ctly sure. It should be verified that this detection
will work the way you expect, so that the error message doesn't change
and create a support burden for the installer team.
Currently kernel-wedge generates the udeb package names and would need
to add an option to leave out the version pa
On Mon, 2022-07-04 at 22:17 +0200, Kurt Roeckx wrote:
> On Sun, Jul 03, 2022 at 03:49:12PM +0000, Ben Hutchings wrote:
> >
> > For the oldstable distribution (buster), these problems have been
> > fixed in version 4.19.249-2.
>
> It seems that linux-image-amd64 does
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-5173-1 secur...@debian.org
https://www.debian.org/security/Ben Hutchings
July 03, 2022
On Thu, 2018-05-03 at 00:06 +0100, Dominic Hargreaves wrote:
> On Tue, May 01, 2018 at 05:12:02PM +0000, Ben Hutchings wrote:
> > -
> > Debian Security Advisory DSA-4187-1 secur...@debia
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4187-1 secur...@debian.org
https://www.debian.org/security/Ben Hutchings
May 01, 2018
fixes in Linux
actually get CVE IDs.
Ben.
--
Ben Hutchings
Unix is many things to many people,
but it's never been everything to anybody.
signature.asc
Description: This is a digitally signed message part
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4073-1 secur...@debian.org
https://www.debian.org/security/Ben Hutchings
December 23, 2017
of GRSecurity and LSM/SELinux.
http://packages.debian.org/jessie/linux-patch-grsecurity2
[...]
I bet it doesn't apply to 3.2.y any more... no, it doesn't. Bug opened
(#736925).
Ben.
--
Ben Hutchings
It is a miracle that curiosity survives formal education. - Albert Einstein
signature.asc
() and get_random_bytes_arch() will use it and it is
documented that they are not suitable for cryptographic purposes.
Ben.
--
Ben Hutchings
Knowledge is power. France is bacon.
signature.asc
Description: This is a digitally signed message part
-opt.patch?view=markuppathrev=19969
Our backport is different.
Ben.
--
Ben Hutchings
Tomorrow will be cancelled due to lack of interest.
signature.asc
Description: This is a digitally signed message part
Hi
I also came across this issue applying the fix yesterday. I did resolve
it though by doing an apache restart.
Ben
Dominic Hargreaves wrote:
On Fri, May 25, 2012 at 09:29:44AM +0100, Dominic Hargreaves wrote:
On Thu, May 24, 2012 at 07:37:03PM +0200, Moritz Muehlenhoff wrote:
Several
;)
Wishing it so doesn't make it practically possible.
Ben.
--
Ben Hutchings
We get into the habit of living before acquiring the habit of thinking.
- Albert Camus
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
on them.
Hmhm, that might be a good idea indeed. I need to investigate and try
that a bit.
Ben, what would kernel team think of that?
I don't speak for the whole team, but I don't see that it solves any
problem. You would have to Build-Depend on exact versions of
linux-source, so that you
On Wed, Feb 01, 2012 at 06:41:43PM +0100, Yves-Alexis Perez wrote:
On mer., 2012-02-01 at 14:32 +, Ben Hutchings wrote:
On Wed, 2012-02-01 at 10:51 +0100, Yves-Alexis Perez wrote:
On mer., 2012-02-01 at 10:34 +0100, Wouter Verhelst wrote:
On Wed, Feb 01, 2012 at 10:24:40AM +0100
On Mon, 2012-01-30 at 11:05 +0100, Yves-Alexis Perez wrote:
(adding few CC:s to keep track on the bug)
On dim., 2012-01-29 at 21:26 +, Ben Hutchings wrote:
On Sun, 2012-01-29 at 20:57 +0100, Yves-Alexis Perez wrote:
On dim., 2012-01-29 at 18:22 +, Ben Hutchings wrote
in 2.6.32-40 (currently in stable-proposed-updates). I can
probably make an upload this weekend, but cannot promise that a further
upload will not be needed. We need some testing of the isci driver
(added in 2.6.32-40) and more generally regression testing.
Ben.
--
Ben Hutchings
When in doubt
unsubscribe
Cordialement, your sincerely,
European Parliament
Richard BEN ALEYA
-Original Message-
From: Moritz Muehlenhoff [mailto:j...@debian.org]
Sent: 20 April 2011 19:16
To: debian-security-annou...@lists.debian.org
Subject: [SECURITY] [DSA -1] tinyproxy security update
the SHA1 (or any other checksum) of
the original files.
How would the USB drive tell whether you were reading the file to
verify its checksum or to use its contents?
--
Ben Pfaff
http://benpfaff.org
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject
For the most part I'm on holidays until 19th of Oct. Cheers Benny
If this is an Urgent ticket please submit a repair ticket
herehttp://ts.sd57.bc.ca
I will be checking my mail during the week!
Personal contacts phone me cell at 250-640-3100
Thanks
Benn
--
To UNSUBSCRIBE, email to
. Closes: #511768
- other bug fixes worthy of patch-release inclusion
This looks like much too big a change to get into lenny now. You'll
probably need to upload just the two critical fixes to t-p-u or
testing-security.
Ben.
signature.asc
Description: This is a digitally signed message
) |
Ben Finney
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
. The former is for Discussion about
security issues, including cryptographic issues, that are of
interest to all parts of the Debian community. The latter is
where The security team informs the users about security
problems by posting security advisories about Debian packages on
this list.
--
Ben Pfaff
Matt Zimmerman wrote:
I guess you aren't reading my mail, then.
He may well be. Which browser are you using?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
antgel wrote:
2) Mozilla security patches are not easy to find and isolate.
Ben has disputed this, saying that we should be able to extract all
necessary patches. Public ones from
http://www.mozilla.org/projects/security/known-vulnerabilities.html then
bugzilla, and embargoed ones via mdz
Matt Zimmerman wrote:
Ben has now explained that this is in fact not sufficient.
No, I have not. Please read again what I wrote.
There is clearly a communication gap.
And it's not on my end. You still haven't answered my very specific
questions about your problems and what you want
Stefano Salvi wrote:
I prefer to have no X on the server and administer it from command
line or Web interfaces (command line is better).
Let's say
1. You use Mozilla from sarge
2. Somebody cracks you through known holes in that old Mozilla,
either a mass exploit or an enemy of you
Matt Zimmerman wrote:
I'm guessing that you're not going to volunteer on the manpower side
Actually, he did, in the previous posting. Which is admirable, because
this is a dauntingly huge task (and he seems semi-aware of it) - in the
area of a few hours *per week*, on average. mozilla.org
Matt Zimmerman wrote:
To organize their development processes such that patches can be backported
with a reasonable amount of effort.
I wrote a response, but deleted it, because I simply don't understand
what you mean. Please be concrete, very very concrete.
I'm in Los Angeles, California,
Thomas Bushnell BSG wrote:
It would be very nice if Mozilla would publish to distributions like
ours a description of the security problem, and then a separate patch
for that specific problem.
1. You to be going to
http://www.mozilla.org/projects/security/known-vulnerabilities.html
Adeodato Simó wrote:
Publish to distributions is effectively the same as making it
completely public, so they won't.
Wrong.
http://www.mozilla.org/projects/security/security-bugs-policy.html
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
of keeping the everything
as-is, no user-noticable changes, for 3 years. You have to lose your
current ideas and put security first. (I'm not including freedom etc.
here :-) .)
I am more than willing to help establish cooperation between Debian and
mozilla.org, if there's interest.
--
Ben Bucksch
martin f krafft [EMAIL PROTECTED] writes:
However, doesn't CBC or EBC make sure that every block is
chained to its predecessor, making even the very last block of
a file dependent on the bits of the very first block?
Yes and no. If you change the first block in a set of
CBC-chained blocks,
I've been adding unsubscribe requests and out-of-the-office-nitwit
replies to my spam folder, and then training Ye Olde Classifier Of
Choyce upon them. Works reasonably well...
--
Ben Pearre http://hebb.mit.edu/~ben PGP: CFDA6CDA
Don't let Bush read your email! http
the arp cache size to 1024 again.
And even though I can see 5 infected machine blasting through the
network right now everything works fine.
Cheers, Ben
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
134.102.0.0/16 0.0.0.0 UG 0 0 0 eth1
With such a routing entry the firewall will try and resolve mac
addresses when the worm is scanning 134.102.xxx.0 subnets, right? I off
to the site to do some experimenting.
Thanks, a lot so far. I'll post my findings.
ben
--
To UNSUBSCRIBE
it really be possible for a single infected windows machine to dos
a linux firewall? Please tell me it's not true and there's just something
I'm overlooking. I'm at my wits end here and don't even know what to try
next. So any pointers are much appreciated.
Thanks,
Ben
--
To UNSUBSCRIBE, email to [EMAIL
Actually, re-reading the definitions in reportbug, this seems to be *critical*. Why
doesn't
anyone DO anything about this? NMU? Something???
On Thu, Jul 01, 2004 at 10:28:04AM -0700, Itay Ben-Yaacov wrote:
Package: udev
Version: 0.026-1
Severity: normal
Tags: security
It has been broken for weeks and somebody only noticed a couple of days
ago, if you can't update the config file by yourself I'm sure you can
wait for a few days while I work on other issues.
It was repaired on my box before I reported it, of course. Given that it's a single
user machine,
it
simply securing a box and assuming a role as cyber-detective. the
former solves the problem, the latter has no end.
ben
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
On Tuesday 29 October 2002 01:02 am, Jean Christophe ANDRÉ wrote:
Hi,
ben écrivait :
way overkill. 16001 isn't being scanned and 111 is the most common target
after 25. you're suggesting that the guy turn his server into a
honeypot--to what end? disable portmap and nothing can get at 111
simply securing a box and assuming a role as cyber-detective. the
former solves the problem, the latter has no end.
ben
On Tuesday 29 October 2002 01:02 am, Jean Christophe ANDRÉ wrote:
Hi,
ben écrivait :
way overkill. 16001 isn't being scanned and 111 is the most common target
after 25. you're suggesting that the guy turn his server into a
honeypot--to what end? disable portmap and nothing can get at 111
Wade Richards [EMAIL PROTECTED] writes:
Notice the PROTO=UDP part of the message. It means that this
is a UDP packet, not a TCP packet. UDP is not a socket-based
protocol, so the port number is meaningless for UDP packets.
This statement is nonsense. Both TCP and UDP have 16-bit port
Wade Richards [EMAIL PROTECTED] writes:
Notice the PROTO=UDP part of the message. It means that this
is a UDP packet, not a TCP packet. UDP is not a socket-based
protocol, so the port number is meaningless for UDP packets.
This statement is nonsense. Both TCP and UDP have 16-bit port
shove off, troll
ben
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
On Monday 07 October 2002 02:21 am, Rune Kristian Viken wrote:
Monday, ben wrote:
shove off, troll
Uh.. WHAT?
I'm not sure why you're calling me a troll, but I would appreciate it
if you at least _attempted_ to be a tad more polite.
i'd appreciate it if you could at least be consistent
On Monday 07 October 2002 04:14 am, Rune Kristian Viken wrote:
Ben wrote:
shove off, troll
I'm not sure why you're calling me a troll, but I would appreciate
it if you at least _attempted_ to be a tad more polite.
i'd appreciate it if you could at least be consistent in what you
shove off, troll
ben
On Monday 07 October 2002 02:21 am, Rune Kristian Viken wrote:
Monday, ben wrote:
shove off, troll
Uh.. WHAT?
I'm not sure why you're calling me a troll, but I would appreciate it
if you at least _attempted_ to be a tad more polite.
i'd appreciate it if you could at least be consistent
On Monday 07 October 2002 04:14 am, Rune Kristian Viken wrote:
Ben wrote:
shove off, troll
I'm not sure why you're calling me a troll, but I would appreciate
it if you at least _attempted_ to be a tad more polite.
i'd appreciate it if you could at least be consistent in what you
was rejected, so
it's unlikely that anybody has done any harm there.
the incidents in your sendmail logs are probably part of a port scan. you
should make sure that the rest of your system is solid.
ben
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble
was rejected, so
it's unlikely that anybody has done any harm there.
the incidents in your sendmail logs are probably part of a port scan. you
should make sure that the rest of your system is solid.
ben
It looks like it is fixed in glibc 2.2.5-8, but again, it never made
into official announcement.
On woody, I believe Ben have been already working, but I don't know
its status. Ben? Should I go ahead for woody?
Woody and potato are already uploaded to security.d.o. It's in their
hands
util-linux.
when you say 'doesn't use,' do you perhaps mean 'never invokes'? because:
# find / -name chfn
/usr/bin/chfn
/etc/pam.d/chfn
and i'm damn sure i didn't put it there all by myself.
ben
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
On Monday 29 July 2002 01:04 pm, Wichert Akkerman wrote:
Previously ben wrote:
when you say 'doesn't use,' do you perhaps mean 'never invokes'? because:
# find / -name chfn
/usr/bin/chfn
/etc/pam.d/chfn
Different implementation (from shadowutils iirc).
Wichert.
aah! thanks, wichert
after both of my posts to the security list, i received delivery error
messages in the form of:
On Monday 29 July 2002 01:10 pm, [EMAIL PROTECTED] wrote:
No such user: [EMAIL PROTECTED]
is anyone else seeing the same or similar?
ben
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED
near every debian related
list in the world. i mean, who knew, before now, that we even needed 100%
cotton velour to get the job done? hopefully debian-bugs got the same update.
ben
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
near every debian related
list in the world. i mean, who knew, before now, that we even needed 100%
cotton velour to get the job done? hopefully debian-bugs got the same update.
ben
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Ben is merely behind with updating the BTS, by the looks of it...
Can't close it till I fix woody/sid too. Which will be when 2.2.5 is
released (days).
--
.--===-=-==-=---==-=-.
/ Ben Collins--Debian GNU/Linux
debsign is a part of devscripts. It looks to be present even in Potato.
- Ben
On Thu, Dec 13, 2001 at 05:37:42PM +0200, Samuli Suonpaa blathered thusly:
Wichert Akkerman [EMAIL PROTECTED] wrote:
Previously Alexander Karelas wrote:
RedHat uses a PGP signature scheme. What are we doing
debsign is a part of devscripts. It looks to be present even in Potato.
- Ben
On Thu, Dec 13, 2001 at 05:37:42PM +0200, Samuli Suonpaa blathered thusly:
Wichert Akkerman [EMAIL PROTECTED] wrote:
Previously Alexander Karelas wrote:
RedHat uses a PGP signature scheme. What are we doing about
On Wed, 21 Nov 2001, Guillaume Morin wrote:
Dans un message du 20 nov à 23:33, Anders Gjære écrivait :
in gzip.c
the line:
strcpy(nbuf,dir);
should maybe be replaced with:
strncpy(nbuf, dir,sizeof(nbuf));
gzip runs with user privileges, therefore this is not a
On Wed, 21 Nov 2001, Guillaume Morin wrote:
Dans un message du 20 nov à 23:33, Anders Gjære écrivait :
in gzip.c
the line:
strcpy(nbuf,dir);
should maybe be replaced with:
strncpy(nbuf, dir,sizeof(nbuf));
gzip runs with user privileges, therefore this is not a
the process(es) listening on the named UDP port.
--
/--
| Ben Staffin
gpg key: http://darkskie.net/~benley/pgp.txt |
--/
pgpaNM6YoSBtN.pgp
Description: PGP signature
the process(es) listening on the named UDP port.
--
/--
| Ben Staffin
gpg key: http://darkskie.net/~benley/pgp.txt |
--/
PGP signature
it. Are you sure is not a problem
with your proxy?
I too get the 403 forbidden error. I imagine this does not affect all
of the servers that comprise www.debian.org, and those that are unlucky
enough to get the affected one in their DNS lookup get the error.
--
/--
| Ben Staffin
gpg key: http
it. Are you sure is not a problem
with your proxy?
I too get the 403 forbidden error. I imagine this does not affect all
of the servers that comprise www.debian.org, and those that are unlucky
enough to get the affected one in their DNS lookup get the error.
--
/--
| Ben Staffin
gpg key: http
Layne [EMAIL PROTECTED] writes:
OK they just keep coming. I had 8 messages at 11:00PM , all of who I knew.
Now I have 227 in my in box of solicitors all of who I didn't subscribe to.
And you wonder why I get mad.
Did it ever occur to you that maybe it's not acceptable to harass
everyone on
Paul Visscher [EMAIL PROTECTED] writes:
Ed Street [EMAIL PROTECTED] said:
Already sent mail to the list admin on the bottom of each email.
I just submitted his address in at
http://www.debian.org/MailingLists/unsubscribe to be unsubscribed,
hopefully that will work...
I just submitted
Layne [EMAIL PROTECTED] writes:
OK they just keep coming. I had 8 messages at 11:00PM , all of who I knew.
Now I have 227 in my in box of solicitors all of who I didn't subscribe to.
And you wonder why I get mad.
Did it ever occur to you that maybe it's not acceptable to harass
everyone on
Paul Visscher [EMAIL PROTECTED] writes:
Ed Street [[EMAIL PROTECTED]] said:
Already sent mail to the list admin on the bottom of each email.
I just submitted his address in at
http://www.debian.org/MailingLists/unsubscribe to be unsubscribed,
hopefully that will work...
I just submitted
On Sun, Jun 17, 2001 at 07:55:40PM -0800, Ethan Benson wrote:
a bit. lids makes system adminsitration utterly impossible. unless
you leave enough holes open which an attacker can use to bypass it
all.
well nearly...
at least you can prevent new or unknown process/files from acessing stuff.
On Sun, Jun 17, 2001 at 07:55:40PM -0800, Ethan Benson wrote:
a bit. lids makes system adminsitration utterly impossible. unless
you leave enough holes open which an attacker can use to bypass it
all.
well nearly...
at least you can prevent new or unknown process/files from acessing
Jim Breton [EMAIL PROTECTED] writes:
On Mon, May 28, 2001 at 01:46:07PM +0200, Tomasz Olszewski wrote:
If an user
creates his own $HOME/.xserverrc, it overrides the system wide
xserverrc.
So make /usr/bin/X11/X a wrapper for the real X.
Problem with this is, if you upgrade or
Jim Breton [EMAIL PROTECTED] writes:
On Mon, May 28, 2001 at 01:46:07PM +0200, Tomasz Olszewski wrote:
If an user
creates his own $HOME/.xserverrc, it overrides the system wide
xserverrc.
So make /usr/bin/X11/X a wrapper for the real X.
Problem with this is, if you upgrade or
On Mon, Nov 20, 2000 at 11:33:32AM +0100, Virginie-ML wrote:
On Mon, Nov 20, 2000 at 11:26:28AM +0100, Johan Bergström wrote:
# cat /.esd_auth
[EMAIL PROTECTED]:[EMAIL PROTECTED]@\x9e^@@
There is only this line in ...
Could anybody reassure me please ?:)
I belive its part
Daniel Jacobowitz [EMAIL PROTECTED] writes:
This was fixed a month or two before potato was released.
I've seen those too, on up-to-date woody, so I don't think it
really got fixed.
On Tue, Oct 10, 2000 at 09:09:52PM -0500, Herbert Ho wrote:
hi guys. i have logcheck installed so i got this
AC6C 7ED5 E453 C367 AC7A B474 16E0 758D 7ED9
-BEGIN GEEK CODE BLOCK-
Version: 3.12
GCM d- s:+ a--- C UL P L+++ E W++ N o-- K- w
O--- M- V- PS+ PE- Y PGP t+ 5 X- R tv+ b DI--- D+
G e-- h++ r--- y
--END GEEK CODE BLOCK--
Ben White
78 matches
Mail list logo