On Wed, Jul 31, 2002 at 04:25:20PM -0400, Steve Mickeler wrote:
But updates for potato are still unavailable. I don't think that all of us
moved to woody yet and a lot of people still waiting for a potato fixes.
S?ren, please visit http://www.debian.org/security/
More specifically:
Hello,
FYI:
http://docs.freebsd.org/cgi/getmsg.cgi?fetch=394609+0+current/freebsd-security
--
Noèl Köthe
On Thu, Aug 01, 2002 at 07:09:28AM +0900, [EMAIL PROTECTED] wrote:
From: Phillip Hofmeister [EMAIL PROTECTED]
Subject: Re: Some more port closing questions
Date: Wed, 31 Jul 2002 10:49:44 -0400
On Wed, 31 Jul 2002 at 09:25:40PM +0900, [EMAIL PROTECTED] wrote:
Perhaps update-rc.d or rcconf
Paul Hampson wrote:
On Thu, Aug 01, 2002 at 07:09:28AM +0900, [EMAIL PROTECTED] wrote:
From: Phillip Hofmeister [EMAIL PROTECTED]
Subject: Re: Some more port closing questions
Date: Wed, 31 Jul 2002 10:49:44 -0400
On Wed, 31 Jul 2002 at 09:25:40PM +0900, [EMAIL PROTECTED] wrote:
Perhaps
Hi,
I have no idea if this affects Debian in any way, shape, or form
-- but better safe than sorry, so here it is FYI...
Cheers,
Raymond
- Forwarded message from [...] -
From: [somebody]
To: [another list]
Subject: OpenSSH trojan! (fwd)
Date: Thu, 1 Aug 2002 07:30:37 -0400 (EDT)
On Thu, Aug 01, 2002 at 08:06:21AM -0400, Raymond Wood wrote:
Hi,
I have no idea if this affects Debian in any way, shape, or form
-- but better safe than sorry, so here it is FYI...
Cheers,
Raymond
It's the same version as current sid, but are we talking
a source coded trojan? It would
On Thu, Aug 01, 2002 at 08:06:21AM -0400, Raymond Wood wrote:
Hi,
I have no idea if this affects Debian in any way, shape, or form
-- but better safe than sorry, so here it is FYI...
Cheers,
Raymond
AFAIK this doesn't affect debian package because .tar.gz was
downloaded from
Hi,
Here's the real(tm) question :
Is there any source signing mechanism available in Debian?
SEb
P.S: I didn't found the trojan into the source at fpt.de.debian.org.
Le jeu 01/08/2002 à 14:23, Dale Amon a écrit :
On Thu, Aug 01, 2002 at 08:06:21AM -0400, Raymond Wood wrote:
Hi,
I
On Thu, Aug 01, 2002 at 11:58:59AM +0200, Thiemo Nagel wrote:
Paul Hampson wrote:
You mean like maybe assigning different questions different priorities,
and letting the user choose the priority which a question needs to have
before it is asked, with some default assumed otherwise?
Excellent
On Thu, Aug 01, 2002 at 02:31:07PM +0200, Sebastien Chaumat wrote:
Is there any source signing mechanism available in Debian?
There is, in that the MD5 sum of the .orig.tar.gz goes into
the .dsc file.
Not that it would affect this case, since the trojan would have
been in the tar.gz which had
Paul Hampson wrote:
On Thu, Aug 01, 2002 at 11:58:59AM +0200, Thiemo Nagel wrote:
Paul Hampson wrote:
You mean like maybe assigning different questions different priorities,
and letting the user choose the priority which a question needs to have
before it is asked, with some default assumed
Hi,
Debian doesn't use chfn friends from util-linux.
wouldn't it make sense (in a case like this) to release a DSA,
just stating we are not affected by this, since this fact is
not obvious?
Cheers, Thomas
Le jeu 01/08/2002 à 15:16, Paul Hampson a écrit :
On Thu, Aug 01, 2002 at 02:31:07PM +0200, Sebastien Chaumat wrote:
Is there any source signing mechanism available in Debian?
There is, in that the MD5 sum of the .orig.tar.gz goes into
the .dsc file.
Not that it would affect this case,
Paul Hampson wrote on Thursday, August 01, 2002 3:16 PM:
On Thu, Aug 01, 2002 at 02:31:07PM +0200, Sebastien Chaumat wrote:
Is there any source signing mechanism available in Debian?
There is, in that the MD5 sum of the .orig.tar.gz goes into
the .dsc file.
Not that it would affect this
On Thu, Aug 01, 2002 at 03:06:07PM +0200, Sebastien Chaumat wrote:
I guess in the future (see the apt-src and co threads on devel) more
and more people will auto-build packages localy. This will become a
serious issue then.
Ah, so it was in the source dist then. I presume someone has been
bf-test.c[1] is nothing more than a wrapper which generates a
shell-script[2] which compiles itself and tries to connect to an
server running on 203.62.158.32:6667 (web.snsonline.net).
At 06:39 AM 8/1/02, you wrote:
On Thu, Aug 01, 2002 at 03:06:07PM +0200, Sebastien Chaumat wrote:
I guess
Is there a way to configure Kerberos so the server if the user doesn't
exist (or maybe the password is incorrect) will try to authenticate against
NDS and then create a local Linux-account?
I'm supposed to set up a Linux-server and in some way integrate it with the
existing Novell-servers. The
Hello,
an apt-get update apt-get upgrade -dy today brought me new
libpng[23]-Packages from security.debian.org for woody/stable,
but I can't find an advisory for them. What changes were made?
Regards,
Martin
Hi,
--On Thursday, August 01, 2002 16:50:16 +0200 Martin Hermanowski
[EMAIL PROTECTED] wrote:
an apt-get update apt-get upgrade -dy today brought me new
libpng[23]-Packages from security.debian.org for woody/stable,
but I can't find an advisory for them. What changes were made?
maybe you
an apt-get update apt-get upgrade -dy today brought me new
libpng[23]-Packages from security.debian.org for woody/stable,
but I can't find an advisory for them. What changes were made?
The advisory was DSA 140-1. If it's not on the web site, it will be.
You should subscribe to
I thing you will have to write own pam module.
I recomend you ncpfs from ftp://platan.vc.cvut.cz
We use similar system using LDAP Gateway for NDS download all novell users
from NDS via LDAP. For authetication we use login with added ability
to authenticate against NDS. Trere is ale pam_ncp, I
On Tuesday, July 30, 2002, at 07:47 AM, Wichert Akkerman wrote:
-BEGIN PGP SIGNED MESSAGE-
-
Debian Security Advisory DSA-136-1 [EMAIL PROTECTED]
http://www.debian.org/security/
On Thu, Aug 01, 2002 at 12:19:52PM -0500, Paul Baker wrote:
Is there an ETA yet on potato packages, or should I continue to try and
backport the woody packages to my potato machines myself?
Just as an encouragement, the upgrade process from potato to woody is
pretty painless. I've already
Should debian users be worried if they only install the pre built .deb
package or should we evaluate the source and install the ssh from
source?
I guess the next question is Do I Have it?
Sincerely,
Daniel J. Rychlik
Money does not make the world go round , Gravity does .
-Original
I thought I had subscribed to dsa. I got an Advisory just after I sent
my mail out, perhaps I had been just to impatient.
I was a little bit nervous because of that openssh problem I think ;-)
Thanks!
Regards,
Martin
On Thu, Aug 01, 2002 at 05:03:30PM +0200, Dirk Hartmann wrote:
Hi,
--On
What sort of solution do other use for running an apt-get
from a script? I use cfengine and pre-prepared site configs,
but there are some apps on which apt-get simply won't work
because even -y won't force it to shut up and just default
to something.
Is there some way on a case by case basis to
On Thu, Aug 01, 2002 at 03:06:47PM -0500, Daniel J. Rychlik wrote:
Should debian users be worried if they only install the pre built .deb
package or should we evaluate the source and install the ssh from
source?
I guess the next question is Do I Have it?
I think the answer from earlier
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Good evening.
I've seen some of the discussion about OpenSSL and it's holes, remote
exploits or whatever. I'm not sure if the thread about it already covers
this but ah well, here goes. After I heard about this I instantly
upgraded my testing-branch
Jussi Ekholm [EMAIL PROTECTED] wrote:
I've seen some of the discussion about OpenSSL and it's holes, remot
Topic had a mindo, sorry about that. OpenSSL was what I wrote about. :-)
--
Jussi Ekholm -- [EMAIL PROTECTED] -- http://erppimaa.ihku.org/
pgpAIVkysUEW8.pgp
Description: PGP
Hello,
Does anyone have any information on the status of the update for potato
concerning the openssl vulnerability discussed in:
http://www.debian.org/security/2002/dsa-136
Thank you.
Andrew
Hi,
From: Paul Hampson [EMAIL PROTECTED]
Subject: Re: Some more port closing questions
Date: Thu, 1 Aug 2002 20:17:10 +1000
On Thu, Aug 01, 2002 at 07:09:28AM +0900, [EMAIL PROTECTED] wrote:
From: Phillip Hofmeister [EMAIL PROTECTED]
Subject: Re: Some more port closing questions
Date:
On Thursday, August 1, 2002, at 01:33 PM, Ted Deppner wrote:
On Thu, Aug 01, 2002 at 12:19:52PM -0500, Paul Baker wrote:
Is there an ETA yet on potato packages, or should I continue to try and
backport the woody packages to my potato machines myself?
Just as an encouragement, the upgrade
On Thu, Aug 01, 2002 at 06:25:48PM -0500, Paul Baker wrote:
Yeah it *should* be painless. Unfortuneately, we are using our own
compiled apache, mod*, mysql, and a few other things in /usr/local. As
part of the upgrade to woody though I want to start using only Debian
versions of
On Thu, Aug 01, 2002 at 05:07:14PM -0700, Bob Nielsen wrote:
I've found all the CPAN modules I have needed exist in woody, but
sometimes you need to be creative in figuring out the package name to
look for, although 'apt-cache search' helps a lot. If you can't find a
module you need, the
On Thursday, August 1, 2002, at 06:35 PM, [EMAIL PROTECTED] wrote:
You might find the checkinstall package to be of some use here. It's
worked quite nicely for most things I've tried it for.
That would be more of the quick short cut way of doing it which always
seems to byte you in the ass
Hi,
From: Paul Baker [EMAIL PROTECTED]
Subject: Re: [SECURITY] [DSA-136-1] Multiple OpenSSL problems
Date: Thu, 1 Aug 2002 20:04:24 -0500
On Thursday, August 1, 2002, at 06:35 PM, [EMAIL PROTECTED] wrote:
You might find the checkinstall package to be of some use here. It's
worked quite
On Fri, Aug 02, 2002 at 07:12:54AM +0900, [EMAIL PROTECTED] wrote:
From: Paul Hampson [EMAIL PROTECTED]
Subject: Re: Some more port closing questions
Date: Thu, 1 Aug 2002 20:17:10 +1000
On Thu, Aug 01, 2002 at 07:09:28AM +0900, [EMAIL PROTECTED] wrote:
It seems like you could just have a
Hi,
From: Karl E. Jorgensen [EMAIL PROTECTED]
Subject: Re: service enablement via mail and otp?
Date: Thu, 1 Aug 2002 01:20:46 +0100
...
I wrote:
I've downloaded a copy and taken a quick look at the man page -- I
didn't notice anything about mechanisms for dealing w/ replay attacks
in
39 matches
Mail list logo