-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Adam D. Barratt wrote:
The next point release for the etch oldstable distribution, 4.0r9, is
scheduled for Saturday, 22nd May.
I guess this is rather a plain formality than an endorsement by the
project that this release is an up-to-date version of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dear Thiemo,
Thiemo Nagel wrote:
However if that is the case, I wonder if oldstable support could be
extended for some more time.
I know that all the work is done by volunteers and I'm very grateful for
what they do. Still I think that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thiemo Nagel wrote:
having read your email concerning the termination of etch security
support, I'm looking for an upgrade path for our installation of ~100
machines.
- - read and follow the release notes [1]
- - upgrade one machine and record
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thiemo Nagel wrote:
I'm not talking of an upgrade in the sense of 'apt-get dist-upgrade',
we'll be doing fresh installations with the new version. However, it
would save both administrators and users a huge amount of work, if we
could deploy
seyyed ali zahiri wrote:
I have tried to install plesk 9.3 on debian Lenny but i got some
errors. the log file is below:
Why do you think this is relevant to debian-secur...@d.o ?
I will try to answer you post on the implicit assumption that you
promise to *never* *ever* arbitrarily cross-post
Nico Golde wrote:
Oergs, just one time I forgot to check the binary packages
and now this. Rebuild is on it's way. Thanks for the notice.
For security reasons, all text in this mail is double-rot13 encrypted.
Please don't forget to double-rot13 the source code for added extra
security.
8-)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Vladislav Kurz wrote:
I'd like to ask the security team, how long do they plan to support
etch (oldstable)? I remember that when etch was released, they
announced support for sarge will continue for one year. I haven seen
such announcement when
Hallo list,
dann frazier wrote:
--
Debian Security Advisory DSA-1809-1secur...@debian.org
http://www.debian.org/security/ dann frazier
Jun 01, 2009
Guntram Trebs wrote:
Hello,
i use aptitude, i would do it this way:
- call aptitude and look up, if you have a section named Obsolete and
Locally Created Packages. Normaly this section should not be visible as
its empty
- remove (better comment out) the backports-line in
Holger Levsen wrote:
http://lists.debian.org/stats/debian-security-announce.png
Is that really on the order of hundreds of DSAs per month (up to some
10/day)?
Then I'd miss a lot of them... ;-(
I rather think that there is something wrong with the left y-scale.
Cheers,
Johannes
--
To
Hello,
Chip Panarchy wrote:
Been doing a lot of research of late into the installation of Windows
over a network (using the Unattended BootCD and a Network Share). Also
a little into RIS (WDS).
I am interested in how this could be done securely. To summarise what
I would like to know, I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Boyd Stephen Smith Jr. wrote:
What about hardlinking the suid-root binaries to a hidden location, waiting
for a security hole to be found/fixed, and then running the old binary to
exploit the hole?
IIRC, a hard link is the same file called two
Mapper ict department wrote:
DSA-1680-1 clamav -- buffer overflow, stack consumption
Date Reported: 04 Dec 2008
In the Debian bugtracking system: Bug 505134, Bug 507624.
In Mitre's CVE dictionary: CVE-2008-5050, CVE-2008-5314.
[snip]
We have the volatile archive in the apt-get sources list:
Florian Lohoff wrote:
On Sat, Dec 06, 2008 at 11:13:41AM +0100, Gerfried Fuchs wrote:
It turns out that ftp2.de.debian.org is not up to date any more.
That's not directly related to security work, though given that lenny
fixes are announced through migration from unstable to testing I totally
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I was wondering, why I don't receive any testing security updates any more.
[EMAIL PROTECTED] wrote:
[snip]
Migrated from unstable:
===
cups 1.3.8-1lenny4:
CVE-2008-5286:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Manuel Gomez wrote:
Hi, i would like to maintain encrypt an archive in all moment, so i
If it is to remain encrypted in any moment in time, you should just use
a very complicated password and forget it immediately. Your data should
remain encrypted
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Obi wrote:
On Mon, Nov 24, 2008 at 05:30:46PM +0100, Johannes Wiedersich wrote:
Manuel Gomez wrote:
Now i am using Truecrypt, but when i mount the encrypted directory it's
vulnerable. I want to mount the file and that the file can remains
encrypt
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2008-07-17 16:46, Daniel Leidert wrote:
I'm sorry, if this has already been brought up. I did not find a posting
regarding this study, so I hereby start this thread).
http://lists.debian.org/debian-devel/2008/07/msg00321.html
Johannes
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2008-05-14 12:53, Hideki Yamane wrote:
And if we would get it via package, when dowkd.pl is updated we can know
about it automatically (with apt-get :-)
I guess ssh-vulnkey from the updated openssh packages might do what you
ask for.
HTH,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Julien Stuby wrote on 2008-04-05 22:46:
That seems the best way. The seconde step will be to use an another
OS that the first to reduce even more attack surface from readed
disk.
-- Julien
-Message d'origine- De : Alexander
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Axel Beckert wrote:
Hi,
On Mon, Mar 17, 2008 at 09:51:09PM +0100, Florian Weimer wrote:
For the unstable distribution (sid), this problem has been fixed in
version 2.31.1.
Ehm, that's strange somehow since unstable, testing and even
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Holger Levsen wrote:
Hi,
On Friday 28 September 2007 11:18, Jan Wagner wrote:
Running postinst hook script /sbin/update-grub.
You shouldn't call /sbin/update-grub. Please call /usr/sbin/update-grub
instead!
you need to modify
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Johannes Wiedersich wrote:
Javier Fernández-Sanguino Peña wrote:
Did you actually tried update-notifier on KDE?
Yes, it was installed on my system for some months, but it never
informed me about any update. (I get informed via
debian-security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Javier Fernández-Sanguino Peña wrote:
On Wed, Aug 22, 2007 at 09:29:10AM +0200, Johannes Wiedersich wrote:
- From the documentation I gather, that update-manager would probably work
on kde, but that it just checks, if the package information has
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Javier Fernández-Sanguino Peña wrote:
I didn't say what you put here and do not have any intention to start a
flamware. I'm just saying that Debian KDE users with no update-notifier
*might*
not be *as* aware of available security updates as users
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jose Marrero wrote:
I believe Microsoft software comes with NO WARRANTY as well.
Hell, we should read the small print on all software...
It does come with a warranty, at least in Germany/Europe. Everything you
*pay* for has by law two years of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Javier Fernández-Sanguino Peña wrote:
On Fri, Aug 17, 2007 at 10:01:54AM +0200, Johannes Wiedersich wrote:
PS 2: While we are at it: debian by default also does not install or
enable an automated system to install security updates
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Javier Fernández-Sanguino Peña wrote:
On Tue, Aug 21, 2007 at 09:00:47AM +0200, Johannes Wiedersich wrote:
Not exactly true. Debian adds security repositories to apt's sources,
that's true. But it does _not_ automatically install them on your
Florian Weimer wrote:
* Martin Schulze:
Package: openoffice.org
Vulnerability : several
Problem type : local (remote)
Debian-specific: no
CVE IDs: CVE-2007-0002 CVE-2007-0238 CVE-2007-0239
Does this also cover CVE-2007-1466?
No -- according to
Torsten Sadowski wrote:
Unluckily its not that easy. The homepage preference is not altered and points
to the right site.
Add a new user to your system and check, where his homepage points to.
Set it to a site that you know that works (maybe google.com).
If this works, the problem might be
I have a web- and mail server that shows strange outbound connections.
If I
llserv:~# cat /proc/net/ip_conntrack
I get lines like this (one line, wraped by e-mail editor):
tcp 6 362459 ESTABLISHED src=my.server.s.ip dst=84.145.105.4
sport=80 dport=1575 [UNREPLIED] src=84.145.105.4
steve wrote:
Le Mardi, 20 Décembre 2005 16.18, Michelle Konzack a écrit :
But in ALL Internet Cafes I can use my own (selfmade) Debian Live-System
with my prefered Desktop. In all Internet Cafes i get an IP via DHCP.
Wrong. I was in Milano (Italy) a few month ago, and I wanted to do
Alvin Oga wrote:
italians just passed a law that all isp and internet cafe etc are required
to ask for ID of ALL visitors and users of their PCs and services
it shouldnt matter to that if we reboot etc, etc... but it's their
computers... and you might get stiffed with a fine/penalty if oyu do
I'm sorry, if I'm just too bad at looking at the documentation or
searching the archives.
I am missing information as to what is a bug that would warrant a fix in
stable. I filed two bug reports (#340699 and #325588) but nothing
appears to be happening in order to get things fixed.
Short
34 matches
Mail list logo