Hi!
* Felipe Figueiredo [EMAIL PROTECTED] [080218 10:01]:
Well, a rogue hacker would need to be quite skilled to add some kind of
bad package.
Let's assume he has created a bad package and got control over a mirror
How about a simpler attack vector: compromise a devel account, and
* Jim Popovitch [EMAIL PROTECTED] [080217 06:46]:
I haven't seen any other news about this, I show 7 pending updates for
which no DSA or notices have gone out. Given that d.o servers have
been hacked in the past, are these updates valid and where can I find
official info about them?
Hi!
* Jim Popovitch [EMAIL PROTECTED] [080217 21:12]:
http://lists.debian.org/debian-announce/debian-announce-2008/msg0.html
One additional thing that is not clear to me is that I see pending
updates for libc6 and libc6-dev that are NOT mentioned in that
announcement.
They are
Hi!
* Jim Popovitch [EMAIL PROTECTED] [080217 23:42]:
[..]
So in general we first push upgrade to the mirrors, and then sent out
announcements.
That does make good sense, for the masses (of which I am one) I suppose.
In general it does; and under normal circumstances we try to send out
the
* Michelle Konzack [EMAIL PROTECTED] [050130 17:45]:
Michelle, can You cite the Message-Id's and/or URLs to the archive,
please?
Unfortunatly not (my postgresql is curently down)
but I think, it was between April and June last year.
Maybe after the last BUGfix in 2.4.18
Michelle,
Hi!
* Michelle Konzack [EMAIL PROTECTED] [050130 20:29]:
how does it come, that every time, you're telling such a story and are
requested for some proof, one of your services is down, you cite
completly unrelated URLs or you don't answer at all?
Why not go to http://lists.debian.org/ and
* Jan Lühr [EMAIL PROTECTED] [050130 22:13]:
Don't take it down personal. Jugding about DSA's I've seen, there is
currently
_no_ security-support for 2.4.18.
I didn't made any statement about security support of 2.4.18. All I
said was, that MK can't proof her own statement, that I can't a
Hi!
* Paul Hink [EMAIL PROTECTED] [050130 21:57]:
They told, there are too much kernels to maintain and droped
2.4.(18-22) They sugested to use one of the Backports.
And of course this is nothing to inform the ordinary users about, is
it?
Just to make sure that there are no
* Hideki Yamane [EMAIL PROTECTED] [040201 15:45]:
Does anyone know about if security.debian.org is down or not?
I cannot get .debs from it, and ping to it with no reply.
Citing Joey in the german irc-channel #debian.de:
14:53 Joey[tm] Weder noch, war einfach nicht mehr da, als wir dran
* Samuele Giovanni Tonon [EMAIL PROTECTED] [030808 15:09]:
What the h.ll does this mean?
Apparently some moron tries to find a job through SPAMming.
maybe he wants a job inside debian.
we must redirect him to http://nm.debian.org :-)
So he can redesign it in flash?
Yours sincerely
* Samuele Giovanni Tonon [EMAIL PROTECTED] [030808 15:09]:
What the h.ll does this mean?
Apparently some moron tries to find a job through SPAMming.
maybe he wants a job inside debian.
we must redirect him to http://nm.debian.org :-)
So he can redesign it in flash?
Yours sincerely
* Christian Kujau [EMAIL PROTECTED] [030701 14:48]:
Please get the docbook formatted code and do a revision. Then just
do a diff and sent the output.
hm, ok, i'll try.
It's quite easy: Get the sgml source; the format is nearly self
explaining, and quite uninteressting, since you just need
* Christian Kujau [EMAIL PROTECTED] [030629 22:32]:
as others suggested too, the reading should be shared to a group of
readers.
I started to collect the REVIEW-Status in a seperate file, avaible
at:
http://www.cs.uni-frankfurt.de/~schmehl/securing-debian/REVIEW-STATUS
Since I have been and
I'll like to thank all of you, who offered their help, correcting and
updating this howto.
I'm sorry, if I wasn't able to answer your mail, yet. Thanks for your
patience, I'll do so, as fast as I can, but I'm a little busy these
days.
Thank you very much,
Alexander
pgp0.pgp
* Christian Kujau [EMAIL PROTECTED] [030701 14:48]:
Please get the docbook formatted code and do a revision. Then just
do a diff and sent the output.
hm, ok, i'll try.
It's quite easy: Get the sgml source; the format is nearly self
explaining, and quite uninteressting, since you just need
* Christian Kujau [EMAIL PROTECTED] [030629 22:32]:
as others suggested too, the reading should be shared to a group of
readers.
I started to collect the REVIEW-Status in a seperate file, avaible
at:
http://www.cs.uni-frankfurt.de/~schmehl/securing-debian/REVIEW-STATUS
Since I have been and
I'll like to thank all of you, who offered their help, correcting and
updating this howto.
I'm sorry, if I wasn't able to answer your mail, yet. Thanks for your
patience, I'll do so, as fast as I can, but I'm a little busy these
days.
Thank you very much,
Alexander
pgpiRStvzCsph.pgp
Good morning,
I just finished the translation of the security howto to german, but
some parts are very ugly hacked.
It would be very nice, if some of you would review my translation (or
at least small parts of it), and send me some patches.
You can find the latest version of it at
Good morning,
I just finished the translation of the security howto to german, but
some parts are very ugly hacked.
It would be very nice, if some of you would review my translation (or
at least small parts of it), and send me some patches.
You can find the latest version of it at
* Diederik de Vries [EMAIL PROTECTED] [030506 17:47]:
Today I was surfing on SecurityFocus, and saw that there was a hole in
OpenSSH (http://www.securityfocus.com/bid/7482/info/). Debian Potato
uses OpenSSH 3.1 p1, which seems to be exploitable.
I think you might be interessted in:
* Konstantin [EMAIL PROTECTED] [030422 23:03]:
can anyone post the patch for the 2.4.20-kernel (from kernel.org) or give me
an adress I can leech it from.
http://www.ussg.iu.edu/hypermail/linux/kernel/0303.2/0226.html
http://sinuspl.net/ptrace/
cu
Alex
--
PGP key on demand, mailto:[EMAIL
21 matches
Mail list logo
