The recent RCE in libcue and tracker3 GNOME settings in Bookworm

Hi! After the recent RCE in libcue DSA-5524-1, CVE-2023-43641, [1], I've decided to re-check that I have scanning of the ~/Downloads directory disabled for GNOME Search. The Settings app of GNOME says it's disabled but if I do gsettings get org.freedesktop.Tracker3.Miner.Files

Re: Securing Debian Manual too old?

On Fri, Jun 23, 2023 at 12:40:19PM +0200, Stephan Seitz wrote: > I found the Securing Debian Manual > (https://www.debian.org/doc/manuals/securing-debian-manual/index.en.html). > This version is from 2017. > > It has „Chapter 6. Automatic hardening of Debian systems” which mentions > Harden

Re: Does net install cryptographically verify downloaded data?

On Thu, Jul 05, 2018 at 12:02:28PM +0300, Georgi Guninski wrote: > Does net install cryptographically verify downloaded data? > > Searching the iso for gpg/keyrings didn't return any results for me. Look for the package "debian-archive-keyring". APT depends on it and uses the keys it provides

Re: Does net install cryptographically verify downloaded data?

On Thu, Jul 05, 2018 at 12:02:28PM +0300, Georgi Guninski wrote: > Does net install cryptographically verify downloaded data? > > Searching the iso for gpg/keyrings didn't return any results for me. Sorry, sent too fast, so missed two crucial bits: - The net install image contain a minimal

Re: [SECURITY] [DSA 4187-1] linux security update

On Thu, May 03, 2018 at 10:53:00AM +0200, richard lucassen wrote: > > > There are multiple reports on #ganeti that this update breaks > > > networking in certain circumstances, probably multiple tun/tap > > > device configurations. No more details or a proper bug report yet > > > as I haven't

Re: Debian Desktop Environment

On Tue, 27 Oct 2015 12:29:53 +0100 Mateusz Kozłowski wrote: > Could You tell me which debian desktop environment is the most > security and the best privacy and which You recommned for debian > users? (KDE, XFCE, GNOME etc.)? Please ask this question on debian-users instead.

Re: about bash and Debian Lenny

On Wed, 1 Oct 2014 14:45:55 +0300 Nikolay Hristov ge...@stemo.bg wrote: I made lenny packages for my machines. I could share them if you want? [...] Which part of I don't want to use deb packages from different sources because I cannot trust them you didnt understand? ;-) Still, when

Re: [SECURITY] [DSA 2318-1] cyrus-imapd-2.2 security update

On Mon, 10 Oct 2011 12:04:21 +0200 Vladislav Kurz vladislav.k...@webstep.net wrote: -- Debian Security Advisory DSA-2318-1 secur...@debian.org http://www.debian.org/security/ Nico Golde Oct 6, 2011

Re: Number of apache2 process MaxClients ?

On Fri, 29 Oct 2010 12:06:51 -0400 Min Wang ser.ba...@gmail.com wrote: I have apache2.conf using prefork with MaxClient setting to 30 ( on Lenny) but on system I saw more than 100 apache2 processes Isn't the MaxClients supposed to limit total apache2 processes to be 30? Something may

Re: How safely to stop using backports repo?

sthu.d...@gmail.com wrote: Is there a automatic way that can give me a list of the packages came from backports repo? Install grep-dctrl and do $ grep-status -F Version ~bpo -a -F Status installed -s Package It will print the list of installed packages which have ~bpo in their names -- a

Re: Tutorial for iptables

cyril franke wrote: Hello list, I just started learning firewall setup with iptables and found the following tutorial useful: http://www.iptablesrocks.org/ The canonical tutorial is http://iptables-tutorial.frozentux.net/ -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org

Re: Target filesystem

On Fri, Jun 09, 2006 at 07:47:45AM -0400, Brent Clark wrote: I seem to be experiencing problems booting up (Thank goodness for Knoppix) Why not just a Debian rescue CD? There are a host of errors, but the end message is: Target filesystem doesn't have /sbin/init I think your kernel just get a

Re: Request for comments: iptables script for use on laptops.

On Tue, May 23, 2006 at 02:04:13AM +0200, Uwe Hermann wrote: [...] iptables -A INPUT -j ACCEPT -s 127.0.0.1 # local host iptables -A OUTPUT -j ACCEPT -d 127.0.0.1 Correct me if I'm wrong, but I think this would also allow incoming traffic from 127.0.0.1 to the eth0 interface. So