Re: "Ian Murdock" Death

2016-07-24 Thread Johnnyb 
Header CONFIDENTIAL for public list go investigate your ass!

Coule some moderator ban this troll Guy please



Regards
 Original Message 
On 16 juil. 2016 21:53, Emiliano del Peon wrote:


Can you stop flooding this mail list with conspiracy theories that has no 
relationship with debian's security?

Thank you

El 16/7/2016 4:02 p. m., "Rick Moen" < r...@linuxmafia.com> escribió:
Quoting Giacomo Mulas ( giacomo.mula...@gmail.com):

> Serious? Seriously you send an email about your conspiracy theory (about a
> highly respected, deceased person) worldwide, to an entire mailing list,
> starting it by "CONFIDENTIAL", and you expect people to take that, well...
> seriously?

The Internet famously contains people who, um, think different. Have a
look at this gentleman's Twitter stream, for context.
https://twitter.com/cvaillance

--
Cheers, "Why struggle to open a door between us,
Rick Moen when the whole wall is an illusion?"
r...@linuxmafia.com -- Rumi
McQ! (4x80)

Re: "Ian Murdock" Death

2016-07-16 Thread Emiliano del Peon 
Can you stop flooding this mail list with conspiracy theories that has no
relationship with debian's security?

Thank you

El 16/7/2016 4:02 p. m., "Rick Moen"  escribió:

> Quoting Giacomo Mulas (giacomo.mula...@gmail.com):
>
> > Serious?  Seriously you send an email about your conspiracy theory
> (about a
> > highly respected, deceased person) worldwide, to an entire mailing list,
> > starting it by "CONFIDENTIAL", and you expect people to take that,
> well...
> > seriously?
>
> The Internet famously contains people who, um, think different.  Have a
> look at this gentleman's Twitter stream, for context.
> https://twitter.com/cvaillance
>
> --
> Cheers,"Why struggle to open a door
> between us,
> Rick Moen  when the whole wall is an illusion?"
> r...@linuxmafia.com
>  -- Rumi
> McQ! (4x80)
>
>

Re: "Ian Murdock" Death

2016-07-16 Thread Rick Moen 
Quoting Giacomo Mulas (giacomo.mula...@gmail.com):

> Serious?  Seriously you send an email about your conspiracy theory (about a
> highly respected, deceased person) worldwide, to an entire mailing list,
> starting it by "CONFIDENTIAL", and you expect people to take that, well...
> seriously?

The Internet famously contains people who, um, think different.  Have a
look at this gentleman's Twitter stream, for context.
https://twitter.com/cvaillance

-- 
Cheers,"Why struggle to open a door between us,
Rick Moen  when the whole wall is an illusion?"
r...@linuxmafia.com -- Rumi
McQ! (4x80)

Re: "Ian Murdock" Death

2016-07-16 Thread Darko Gavrilovic 
Agreed. This added to plonk folder rule. Can anyone please remove this
subject/thread into ignore in mailman?

On Sat, Jul 16, 2016 at 9:00 AM, Aleksandar Atanasov
 wrote:
> STOP filling our inboxes with replies to SPAM MESSAGES. Christ, this is
> a Debian security list yet there are some people who have no clue about
> security.
>
> Have a nice weekend,
> AA

Re: "Ian Murdock" Death

2016-07-16 Thread Denny Bortfeldt 
Can anyone please delete him from this mailing list?
This has NOTHING to do with any security relevanted stuff... so please stop
it guys!

2016-07-16 16:15 GMT+02:00 Kyle Lussier <k...@countervaillance.com>:

>
> CONFIDENTIAL
>
> Lee -
>
> Thank you.  The questions here are a part of an overall investigation
> which involved peoples identities, people faking identities, suicides,
> mental health, the personal wealth of engineers that contribute greatly
> to society (and are not rewarded financially for such), personal
> security
> issues (core engineers being abused by law enforcement, police and/or
> other actors to compromise infrastructure), and many other things.
>
> I request people put "extra mental bandwidth" into responses to reduce
> errors and increase accuracy. I have not monitored Debian
> Founder/Leadership
> issues personally, but I am now.
>
>   * Most people here agree that this is accurate "Ian Murdock was a
> founder
> of Debian and his involvement was reduced after 1998".
>
>   * "Ian Murdock" was a real person that committed suicide, in general
> compliance with the following:
> http://www.theregister.co.uk/2016/07/07/ian_murdock_autopsy/
>
>   * "Ian Murdock" is NOT "Ian Jackson" which shows up in the Wayback
> engine
>  and these are two separate people.
>
> Is the above accurate, yes or no?
>
> Does anyone know of any hard material / empirical information that would
> falsify and/or counter the accuracy of the above statements?
>
> Kyle
>
>
>
>  Original Message 
> Subject: RE: "Ian Murdock" Death
> From: <lpack...@leenux.org.uk>
> Date: Sat, July 16, 2016 6:58 am
> To: Kyle Lussier <k...@countervaillance.com>, Norbert Kiszka
> <norb...@linux.pl>, "debian-security@lists.debian.org"
> <debian-security@lists.debian.org>
> Cc: Kyle Lussier <k...@countervaillance.com>, Michael
> <mikethomp...@gmx.co.uk>, Salvatore Bonaccorso <car...@debian.org>
>
> Kyle,
>
> If you’d of done your research (which you clearly haven’t) then
> you’d know that Ian was the founder and was not the leader of the
> organisation from 1998. Sorry but this isn’t a ‘real’
> investigation. If it was you’d of done your research. Coming on to
> this mailing list and behaving the way you are is not appropriate. I
> suggest you take this to a more appropriate list because this isn’t
> it.
>
> Regards,
> Lee
>
>
>
>

Re: "Ian Murdock" Death

2016-07-16 Thread Paul R. Tagliamonte 
Yeah.

https://twitter.com/CVaillance/status/752613020325425153

Either a solid troll, keeping this up as a 24/7 persona, or isn't there,
mentally.

Please stop responding.

On Jul 16, 2016 10:25 AM, "Jakub Wilk"  wrote:

> * Kyle Lussier , 2016-07-16, 07:15:
>
>> I request people put "extra mental bandwidth" into responses
>>
>
> I request that people don't feed the troll. Thanks.
>
> --
> Jakub Wilk
>
>

RE: "Ian Murdock" Death

2016-07-16 Thread Kyle Lussier 

CONFIDENTIAL

Denny - 

I would counter-argue that this is one of the most important real
security issues that exists right now
and this may have caused the breach of 100s or 1,000s of critical
servers in the last 2 years.

Once I have all of the answers I need, I will exit the list unless
invited back.  Several more questions:

   * Did anyone go to Ian's funeral and/or -personally witness- his
death or body?  The coroner
 is not responding.

   * Is it possible Ian could have altered trusted M.I.T. distributions
in order to compromise
 a number of critical government servers (imagine biological / virus
research stuff as an
 example) and then faked his own death to "disappear" after having
been paid a lot of money?

Is the above possible and/or could have happened?

Kyle


 Original Message 
Subject: Re: "Ian Murdock" Death
From: Denny Bortfeldt <de...@bortfeldt.net>
Date: Sat, July 16, 2016 7:23 am
To: Kyle Lussier <k...@countervaillance.com>
Cc: lpack...@leenux.org.uk, Norbert Kiszka <norb...@linux.pl>, 
"debian-security@lists.debian.org" <debian-security@lists.debian.org>,
Michael <mikethomp...@gmx.co.uk>, Salvatore Bonaccorso
<car...@debian.org>

Can anyone please delete him from this mailing list? This has NOTHING to
do with any security relevanted stuff... so please stop it guys!

Re: "Ian Murdock" Death

2016-07-16 Thread Jakub Wilk 

* Kyle Lussier , 2016-07-16, 07:15:

I request people put "extra mental bandwidth" into responses


I request that people don't feed the troll. Thanks.

--
Jakub Wilk

RE: "Ian Murdock" Death

2016-07-16 Thread Kyle Lussier 

CONFIDENTIAL

Lee -

Thank you.  The questions here are a part of an overall investigation
which involved peoples identities, people faking identities, suicides,
mental health, the personal wealth of engineers that contribute greatly
to society (and are not rewarded financially for such), personal
security
issues (core engineers being abused by law enforcement, police and/or
other actors to compromise infrastructure), and many other things.

I request people put "extra mental bandwidth" into responses to reduce
errors and increase accuracy. I have not monitored Debian
Founder/Leadership
issues personally, but I am now.  

  * Most people here agree that this is accurate "Ian Murdock was a
founder
of Debian and his involvement was reduced after 1998".

  * "Ian Murdock" was a real person that committed suicide, in general
compliance with the following:
http://www.theregister.co.uk/2016/07/07/ian_murdock_autopsy/

  * "Ian Murdock" is NOT "Ian Jackson" which shows up in the Wayback
engine
 and these are two separate people.

Is the above accurate, yes or no?

Does anyone know of any hard material / empirical information that would
falsify and/or counter the accuracy of the above statements?

Kyle



---- Original Message 
Subject: RE: "Ian Murdock" Death
From: <lpack...@leenux.org.uk>
Date: Sat, July 16, 2016 6:58 am
To: Kyle Lussier <k...@countervaillance.com>, Norbert Kiszka
<norb...@linux.pl>, "debian-security@lists.debian.org"
<debian-security@lists.debian.org>
Cc: Kyle Lussier <k...@countervaillance.com>, Michael
<mikethomp...@gmx.co.uk>, Salvatore Bonaccorso <car...@debian.org>

Kyle,
 
If you’d of done your research (which you clearly haven’t) then
you’d know that Ian was the founder and was not the leader of the
organisation from 1998. Sorry but this isn’t a ‘real’
investigation. If it was you’d of done your research. Coming on to
this mailing list and behaving the way you are is not appropriate. I
suggest you take this to a more appropriate list because this isn’t
it.
 
Regards,
Lee

RE: "Ian Murdock" Death

2016-07-16 Thread lpackham 
Kyle,

If you’d of done your research (which you clearly haven’t) then you’d know that 
Ian was the founder and was not the leader of the organisation from 1998. Sorry 
but this isn’t a ‘real’ investigation. If it was you’d of done your research. 
Coming on to this mailing list and behaving the way you are is not appropriate. 
I suggest you take this to a more appropriate list because this isn’t it.

Regards,
Lee

From: Kyle Lussier

RE: "Ian Murdock" Death

2016-07-16 Thread Kyle Lussier 

CONFIDENTIAL

Thank you for the questions and the responses.

  * This is a real investigation.

  * The messages are flagged with "CONFIDENTIAL" because it
has legal and federal/international court significance to all
recipients of the information and generates additional protections
of such for people that abuse/misuse the information.

  * Congressional and other reviews related to information
security, information classification, and the like is
currently occurring.  It is possible this sort of thing
may be added to core Internet infrastructure in the future
along with new core data features.  It is also possible
Debian may be reviewing these standards on an engineering
basis to resolve a significant number of complicated
privacy and legal problems that are occurring and causing
great harm and misery to many people.

  * The name "Ian Murdock" does not initially appear to be
present in any of the Wayback Engine's Archives of this
page:  https://www.debian.org/intro/organization

  * Please review for yourself:
   
https://web.archive.org/web/20040623083118/http://www.debian.org/intro/organization

  * I have personally been a user of Debian for approximately
15 years and developed an application called "AutoNOC"
for which the history can be reviewed here and am now
working on some new things now for which Debian is a
candidate.
https://web.archive.org/web/20160306155441/http://autonoc.com/

  * I am also currently reviewing all LSB distributions trying to
identify the build that is the most secure, high-integrity,
and trust-worthy.

  * As a result of new technologies, information in this message
may, in the future, "cease to exist", as a result of new
privacy and other technologies being debated.  The message
is also submitted in this manner to spark related debate
as to this sort of technology.

Can anyone explain why "Ian Murdock" appears to have "died in national
news by way of committing suicide after an alcohol and women fueled
event that led to an altercation with police"?

And why isn't his name listed in any of the leadership archives
on Wayback?

Thank you for your assistance in providing clear, accurate answers.

Kyle


Dnia 2016-07-15, pią o godzinie 16:18 -0700, Kyle Lussier pisze:
> CONFIDENTIAL
> 
> Hello Debian / Savatore -
> 
> I am investigating the death of Ian Murdock and also a debian user.
> 
> * Debian's core MIT distribution may have been compromised by
> "Ian" internally to get into one of our servers.
> 
> * Can you confirm that "Ian Murdock" was the "ian" in debian?
> 
> * Can you confirm that he is actually dead/committed suicide?
> 
> * If not, did he fake his death? Perhaps after compromising
> servers intentionally and committing many felonies?
> 
> The coroner and related PD have not responded however several
> federal agencies are aware of the issue.
> 
> This is a very serious matter.
> 
> Thank you for your assistance! 
> 
> Kyle
> 
> 
>  Original Message 
> Subject: [SECURITY] [DSA 3620-1] pidgin security update
> From: Salvatore Bonaccorso 
> Date: Fri, July 15, 2016 12:03 pm
> To: debian-security-annou...@lists.debian.org
> 
> 
> Błąd podczas weryfikowania podpisu:
> Hash: SHA512
> gpg: nagłówek opakowania: 
> -\r\n
> gpg: niepoprawne oznaczenie linii
> minusami: 
> -\r\n
> gpg: nieoczekiwane opakowanie: 
> Debian Security Advisory DSA-3620-1
> secur...@debian.org\r\n
> gpg: niepoprawny nagłówek
> opakowania: 
> Content-Type: application/x-inlinepgp-signed; charset="utf-8"
> Content-Transfer-Encoding: quoted-printable
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> -
> -
> Debian Security Advisory DSA-3620-1 secur...@debian.org
> https://www.debian.org/security/ Salvatore Bonaccorso
> July 15, 2016 https://www.debian.org/security/faq
> -
> -
> 
> Package : pidgin
> CVE ID : CVE-2016-2365 CVE-2016-2366 CVE-2016-2367 CVE-2016-2368
> CVE-2016-2369 CVE-2016-2370 CVE-2016-2371 CVE-2016-2372
> CVE-2016-2373 CVE-2016-2374 CVE-2016-2375 CVE-2016-2376
> CVE-2016-2377 CVE-2016-2378 CVE-2016-2380 CVE-2016-4323
> 
> Yves Younan of Cisco Talos discovered several vulnerabilities in the
> MXit protocol support in pidgin, a multi-protocol instant messaging
> client. A remote attacker can take advantage of these flaws to cause a
> denial of service (application crash), overwrite files, information
> disclosure, or potentially to execute arbitrary code.
> 
> For the stable distribution (jessie), these problems have been fixed
> in
> version 2.11.0-0+deb8u1.
> 
> For the testing distribution (stretch), these problems have been fixed
> in version 2.11.0-1.
> 
> For the unstable distribution (sid), these problems have been fixed in

Re: "Ian Murdock" Death

2016-07-16 Thread Aleksandar Atanasov 
STOP filling our inboxes with replies to SPAM MESSAGES. Christ, this is
a Debian security list yet there are some people who have no clue about
security.

Have a nice weekend,
AA


0x05076853.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature

RE: "Ian Murdock" Death

2016-07-16 Thread Giacomo Mulas 

On Sat, 16 Jul 2016, Kyle Lussier wrote:


CONFIDENTIAL

Melvin - 


I appreciate your response, however this issue is very
serious.


Serious?  Seriously you send an email about your conspiracy theory (about a
highly respected, deceased person) worldwide, to an entire mailing list,
starting it by "CONFIDENTIAL", and you expect people to take that, well...
seriously?

Please, get a clue, and a life.  And while you are at it, take this stuff
elsewhere, this mailing list is definitely not the right place for it.

Best regards
Giacomo

--
_

Giacomo Mulas 
_

INAF - Osservatorio Astronomico di Cagliari
via della scienza 5 - 09047 Selargius (CA)

tel.   +39 070 71180244
mob. : +39 329  6603810
_

"When the storms are raging around you, stay right where you are"
 (Freddy Mercury)
_

Re: "Ian Murdock" Death

2016-07-16 Thread Norbert Kiszka 
Look precisely into original message. This is spam, not a question.

Every answer (including this one) gives something (money, emails,
something else) to "topic" author.

So please do not reply.



Dnia 2016-07-15, pią o godzinie 16:18 -0700, Kyle Lussier pisze:
> CONFIDENTIAL
> 
> Hello Debian / Savatore -
> 
> I am investigating the death of Ian Murdock and also a debian user.
> 
>   * Debian's core MIT distribution may have been compromised by
> "Ian" internally to get into one of our servers.
> 
>   * Can you confirm that "Ian Murdock" was the "ian" in debian?
> 
>   * Can you confirm that he is actually dead/committed suicide?
> 
>   * If not, did he fake his death?  Perhaps after compromising
> servers intentionally and committing many felonies?
> 
> The coroner and related PD have not responded however several
> federal agencies are aware of the issue.
> 
> This is a very serious matter.
> 
> Thank you for your assistance!  
> 
> Kyle
> 
> 
>  Original Message 
> Subject: [SECURITY] [DSA 3620-1] pidgin security update
> From: Salvatore Bonaccorso 
> Date: Fri, July 15, 2016 12:03 pm
> To: debian-security-annou...@lists.debian.org
> 
> 
> Błąd podczas weryfikowania podpisu:
> Hash: SHA512
> gpg: nagłówek opakowania: 
> -\r\n
> gpg: niepoprawne oznaczenie linii
> minusami: 
> -\r\n
> gpg: nieoczekiwane opakowanie: 
> Debian Security Advisory DSA-3620-1
> secur...@debian.org\r\n
> gpg: niepoprawny nagłówek
> opakowania: 
> Content-Type: application/x-inlinepgp-signed; charset="utf-8"
> Content-Transfer-Encoding: quoted-printable
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> -
> -
> Debian Security Advisory DSA-3620-1 secur...@debian.org
> https://www.debian.org/security/ Salvatore Bonaccorso
> July 15, 2016 https://www.debian.org/security/faq
> -
> -
> 
> Package : pidgin
> CVE ID : CVE-2016-2365 CVE-2016-2366 CVE-2016-2367 CVE-2016-2368
>  CVE-2016-2369 CVE-2016-2370 CVE-2016-2371 CVE-2016-2372
>  CVE-2016-2373 CVE-2016-2374 CVE-2016-2375 CVE-2016-2376
>  CVE-2016-2377 CVE-2016-2378 CVE-2016-2380 CVE-2016-4323
> 
> Yves Younan of Cisco Talos discovered several vulnerabilities in the
> MXit protocol support in pidgin, a multi-protocol instant messaging
> client. A remote attacker can take advantage of these flaws to cause a
> denial of service (application crash), overwrite files, information
> disclosure, or potentially to execute arbitrary code.
> 
> For the stable distribution (jessie), these problems have been fixed
> in
> version 2.11.0-0+deb8u1.
> 
> For the testing distribution (stretch), these problems have been fixed
> in version 2.11.0-1.
> 
> For the unstable distribution (sid), these problems have been fixed in
> version 2.11.0-1.
> 
> We recommend that you upgrade your pidgin packages.
> 
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://www.debian.org/security/
> 
> Mailing list: debian-security-annou...@lists.debian.org
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1
> 
> iQIcBAEBCgAGBQJXiTCbAAoJEAVMuPMTQ89E4nUP/jEpNVpOe4FcStlU24Cv1qOS
> BsNBvRlp1XhhshzoBAWZSBTKFi4jqilOZUgjsHO76nHS7j0J4wzoWc36ZIp23O5p
> KX9+A87ZdS4C3hI1YGgTdCcMTKSnWIrS1YcOW/0qBx7jdXt5EhFPKJa/byhHsp23
> zguJ+glemJQ9uqpylc5om2udV4u9U5Nnc+Ga92zeR7Kefs20yRTLOef4Pd69LPwh
> +zM0/qkI+JMii0yMpMJsIpMsXzQvzvgd4E6r3+NrWOHOCoZ8XZD4UvsR3Bnw8nvg
> ed+hg2nj3uMWgXtv4Bdx+yUxsWdRFSjpiD1EXWmvzREgmDdrlnCGZB3yQbepA0Yi
> lHsHEAwq3GZalLAeW8lwIQVaSLSREO6ZxcY7OxG2vdYzbkoQKCK7K4rR4T3yxB83
> tAvYWRxCTMaeRxqUgLEAq0iMqQhvrmNDDEt5VVsE1bSn9gig6MkSGepFdzx4Yipq
> +a8XUgJt8tLbpuTD9Pg9Ig8Mee0SaHSxr8bP6fFlfJu0Wt59MKn3wNzcqPhb+3Ie
> FtLyo6XBC4hnsoVlRT569fwkuYaI/kptT95tKiqyYI+RFnSW0WP4dycmo2pHOuIP
> mckCbAM7s+vuCGe1YQHJiOCeTrIDKAkKPbudjBL/g2zbcY+KayMXTvZbbW+ma8c0
> wMiDOiIYUd4xMSvjBeF0
> =3DQNWs
> -END PGP SIGNATURE-
>

Re: "Ian Murdock" Death

2016-07-16 Thread Lupe Christoph 
On Saturday, 2016-07-16 at 05:34:52 -0700, Kyle Lussier wrote:

> CONFIDENTIAL

> Melvin - 

> I appreciate your response, however this issue is very
> serious.

> Please answer all of the questions accurately, as I have
> requested in a clear, unambiguous, and ethical manner.

No wonder "The coroner and related PD have not responded'.

Lupe Christoph
-- 
| As everyone knows, it was predicted that the world would end last   |
| Wednesday at 10:00 PST.  Since there appears to be a world in existence |
| now, the entire universe must therefore have been recreated, complete   |
| with an apparent "history", last *Thursday*.  QED.  |
| Seanna Watson, <1992nov2.165142.11...@bcrka451.bnr.ca>  |

RE: "Ian Murdock" Death

2016-07-16 Thread Kyle Lussier 

CONFIDENTIAL

Melvin - 

I appreciate your response, however this issue is very
serious.

Please answer all of the questions accurately, as I have
requested in a clear, unambiguous, and ethical manner.

Thank you!

Kyle


 Original Message 
Subject: Re: "Ian Murdock" Death
From: Melvin Adolfo Reyes Martin <melv...@wisecode.org>
Date: Sat, July 16, 2016 2:01 am
To: Kyle Lussier <k...@countervaillance.com>
Cc: debian-security@lists.debian.org, Salvatore Bonaccorso
<car...@debian.org>

is dead, get over it

On Fri, Jul 15, 2016 at 7:18 PM, Kyle Lussier
<k...@countervaillance.com> wrote:

 CONFIDENTIAL
 
 Hello Debian / Savatore -
 
 I am investigating the death of Ian Murdock and also a debian user.
 
   * Debian's core MIT distribution may have been compromised by
 "Ian" internally to get into one of our servers.
 
   * Can you confirm that "Ian Murdock" was the "ian" in debian?
 
   * Can you confirm that he is actually dead/committed suicide?
 
   * If not, did he fake his death?  Perhaps after compromising
 servers intentionally and committing many felonies?
 
 The coroner and related PD have not responded however several
 federal agencies are aware of the issue.
 
 This is a very serious matter.
 
 Thank you for your assistance!
 
 Kyle
 
 
  Original Message 
 Subject: [SECURITY] [DSA 3620-1] pidgin security update
 From: Salvatore Bonaccorso <car...@debian.org>
 Date: Fri, July 15, 2016 12:03 pm
 To: debian-security-annou...@lists.debian.org
 
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA512
 
 -
 -
 Debian Security Advisory DSA-3620-1 secur...@debian.org
 https://www.debian.org/security/ Salvatore Bonaccorso
 July 15, 2016 https://www.debian.org/security/faq
 -
 -
 
 Package : pidgin
 CVE ID : CVE-2016-2365 CVE-2016-2366 CVE-2016-2367 CVE-2016-2368
  CVE-2016-2369 CVE-2016-2370 CVE-2016-2371 CVE-2016-2372
  CVE-2016-2373 CVE-2016-2374 CVE-2016-2375 CVE-2016-2376
  CVE-2016-2377 CVE-2016-2378 CVE-2016-2380 CVE-2016-4323
 
 Yves Younan of Cisco Talos discovered several vulnerabilities in the
 MXit protocol support in pidgin, a multi-protocol instant messaging
 client. A remote attacker can take advantage of these flaws to cause a
 denial of service (application crash), overwrite files, information
 disclosure, or potentially to execute arbitrary code.
 
 For the stable distribution (jessie), these problems have been fixed in
 version 2.11.0-0+deb8u1.
 
 For the testing distribution (stretch), these problems have been fixed
 in version 2.11.0-1.
 
 For the unstable distribution (sid), these problems have been fixed in
 version 2.11.0-1.
 
 We recommend that you upgrade your pidgin packages.
 
 Further information about Debian Security Advisories, how to apply
 these updates to your system and frequently asked questions can be
 found at: https://www.debian.org/security/
 
 Mailing list: debian-security-annou...@lists.debian.org
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1
 
 iQIcBAEBCgAGBQJXiTCbAAoJEAVMuPMTQ89E4nUP/jEpNVpOe4FcStlU24Cv1qOS
 BsNBvRlp1XhhshzoBAWZSBTKFi4jqilOZUgjsHO76nHS7j0J4wzoWc36ZIp23O5p
 KX9+A87ZdS4C3hI1YGgTdCcMTKSnWIrS1YcOW/0qBx7jdXt5EhFPKJa/byhHsp23
 zguJ+glemJQ9uqpylc5om2udV4u9U5Nnc+Ga92zeR7Kefs20yRTLOef4Pd69LPwh
 +zM0/qkI+JMii0yMpMJsIpMsXzQvzvgd4E6r3+NrWOHOCoZ8XZD4UvsR3Bnw8nvg
 ed+hg2nj3uMWgXtv4Bdx+yUxsWdRFSjpiD1EXWmvzREgmDdrlnCGZB3yQbepA0Yi
 lHsHEAwq3GZalLAeW8lwIQVaSLSREO6ZxcY7OxG2vdYzbkoQKCK7K4rR4T3yxB83
 tAvYWRxCTMaeRxqUgLEAq0iMqQhvrmNDDEt5VVsE1bSn9gig6MkSGepFdzx4Yipq
 +a8XUgJt8tLbpuTD9Pg9Ig8Mee0SaHSxr8bP6fFlfJu0Wt59MKn3wNzcqPhb+3Ie
 FtLyo6XBC4hnsoVlRT569fwkuYaI/kptT95tKiqyYI+RFnSW0WP4dycmo2pHOuIP
 mckCbAM7s+vuCGe1YQHJiOCeTrIDKAkKPbudjBL/g2zbcY+KayMXTvZbbW+ma8c0
 wMiDOiIYUd4xMSvjBeF0
 =QNWs
 -END PGP SIGNATURE-

Re: "Ian Murdock" Death

2016-07-16 Thread Michael 
Dead as in dead. Please take your conspiracy theories elsewhere.

On Fri, 2016-07-15 at 16:18 -0700, Kyle Lussier wrote:
> CONFIDENTIAL
> 
> Hello Debian / Savatore -
> 
> I am investigating the death of Ian Murdock and also a debian user.
> 
>   * Debian's core MIT distribution may have been compromised by
> "Ian" internally to get into one of our servers.
> 
>   * Can you confirm that "Ian Murdock" was the "ian" in debian?
> 
>   * Can you confirm that he is actually dead/committed suicide?
> 
>   * If not, did he fake his death?  Perhaps after compromising
> servers intentionally and committing many felonies?
> 
> The coroner and related PD have not responded however several
> federal agencies are aware of the issue.
> 
> This is a very serious matter.
> 
> Thank you for your assistance!  
> 
> Kyle
> 
> 
>  Original Message 
> Subject: [SECURITY] [DSA 3620-1] pidgin security update
> From: Salvatore Bonaccorso 
> Date: Fri, July 15, 2016 12:03 pm
> To: debian-security-annou...@lists.debian.org
> 
>   Error verifying signature: gpg: armor header: Hash: SHA512
> gpg: invalid dash escaped line: -\r\n
> gpg: unexpected armor: --
> ---\r\n
> gpg: invalid armor header: Debian Security Advisory DSA-3620-1 securi
> t...@debian.org\r\n
> Content-Type: application/x-inlinepgp-signed; charset="utf-8"
> Content-Transfer-Encoding: quoted-printable
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> -
> ---
> --
> Debian Security Advisory DSA-3620-1 secur...@debian.org
> https://www.debian.org/security/ Salvatore Bonaccorso
> July 15, 2016 https://www.debian.org/security/faq
> -
> ---
> --
> 
> Package : pidgin
> CVE ID : CVE-2016-2365 CVE-2016-2366 CVE-2016-2367 CVE-2016-2368
>  CVE-2016-2369 CVE-2016-2370 CVE-2016-2371 CVE-2016-2372
>  CVE-2016-2373 CVE-2016-2374 CVE-2016-2375 CVE-2016-2376
>  CVE-2016-2377 CVE-2016-2378 CVE-2016-2380 CVE-2016-4323
> 
> Yves Younan of Cisco Talos discovered several vulnerabilities in the
> MXit protocol support in pidgin, a multi-protocol instant messaging
> client. A remote attacker can take advantage of these flaws to cause
> a
> denial of service (application crash), overwrite files, information
> disclosure, or potentially to execute arbitrary code.
> 
> For the stable distribution (jessie), these problems have been fixed
> in
> version 2.11.0-0+deb8u1.
> 
> For the testing distribution (stretch), these problems have been
> fixed
> in version 2.11.0-1.
> 
> For the unstable distribution (sid), these problems have been fixed
> in
> version 2.11.0-1.
> 
> We recommend that you upgrade your pidgin packages.
> 
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://www.debian.org/security/
> 
> Mailing list: debian-security-annou...@lists.debian.org
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1
> 
> iQIcBAEBCgAGBQJXiTCbAAoJEAVMuPMTQ89E4nUP/jEpNVpOe4FcStlU24Cv1qOS
> BsNBvRlp1XhhshzoBAWZSBTKFi4jqilOZUgjsHO76nHS7j0J4wzoWc36ZIp23O5p
> KX9+A87ZdS4C3hI1YGgTdCcMTKSnWIrS1YcOW/0qBx7jdXt5EhFPKJa/byhHsp23
> zguJ+glemJQ9uqpylc5om2udV4u9U5Nnc+Ga92zeR7Kefs20yRTLOef4Pd69LPwh
> +zM0/qkI+JMii0yMpMJsIpMsXzQvzvgd4E6r3+NrWOHOCoZ8XZD4UvsR3Bnw8nvg
> ed+hg2nj3uMWgXtv4Bdx+yUxsWdRFSjpiD1EXWmvzREgmDdrlnCGZB3yQbepA0Yi
> lHsHEAwq3GZalLAeW8lwIQVaSLSREO6ZxcY7OxG2vdYzbkoQKCK7K4rR4T3yxB83
> tAvYWRxCTMaeRxqUgLEAq0iMqQhvrmNDDEt5VVsE1bSn9gig6MkSGepFdzx4Yipq
> +a8XUgJt8tLbpuTD9Pg9Ig8Mee0SaHSxr8bP6fFlfJu0Wt59MKn3wNzcqPhb+3Ie
> FtLyo6XBC4hnsoVlRT569fwkuYaI/kptT95tKiqyYI+RFnSW0WP4dycmo2pHOuIP
> mckCbAM7s+vuCGe1YQHJiOCeTrIDKAkKPbudjBL/g2zbcY+KayMXTvZbbW+ma8c0
> wMiDOiIYUd4xMSvjBeF0
> =3DQNWs
> -END PGP SIGNATURE-

Re: "Ian Murdock" Death

2016-07-16 Thread Melvin Adolfo Reyes Martin 
is dead, get over it

On Fri, Jul 15, 2016 at 7:18 PM, Kyle Lussier 
wrote:

>
> CONFIDENTIAL
>
> Hello Debian / Savatore -
>
> I am investigating the death of Ian Murdock and also a debian user.
>
>   * Debian's core MIT distribution may have been compromised by
> "Ian" internally to get into one of our servers.
>
>   * Can you confirm that "Ian Murdock" was the "ian" in debian?
>
>   * Can you confirm that he is actually dead/committed suicide?
>
>   * If not, did he fake his death?  Perhaps after compromising
> servers intentionally and committing many felonies?
>
> The coroner and related PD have not responded however several
> federal agencies are aware of the issue.
>
> This is a very serious matter.
>
> Thank you for your assistance!
>
> Kyle
>
>
>  Original Message 
> Subject: [SECURITY] [DSA 3620-1] pidgin security update
> From: Salvatore Bonaccorso 
> Date: Fri, July 15, 2016 12:03 pm
> To: debian-security-annou...@lists.debian.org
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> -
> -
> Debian Security Advisory DSA-3620-1 secur...@debian.org
> https://www.debian.org/security/ Salvatore Bonaccorso
> July 15, 2016 https://www.debian.org/security/faq
> -
> -
>
> Package : pidgin
> CVE ID : CVE-2016-2365 CVE-2016-2366 CVE-2016-2367 CVE-2016-2368
>  CVE-2016-2369 CVE-2016-2370 CVE-2016-2371 CVE-2016-2372
>  CVE-2016-2373 CVE-2016-2374 CVE-2016-2375 CVE-2016-2376
>  CVE-2016-2377 CVE-2016-2378 CVE-2016-2380 CVE-2016-4323
>
> Yves Younan of Cisco Talos discovered several vulnerabilities in the
> MXit protocol support in pidgin, a multi-protocol instant messaging
> client. A remote attacker can take advantage of these flaws to cause a
> denial of service (application crash), overwrite files, information
> disclosure, or potentially to execute arbitrary code.
>
> For the stable distribution (jessie), these problems have been fixed in
> version 2.11.0-0+deb8u1.
>
> For the testing distribution (stretch), these problems have been fixed
> in version 2.11.0-1.
>
> For the unstable distribution (sid), these problems have been fixed in
> version 2.11.0-1.
>
> We recommend that you upgrade your pidgin packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://www.debian.org/security/
>
> Mailing list: debian-security-annou...@lists.debian.org
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1
>
> iQIcBAEBCgAGBQJXiTCbAAoJEAVMuPMTQ89E4nUP/jEpNVpOe4FcStlU24Cv1qOS
> BsNBvRlp1XhhshzoBAWZSBTKFi4jqilOZUgjsHO76nHS7j0J4wzoWc36ZIp23O5p
> KX9+A87ZdS4C3hI1YGgTdCcMTKSnWIrS1YcOW/0qBx7jdXt5EhFPKJa/byhHsp23
> zguJ+glemJQ9uqpylc5om2udV4u9U5Nnc+Ga92zeR7Kefs20yRTLOef4Pd69LPwh
> +zM0/qkI+JMii0yMpMJsIpMsXzQvzvgd4E6r3+NrWOHOCoZ8XZD4UvsR3Bnw8nvg
> ed+hg2nj3uMWgXtv4Bdx+yUxsWdRFSjpiD1EXWmvzREgmDdrlnCGZB3yQbepA0Yi
> lHsHEAwq3GZalLAeW8lwIQVaSLSREO6ZxcY7OxG2vdYzbkoQKCK7K4rR4T3yxB83
> tAvYWRxCTMaeRxqUgLEAq0iMqQhvrmNDDEt5VVsE1bSn9gig6MkSGepFdzx4Yipq
> +a8XUgJt8tLbpuTD9Pg9Ig8Mee0SaHSxr8bP6fFlfJu0Wt59MKn3wNzcqPhb+3Ie
> FtLyo6XBC4hnsoVlRT569fwkuYaI/kptT95tKiqyYI+RFnSW0WP4dycmo2pHOuIP
> mckCbAM7s+vuCGe1YQHJiOCeTrIDKAkKPbudjBL/g2zbcY+KayMXTvZbbW+ma8c0
> wMiDOiIYUd4xMSvjBeF0
> =QNWs
> -END PGP SIGNATURE-
>
>