work.
It's very hard work, tons of sensitive issues, need to be dealt with
timely manner and never ends. Debian's reputation relies on such people.
--
Hideki Yamane
Hi,
policykit-1 in testing is noted as vulnerable but its version
0.105-31.1~deb12u1 fixed CVE-2021-4034.
Will the data in security-tracker be updated automatically?
--
Regards,
Hideki Yamane henrich @ debian.org/iijmio-mail.jp
issing RELRO header", does it
affect policykit-1? (or maybe affects more widely?)
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004272
--
Hideki Yamane
t; There's a bug report requesting a build flags change:
>
> <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918914>
>
> We should keep a record of any discussion in that bug report.
Thanks Florian, I've subscribed it.
--
Regards,
Hideki Yamane henrich @ debian.org/iijmio-mail.jp
Hi,
I've read systemd's vulnerability article [1] and then I have
a question, do we have any plan to enable "-fstack-clash-protection"
by default? I cannot find any discussion about it.
[1] https://www.zdnet.com/article/new-linux-systemd-security-holes-uncovered/
--
Hideki Yamane
e.org/src/info/940f2adc8541a838
> [3] https://www.sqlite.org/src/info/de0781485701c138
Thanks for your work!
"Only Chrome seems to be affected" but how about chromium?
--
Regards,
Hideki Yamane henrich @ debian.org/iijmio-mail.jp
release, so tracking is important.
--
Hideki Yamane
encent.com/magellan/index_en.html
CVE is not assigned yet, but we should track and try to fix it.
--
Hideki Yamane
On Wed, 7 Nov 2018 09:57:25 +0100
Moritz Muehlenhoff wrote:
> I also don't see a need for this, but historically some of the advisories
> were translated.
Yes, I did it for Japanese for years, but from now on we should
treat it as "low".
--
Hideki Yamane
anslate DLAs?
At DebConf18 Web BoF, we've discussed about translations and security
advisories are not necessary to translate (since it is for administrators,
not general users and most of them are in the same pattern), not prior to
other pages.
--
Hideki Yamane
Hi,
I'm just curious, Ubuntu developer said that there was no embargo for
eject package vulnerability with Debian, is it true and if so, why?
https://bugs.launchpad.net/ubuntu/+source/eject/+bug/1673627/comments/3
--
Hideki Yamane
katsugu says it maybe not sufficient to fix non-x86 archs.
for this issue. see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837984
I'm not sure whether it's true or not, but can you give a look into it,
please?
--
Regards,
Hideki Yamane henrich @ debian.or.jp/org
http://wiki.debian.org/HidekiYamane
Hi,
Just some question.
https://packages.debian.org/jessie/mysql-server-core-5.5 says
armhf 5.5.50-0+deb8u1 it's only arch that have old version.
mysql-5.5 in armhf, there is no jessie-security log.
https://buildd.debian.org/status/logs.php?pkg=mysql-5.5=armhf
bpng12-0 (remotely exploitable, high urgency)
--
Regards,
Hideki Yamane henrich @ debian.or.jp/org
http://wiki.debian.org/HidekiYamane
able-security and oldstable-security.
Thanks for your hard work!
--
Regards,
Hideki Yamane henrich @ debian.or.jp/org
http://wiki.debian.org/HidekiYamane
-tracker.debian.org/tracker/source-package/postfix
Cons)
- well, maybe I didn't get it ;) If you want to continue to use Exim, you
can do it via apt-get.
Please let me know your idea for this.
Thanks.
--
Regards,
Hideki Yamane henrich @ debian.or.jp/org
http://wiki.debian.org
On Mon, 6 Dec 2010 17:18:31 +0100
Mathieu Parent math.par...@gmail.com wrote:
I have found this report which is not yet in CVE:
Those issues are solved in lenny-volatile and unstable.
see http://packages.qa.debian.org/c/clamav.html
--
Regards,
Hideki Yamane henrich @ debian.or.jp/org
.
It's odd... they might concentrate to release firefox and forget about
thunderbird ;-)
--
Regards,
Hideki Yamane henrich @ debian.or.jp/org
http://wiki.debian.org/HidekiYamane
--
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe
do so.
--
Regards,
Hideki Yamane henrich @ debian.or.jp/org
http://wiki.debian.org/HidekiYamane
--
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org
Please add it to there, thanks.
--
Regards,
Hideki Yamane henrich @ debian.or.jp/org
http://wiki.debian.org/HidekiYamane
--
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http
it to -announce tomorrow and will ad it to the webpage.
So, DSA-1975 web page will not appear? Anyway, it should be there, I think.
--
Regards,
Hideki Yamane henrich @ debian.or.jp/iijmio-mail.jp
http://wiki.debian.org/HidekiYamane
--
To UNSUBSCRIBE, email to debian-security-requ
Hi,
Please add Debian Security Advisory info for CVE-2008-2812.
http://www.debian.org/security/2008/dsa-1630
and if there is no page for the vulnerability, please check
http://lists.debian.org/debian-security-announce/ , then link
to mail archive.
Thanks.
--
Regards,
Hideki Yamane
nothing', I think.
--
Regards,
Hideki Yamane henrich @ debian.or.jp/iijmio-mail.jp
http://wiki.debian.org/HidekiYamane
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
If we don't apply workaround in DSA-1605, my Debian box is exploitable?
If exploitable, is it easy (impact/risk)?
I'm confused... help.
--
Regards,
Hideki Yamane henrich @ debian.or.jp/iijmio-mail.jp
http://wiki.debian.org/HidekiYamane
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED
) and many many people (Windows, Mac and a few Linux and *BSD users ;)
use such wireless AP and unpatched name servers provided by dhcpd...
oh no ;(
--
Regards,
Hideki Yamane henrich @ debian.or.jp/iijmio-mail.jp
http://wiki.debian.org/HidekiYamane
--
To UNSUBSCRIBE, email to [EMAIL
...
--
Regards,
Hideki Yamane henrich @ debian.or.jp/iijmio-mail.jp
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
, and will believe those articles and execute command with copy
paste... ;-)
And if we would get it via package, when dowkd.pl is updated we can know
about it automatically (with apt-get :-)
--
Regards,
Hideki Yamane henrich @ debian.or.jp/iijmio-mail.jp
--
To UNSUBSCRIBE, email to [EMAIL
Hi,
On Tue, 3 Jul 2007 00:12:09 +0200
Moritz Muehlenhoff [EMAIL PROTECTED] wrote:
If someone is able to read Japanese, please look into Bug 429174
for mecab and provide the necessary information what this issue
is all about in the bug log.
I've checked an upstream mailing list.
It would
-tranport-agent
mail-transport-agent ?
same typo is in dsa-635. It should be fixed in web pages.
--
Regards,
Hideki Yamane henrich @ samba.gr.jp/iijmio-mail.jp
Key fingerprint = 4555 82ED 38B6 C870 E099 388C 22ED 21CB C4C7 264B
3.0.10-1 for unstable and testing has come.
But ... vulnerabilities that in samba 3.0.x affect 2.2.x too.
(and upstream stops support for 2.2.x) and no DSA has come.
What should people who use woody's samba package do?
--
Regards,
Hideki Yamane henrich @ samba.gr.jp/iijmio-mail.jp
Key
1.3.2 in sid/sarge is not vulnerable.
so, should fix wml file (and its translations).
--
Regards,
Hideki Yamanemailto:henrich @ iijmio-mail.jp
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
for 2.2.x is terminated
in 31th Oct, but CAN-2004-0600 and CAN-2004-0686 published
in July...about 4 mouths ago. Debian Samba package in stable
would be affected, I think, but no DSA is published.
See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=260838
Why?
--
Regards,
Hideki Yamane
fixed for unstable at least.
How about CAN-2004-0600 and CAN-2004-0686 for samba in stable?
--
Regards,
Hideki Yamane henrich @ samba.gr.jp/iijmio-mail.jp
Key fingerprint = 4555 82ED 38B6 C870 E099 388C 22ED 21CB C4C7 264B
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject
this DSA 600-1 issue can
avoid by editing smb.conf as workaround.
I saw the post in BTS, but it seems to be left since July...
(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=260838)
Does anyone know about this issue?
--
Regards,
Hideki Yamane henrich @ samba.gr.jp/iijmio-mail.jp
, and #259351 php4: memory_limit vulnerability.
--
Regards,
Hideki Yamanemailto:henrich @ samba.gr.jp/iijmio-mail.jp
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
.
--
Regards,
Hideki Yamanemailto:henrich @ samba.gr.jp/iijmio-mail.jp
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
.
--
Regards,
Hideki Yamanemailto:henrich @ samba.gr.jp/iijmio-mail.jp
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Hi,
Tue, 15 Jun 2004 10:35:33 +0200, Rudy Gevaert
securing PHP (was: Kernel Crash Bug)
Can somebody point me to some documentation about securing PHP?
Not documentation but patch for php, Hardened-PHP.
http://www.hardened-php.net/
--
Regards,
Hideki Yamanemailto:henrich
.
--
Regards,
Hideki Yamanemailto:henrich @ samba.gr.jp/iijmio-mail.jp
Hi,
Tue, 15 Jun 2004 10:35:33 +0200, Rudy Gevaert
securing PHP (was: Kernel Crash Bug)
Can somebody point me to some documentation about securing PHP?
Not documentation but patch for php, Hardened-PHP.
http://www.hardened-php.net/
--
Regards,
Hideki Yamanemailto:henrich
Hi list,
Does anyone know about if security.debian.org is down or not?
I cannot get .debs from it, and ping to it with no reply.
--
Regards,
Hideki Yamanemailto:henrich @ samba.gr.jp/iijmio-mail.jp
anyone know about this?
--
Regards,
Hideki Yamanemailto:henrich @ samba.gr.jp/iijmio-mail.jp
I thought what I'd do was, I'd pretend I was one of those deaf-mutes.
from Ghost in the shell - Stand Alone Complex
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED
anyone know about this?
--
Regards,
Hideki Yamanemailto:henrich @ samba.gr.jp/iijmio-mail.jp
I thought what I'd do was, I'd pretend I was one of those deaf-mutes.
from Ghost in the shell - Stand Alone Complex
better
that defalt value is md5 than crypt.
--
Regards,
Hideki Yamanemailto:henrich @ samba.gr.jp/iijmio-mail.jp
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
- Windows Service for Unix) cannot use MD5 password for NIS.
Is it not true?
--
Regards,
Hideki Yamanemailto:henrich @ samba.gr.jp/iijmio-mail.jp
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
better
that defalt value is md5 than crypt.
--
Regards,
Hideki Yamanemailto:henrich @ samba.gr.jp/iijmio-mail.jp
- Windows Service for Unix) cannot use MD5 password for NIS.
Is it not true?
--
Regards,
Hideki Yamanemailto:henrich @ samba.gr.jp/iijmio-mail.jp
in version
2.4.18-12 of the kernel source packages, version 2.4.18-14 of the i386
kernel images and version 2.4.18-11 of the alpha kernel images.
--
Regards,
Hideki Yamanemailto:henrich @ iijmio-mail.jp
in version
2.4.18-12 of the kernel source packages, version 2.4.18-14 of the i386
kernel images and version 2.4.18-11 of the alpha kernel images.
--
Regards,
Hideki Yamanemailto:henrich @ iijmio-mail.jp
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble
and I cannot find any patches
for mod_alias.c in apache-1.3.26/debian/patches directory.
So I guess debian's apache is effected by this vulnerability.
Do I misunderstand this? Does apache package in debian not
require security update?
please tell me. thanks.
--
Regards,
Hideki Yamane
(6 years, 3 months ago) by akosut
http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/modules/standard/mod_alias.c?rev=1.17content-type=text/vnd.viewcvs-markup
Have woody's apache patched to mod_alias anything ?
if so, why upstream left it?
--
Regards,
Hideki Yamanemailto:henrich
(6 years, 3 months ago) by akosut
http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/modules/standard/mod_alias.c?rev=1.17content-type=text/vnd.viewcvs-markup
Have woody's apache patched to mod_alias anything ?
if so, why upstream left it?
--
Regards,
Hideki Yamanemailto:henrich
/cgi-bin/bugreport.cgi?bug=217278
--
Regards,
Hideki Yamanemailto:henrich @ iijmio-mail.jp
want to post it to BTS...
--
Regards,
Hideki Yamanemailto:henrich @ iijmio-mail.jp
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
want to post it to BTS...
--
Regards,
Hideki Yamanemailto:henrich @ iijmio-mail.jp
alone ?
or not effect Debian package? (if so, this bug should be closed.)
--
Regards,
Hideki Yamanemailto:henrich @ iijmio-mail.jp
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
alone ?
or not effect Debian package? (if so, this bug should be closed.)
--
Regards,
Hideki Yamanemailto:henrich @ iijmio-mail.jp
1.8.4beta1-3 0
1001 ftp://ftp.us.debian.org stable/main Packages
I don't know apt-cache policy package usage.
it seems useful :)
--
Hideki Yamane mailto:henrich @ iijmio-mail.jp, mb.kcom.ne.jp
henrich @ azumanga-daioh.org, ma-aya.{net, to}
--
To UNSUBSCRIBE
# but, yes, DSA have not been released yet.
# if you think that is too dangerous, post it in BTS is good.
# for example, I posted in BTS about slocate vulnerability and
# the security team released DSA-252.
--
regards,
Hideki Yamane mailto:henrich @ iijmio-mail.jp, mb.kcom.ne.jp
# but, yes, DSA have not been released yet.
# if you think that is too dangerous, post it in BTS is good.
# for example, I posted in BTS about slocate vulnerability and
# the security team released DSA-252.
--
regards,
Hideki Yamane mailto:henrich @ iijmio-mail.jp, mb.kcom.ne.jp
60 matches
Mail list logo