Hello,
Am 04/04/2017 um 08:11 AM schrieb Salvatore Bonaccorso:
> Hi
>
> On Tue, Apr 04, 2017 at 12:52:41AM +0200, Jan Lühr wrote:
>> Hei folks,
>>
>> android recently patched CVE-2016-10229: Remote code execution
>> vulnerability in kernel networking subsys
Hei folks,
android recently patched CVE-2016-10229: Remote code execution
vulnerability in kernel networking subsystem.
Since https://security-tracker.debian.org/tracker/CVE-2016-10229 is
rather blank ... does this problem exists in debian, too?
Thanks, Jan
--
There's a ripped off cord
To my
Hello,
Am 10/04/2016 um 07:57 PM schrieb Nicholas Luedtke:
> On 10/04/2016 11:40 AM, Felix Knecht wrote:
>
>> On 10/04/2016 06:38 PM, Jan Lühr wrote:
>>> CVE-2016-7117 was patched in Android today.I don't see much information
>>> right now. The title is rather f
Hello,
CVE-2016-7117 was patched in Android today.I don't see much information
right now. The title is rather frightening - the issue appears to be urgent.
Can you confirm, that common Debian installation are unaffected and
cannot be taken over via CVE-2016-7117?
If not, I'd like to shut down a
Hello folks,
thanks for providing a patch in Debian. One question:
Am 02/16/2016 um 03:18 PM schrieb Salvatore Bonaccorso:
> CVE-2015-7547
>
> The Google Security Team and Red Hat discovered that the glibc
Comparing the age (2015-07) and the severity: Can you give some details
on the
Hello folks,
short one: Is Debian GNU/Linux affected by
http://www.openssh.com/txt/gcmrekey.adv ?
Thanks,
Keep smiling
yanosz
signature.asc
Description: Message signed with OpenPGP using GPGMail
Hello,
On Friday 16 April 2010 10:01:46 you wrote:
Hi,
Jason Self wrote/schrieb @ 15.04.2010 21:52:
Kurt Roeckx k...@roeckx.be wrote ..
What does this mean exactly?
deb http://volatile.debian.org/debian-volatile \
lenny-proposed-updates/volatile main contrib non-free
The imho more
Hello,
On Sunday 18 April 2010 22:52:41 Jan Lühr wrote:
Hello,
On Friday 16 April 2010 10:01:46 you wrote:
Hi,
Jason Self wrote/schrieb @ 15.04.2010 21:52:
Kurt Roeckx k...@roeckx.be wrote ..
What does this mean exactly?
deb http://volatile.debian.org/debian-volatile
Greetings,
Am Donnerstag, 14. Juli 2005 17:40 schrieb Herwig Wittmann:
Hi!
I am trying to understand if my organization can rely on the debian
security announcement mailing list as only source of security alerts in
the future.
This would be very convenient- but the delay that seems to have
(open letter to the debian security team)
Greetings,..
on friday, 8th july 2005 07:58 Martin Schulze wrote:
[...]
The Debian project confirms that the security infrastructure for both
the current release Debian GNU/Linux 3.1 (alias sarge) and the former
release 3.0 (alias woody) is working
Greetings,
Am Donnerstag, 30. Juni 2005 12:57 schrieb Paul Haesler:
Hi everybody. I hope this question won't be too stupid.
When I perform a standard installation (i.e minimal), the installer
installs many servers, and launches them (like portmap, ssh, exim,
etc). Why? I think that
Greetings,
Am Montag, 27. Juni 2005 15:54 schrieb Carl-Eric Menzel:
On Mon, 27 Jun 2005 15:50:19 +0200, Jan Wagner [EMAIL PROTECTED] said:
On Monday 27 June 2005 15:25, W. Borgert wrote:
Just FYI: The well-known German Heise Newsticker (IT related) has an
article today with the title
Greetings,
Am Montag, 27. Juni 2005 20:10 schrieb Adam Majer:
Jan Lühr wrote:
Greetings,
Am Montag, 27. Juni 2005 15:54 schrieb Carl-Eric Menzel:
Does anybody know what the actual problem is, i.e. why there are no
updates?
This is not an actual problem, this problem is rather imho
Greetings,..
Am Donnerstag, 23. Juni 2005 13:42 schrieb [EMAIL PROTECTED]:
Hi list,
a remote-dos-vulnerability in spamassassin 3.0.1-3.0.3 was announced a
week ago. while most other distributions have since then reacted on this
a debian stable security fix seems still unavailable. on the
Greetings,
Am Samstag, 18. Juni 2005 09:04 schrieb Helmut Toplitzer:
Hi!
Just a few remarks:
Use unstable or testing, and apply security fixes yourself. Over
To my opinion this is a bad suggestion. Maybe my last mail was a bit
unclear about this. As security is a process rather than a
Greetings,
Am Freitag, 17. Juni 2005 10:58 schrieb Florian Weimer:
Rumors suggest that the technical foundations of security support for
sarge and woody are working again.
Nice to hear - however, a SpamAssassin-patch has to be ported to sarge.[1]
Let's see... the Sec-Announce was posted ~2
Greetings,
Am Montag 04 April 2005 11:03 schrieb Moritz Muehlenhoff:
Jan Lühr wrote:
Is Samba going to be the next mozilla?
The Sama 2.2 tree is obsolete and not provided with upstream fixes.[1]
Have a look at the size of upstream's patch and you'll see why it took so
long.
Is there some
Greetings,
is there any progress in providing fixed kernels for stable?
I was just wondering 'cause I expected 'em three months ago.
Keep smiling
yanosz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Greetings,
Am Sonntag 03 April 2005 22:57 schrieb Harald Krammer:
Hi Jan,
I had the same question but this is a while ago. At the moment I use
kernel 2.4.27 from backport.org.
Here is the link from the old thread:
http://lists.debian.org/debian-security/2005/01/threads.html#00201
Me, too
Greetings,
Am Sonntag 03 April 2005 23:16 schrieb Jan Lhr:
Greetings,
Am Sonntag 03 April 2005 22:57 schrieb Harald Krammer:
Hi Jan,
I had the same question but this is a while ago. At the moment I use
kernel 2.4.27 from backport.org.
Here is the link from the old thread:
Greetings,
Am Freitag, 18. Februar 2005 04:51 schrieb JM:
Hello,
* Besides grsecurity patch, pax etc...What other recommendations are there
to patch a kernel on a woody or sarge production server?
* Any experiences/opinions with the debian-hardened kernels?
* Is it that terrible running X
Greetings,..
Am Montag, 7. Februar 2005 14:10 schrieb Andras Got:
Hi,
You should start with grsec low and proc restricions set customly.
Hardening your kernel is always a option. The grsec default high settings,
and PaX break Jetty (java server container) in two, so it simply won't
start,
Greetings,
Am Sonntag, 30. Januar 2005 21:14 schrieb Alexander Schmehl:
Hi!
* Michelle Konzack [EMAIL PROTECTED] [050130 20:29]:
how does it come, that every time, you're telling such a story and are
requested for some proof, one of your services is down, you cite
completly unrelated
Greetings,
Am Sonntag, 30. Januar 2005 22:46 schrieb Alexander Schmehl:
* Jan Lühr [EMAIL PROTECTED] [050130 22:13]:
Don't take it down personal. Jugding about DSA's I've seen, there is
currently _no_ security-support for 2.4.18.
I didn't made any statement about security support of 2.4.18
Greetings,
Am Freitag, 28. Januar 2005 21:25 schrieb Harald Krammer:
hi !
I have running some debian/woody machines with kernel 2.4.18.
blocked@blocked:~$ cat /proc/version
Linux version 2.4.18-1-k7 ([EMAIL PROTECTED]) (gcc version 2.95.4 20011002
(Debian prerelease)) #1 Wed Apr 14
Greetings,
Am Donnerstag, 13. Januar 2005 10:06 schrieb Christophe Chisogne:
Jan Lühr a écrit :
Do you recommend to use kernel-source-2.4.27 from sid (sarge) instead of
2.4.18 from woody?
On a production server, I would run 2.4, not 2.6.
m2
And as Debian security
support seems better
Greetings,
things seem to be in a rush right now, and I'm looking for a little overview.
In the past 1-2 months several kernel exploits rushed through the news that
might / can / probably will affect debian stable. However, I haven't seen any
signle DSA regarding the following issues: Can you
Greetings,
Am Mittwoch, 12. Januar 2005 18:27 schrieb Sam Morris:
Jan Lhr wrote:
Greetings,
things seem to be in a rush right now, and I'm looking for a little
overview. In the past 1-2 months several kernel exploits rushed through
the news that might / can / probably will affect
Greetings,
Am Mittwoch, 12. Januar 2005 20:32 schrieb Joey Hess:
Jan Lühr wrote:
things seem to be in a rush right now, and I'm looking for a little
overview. In the past 1-2 months several kernel exploits rushed through
the news that might / can / probably will affect debian stable
Greetings,
just asking, cause it is relevant for me:
Will there be new official stable packages in the next few days (3-4)?
(If not, I've to patch it by myself)
Keep smiling
yanosz
---BeginMessage---
*** From dhcp-announce -- To unsubscribe, see the end of this message. ***
Debian has
Greetings,
Am Dienstag, 9. November 2004 21:44 schrieb Bartosz Fenski aka fEnIo:
On Tue, Nov 09, 2004 at 09:28:34PM +0100, Jan Lühr wrote:
just asking, cause it is relevant for me:
Will there be new official stable packages in the next few days (3-4)?
(If not, I've to patch it by myself
Greetings,...
Am Samstag, 23. Oktober 2004 00:36 schrieb Michael Stone:
On Fri, Oct 22, 2004 at 11:13:55PM +0200, Jan Lühr wrote:
Of course, providing security on that level is not the best way to ensure
the system's integrity and safety.
But why do you think, that security on filesystem
Greetings,...
Am Samstag, 23. Oktober 2004 05:58 schrieb Daniel Pittman:
On 23 Oct 2004, Jan Lhr wrote:
Am Freitag, 22. Oktober 2004 14:02 schrieb Daniel Pittman:
On 22 Oct 2004, Jan Lhr wrote:
Yes, and that is one of the core points in my suggestion that you look
at SELinux or a similar
Greetings,
because of the recent xpdf issues I tested the access restrictions of some
users like lp, mail, etc. with default settings in sarge. I noticed that, by
default, no acl were used to prevent access to vital system commands, the
user shouldn't have. For instance: lp could mount a vfat
Greetings,
Am Freitag, 22. Oktober 2004 14:02 schrieb Daniel Pittman:
On 22 Oct 2004, Jan Lhr wrote:
because of the recent xpdf issues I tested the access restrictions of
some users like lp, mail, etc. with default settings in sarge. I noticed
that, by default, no acl were used to prevent
Greetings,
Am Sonntag, 18. April 2004 18:56 schrieb Matt Zimmerman:
On Sat, Apr 17, 2004 at 10:16:11PM +0200, Jan L??hr wrote:
what about
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020 ? Is
debian finally going to fix it?
Current consensus between the security team and
Greetings,
Am Sonntag, 18. April 2004 18:56 schrieb Matt Zimmerman:
On Sat, Apr 17, 2004 at 10:16:11PM +0200, Jan L??hr wrote:
what about
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020 ? Is
debian finally going to fix it?
Current consensus between the security team and
Greetings,
what about http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020 ?
Is debian finally going to fix it?
keep smiling
yanosz
Greetings,
Am Mittwoch, 14. April 2004 23:08 schrieb Phillip Hofmeister:
If you checked the reference CVE numbers you should be able to tell when
the exposure first occurred (or close to it).
Thanks :) - I have already been there. Are there any, no longer classified
information about the
Greetings,
Am Mittwoch, 14. April 2004 23:08 schrieb Phillip Hofmeister:
If you checked the reference CVE numbers you should be able to tell when
the exposure first occurred (or close to it).
Thanks :) - I have already been there. Are there any, no longer classified
information about the
Greetings,
Am Mittwoch, 14. April 2004 16:52 schrieb Martin Schulze:
--
Debian Security Advisory DSA 479-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
Greetings,..
Am Mittwoch, 14. April 2004 20:57 schrieben Sie:
Jan Lühr [EMAIL PROTECTED] writes:
Greetings,
Okay... This is the result of a cursory check, do your homework, yada,
yada...
Thanks for doing so ;) Anyway, this wasn't the intetention of my post.
My point is, that five local
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,
Am Montag, 22. März 2004 19:30 schrieb Sven Hoexter:
On Mon, Mar 22, 2004 at 06:57:39PM +0100, Giacomo Mulas wrote:
There is a \begin{sarcasm} nice \end{sarcasm} article in
linuxworld Australia (see
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,...
Am Montag, 22. März 2004 21:05 schrieb Matt Zimmerman:
On Mon, Mar 22, 2004 at 08:57:26PM +0100, Jan L?hr wrote:
Cron is another example
Cron is another example of what? By all means, please elaborate.
Of a package of the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,
Am Montag, 22. März 2004 21:52 schrieb Ramon Kagan:
Every so often another set of tirades goes across this list. So I wish
only to give my 2 cents.
1. If you don't like the way debian conducts it's FREE business, my
opinion is go
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,
Am Montag, 22. März 2004 21:20 schrieb Nathan Eric Norman:
On Mon, Mar 22, 2004 at 10:01:14PM +0100, Jan Lühr wrote:
Greetings,
Am Montag, 22. März 2004 21:16 schrieb Bryan Allen:
On Mar 22, 2004, at 2:57 PM, Jan Lühr wrote
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,
Am Montag, 22. März 2004 19:30 schrieb Sven Hoexter:
On Mon, Mar 22, 2004 at 06:57:39PM +0100, Giacomo Mulas wrote:
There is a \begin{sarcasm} nice \end{sarcasm} article in
linuxworld Australia (see
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,...
Am Montag, 22. März 2004 21:05 schrieb Matt Zimmerman:
On Mon, Mar 22, 2004 at 08:57:26PM +0100, Jan L?hr wrote:
Cron is another example
Cron is another example of what? By all means, please elaborate.
Of a package of the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,
Am Montag, 22. März 2004 21:16 schrieb Bryan Allen:
On Mar 22, 2004, at 2:57 PM, Jan Lühr wrote:
Cron is another example - the be honest, the debian security team
seems to be
crippled by the debian release policy.
Because
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,
Am Montag, 22. März 2004 21:52 schrieb Ramon Kagan:
Every so often another set of tirades goes across this list. So I wish
only to give my 2 cents.
1. If you don't like the way debian conducts it's FREE business, my
opinion is go
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,
Am Montag, 22. März 2004 21:20 schrieb Nathan Eric Norman:
On Mon, Mar 22, 2004 at 10:01:14PM +0100, Jan Lühr wrote:
Greetings,
Am Montag, 22. März 2004 21:16 schrieb Bryan Allen:
On Mar 22, 2004, at 2:57 PM, Jan Lühr wrote
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,
Am Mittwoch, 10. März 2004 22:39 schrieb Florian Weimer:
Sven Hoexter wrote:
Okay, if that's the case, I'm going to start a campaign for including
Mozilla 1.4 (plus fixes) in stable.
Well why just include 1.4 and not 1.6?
Greetings,
Am Donnerstag, 11. März 2004 19:22 schrieb Phillip Hofmeister:
On Thu, 11 Mar 2004 at 12:24:15PM -0500, Matt Zimmerman wrote:
This introduces a whole new set of problems, given Mozilla's upgrade
history (not preserving user configuration data, breaking compatibility
with
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,
Am Mittwoch, 10. März 2004 22:39 schrieb Florian Weimer:
Sven Hoexter wrote:
Okay, if that's the case, I'm going to start a campaign for including
Mozilla 1.4 (plus fixes) in stable.
Well why just include 1.4 and not 1.6?
Greetings,
Am Donnerstag, 11. März 2004 19:22 schrieb Phillip Hofmeister:
On Thu, 11 Mar 2004 at 12:24:15PM -0500, Matt Zimmerman wrote:
This introduces a whole new set of problems, given Mozilla's upgrade
history (not preserving user configuration data, breaking compatibility
with
Greetings,
Am Mittwoch, 10. März 2004 17:06 schrieben Sie:
Jan Lühr wrote:
So is mozilla the forgotten package? Considering how popular mozilla is,
making it secure would be worth the effort - imho.
How many of Mozilla's security bugs which are fix during routine
upgrades are discussed
Greetings,
Am Mittwoch, 10. März 2004 17:06 schrieben Sie:
Jan Lühr wrote:
So is mozilla the forgotten package? Considering how popular mozilla is,
making it secure would be worth the effort - imho.
How many of Mozilla's security bugs which are fix during routine
upgrades are discussed
Greetings,
Am Dienstag, 9. März 2004 17:20 schrieb Steve Kemp:
On Tue, Mar 09, 2004 at 05:15:42PM +0100, Jan L??hr wrote:
over the last months, various security related bugs in mozilla appeared
and were fixed in new versions of mozilla - but what about the debian
package? Are there any
Greetings,
Am Dienstag, 9. März 2004 20:54 schrieb Noah Meyerhans:
On Tue, Mar 09, 2004 at 08:53:23PM +0100, Jan L?hr wrote:
So this is all in all a capacity problem? Doesn't have the debian
security team enough ressource to port exisiting patches to debian
packages? Why not enlarging the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,
over the last months, various security related bugs in mozilla appeared and
were fixed in new versions of mozilla - but what about the debian package?
Are there any efforts for making mozilla secure or to backport the mozilla
patches to
Greetings,
Am Dienstag, 9. März 2004 17:20 schrieb Steve Kemp:
On Tue, Mar 09, 2004 at 05:15:42PM +0100, Jan L??hr wrote:
over the last months, various security related bugs in mozilla appeared
and were fixed in new versions of mozilla - but what about the debian
package? Are there any
Greetings,
Am Dienstag, 9. März 2004 20:54 schrieb Noah Meyerhans:
On Tue, Mar 09, 2004 at 08:53:23PM +0100, Jan L?hr wrote:
So this is all in all a capacity problem? Doesn't have the debian
security team enough ressource to port exisiting patches to debian
packages? Why not enlarging the
Greetings,
or is good code more important than this sort of stuff?
What's the alternativ? Call the CIA or ths Spanish christian inquisition to
check everybodies political correctness?
Keep smiling
yanosz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble?
Greetings,
or is good code more important than this sort of stuff?
What's the alternativ? Call the CIA or ths Spanish christian inquisition to
check everybodies political correctness?
Keep smiling
yanosz
Greetings,
well, I looking for an open source intrusion detection. At first, tripwire
caputures my attention, but the last open source version seems to be three
years old - is it still in development or badly vulnerable?
Then I searched for tripwire in the woody packages and found integrit and
Greetings,
Am Sonntag, 22. Februar 2004 10:09 schrieb Jim Richardson:
On Sat, 21 Feb 2004 22:20:05 +0100,
Matt Zimmerman [EMAIL PROTECTED] wrote:
On Sat, Feb 21, 2004 at 11:09:09AM +0100, Jan L?hr wrote:
Am Samstag, 21. Februar 2004 01:10 schrieb Matt Zimmerman:
..
CERT rarely has
Greetings,
Am Samstag, 21. Februar 2004 01:10 schrieb Matt Zimmerman:
..
CERT rarely has anything to do with coordinating disclosure, and there is
no need to bring them into this discussion at all. The coordination that
happens is between vendors, like Debian, as peers.
Those last two
Greetings,...
Am Samstag, 21. Februar 2004 17:11 schrieb s. keeling:
Incoming from Jan Lühr:
Greetings,
I discovered some strange output of the last command on our Woody
Terminalserver (for X11). I have already posted it on debian-user-german,
but I didn't get any answer. (I hope you
Greetings,
I discovered some strange output of the last command on our Woody
Terminalserver (for X11). I have already posted it on debian-user-german, but
I didn't get any answer. (I hope you don't mind, if I post it for the english
speaking majority)
Although I hope it is not security
Greetings,
Am Samstag, 21. Februar 2004 01:10 schrieb Matt Zimmerman:
..
CERT rarely has anything to do with coordinating disclosure, and there is
no need to bring them into this discussion at all. The coordination that
happens is between vendors, like Debian, as peers.
Those last two
Greetings,...
Am Samstag, 21. Februar 2004 17:11 schrieb s. keeling:
Incoming from Jan Lühr:
Greetings,
I discovered some strange output of the last command on our Woody
Terminalserver (for X11). I have already posted it on debian-user-german,
but I didn't get any answer. (I hope you
Greetings,.
Am Donnerstag, 19. Februar 2004 00:37 schrieb Michael Stone:
On Wed, Feb 18, 2004 at 11:37:19PM +0100, Jan Lühr wrote:
But if knowlegde about this vuln is availeable - if fixes are done, but
not avaible yet, how do I protect myself?
Are you less secure today than yesterday
Greetings,.
Am Donnerstag, 19. Februar 2004 14:22 schrieben Sie:
Jan Lühr wrote:
Well, of course you might have quite good reasons for doing so, but for
me, this is quite a good reason for changing the distri or os.
But to what? Currently, you have two choices: delayed, limited
Greetings,
Am Donnerstag, 19. Februar 2004 14:24 schrieben Sie:
Jan Lühr wrote:
But if knowlegde about this vuln is availeable - if fixes are done, but
not avaible yet, how do I protect myself?
You don't. Tough luck, of course, but that's the price for running
affordable, off-the-shelf
Greetings,
Am Donnerstag, 19. Februar 2004 14:28 schrieben Sie:
Jan Lühr wrote:
But the dominance of the CERT is excactly the point I'm criticising.
CERT/CC is no longer dominant. Many people now disclose their findings
to other coordinators and get paid for that service. Those who don't
Greetings,.
Am Donnerstag, 19. Februar 2004 05:05 schrieb Bernd S. Brentrup:
On Wed, Feb 18, 2004 at 04:44:15PM -0500, Michael Stone wrote:
On Wed, Feb 18, 2004 at 09:17:13PM +0100, Florian Weimer wrote:
Yes, this is the norm. Debian hides security bugs from its users for
extended periods
Greetings,.
Am Donnerstag, 19. Februar 2004 00:37 schrieb Michael Stone:
On Wed, Feb 18, 2004 at 11:37:19PM +0100, Jan Lühr wrote:
But if knowlegde about this vuln is availeable - if fixes are done, but
not avaible yet, how do I protect myself?
Are you less secure today than yesterday
Greetings,
Am Donnerstag, 19. Februar 2004 09:39 schrieb Jean Christophe ANDRÉ:
Le jeudi 19 février 2004 à 09h24 (+0100), Jan Lühr écrivait :
What about establishing some kind of warning service? E.g. sshd has a
well known serious leak, you should shut it down for the next few days
Greetings,.
Am Donnerstag, 19. Februar 2004 14:22 schrieben Sie:
Jan Lühr wrote:
Well, of course you might have quite good reasons for doing so, but for
me, this is quite a good reason for changing the distri or os.
But to what? Currently, you have two choices: delayed, limited
Greetings,
Am Donnerstag, 19. Februar 2004 14:24 schrieben Sie:
Jan Lühr wrote:
But if knowlegde about this vuln is availeable - if fixes are done, but
not avaible yet, how do I protect myself?
You don't. Tough luck, of course, but that's the price for running
affordable, off-the-shelf
Greetings,
Am Donnerstag, 19. Februar 2004 14:28 schrieben Sie:
Jan Lühr wrote:
But the dominance of the CERT is excactly the point I'm criticising.
CERT/CC is no longer dominant. Many people now disclose their findings
to other coordinators and get paid for that service. Those who don't
Greetings,.
Am Donnerstag, 19. Februar 2004 05:05 schrieb Bernd S. Brentrup:
On Wed, Feb 18, 2004 at 04:44:15PM -0500, Michael Stone wrote:
On Wed, Feb 18, 2004 at 09:17:13PM +0100, Florian Weimer wrote:
Yes, this is the norm. Debian hides security bugs from its users for
extended periods
Greeting,.
Am Donnerstag, 19. Februar 2004 15:12 schrieb Florian Weimer:
Jan Lühr wrote:
You don't. Tough luck, of course, but that's the price for running
affordable, off-the-shelf software (free or proprietary).
well, this might be a reason for using computers in situations we use
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,
Am Mittwoch, 18. Februar 2004 19:06 schrieb Steve Kemp:
On Wed, Feb 18, 2004 at 11:59:06PM +0700, Jean Christophe ANDR? wrote:
Does any body could tell me why the /boot/vmlinuz-2.4.18-1-686
from kernel-image-2.4.18-1-686 version
Greetings,
Am Mittwoch, 18. Februar 2004 21:31 schrieb Otavio Salvador:
Florian Weimer [EMAIL PROTECTED] writes:
Jan Lühr wrote:
Does this mean, that a well known exploit was kept back for nearly three
weeks, just because some odd vendors were unable to build there kernels
in time
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,
Does this mean, that a well known exploit was kept back for nearly
three weeks, just because some odd vendors were unable to build
there kernels in time?
Yes, this is the norm. Debian hides security bugs from its
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,
Am Mittwoch, 18. Februar 2004 22:47 schrieb Michael Stone:
On Wed, Feb 18, 2004 at 10:36:35PM +0100, Jan Lühr wrote:
Well, of course you might have quite good reasons for doing so, but for
me, this is quite a good reason for changing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,
Am Mittwoch, 18. Februar 2004 19:06 schrieb Steve Kemp:
On Wed, Feb 18, 2004 at 11:59:06PM +0700, Jean Christophe ANDR? wrote:
Does any body could tell me why the /boot/vmlinuz-2.4.18-1-686
from kernel-image-2.4.18-1-686 version
Greetings,
Am Mittwoch, 18. Februar 2004 21:31 schrieb Otavio Salvador:
Florian Weimer [EMAIL PROTECTED] writes:
Jan Lühr wrote:
Does this mean, that a well known exploit was kept back for nearly three
weeks, just because some odd vendors were unable to build there kernels
in time
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,
Does this mean, that a well known exploit was kept back for nearly
three weeks, just because some odd vendors were unable to build
there kernels in time?
Yes, this is the norm. Debian hides security bugs from its
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,
Am Mittwoch, 18. Februar 2004 22:47 schrieb Michael Stone:
On Wed, Feb 18, 2004 at 10:36:35PM +0100, Jan Lühr wrote:
Well, of course you might have quite good reasons for doing so, but for
me, this is quite a good reason for changing
Greetings,
On Sat, Januar 10 2004 at 04:22 Matt Zimmerman wrote:
On Sat, Jan 10, 2004 at 03:22:15AM +, Nick Boyce wrote:
On Wed, 7 Jan 2004 19:43:02 -0800, Matt Zimmerman wrote:
On Thu, Jan 08, 2004 at 04:08:23AM +0100, Martin Helas wrote:
Am Mi Jan 07, 2004 at 06:5432 -0800 gab Matt
Greetings,
On Sat, Januar 10 2004 at 04:22 Matt Zimmerman wrote:
On Sat, Jan 10, 2004 at 03:22:15AM +, Nick Boyce wrote:
On Wed, 7 Jan 2004 19:43:02 -0800, Matt Zimmerman wrote:
On Thu, Jan 08, 2004 at 04:08:23AM +0100, Martin Helas wrote:
Am Mi Jan 07, 2004 at 06:5432 -0800 gab Matt
Greetings,
noticing the increasing amount of secure-adv I'd like to ask, wheter the
buid-deamons are back or wheter another issue is increasing the amount of
advs rapidly.
Keep smiling
yanosz
94 matches
Mail list logo
