On Tue, Nov 06 2018, Paul Wise wrote:
> On Mon, Nov 5, 2018 at 10:29 PM John Goerzen wrote:
>
>> Hi folks,
>
> FTR, in case you were trying to contact the Debian Security Team
> directly I suggest using secur...@debian.org or
> t...@security.debian.org instead,
Hi folks,
So I recently started running debsecan on one of my boxes. It's a
fairly barebones server install, uses unattended-upgrades and is fully
up-to-date. I expected a clean bill of health, but didn't get that. I
got pages and pages and pages of output. Some of it (especially kernel
On 02/19/2015 05:31 PM, Paul Wise wrote:
On Fri, Feb 20, 2015 at 12:40 AM, John Goerzen wrote:
Right now, the security tracker has, apparently, three status for each
version of Debian:
not vulnerable
vulnerable
fixed
What if we add a fourth:
not worth fixing
This could more clearly
On 02/19/2015 12:25 AM, Michael Gilbert wrote:
On Wed, Feb 18, 2015 at 9:11 AM, John Goerzen wrote:
On this machine, it found 472 vulnerabilities. Quite a few of them fit
into the remotely exploitable, high urgency category. Many date back to
last year, some as far back as 2012. I've
On 02/19/2015 08:24 AM, Michael Stone wrote:
On Thu, Feb 19, 2015 at 07:29:29AM -0600, John Goerzen wrote:
However, part of what I was trying to figure out here is: do we have a
lot of unpatched vulnerabilities in our archive?
Yes. Every system (not just debian) has unpatched vulnerabilities
On 02/18/2015 08:53 AM, Thijs Kinkhorst wrote:
Hi John,
On Wed, February 18, 2015 14:51, John Goerzen wrote:
CVE-2013-1961 Stack-based buffer overflow in the t2p_write_pdf_page...
http://security-tracker.debian.org/tracker/CVE-2013-1961
- libtiff4 (remotely exploitable, high urgency
On 02/18/2015 08:44 AM, Thijs Kinkhorst wrote:
Yes, we know about those issues. That's why debsecan reports them to you
in the first place. A good place to learn more about an issue is to
actually follow the links you pasted at the bottom of your email. There
you can e.g. see a motivation for
Hi folks,
So I recently downloaded and installed debsecan on several of my
machines. These are all fully up-to-date machines, running either
wheezy or jessie. For now I'll just focus on wheezy since it's where
our security focus should go.
On this machine, it found 472 vulnerabilities. Quite
Hi folks,
I've been going through the output of debsecan on my systems (more on
that later). For the moment, I have discovered something odd regarding
a tiff advisory.
Debsecan noted this on my wheezy machine:
CVE-2013-1961 Stack-based buffer overflow in the t2p_write_pdf_page...
Great news, thanks!
On 01/31/2015 07:01 PM, Evgeny Kapun wrote:
This should be fixed in the latest version. See
https://bugs.debian.org/741678.
On 01.02.2015 03:09, John Goerzen wrote:
Hello,
A friend of mine pointed out to me recently that the Debian Live CD has
ssh open to the network
there are, as yet, no new packages.
This is not an attack on any person/team, just a question about whether
we have an organizational problem we need to correct.
Thanks,
-- John Goerzen
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
On Thu, Jan 29, 2009 at 09:04:46AM -0200, Eduardo M KALINOWSKI wrote:
Rodrigo Hashimoto wrote:
Hi,
I received a file via e-mail and tried to open it, then the iceweasel
did nothing. I tried again and I realized the iceweasel was trying to
user the wine to open a file .com. Then I run
On Fri, Oct 28, 2005 at 04:26:43PM +0100, Steve Kemp wrote:
This seems to be a very frequent problem going on for awhile now.
Could someone from the security team comment on what the problem is?
The problem is that we receive a lot of reports, each of which may
involve a significant
On Fri, Jun 03, 2005 at 10:56:47AM +0200, Hilko Bengen wrote:
Steve Langasek [EMAIL PROTECTED] writes:
So, you are not accepting my drupal_4.5.3-1 (or -2) package into sarge
because 4.5.3 fixes more than cited security issue?
Why are you not using the simple patch available at
On Fri, Jan 28, 2005 at 10:46:24AM +0100, martin f krafft wrote:
also sprach Demonen [EMAIL PROTECTED] [2005.01.28.1036 +0100]:
Stop the german.
Ha! Naturlich! Nodingkt kan stop ze German!
I feel a call to dict blinkenlights coming on...
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with
On Wed, Feb 25, 2004 at 06:50:50PM +0200, Martin Hardie wrote:
the differnce is guys is that Debian and free software professes to be based
upon a community and a community that believes in sharing and respect and
thus must have the guts to move beyond the inane ... no discrimination
On Wed, Feb 25, 2004 at 06:02:22PM +0200, Martin Hardie wrote:
so the use of debian products for rascist work is ok for debian
Yes, it is. Our Debian Free Software Guidelines enforce a mandate of no
discrimination. Software included in Debian does not discriminate on
people based on their
On Wed, Feb 25, 2004 at 06:50:50PM +0200, Martin Hardie wrote:
the differnce is guys is that Debian and free software professes to be based
upon a community and a community that believes in sharing and respect and
thus must have the guts to move beyond the inane ... no discrimination
Hum, this message was also sent to ipv6. It looks like it may be some
sort of spammer or something... apparently its HTML part it strange...
On Fri, Feb 06, 2004 at 06:08:47AM -, K.K. Senthil Velan wrote:
Hello all,
Iam new to Debain this great community. Now Iam working as
Hum, this message was also sent to ipv6. It looks like it may be some
sort of spammer or something... apparently its HTML part it strange...
On Fri, Feb 06, 2004 at 06:08:47AM -, K.K. Senthil Velan wrote:
Hello all,
Iam new to Debain this great community. Now Iam working as
On Sun, Nov 23, 2003 at 01:09:27AM -0500, Jim Hubbard wrote:
After the Linux kernel server got hacked a few weeks ago, and now this
successful attack at Debian, my confidence is shaken. I hope we'll see full
I'm curious: why would this serve to shake your confidence?
-- John
--
To
On Sun, Nov 23, 2003 at 01:09:27AM -0500, Jim Hubbard wrote:
After the Linux kernel server got hacked a few weeks ago, and now this
successful attack at Debian, my confidence is shaken. I hope we'll see full
I'm curious: why would this serve to shake your confidence?
-- John
On Sun, Feb 23, 2003 at 05:47:18PM -, Matt Foster wrote:
Just to let you know Firewall Informer transmits network traffic between two network
cards on a standard windows PC, this allows
So why would you be bothering us with some piece of crap that requires us to
install the non-free
On Sun, Feb 23, 2003 at 05:47:18PM -, Matt Foster wrote:
Just to let you know Firewall Informer transmits network traffic between two
network cards on a standard windows PC, this allows
So why would you be bothering us with some piece of crap that requires us to
install the non-free
This is what people suggest for Subversion:
Location /test
AuthType Basic
AuthName Subversion repository
AuthUserFile /usr/local/etc/apache2/svn-pass
LimitExcept GET PROPFIND OPTIONS REPORT
Require valid-user
This is what people suggest for Subversion:
Location /test
AuthType Basic
AuthName Subversion repository
AuthUserFile /usr/local/etc/apache2/svn-pass
LimitExcept GET PROPFIND OPTIONS REPORT
Require valid-user
On Tue, Jul 02, 2002 at 12:13:30PM -0700, Rafael wrote:
It sure will, but being this the security list, let's say someone
found a root crack in let's say, the inetd server. And their post
gets thrown out because no RR. Hmmm, no one gets warned and some
worm starts going around and their
Ironically enough, Rafael's server rejected my message for the sole reason
that Savvis broke reverse DNS for the colo facility my box is at 2 weeks ago
and has been slow to fix it. Shows you right away why these restrictions
are bad.
--
John Goerzen [EMAIL PROTECTED
of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
--
John Goerzen [EMAIL PROTECTED]GPG: 0x8A1D9A1Fwww.complete.org
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Goerzen
dpkg patches: John Goerzen
apt-checksigs: Branden Robinson
integration testing: Branden Robinson and the Progeny QA team
Hope this helps!
--
John Goerzen [EMAIL PROTECTED] www.complete.org
Sr. Software Developer, Progeny Linux Systems, Inc.www.progenylinux.com
30 matches
Mail list logo