gmail.com): > Serious? Seriously you send an email about your conspiracy theory (about a > highly respected, deceased person) worldwide, to an entire mailing list, > starting it by "CONFIDENTIAL", and you expect people to take that, well... > seriously? The Internet famously contains people who, um, think different. Have a look at this gentleman's Twitter stream, for context. https://twitter.com/cvaillance -- Cheers,"Why struggle to open a door between us, Rick Moen when the whole wall is an illusion?" r...@linuxmafia.com -- Rumi McQ! (4x80)
Re: "Ian Murdock" Death
Agreed. This added to plonk folder rule. Can anyone please remove this subject/thread into ignore in mailman? On Sat, Jul 16, 2016 at 9:00 AM, Aleksandar Atanasovwrote: > STOP filling our inboxes with replies to SPAM MESSAGES. Christ, this is > a Debian security list yet there are some people who have no clue about > security. > > Have a nice weekend, > AA
Re: "Ian Murdock" Death
Can anyone please delete him from this mailing list? This has NOTHING to do with any security relevanted stuff... so please stop it guys! 2016-07-16 16:15 GMT+02:00 Kyle Lussier <k...@countervaillance.com>: > > CONFIDENTIAL > > Lee - > > Thank you. The questions here are a part of an overall investigation > which involved peoples identities, people faking identities, suicides, > mental health, the personal wealth of engineers that contribute greatly > to society (and are not rewarded financially for such), personal > security > issues (core engineers being abused by law enforcement, police and/or > other actors to compromise infrastructure), and many other things. > > I request people put "extra mental bandwidth" into responses to reduce > errors and increase accuracy. I have not monitored Debian > Founder/Leadership > issues personally, but I am now. > > * Most people here agree that this is accurate "Ian Murdock was a > founder > of Debian and his involvement was reduced after 1998". > > * "Ian Murdock" was a real person that committed suicide, in general > compliance with the following: > http://www.theregister.co.uk/2016/07/07/ian_murdock_autopsy/ > > * "Ian Murdock" is NOT "Ian Jackson" which shows up in the Wayback > engine > and these are two separate people. > > Is the above accurate, yes or no? > > Does anyone know of any hard material / empirical information that would > falsify and/or counter the accuracy of the above statements? > > Kyle > > > > Original Message > Subject: RE: "Ian Murdock" Death > From: <lpack...@leenux.org.uk> > Date: Sat, July 16, 2016 6:58 am > To: Kyle Lussier <k...@countervaillance.com>, Norbert Kiszka > <norb...@linux.pl>, "debian-security@lists.debian.org" > <debian-security@lists.debian.org> > Cc: Kyle Lussier <k...@countervaillance.com>, Michael > <mikethomp...@gmx.co.uk>, Salvatore Bonaccorso <car...@debian.org> > > Kyle, > > If you’d of done your research (which you clearly haven’t) then > you’d know that Ian was the founder and was not the leader of the > organisation from 1998. Sorry but this isn’t a ‘real’ > investigation. If it was you’d of done your research. Coming on to > this mailing list and behaving the way you are is not appropriate. I > suggest you take this to a more appropriate list because this isn’t > it. > > Regards, > Lee > > > >
Re: "Ian Murdock" Death
Yeah. https://twitter.com/CVaillance/status/752613020325425153 Either a solid troll, keeping this up as a 24/7 persona, or isn't there, mentally. Please stop responding. On Jul 16, 2016 10:25 AM, "Jakub Wilk"wrote: > * Kyle Lussier , 2016-07-16, 07:15: > >> I request people put "extra mental bandwidth" into responses >> > > I request that people don't feed the troll. Thanks. > > -- > Jakub Wilk > >
RE: "Ian Murdock" Death
CONFIDENTIAL Denny - I would counter-argue that this is one of the most important real security issues that exists right now and this may have caused the breach of 100s or 1,000s of critical servers in the last 2 years. Once I have all of the answers I need, I will exit the list unless invited back. Several more questions: * Did anyone go to Ian's funeral and/or -personally witness- his death or body? The coroner is not responding. * Is it possible Ian could have altered trusted M.I.T. distributions in order to compromise a number of critical government servers (imagine biological / virus research stuff as an example) and then faked his own death to "disappear" after having been paid a lot of money? Is the above possible and/or could have happened? Kyle Original Message Subject: Re: "Ian Murdock" Death From: Denny Bortfeldt <de...@bortfeldt.net> Date: Sat, July 16, 2016 7:23 am To: Kyle Lussier <k...@countervaillance.com> Cc: lpack...@leenux.org.uk, Norbert Kiszka <norb...@linux.pl>, "debian-security@lists.debian.org" <debian-security@lists.debian.org>, Michael <mikethomp...@gmx.co.uk>, Salvatore Bonaccorso <car...@debian.org> Can anyone please delete him from this mailing list? This has NOTHING to do with any security relevanted stuff... so please stop it guys!
Re: "Ian Murdock" Death
* Kyle Lussier, 2016-07-16, 07:15: I request people put "extra mental bandwidth" into responses I request that people don't feed the troll. Thanks. -- Jakub Wilk
RE: "Ian Murdock" Death
CONFIDENTIAL Lee - Thank you. The questions here are a part of an overall investigation which involved peoples identities, people faking identities, suicides, mental health, the personal wealth of engineers that contribute greatly to society (and are not rewarded financially for such), personal security issues (core engineers being abused by law enforcement, police and/or other actors to compromise infrastructure), and many other things. I request people put "extra mental bandwidth" into responses to reduce errors and increase accuracy. I have not monitored Debian Founder/Leadership issues personally, but I am now. * Most people here agree that this is accurate "Ian Murdock was a founder of Debian and his involvement was reduced after 1998". * "Ian Murdock" was a real person that committed suicide, in general compliance with the following: http://www.theregister.co.uk/2016/07/07/ian_murdock_autopsy/ * "Ian Murdock" is NOT "Ian Jackson" which shows up in the Wayback engine and these are two separate people. Is the above accurate, yes or no? Does anyone know of any hard material / empirical information that would falsify and/or counter the accuracy of the above statements? Kyle ---- Original Message Subject: RE: "Ian Murdock" Death From: <lpack...@leenux.org.uk> Date: Sat, July 16, 2016 6:58 am To: Kyle Lussier <k...@countervaillance.com>, Norbert Kiszka <norb...@linux.pl>, "debian-security@lists.debian.org" <debian-security@lists.debian.org> Cc: Kyle Lussier <k...@countervaillance.com>, Michael <mikethomp...@gmx.co.uk>, Salvatore Bonaccorso <car...@debian.org> Kyle, If you’d of done your research (which you clearly haven’t) then you’d know that Ian was the founder and was not the leader of the organisation from 1998. Sorry but this isn’t a ‘real’ investigation. If it was you’d of done your research. Coming on to this mailing list and behaving the way you are is not appropriate. I suggest you take this to a more appropriate list because this isn’t it. Regards, Lee
RE: "Ian Murdock" Death
Kyle, If you’d of done your research (which you clearly haven’t) then you’d know that Ian was the founder and was not the leader of the organisation from 1998. Sorry but this isn’t a ‘real’ investigation. If it was you’d of done your research. Coming on to this mailing list and behaving the way you are is not appropriate. I suggest you take this to a more appropriate list because this isn’t it. Regards, Lee From: Kyle Lussier
RE: "Ian Murdock" Death
CONFIDENTIAL Thank you for the questions and the responses. * This is a real investigation. * The messages are flagged with "CONFIDENTIAL" because it has legal and federal/international court significance to all recipients of the information and generates additional protections of such for people that abuse/misuse the information. * Congressional and other reviews related to information security, information classification, and the like is currently occurring. It is possible this sort of thing may be added to core Internet infrastructure in the future along with new core data features. It is also possible Debian may be reviewing these standards on an engineering basis to resolve a significant number of complicated privacy and legal problems that are occurring and causing great harm and misery to many people. * The name "Ian Murdock" does not initially appear to be present in any of the Wayback Engine's Archives of this page: https://www.debian.org/intro/organization * Please review for yourself: https://web.archive.org/web/20040623083118/http://www.debian.org/intro/organization * I have personally been a user of Debian for approximately 15 years and developed an application called "AutoNOC" for which the history can be reviewed here and am now working on some new things now for which Debian is a candidate. https://web.archive.org/web/20160306155441/http://autonoc.com/ * I am also currently reviewing all LSB distributions trying to identify the build that is the most secure, high-integrity, and trust-worthy. * As a result of new technologies, information in this message may, in the future, "cease to exist", as a result of new privacy and other technologies being debated. The message is also submitted in this manner to spark related debate as to this sort of technology. Can anyone explain why "Ian Murdock" appears to have "died in national news by way of committing suicide after an alcohol and women fueled event that led to an altercation with police"? And why isn't his name listed in any of the leadership archives on Wayback? Thank you for your assistance in providing clear, accurate answers. Kyle Dnia 2016-07-15, pią o godzinie 16:18 -0700, Kyle Lussier pisze: > CONFIDENTIAL > > Hello Debian / Savatore - > > I am investigating the death of Ian Murdock and also a debian user. > > * Debian's core MIT distribution may have been compromised by > "Ian" internally to get into one of our servers. > > * Can you confirm that "Ian Murdock" was the "ian" in debian? > > * Can you confirm that he is actually dead/committed suicide? > > * If not, did he fake his death? Perhaps after compromising > servers intentionally and committing many felonies? > > The coroner and related PD have not responded however several > federal agencies are aware of the issue. > > This is a very serious matter. > > Thank you for your assistance! > > Kyle > > > Original Message > Subject: [SECURITY] [DSA 3620-1] pidgin security update > From: Salvatore Bonaccorso> Date: Fri, July 15, 2016 12:03 pm > To: debian-security-annou...@lists.debian.org > > > Błąd podczas weryfikowania podpisu: > Hash: SHA512 > gpg: nagłówek opakowania: > -\r\n > gpg: niepoprawne oznaczenie linii > minusami: > -\r\n > gpg: nieoczekiwane opakowanie: > Debian Security Advisory DSA-3620-1 > secur...@debian.org\r\n > gpg: niepoprawny nagłówek > opakowania: > Content-Type: application/x-inlinepgp-signed; charset="utf-8" > Content-Transfer-Encoding: quoted-printable > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > - > - > Debian Security Advisory DSA-3620-1 secur...@debian.org > https://www.debian.org/security/ Salvatore Bonaccorso > July 15, 2016 https://www.debian.org/security/faq > - > - > > Package : pidgin > CVE ID : CVE-2016-2365 CVE-2016-2366 CVE-2016-2367 CVE-2016-2368 > CVE-2016-2369 CVE-2016-2370 CVE-2016-2371 CVE-2016-2372 > CVE-2016-2373 CVE-2016-2374 CVE-2016-2375 CVE-2016-2376 > CVE-2016-2377 CVE-2016-2378 CVE-2016-2380 CVE-2016-4323 > > Yves Younan of Cisco Talos discovered several vulnerabilities in the > MXit protocol support in pidgin, a multi-protocol instant messaging > client. A remote attacker can take advantage of these flaws to cause a > denial of service (application crash), overwrite files, information > disclosure, or potentially to execute arbitrary code. > > For the stable distribution (jessie), these problems have been fixed > in > version 2.11.0-0+deb8u1. > > For the testing distribution (stretch), these problems have been fixed > in version 2.11.0-1. > > For the unstable distribution (sid), these problems have been fixed in
Re: "Ian Murdock" Death
STOP filling our inboxes with replies to SPAM MESSAGES. Christ, this is a Debian security list yet there are some people who have no clue about security. Have a nice weekend, AA 0x05076853.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
RE: "Ian Murdock" Death
On Sat, 16 Jul 2016, Kyle Lussier wrote: CONFIDENTIAL Melvin - I appreciate your response, however this issue is very serious. Serious? Seriously you send an email about your conspiracy theory (about a highly respected, deceased person) worldwide, to an entire mailing list, starting it by "CONFIDENTIAL", and you expect people to take that, well... seriously? Please, get a clue, and a life. And while you are at it, take this stuff elsewhere, this mailing list is definitely not the right place for it. Best regards Giacomo -- _ Giacomo Mulas_ INAF - Osservatorio Astronomico di Cagliari via della scienza 5 - 09047 Selargius (CA) tel. +39 070 71180244 mob. : +39 329 6603810 _ "When the storms are raging around you, stay right where you are" (Freddy Mercury) _
Re: "Ian Murdock" Death
Look precisely into original message. This is spam, not a question. Every answer (including this one) gives something (money, emails, something else) to "topic" author. So please do not reply. Dnia 2016-07-15, pią o godzinie 16:18 -0700, Kyle Lussier pisze: > CONFIDENTIAL > > Hello Debian / Savatore - > > I am investigating the death of Ian Murdock and also a debian user. > > * Debian's core MIT distribution may have been compromised by > "Ian" internally to get into one of our servers. > > * Can you confirm that "Ian Murdock" was the "ian" in debian? > > * Can you confirm that he is actually dead/committed suicide? > > * If not, did he fake his death? Perhaps after compromising > servers intentionally and committing many felonies? > > The coroner and related PD have not responded however several > federal agencies are aware of the issue. > > This is a very serious matter. > > Thank you for your assistance! > > Kyle > > > Original Message > Subject: [SECURITY] [DSA 3620-1] pidgin security update > From: Salvatore Bonaccorso> Date: Fri, July 15, 2016 12:03 pm > To: debian-security-annou...@lists.debian.org > > > Błąd podczas weryfikowania podpisu: > Hash: SHA512 > gpg: nagłówek opakowania: > -\r\n > gpg: niepoprawne oznaczenie linii > minusami: > -\r\n > gpg: nieoczekiwane opakowanie: > Debian Security Advisory DSA-3620-1 > secur...@debian.org\r\n > gpg: niepoprawny nagłówek > opakowania: > Content-Type: application/x-inlinepgp-signed; charset="utf-8" > Content-Transfer-Encoding: quoted-printable > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > - > - > Debian Security Advisory DSA-3620-1 secur...@debian.org > https://www.debian.org/security/ Salvatore Bonaccorso > July 15, 2016 https://www.debian.org/security/faq > - > - > > Package : pidgin > CVE ID : CVE-2016-2365 CVE-2016-2366 CVE-2016-2367 CVE-2016-2368 > CVE-2016-2369 CVE-2016-2370 CVE-2016-2371 CVE-2016-2372 > CVE-2016-2373 CVE-2016-2374 CVE-2016-2375 CVE-2016-2376 > CVE-2016-2377 CVE-2016-2378 CVE-2016-2380 CVE-2016-4323 > > Yves Younan of Cisco Talos discovered several vulnerabilities in the > MXit protocol support in pidgin, a multi-protocol instant messaging > client. A remote attacker can take advantage of these flaws to cause a > denial of service (application crash), overwrite files, information > disclosure, or potentially to execute arbitrary code. > > For the stable distribution (jessie), these problems have been fixed > in > version 2.11.0-0+deb8u1. > > For the testing distribution (stretch), these problems have been fixed > in version 2.11.0-1. > > For the unstable distribution (sid), these problems have been fixed in > version 2.11.0-1. > > We recommend that you upgrade your pidgin packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: https://www.debian.org/security/ > > Mailing list: debian-security-annou...@lists.debian.org > -BEGIN PGP SIGNATURE- > Version: GnuPG v1 > > iQIcBAEBCgAGBQJXiTCbAAoJEAVMuPMTQ89E4nUP/jEpNVpOe4FcStlU24Cv1qOS > BsNBvRlp1XhhshzoBAWZSBTKFi4jqilOZUgjsHO76nHS7j0J4wzoWc36ZIp23O5p > KX9+A87ZdS4C3hI1YGgTdCcMTKSnWIrS1YcOW/0qBx7jdXt5EhFPKJa/byhHsp23 > zguJ+glemJQ9uqpylc5om2udV4u9U5Nnc+Ga92zeR7Kefs20yRTLOef4Pd69LPwh > +zM0/qkI+JMii0yMpMJsIpMsXzQvzvgd4E6r3+NrWOHOCoZ8XZD4UvsR3Bnw8nvg > ed+hg2nj3uMWgXtv4Bdx+yUxsWdRFSjpiD1EXWmvzREgmDdrlnCGZB3yQbepA0Yi > lHsHEAwq3GZalLAeW8lwIQVaSLSREO6ZxcY7OxG2vdYzbkoQKCK7K4rR4T3yxB83 > tAvYWRxCTMaeRxqUgLEAq0iMqQhvrmNDDEt5VVsE1bSn9gig6MkSGepFdzx4Yipq > +a8XUgJt8tLbpuTD9Pg9Ig8Mee0SaHSxr8bP6fFlfJu0Wt59MKn3wNzcqPhb+3Ie > FtLyo6XBC4hnsoVlRT569fwkuYaI/kptT95tKiqyYI+RFnSW0WP4dycmo2pHOuIP > mckCbAM7s+vuCGe1YQHJiOCeTrIDKAkKPbudjBL/g2zbcY+KayMXTvZbbW+ma8c0 > wMiDOiIYUd4xMSvjBeF0 > =3DQNWs > -END PGP SIGNATURE- >
Re: "Ian Murdock" Death
On Saturday, 2016-07-16 at 05:34:52 -0700, Kyle Lussier wrote: > CONFIDENTIAL > Melvin - > I appreciate your response, however this issue is very > serious. > Please answer all of the questions accurately, as I have > requested in a clear, unambiguous, and ethical manner. No wonder "The coroner and related PD have not responded'. Lupe Christoph -- | As everyone knows, it was predicted that the world would end last | | Wednesday at 10:00 PST. Since there appears to be a world in existence | | now, the entire universe must therefore have been recreated, complete | | with an apparent "history", last *Thursday*. QED. | | Seanna Watson, <1992nov2.165142.11...@bcrka451.bnr.ca> |
RE: "Ian Murdock" Death
CONFIDENTIAL Melvin - I appreciate your response, however this issue is very serious. Please answer all of the questions accurately, as I have requested in a clear, unambiguous, and ethical manner. Thank you! Kyle Original Message Subject: Re: "Ian Murdock" Death From: Melvin Adolfo Reyes Martin <melv...@wisecode.org> Date: Sat, July 16, 2016 2:01 am To: Kyle Lussier <k...@countervaillance.com> Cc: debian-security@lists.debian.org, Salvatore Bonaccorso <car...@debian.org> is dead, get over it On Fri, Jul 15, 2016 at 7:18 PM, Kyle Lussier <k...@countervaillance.com> wrote: CONFIDENTIAL Hello Debian / Savatore - I am investigating the death of Ian Murdock and also a debian user. * Debian's core MIT distribution may have been compromised by "Ian" internally to get into one of our servers. * Can you confirm that "Ian Murdock" was the "ian" in debian? * Can you confirm that he is actually dead/committed suicide? * If not, did he fake his death? Perhaps after compromising servers intentionally and committing many felonies? The coroner and related PD have not responded however several federal agencies are aware of the issue. This is a very serious matter. Thank you for your assistance! Kyle Original Message Subject: [SECURITY] [DSA 3620-1] pidgin security update From: Salvatore Bonaccorso <car...@debian.org> Date: Fri, July 15, 2016 12:03 pm To: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3620-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 15, 2016 https://www.debian.org/security/faq - - Package : pidgin CVE ID : CVE-2016-2365 CVE-2016-2366 CVE-2016-2367 CVE-2016-2368 CVE-2016-2369 CVE-2016-2370 CVE-2016-2371 CVE-2016-2372 CVE-2016-2373 CVE-2016-2374 CVE-2016-2375 CVE-2016-2376 CVE-2016-2377 CVE-2016-2378 CVE-2016-2380 CVE-2016-4323 Yves Younan of Cisco Talos discovered several vulnerabilities in the MXit protocol support in pidgin, a multi-protocol instant messaging client. A remote attacker can take advantage of these flaws to cause a denial of service (application crash), overwrite files, information disclosure, or potentially to execute arbitrary code. For the stable distribution (jessie), these problems have been fixed in version 2.11.0-0+deb8u1. For the testing distribution (stretch), these problems have been fixed in version 2.11.0-1. For the unstable distribution (sid), these problems have been fixed in version 2.11.0-1. We recommend that you upgrade your pidgin packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCgAGBQJXiTCbAAoJEAVMuPMTQ89E4nUP/jEpNVpOe4FcStlU24Cv1qOS BsNBvRlp1XhhshzoBAWZSBTKFi4jqilOZUgjsHO76nHS7j0J4wzoWc36ZIp23O5p KX9+A87ZdS4C3hI1YGgTdCcMTKSnWIrS1YcOW/0qBx7jdXt5EhFPKJa/byhHsp23 zguJ+glemJQ9uqpylc5om2udV4u9U5Nnc+Ga92zeR7Kefs20yRTLOef4Pd69LPwh +zM0/qkI+JMii0yMpMJsIpMsXzQvzvgd4E6r3+NrWOHOCoZ8XZD4UvsR3Bnw8nvg ed+hg2nj3uMWgXtv4Bdx+yUxsWdRFSjpiD1EXWmvzREgmDdrlnCGZB3yQbepA0Yi lHsHEAwq3GZalLAeW8lwIQVaSLSREO6ZxcY7OxG2vdYzbkoQKCK7K4rR4T3yxB83 tAvYWRxCTMaeRxqUgLEAq0iMqQhvrmNDDEt5VVsE1bSn9gig6MkSGepFdzx4Yipq +a8XUgJt8tLbpuTD9Pg9Ig8Mee0SaHSxr8bP6fFlfJu0Wt59MKn3wNzcqPhb+3Ie FtLyo6XBC4hnsoVlRT569fwkuYaI/kptT95tKiqyYI+RFnSW0WP4dycmo2pHOuIP mckCbAM7s+vuCGe1YQHJiOCeTrIDKAkKPbudjBL/g2zbcY+KayMXTvZbbW+ma8c0 wMiDOiIYUd4xMSvjBeF0 =QNWs -END PGP SIGNATURE-
Re: "Ian Murdock" Death
Dead as in dead. Please take your conspiracy theories elsewhere. On Fri, 2016-07-15 at 16:18 -0700, Kyle Lussier wrote: > CONFIDENTIAL > > Hello Debian / Savatore - > > I am investigating the death of Ian Murdock and also a debian user. > > * Debian's core MIT distribution may have been compromised by > "Ian" internally to get into one of our servers. > > * Can you confirm that "Ian Murdock" was the "ian" in debian? > > * Can you confirm that he is actually dead/committed suicide? > > * If not, did he fake his death? Perhaps after compromising > servers intentionally and committing many felonies? > > The coroner and related PD have not responded however several > federal agencies are aware of the issue. > > This is a very serious matter. > > Thank you for your assistance! > > Kyle > > > Original Message > Subject: [SECURITY] [DSA 3620-1] pidgin security update > From: Salvatore Bonaccorso> Date: Fri, July 15, 2016 12:03 pm > To: debian-security-annou...@lists.debian.org > > Error verifying signature: gpg: armor header: Hash: SHA512 > gpg: invalid dash escaped line: -\r\n > gpg: unexpected armor: -- > ---\r\n > gpg: invalid armor header: Debian Security Advisory DSA-3620-1 securi > t...@debian.org\r\n > Content-Type: application/x-inlinepgp-signed; charset="utf-8" > Content-Transfer-Encoding: quoted-printable > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > - > --- > -- > Debian Security Advisory DSA-3620-1 secur...@debian.org > https://www.debian.org/security/ Salvatore Bonaccorso > July 15, 2016 https://www.debian.org/security/faq > - > --- > -- > > Package : pidgin > CVE ID : CVE-2016-2365 CVE-2016-2366 CVE-2016-2367 CVE-2016-2368 > CVE-2016-2369 CVE-2016-2370 CVE-2016-2371 CVE-2016-2372 > CVE-2016-2373 CVE-2016-2374 CVE-2016-2375 CVE-2016-2376 > CVE-2016-2377 CVE-2016-2378 CVE-2016-2380 CVE-2016-4323 > > Yves Younan of Cisco Talos discovered several vulnerabilities in the > MXit protocol support in pidgin, a multi-protocol instant messaging > client. A remote attacker can take advantage of these flaws to cause > a > denial of service (application crash), overwrite files, information > disclosure, or potentially to execute arbitrary code. > > For the stable distribution (jessie), these problems have been fixed > in > version 2.11.0-0+deb8u1. > > For the testing distribution (stretch), these problems have been > fixed > in version 2.11.0-1. > > For the unstable distribution (sid), these problems have been fixed > in > version 2.11.0-1. > > We recommend that you upgrade your pidgin packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: https://www.debian.org/security/ > > Mailing list: debian-security-annou...@lists.debian.org > -BEGIN PGP SIGNATURE- > Version: GnuPG v1 > > iQIcBAEBCgAGBQJXiTCbAAoJEAVMuPMTQ89E4nUP/jEpNVpOe4FcStlU24Cv1qOS > BsNBvRlp1XhhshzoBAWZSBTKFi4jqilOZUgjsHO76nHS7j0J4wzoWc36ZIp23O5p > KX9+A87ZdS4C3hI1YGgTdCcMTKSnWIrS1YcOW/0qBx7jdXt5EhFPKJa/byhHsp23 > zguJ+glemJQ9uqpylc5om2udV4u9U5Nnc+Ga92zeR7Kefs20yRTLOef4Pd69LPwh > +zM0/qkI+JMii0yMpMJsIpMsXzQvzvgd4E6r3+NrWOHOCoZ8XZD4UvsR3Bnw8nvg > ed+hg2nj3uMWgXtv4Bdx+yUxsWdRFSjpiD1EXWmvzREgmDdrlnCGZB3yQbepA0Yi > lHsHEAwq3GZalLAeW8lwIQVaSLSREO6ZxcY7OxG2vdYzbkoQKCK7K4rR4T3yxB83 > tAvYWRxCTMaeRxqUgLEAq0iMqQhvrmNDDEt5VVsE1bSn9gig6MkSGepFdzx4Yipq > +a8XUgJt8tLbpuTD9Pg9Ig8Mee0SaHSxr8bP6fFlfJu0Wt59MKn3wNzcqPhb+3Ie > FtLyo6XBC4hnsoVlRT569fwkuYaI/kptT95tKiqyYI+RFnSW0WP4dycmo2pHOuIP > mckCbAM7s+vuCGe1YQHJiOCeTrIDKAkKPbudjBL/g2zbcY+KayMXTvZbbW+ma8c0 > wMiDOiIYUd4xMSvjBeF0 > =3DQNWs > -END PGP SIGNATURE-
Re: "Ian Murdock" Death
is dead, get over it On Fri, Jul 15, 2016 at 7:18 PM, Kyle Lussierwrote: > > CONFIDENTIAL > > Hello Debian / Savatore - > > I am investigating the death of Ian Murdock and also a debian user. > > * Debian's core MIT distribution may have been compromised by > "Ian" internally to get into one of our servers. > > * Can you confirm that "Ian Murdock" was the "ian" in debian? > > * Can you confirm that he is actually dead/committed suicide? > > * If not, did he fake his death? Perhaps after compromising > servers intentionally and committing many felonies? > > The coroner and related PD have not responded however several > federal agencies are aware of the issue. > > This is a very serious matter. > > Thank you for your assistance! > > Kyle > > > Original Message > Subject: [SECURITY] [DSA 3620-1] pidgin security update > From: Salvatore Bonaccorso > Date: Fri, July 15, 2016 12:03 pm > To: debian-security-annou...@lists.debian.org > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > - > - > Debian Security Advisory DSA-3620-1 secur...@debian.org > https://www.debian.org/security/ Salvatore Bonaccorso > July 15, 2016 https://www.debian.org/security/faq > - > - > > Package : pidgin > CVE ID : CVE-2016-2365 CVE-2016-2366 CVE-2016-2367 CVE-2016-2368 > CVE-2016-2369 CVE-2016-2370 CVE-2016-2371 CVE-2016-2372 > CVE-2016-2373 CVE-2016-2374 CVE-2016-2375 CVE-2016-2376 > CVE-2016-2377 CVE-2016-2378 CVE-2016-2380 CVE-2016-4323 > > Yves Younan of Cisco Talos discovered several vulnerabilities in the > MXit protocol support in pidgin, a multi-protocol instant messaging > client. A remote attacker can take advantage of these flaws to cause a > denial of service (application crash), overwrite files, information > disclosure, or potentially to execute arbitrary code. > > For the stable distribution (jessie), these problems have been fixed in > version 2.11.0-0+deb8u1. > > For the testing distribution (stretch), these problems have been fixed > in version 2.11.0-1. > > For the unstable distribution (sid), these problems have been fixed in > version 2.11.0-1. > > We recommend that you upgrade your pidgin packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: https://www.debian.org/security/ > > Mailing list: debian-security-annou...@lists.debian.org > -BEGIN PGP SIGNATURE- > Version: GnuPG v1 > > iQIcBAEBCgAGBQJXiTCbAAoJEAVMuPMTQ89E4nUP/jEpNVpOe4FcStlU24Cv1qOS > BsNBvRlp1XhhshzoBAWZSBTKFi4jqilOZUgjsHO76nHS7j0J4wzoWc36ZIp23O5p > KX9+A87ZdS4C3hI1YGgTdCcMTKSnWIrS1YcOW/0qBx7jdXt5EhFPKJa/byhHsp23 > zguJ+glemJQ9uqpylc5om2udV4u9U5Nnc+Ga92zeR7Kefs20yRTLOef4Pd69LPwh > +zM0/qkI+JMii0yMpMJsIpMsXzQvzvgd4E6r3+NrWOHOCoZ8XZD4UvsR3Bnw8nvg > ed+hg2nj3uMWgXtv4Bdx+yUxsWdRFSjpiD1EXWmvzREgmDdrlnCGZB3yQbepA0Yi > lHsHEAwq3GZalLAeW8lwIQVaSLSREO6ZxcY7OxG2vdYzbkoQKCK7K4rR4T3yxB83 > tAvYWRxCTMaeRxqUgLEAq0iMqQhvrmNDDEt5VVsE1bSn9gig6MkSGepFdzx4Yipq > +a8XUgJt8tLbpuTD9Pg9Ig8Mee0SaHSxr8bP6fFlfJu0Wt59MKn3wNzcqPhb+3Ie > FtLyo6XBC4hnsoVlRT569fwkuYaI/kptT95tKiqyYI+RFnSW0WP4dycmo2pHOuIP > mckCbAM7s+vuCGe1YQHJiOCeTrIDKAkKPbudjBL/g2zbcY+KayMXTvZbbW+ma8c0 > wMiDOiIYUd4xMSvjBeF0 > =QNWs > -END PGP SIGNATURE- > >