Re: [qubes-devel] Re: not getting compromised while applying apt-get upgrade for CVE-2016-1252

On 12/19/2016 06:26 PM, Patrick Schleizer wrote: What about Debian graphical installer security? Isn't that in meanwhile the ideal target for exploitation for targeted attacks? Because it will take a while until the Debian point release with fixed apt. And during the gui installer, the output

External check

CVE-2016-9592: RESERVED -- The output might be a bit terse, but the above ids are known elsewhere, check the references in the tracker. The second part indicates the status of that id in the tracker at the moment the script was run.

DSA candidates

ansible/stable -- cairo/stable -- ceph/stable -- dcmtk/stable -- dhcpcd5/stable -- exim4/stable -- imagemagick/stable -- kde-runtime/stable -- kdesudo/stable -- libav/stable -- libcrypto++/stable -- libgc/stable -- libgd2/stable -- libgsf/stable -- libtomcrypt/stable -- libtorrent-rasterbar/stable

Re: HTTPS needs to be implemented for updating

On Sun, Dec 18, 2016 at 12:35 PM, datanoise wrote: > There could be https mirrors as well as non-https mirrors. There is https://cloudfront.debian.net which you could decide to trust. It doesn't *need* to be a "Debian SSL cert"; since you trust the mirror anyway is

Re: HTTPS needs to be implemented for updating

Peter Lawler: > > > On 18/12/16 22:03, Christoph Moench-Tegeder wrote: >> second point requires a lot of work >> to resolve. >> >> Regards, >> Christoph >> > > Monday morning yet-to-be-caffienated thoughts... > > I'm going to ignore the 'inconvenience' because I think in this case > that's a

Re: not getting compromised while applying apt-get upgrade for CVE-2016-1252

What about Debian graphical installer security? Isn't that in meanwhile the ideal target for exploitation for targeted attacks? Because it will take a while until the Debian point release with fixed apt. And during the gui installer, the output of apt-get is not visible. And stuff during