On Sun, 21 Jun 2015 21:47:48 +0200 Michael Franzl
off...@michaelfranzl.com wrote:
On Thu, 18 Jun 2015 20:19:02 -0400 Michael Gilbert mgilb...@debian.org
wrote:
Anyway the Debian security tracker is tracking this [2].
[2] https://security-tracker.debian.org/tracker/TEMP-000-A21526
On Thu, 18 Jun 2015 20:19:02 -0400 Michael Gilbert mgilb...@debian.org
wrote:
Anyway the Debian security tracker is tracking this [2].
[2] https://security-tracker.debian.org/tracker/TEMP-000-A21526
This link is dead / says Not found. Could you post the correct link?
Thanks
--
To
On Thu, 2015-06-18 at 20:36 -0400, Michael Gilbert wrote:
See previous message.
I've had read that only afterwards, as well as this message.
You will get
absolutely nowhere continuing to tell people that they need to drop
everything to scratch your particular itches.
I don't think I've asked
On Thu, Jun 18, 2015 at 8:23 PM, Christoph Anton Mitterer wrote:
- still no DSA (or something like that)
See previous message.
- still no concentrated effort at the Debian level to pro-actively work
against such sources that include or more or less secretly download
blobs
If you have an
Michael Gilbert wrote:
Yes, nacl is intentionally disabled in the Debian packages, [...]
[...]
No, it does not work. Obviously nacl applications cannot execute
without a nacl interpreter.
Thanks! That's quite reassuring for Debian users at least.
Christoph Anton Mitterer wrote:
I don't
On Thu, 2015-06-18 at 23:42 +0100, Steven Chamberlain wrote:
Upstream have said:
https://code.google.com/p/chromium/issues/detail?id=491435#c10
This is not opt-in default. If you do not explicitly opt in
(using
the Enable Ok Google setting in chrome://settings), then this
module
will
Since this made it to LWN [0] and Y Combinator [1] with an incredible
amount of misinformation, let's attempt a (hopefully) non-hyped
conversation about this, which unfortunately didn't happen a few days
ago.
On Tue, Jun 16, 2015 at 9:15 AM, Christoph Anton Mitterer wrote:
On Tue, 2015-06-16 at
On Thu, 2015-06-18 at 20:19 -0400, Michael Gilbert wrote:
Except that the actual contents of the downloaded files in many ways
do not actually matter. Those files are nacl executables, which are
sandboxed in any nacl-enabled chromium, so barring a sandbox escape
included in the files, this is
Hi,
Upstream have said:
https://code.google.com/p/chromium/issues/detail?id=491435#c10
This is not opt-in default. If you do not explicitly opt in (using
the Enable Ok Google setting in chrome://settings), then this module
will not run.
That suggests to me that security of users was not put
Steven Chamberlain wrote:
would the
DFSG chromium browser be 'more' free if it disabled NaCl?
Actually, in the build log I see disable_nacl=1
I'm confused that hotword-x86-64.nexe is a NaCl module [0], even
though Debian's chromium is built with NaCl 'disabled'?
Does this feature actually
On Thu, Jun 18, 2015 at 7:33 PM, Steven Chamberlain wrote:
Steven Chamberlain wrote:
would the
DFSG chromium browser be 'more' free if it disabled NaCl?
Actually, in the build log I see disable_nacl=1
I'm confused that hotword-x86-64.nexe is a NaCl module [0], even
though Debian's chromium
On Tue, 2015-06-16 at 00:49 -0400, Michael Gilbert wrote:
Barring the obtusely incorrect rootkit miscategorization
Well, as I've said,.. no one can really tell what it is, since it's a
blob,... and even if one would assume that someone could correctly
reverse engineer it, or reproducibly build
Hi.
Shouldn't we see a DSA following this incident?
Since no one really know which binaries have been downloaded there and
what they actually do, and since it cannot be excluded that it was
actually executed, such systems are basically to be considered
compromised.
Quite a deal of people
On Mon, Jun 15, 2015 at 11:16 PM, Christoph Anton Mitterer wrote:
Shouldn't we see a DSA following this incident?
Since no one really know which binaries have been downloaded there and
what they actually do, and since it cannot be excluded that it was
actually executed, such systems are
On jeu., 2015-05-28 at 21:37 -0400, Michael Gilbert wrote:
control: tag -1 confirmed, help
On Wed, May 27, 2015 at 7:25 AM, Yves-Alexis Perez wrote:
Note that the binary blob is executed throught native client, which is
not enabled by default, so I /think/ you need explicit action from the
control: tag -1 confirmed, help
On Wed, May 27, 2015 at 7:25 AM, Yves-Alexis Perez wrote:
Note that the binary blob is executed throught native client, which is
not enabled by default, so I /think/ you need explicit action from the
user (although if you enable NaCl for something else, then you
❦ 27 mai 2015 12:56 +0200, Yves-Alexis Perez cor...@debian.org :
Chromium 43.0.2357.65 (Built on Debian stretch/sid, running on Debian
stretch/sid)
OSLinux
NaCl Enabled No
MicrophoneNo
Audio Capture Allowed Yes
Current Language en-US
Hotword Previous Language
On mer., 2015-05-27 at 13:23 +0200, Vincent Bernat wrote:
Same here. I did delete the extension path but somehow Chromium seems to
think it's still here (I have the same output as you except Shared
Module Platforms). You can check if it is running using the task
manager: from various bug
On mer., 2015-05-27 at 01:23 +0900, YOSHINO Yoshihito wrote:
Package: chromium
Version: 43.0.2357.65-1
Severity: serious
Tags: security upstream
Justification: Policy 2.1.2
Control: forwarded -1
https://code.google.com/p/chromium/issues/detail?id=491435
Dear Maintainer,
After
On mer., 2015-05-27 at 12:52 +0200, Yves-Alexis Perez wrote:
On mer., 2015-05-27 at 01:23 +0900, YOSHINO Yoshihito wrote:
Package: chromium
Version: 43.0.2357.65-1
Severity: serious
Tags: security upstream
Justification: Policy 2.1.2
Control: forwarded -1
Package: chromium
Version: 43.0.2357.65-1
Severity: serious
Tags: security upstream
Justification: Policy 2.1.2
Control: forwarded -1 https://code.google.com/p/chromium/issues/detail?id=491435
Dear Maintainer,
After upgrading chromium to 43, I noticed that when it is running and
immediately
21 matches
Mail list logo