Re: [SECURITY] [DSA 3389-1] elasticsearch end-of-life

❦ 2 novembre 2015 20:00 +0100, Moritz Mühlenhoff  : >> There are many tradeoffs recently with projects that do not want to >> provide a sensible security track for stable releases: >> >> - always package the latest release (Chromium) > > For chromium and iceweasel the vast

Re: [SECURITY] [DSA 3389-1] elasticsearch end-of-life

❦ 1 novembre 2015 23:22 +0100, Moritz Muehlenhoff  : > Security support for elasticsearch in jessie is hereby discontinued. The > project no longer releases information on fixed security issues which > allow backporting them to released versions of Debian and actively >

Re: [pkg-lighttpd] [SECURITY] [DSA 2368-1] lighttpd security update

and that's what happen with the provided configuration. -- Vincent Bernat ☯ http://vincent.bernat.im panic(Attempted to kill the idle task!); 2.2.16 /usr/src/linux/kernel/exit.c pgppr0EkB7n7u.pgp Description: PGP signature

Re: openssh remote upgrade procedure?

OoO En ce début de soirée du mardi 20 mai 2008, vers 21:45, Alexandros Papadopoulos [EMAIL PROTECTED] disait: 3. Testing to see if you can still get on to a server is exactly what I would have done, if my connection had not been killed by the server itself a few seconds after upgrading the

Re: Accepted openssh-blacklist 0.3 (source all)

OoO En cette nuit nuageuse du mercredi 21 mai 2008, vers 01:32, Kees Cook [EMAIL PROTECTED] disait: * Add empty DSA-2048, since they weren't any bad ones. How is it possible? Thanks. -- BOFH excuse #63: not properly grounded, please bury computer pgp3twM6bO48f.pgp Description: PGP

Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

OoO En ce début d'après-midi nuageux du samedi 17 mai 2008, vers 14:15, Nico Golde [EMAIL PROTECTED] disait: are there updates for this issue for old stable - sarge? sarge is not affected I suppose that people may still be interested in blacklist support. and besides that the security

Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

OoO En ce début d'après-midi nuageux du mardi 13 mai 2008, vers 14:06, Florian Weimer [EMAIL PROTECTED] disait: Package: openssl Vulnerability : predictable random number generator Some other random questions: - It seems that firefox does not handle CRL unless manually imported,

Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

OoO En cette soirée bien amorcée du mardi 13 mai 2008, vers 22:21, John Keimel [EMAIL PROTECTED] disait: Since some keys are generated automatically, (e.g. ssh host keys) users will have to regenerate keys,they haven't generated in the first place and might not be aware of their existens.

Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

OoO En cette soirée bien amorcée du mardi 13 mai 2008, vers 22:38, John Keimel [EMAIL PROTECTED] disait: Restarting OpenSSH do not close existing connections. Yes, that's correct. I agree. But the instructions I saw were for 'shutting down the SSHD server' - not just 'restarting it'.

Proftpd and bug #319849

Hi ! proftpd in Sarge is vulnerable to a format string vulnerability. The corresponding bug is marked as fixed in 1.2.10-20 and found in 1.2.10-15 (which is the Sarge version). This means that the Sarge version is still vulnerable. However, the bug is closed and not tagged

Re: On Mozilla-* updates

OoO Pendant le journal télévisé du dimanche 31 juillet 2005, vers 20:29, Nikita V. Youshchenko [EMAIL PROTECTED] disait: Requiring users to install an important component (which Mozilla is) from other sources is a bad idea in this context. I think it should not be the way how Debian

Re: Please announce current lack of security support

OoO En cette fin de matinée radieuse du mardi 26 juillet 2005, vers 11:02, martin f krafft [EMAIL PROTECTED] disait: However, I feel that our users should be told about the problem, and not just through Joey's blog entry. Thus, can I please urge the security team to release an appropriate

Re: Please announce current lack of security support

OoO En cette fin de matinée radieuse du mercredi 27 juillet 2005, vers 11:21, martin f krafft [EMAIL PROTECTED] disait: security-announce seems unavailable too. How so? lists.debian.org is up and a message sent and signed by the security team to -security-announce should show up. Or am I

Re: Disk Encryption on bf2.4

OoO Peu avant le début de l'après-midi du dimanche 07 mars 2004, vers 13:13, EErdem [EMAIL PROTECTED] disait: I've searched, but couldn't find kernel patch for bf2.4. Is there a patch for this or i have to change kernel. You should use cryptoloop patches. They are available as Debian

Re: Disk Encryption on bf2.4

OoO Peu avant le début de l'après-midi du dimanche 07 mars 2004, vers 13:13, EErdem [EMAIL PROTECTED] disait: I've searched, but couldn't find kernel patch for bf2.4. Is there a patch for this or i have to change kernel. You should use cryptoloop patches. They are available as Debian

Chrooting named by default (was: Re: chrooting apache[ssl,php,perl]and some mta)

OoO En cette nuit striée d'éclairs du samedi 09 novembre 2002, vers 02:02, Michael Ablassmeier [EMAIL PROTECTED] disait: i did some apache chroot environment (php,perl,ssl), and now some users want to use the php mail command, so i have to include some mta into the chroot. As far as i know,

Chrooting named by default (was: Re: chrooting apache[ssl,php,perl] and some mta)

OoO En cette nuit striée d'éclairs du samedi 09 novembre 2002, vers 02:02, Michael Ablassmeier [EMAIL PROTECTED] disait: i did some apache chroot environment (php,perl,ssl), and now some users want to use the php mail command, so i have to include some mta into the chroot. As far as i know,