On Sun Mar 04, 2018 at 07:35:37 +0100, SZÉPE Viktor wrote:
> What is the use of pushing an update with only powerpc changes to amd64?
> Thank you.
This is just a side-effect of the way the packages are built.
When a new source upload is made then it is built for all available
On Wed Nov 19, 2014 at 14:57:13 +0100, David MENTRE wrote:
so people are advised to keep kernel
symlink protection (sysctl fs.protected_symlinks=1) enabled as it is by
default on Wheezy
This setting is not set on my Wheezy machine.
How can I set it permanently (i.e. across reboots).
On Fri Feb 11, 2011 at 10:37:46 +0100, Axel Beckert wrote:
This package does not yet show up in Lenny. According to
http://packages.debian.org/search?keywords=cgiirc 0.5.9-3lenny1 has
been uploaded to squeeze's security repo only.
Yes - this has been a bit of a mess, due to the release
On Tue Jan 18, 2011 at 13:49:23 +1100, Silvio Cesare wrote:
lbreakout2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608980
That could well be a duplicate of CAN-2004-0158, which was fixed
in Woody:
http://lists.debian.org/debian-changes/2004/02/msg00029.html
Steve
--
On Tue Jan 18, 2011 at 22:25:20 +1100, Silvio Cesare wrote:
This kind of testing is good for Debian security and provides some comfort
to me at least knowing this class of vulnerability has been tested for
against the privleged programs in the Debian repository.
Agreed.
I
On Tue Dec 21, 2010 at 22:21:35 +0100, Stefan Fritsch wrote:
FWIW, it seems the infrastructure has been finally fixed today, so I
hope things will improve now. But I do think that there are currently
to few active members in the security team. I am pretty sure we will
send out a request
On Thu Oct 15, 2009 at 17:55:39 +0200, m...@firstfloor.org wrote:
after updateing wget on
Linux version 2.6.26-2-686 (Debian 2.6.26-19) Lenny
i received a waring from rkhunter:
Warning: The file properties have changed:
File: /usr/bin/wget
Current hash:
On Wed Mar 18, 2009 at 21:01:04 -0400, Micah Anderson wrote:
However, I do see your point about NEW packages, and it might be
interesting, if we could get enough security auditors who had the skills
and the time, to be a part of the NEW process. This could introduce an
unnecessary delay in
On Mon Oct 06, 2008 at 20:40:36 +0200, Gerfried Fuchs wrote:
From reading the changelog these issues have all three been addressed
in the 1.4.19-5 upload which was done a week ago already. Was this
missed, or are the patches therein considered incomplete?
This was missed.
Steve
--
On Tue Aug 26, 2008 at 20:13:58 +0200, Christoph Auer wrote:
Debian Security Advisory DSA-1631-_2_ [EMAIL PROTECTED]
minor error in the subject
My apologises, I managed to miss that.
Steve
--
Managed Anti-Spam Service
http://mail-scanning.com/
--
To UNSUBSCRIBE,
On Fri Aug 22, 2008 at 21:56:35 +0200, Christian Jaeger wrote:
Just to make sure: have you seen the thread Lenny users: attn about
Gnome/libxml2 breakage on the debian-user mailing list (started by me)?
No, I'm afraid I've not seen that. But looking over it I'm not
sure if the problem is
On Thu Apr 24, 2008 at 14:13:14 -0700, Brad Dondale wrote:
I have started 2 weeks holidays. If you have any technical support
requests, please create a ticket with your online ticket system. Thanks!
Please fix your broken auto-responding system.
Steve
--
Debian GNU/Linux System
On Mon Mar 10, 2008 at 17:57:04 -0400, Filipus Klutiero wrote:
It should be supported as long as RHEL.
Give me piles of cash and I'll support it for as long as you want.
But this discussion is pointless. The statement is true *we* are
proud; regardless of whether you or anybody else
Oops, it looks like I got the address wrong. I didn't intend to mail
the public [EMAIL PROTECTED] list but rather the private security
team list. Too late now.
For future reference we do see vendor-sec mails, so the second
copy wasn't really necessary. (Although it is helpful to make
On Thu Jan 17, 2008 at 16:35:47 +0100, Philipp Kern wrote:
Still that breaks because os is not imported. Please fix. Quickly.
Done.
Steve
--
# The Debian Security Audit Project.
http://www.debian.org/security/audit
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of
On Sat Jan 05, 2008 at 15:11:22 +, Steve Kemp wrote:
-
Debian Security Advisory DSA-1448-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Steve Kemp
January 05, 2008
On Fri Jan 04, 2008 at 06:04:50 -0200, Felipe Figueiredo wrote:
Anybody has a clue as to why was this default choosen, and not the safest one?
Too many broken PHP applications?
Anyway please see /usr/share/doc/php4-common/examples/ for
different examples. (Or
On Fri Dec 07, 2007 at 09:46:21 -0500, Juan Gallego wrote:
| For the stable distribution (etch), this problem has been fixed in version
| 1.39+1.40-WIP-2006.11.14+dfsg-2etch1.
| For the unstable distribution (sid), this problem will be fixed shortly.
is sarge affected by this
On Fri Dec 07, 2007 at 18:41:35 +0100, Nico Golde wrote:
What about those, are they unimportant?
They are still present in the etch code. I stumbled
upon them while preparing a testing-security upload.
Uknown. I used the patch provided by Theodore Tso, which he
is/was planning on using
On Tue Nov 27, 2007 at 12:00:05 +1300, Ewen McNeill wrote:
In message [EMAIL PROTECTED], Steve Kemp writes:
Package: samba
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2007-4572, CVE-2007-5398
[...]
For the stable distribution (etch
On Wed Oct 17, 2007 at 11:05:58 -0300, Jorge Escudero wrote:
I have the Firewall with woody and I never had got any security problem.
Is it risky to still using this version?
Yes.
There have been no security updates released for Woody in over a
year, and that means there are liable to be
On Thu Oct 04, 2007 at 09:49:27 +0200, Etienne Favey wrote:
In what respect is the quagga problem related to the openssl problem,
that it gets the same DSA ID number?
It was a mistake, the number was reused by accident.
Steve
--
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a
On Fri Sep 21, 2007 at 18:01:10 +0300, Riku Valli wrote:
For the stable distribution (etch), this problem has been fixed in version
4:3.5.5a.dfsg.1-6etch1.
It seems at kdebase and fetchmailconf depencies are broken.
I don't see what the source of this is.
kdebase: Depends:
On Fri Sep 21, 2007 at 16:48:34 +0100, Adam D. Barratt wrote:
I'm guessing the people reporting problems are i386 users.
Yeah, that seems to be the problem. Thanks for being explicit
about it though :)
kdebase is arch:all and therefore installable on i386. kappfinder isn't
and there
On Fri Sep 21, 2007 at 11:45:37 -0400, Noah Meyerhans wrote:
Check i386. The security archive does not seem to have a complete set
of i386 binary packages...
Stupid buildds ..
I'll find a spare i386 machine and build for that over the weekend
all being well.
Steve
--
--
To
On Fri Sep 21, 2007 at 19:18:38 +0300, Riku Valli wrote:
fetchmailconf have similar problem too.
That should be fixed now. I'm just going to send out the mail ...
Steve
--
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
On Sun Jul 01, 2007 at 00:59:24 +0200, Karol Lewandowski wrote:
On Mon, Jun 25, 2007 at 02:56:07PM +0200, karol wrote:
It looks like etch's security updates were built on sarge. python2.3
isn't available in etch making ekg's security update uninstallable.
I would be _very_ happy to hear
On Mon Jun 18, 2007 at 19:49:28 +1000, Tomasz Ciolek wrote:
been uploaded to the repositories and added to Releases and Packages
files?
Yes.
Whats the point of making a security advisory if the packages are NOT
AVAILABLE in mirrors and repositories
here is my sources.list... maybe I
On Fri, Dec 08, 2006 at 10:32:50PM +0100, Mike Hommey wrote:
How does the security team feel about having to rebuild iceape,
iceweasel, icedove (you forgot to file a bug on icedove), OOo and enchant
if there happens to be a security bug in hunspell ?
In general having multiple packages
On Mon, Nov 27, 2006 at 08:37:42PM +0100, mario wrote:
i am responsible for 10 (ubuntu and debian) installations so far.
I have installed apticron which informs me about updates frequently.
Actually, its that often that i sometimes need to invest 1h a day just
doing updates.
Given the
On Thu, Aug 24, 2006 at 09:17:06AM -0400, Paul Nesbit wrote:
On Thu, Aug 24, 2006 at 08:23:59AM +0200, Martin Schulze [EMAIL PROTECTED]
wrote:
[...]
a MIME conversion routine in sendmail, a powerful, efficient, and
scalable mail transport agent, could be tricked
[...]
Funny, bias in
On Sat, Jul 22, 2006 at 11:48:00PM +0200, LeVA wrote:
I have reinstalled a server of mine, and now I need to remove it's old
pubkey from my $HOME/.ssh/known_hosts, but it is in the new format,
so no hostnames which may indicate which pubkey belongs to which host.
How can I decrypt the
On Fri, Jun 30, 2006 at 09:15:42AM +0200, martin f krafft wrote:
I've been seeing this a bunch in the past few weeks. Just making
sure you know about it, and maybe someone knows what's going on:
W: GPG error: http://security.debian.org stable/updates Release: The
following signatures were
On Fri, Jun 30, 2006 at 10:33:55AM +0200, martin f krafft wrote:
also sprach Steve Kemp [EMAIL PROTECTED] [2006.06.30.1004 +0200]:
This is a known issue, relating to some of the infrastructure
changes. Hopefully it will be resolved shortly.
Thanks Steve. Do you know why
On Thu, Jun 15, 2006 at 01:08:37PM -0700, [EMAIL PROTECTED] wrote:
I need to set up an audit trail for all commands run on machines. I
know that the auth.log records who logs in and when, and that each
user's .bash_history has a history of their commands. But is there some
other way to
On Thu, Apr 20, 2006 at 04:18:28PM +0200, Jan Luehr wrote:
Btw. Why do a lot of DSAs care about oldstable, while kernel-updates avoid
woody?
Because building kernels is hard for Sarge and very hard for Woody.
I seem to recall Joey asking for volunteers to help work on kernels
a good few
On Mon, Mar 13, 2006 at 09:02:13AM +0200, Enver ALTIN wrote:
If you have to leave some writable folders for Apache user, say, /tmp,
moving /tmp to another partition/filesystem and mounting it with
noexec option would prevent most harm /any/ PHP script can cause.
Not true.
Several of
On Fri, Mar 10, 2006 at 09:42:00AM -0600, Michael Knoop wrote:
There is a new problem with the gnupg program and digital signatures.
http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html
The original problem was fixed with DSA-978.
This new, related, problem will be fixed
On Wed, Mar 08, 2006 at 09:41:39AM +0100, Mathieu Roy wrote:
Package: tar
Vulnerability : buffer overflow
Problem-Type : local(remote)
What does mean
local(remote)
Does it means local... or remote?
Local. But remote in the sense that you may receive a .tar file
On Thu, Mar 02, 2006 at 10:36:16PM +0100, Marc Haber wrote:
How would you implement the automatism to trigger the update on the
incoming e-mail?
procmail, matching on new mails to the debian-security-announce
mailing list ..
Steve
--
Debian GNU/Linux System Administration
On Wed, Feb 15, 2006 at 02:01:51PM +1100, Geoff Crompton wrote:
This bug has been closed for unstable (see bug 350964) with the 4.6
upload, but will it be fixed for sarge?
Please see DSA-969-1 released two days ago:
http://www.us.debian.org/security/2006/dsa-969
Sarge is fixed.
On Tue, Jan 24, 2006 at 01:54:24PM +, Jonathan McDowell wrote:
You want to revoke the uids (revuid) rather than deleting them; there's
no way you can delete them off other people's keyrings, or the
keyservers, so you mark them as deleted instead by revoking them.
Thanks for that.
On Tue, Jan 17, 2006 at 07:59:45PM +0100, Florian Weimer wrote:
AFAICS, this rule is quite reasonable, so I assume that this antiword
version is just a minor glitch. Correct?
Yes. My fault entirely. It actually took me a while to see what
was wrong there - usually I just add 'sargeN' to
On Mon, Jan 09, 2006 at 02:32:18PM +0100, Thijs Kinkhorst wrote:
For the unstable distribution the package will be updated shortly.
It's great to hear that unstable will be fixed soon, but why wasn't
there a grave bug filed against the package? If for some reason the
maintainer misses
On Wed, Nov 23, 2005 at 12:15:35PM +0100, Jasper Filon wrote:
Well, obviously it is not a _security_ bug, since it has nothing to do
with security. However, it is a bug, maybe even a critical one.
I filed a couple of bugs on Mozilla relating to DOS attacks,
crashing the browser on some
On Tue, Nov 15, 2005 at 05:54:32PM +0100, Piotr Roszatycki wrote:
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6 reports
that sarge's phpmyadmin package has a security flaw which is occured only if
register_globals = on setting is used.
This feature is disabled in
On Fri, Oct 28, 2005 at 10:16:03AM -0500, John Goerzen wrote:
On Fri, Oct 28, 2005 at 04:42:31PM +0200, Piotr Roszatycki wrote:
Why my report was ignored? I've reported the problem 3 days ago and I had
no
reply.
This seems to be a very frequent problem going on for awhile now.
Could
On Fri, Oct 28, 2005 at 11:01:29AM -0500, John Goerzen wrote:
Could someone from the security team comment on what the problem is?
The problem is that we receive a lot of reports, each of which may
involve a significant amount of time to attend to.
Well, that's a symptom. Isn't
On Tue, Oct 11, 2005 at 09:32:57AM +0200, Wolfgang Jeltsch wrote:
Am Dienstag, 11. Oktober 2005 09:01 schrieb Martin Schulze:
[...]
Package: ruby1.8
Ruby 1.6 or Ruby 1.8?
Both.
See the table:
http://www.us.debian.org/security/2005/dsa-860
Hi,
Just a quick note to point people at this news annoucement:
http://lists.debian.org/debian-news/debian-news-2005/msg00047.html
Steve
--
signature.asc
Description: Digital signature
On Mon, Sep 26, 2005 at 05:36:27AM -0700, P PRABHU wrote:
Any fix for the latest ClamAV buffer overflow in the
file upx.c vulnerability. Currently .deb based
version is 0.84-2.sarge.2 . Is this version subject to
this vulnerability ?? If so any fix will be released
A DSA is pending, and
On Mon, Sep 19, 2005 at 09:18:29PM +0200, No?l K?the wrote:
anybody knows what's the problem with klecker/security.d.o?
http://lists.debian.org/debian-curiosa/2005/09/msg00018.html
There is an advisory pending ...
Steve
--
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a
On Wed, Sep 14, 2005 at 10:51:19AM +0200, Mathieu JANIN wrote:
I was updating my system at that time, but klecker.debian.org is not in my
sources (or perharps with an other name).
klecker.debian.org is security.debian.org, which might explain it?
Steve
--
--
To UNSUBSCRIBE, email to
On Mon, Aug 29, 2005 at 11:46:24AM -0500, Branden Robinson / Debian Project
Leader wrote:
As far as I know, the stable/oldstable security team was never (recently)
down to Joey S. alone. Mike Stone and Steve Kemp have been active members
for some time (Steve was, as I understand it, promoted
On Sun, Jul 31, 2005 at 06:18:18PM +0100, antgel wrote:
Any chance of an elaboration? I wasn't privy to any previous discussion
on this and I'm interested. What's the problem with searching bugzilla
for security patches on given versions, and applying them? Is it the
sheer volume?
On Sun, Jul 24, 2005 at 01:19:25PM +0200, Christoph Haas wrote:
Since the process runs as www-data some kiddy has abused a web service
on your server to download and run an external software. Look for
suspicious log lines of your web server.
Yes ..
Examples of hacks on our servers:
On Wed, Jul 20, 2005 at 10:17:56AM -0700, Brent Bates wrote:
This morning my machine was also compromised in a similar fashion as
described in your post here.
http://lists.debian.org/debian-security/2005/03/msg00112.html
Was the point of entry ever determined?
That one seemed to be a
On Fri, Jul 15, 2005 at 11:58:26AM -0500, George P Boutwell wrote:
The Security Debian How-To mentions Tripwire. Looking at AIDE and
Tripwire in the debian packages repositories it's hard to tell the
difference. I'm sure they both do the job, anyone with experience
with both these packages
On Thu, Jul 14, 2005 at 05:40:22PM +0200, Herwig Wittmann wrote:
This would be very convenient- but the delay that seems to have passed
between the original squirrelmail security announcement and the time I
received the alert via [EMAIL PROTECTED] is worrying:
The Vulnerability seems to
On Thu, Jul 07, 2005 at 12:22:36PM +0200, Johann Spies wrote:
I have read http://www.debian-administration.org/articles/174 about
this topic and have done what the article suggested:
~# gpg --keyserver keyring.debian.org --recv 4F368D5D
This imports the key for the Debian Unstable archive.
On Thu, Jul 07, 2005 at 02:14:51PM +0200, Johann Spies wrote:
Ok, but the archive on archive3.sun.ac.za is just a mirror from a
primary debian upstream source. Do I have to generate a spesific key
for my server?
Strange .. but no you need do nothing with your key(s).
NO_PUBKEY
On Sat, Jul 02, 2005 at 04:46:29PM -0400, KC wrote:
I need help understanding what goes wrong in this script. I cannot ping
anyone and cannot resolve as well. In fact I believe the only thing I can
get is an ip address from my isp's dhcp server.
There's no way I'm going to read through all
On Mon, Jun 27, 2005 at 02:36:12PM -0400, Noah Meyerhans wrote:
Even allowing uploads from the secretaries could be helpful.
Definitely.
I've got fixed packages available right now for some of the
bugs which have been raised in this thread, but until somebody
can push out the
On Mon, Jun 27, 2005 at 08:39:43PM +0200, Marek Olejniczak wrote:
I don't understand the philosophy of Debian security team. It's really so
difficult to push into sarge spamassassin 3.0.4 which is not vulnerable?
This version is in Debian testing and why this version can't be push into
On Fri, Jun 24, 2005 at 02:52:40PM +0200, LeVA wrote:
How can I get a machines mac address, if I only know it's ip?
If it's on your LAN ping it then look at your arp cache:
[EMAIL PROTECTED]:~$ ping -c 1 192.168.1.1 /dev/null
[EMAIL PROTECTED]:~$ /usr/sbin/arp 192.168.1.1
Address
On Thu, Mar 24, 2005 at 07:31:03AM +0100, Krzysztof J??wiak wrote:
My web server was hacked a few days ago and I decided to install some
new program and modules which improve security.
Good plan.
Did you find the source of the attack? If not you're at risk from
a repeat of the previous
On Wed, Mar 09, 2005 at 12:25:06PM +0100, Javier Fern?ndez-Sanguino Pe?a wrote:
Maybe you've seen it already, but the guys at Ubuntu have done a
light-weight analysis of the vulnerabilities they have been released since
Warty was released: https://www.ubuntulinux.org/wiki/USNAnalysis
A nice
On Wed, Mar 09, 2005 at 08:05:40PM +0100, David Schmitt wrote:
On Wednesday 09 March 2005 19:13, Steve Kemp wrote:
A simple script I wrote did that for me already - although there are
some fixups required as we seem to have a few different spellings
for different things. eg. sanitizing
On Thu, Feb 10, 2005 at 07:59:35PM +0100, Jasper Filon wrote:
maybe someone should kick him off the list?
And anybody else who manages to quote the entire text of the DSA
for no purpose ..?
Steve
--
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble?
On Tue, Feb 08, 2005 at 04:58:36PM +0100, Frank K?ster wrote:
I find the text of this advisory really confusing - the subject and
Package line talk about xemacs21, the description about Emacs, the
well-known editor and your emacs packages. If it isn't sufficiently
confusing to make xemacs
On Thu, Jan 27, 2005 at 11:53:45AM +0900, Seiji Kaneko wrote:
The security team had posted DSAs to full-disclosure mailing
list as well as Debian security announce ML, but seems to have
stopped to post since last December. Are there any policy change?
I'm not sure about the full-disclosure
On Sun, Jan 02, 2005 at 11:20:30PM +1100, Declan Mullen wrote:
I'm looking for a file system integrity checker for Sarge. There seem to
be many to choose from (eg sXid, AIDE, TripWire, integrit and samhain).
Is there one that stands out as being easy to configure/tune for Sarge ?
It's looking like there won't be an update to PHP for Woody, because
the majority of the PHP issues aren't relevent.
Initially a few CVE numbers were assigned and then later withdrawn
when it became clear that the issues could only be exploited by a
user who wrote a malicious PHP script
On Thu, Dec 16, 2004 at 10:59:09AM +0100, Giacomo Mulas wrote:
DJB apparently published a long list of security problems in
commonly used *NIX programs, to be found at
http://tigger.uic.edu/~jlongs2/holes/
Does any of these affect Debian?
Most of the packages that are listed
On Wed, Nov 24, 2004 at 09:15:41AM -0500, Ramon Kagan wrote:
Ok now I see it. The stable package the unstable package is fine.
Yes the diff.gz available from the DSA shows the problem:
+ printf (Looking at %s...\n, *ep);
Rebuilding from the source with that commented out
On Fri, Oct 29, 2004 at 10:12:33PM +0200, Frank Lichtenheld wrote:
Perhaps someone with a little more experience in identifying security
problems should take a look, too. I CC'ed debian-security.
Here's a quick summery :
To be clear there are three flaws being discussed in xsok:
On Mon, Oct 11, 2004 at 12:46:01PM +0200, LeVA wrote:
I have installed postfix from sources a while ago, and now there is a
security update fro sendmail. As you probably know, I can not remove
the sendmail package (although I'm not using it), because it would
remove apache and many other
On Wed, Oct 06, 2004 at 11:37:24AM +0300, Emil Perhinschi wrote:
Sorry to bother, but is this an attack? I get repeated requests for a
file favicon.ico that should have been, or so the client connecting
believes, in the root of my htdocs. The conections come from different
hosts, and at
On Mon, Sep 27, 2004 at 01:17:47PM +0200, Milan Jurik wrote:
Yes, it's time to look at the sources and find the truth.
This appears to have been addressed by the patch in DSA-070-1,
so you should be able to apply that to current sources with a small
amount of work.
Although the
On Sun, Sep 26, 2004 at 03:46:44PM +0200, Robert Millan wrote:
CVE Name: CAN-2004-0414, CAN-2004-0416, CAN-2004-0417, CAN-2004-0418,
CAN-2004-0778
CAN-2004-0416, CAN-2004-0417, and CAN-2004-0418 were fixed in DSA-519.
CAN-2004-0414 was fixed in DSA-517.
So it
On Sun, 19 Sep 2004, martin f krafft wrote:
If you ask me, logcheck should learn how to evaluate log messages in
their context...
If you want to have instant alerts of problems then logcheck is
what you want. If you to ignore some things and still receive timely
alerts then you're
On Sat, Sep 18, 2004 at 01:51:53PM +0200, Lorenzo Hernandez Garcia-Hierro wrote:
- We put first the patched GCC Glibc packages (Steve, your 2 cents :D)
- We send an advice to the mailing-lists, we write a little guideline
for new development way, telling what the developer needs (and what he
On Fri, Sep 17, 2004 at 10:55:33PM +0200, Lorenzo Hernandez Garcia-Hierro wrote:
Yes.The `apt-get install hardened? was an example of something 100% easy
to use :D
Unfortunately whilst easy to use is good the idea of rebuilding the
packages presented so far isn't going to be easy to setup.
On Wed, Sep 01, 2004 at 12:25:19AM +0200, Timo Veith wrote:
I seems to be a php issue. I
searched through all php files that include or fopen something ...
whew there are way too many.
Any ideas ?
If you have pristine logfiles for apache you might want to look for
suspicious
On Sun, Jul 25, 2004 at 12:57:29PM -0400, John Richard Moser wrote:
A PaX protected base would also benefit from Stack Smash Protection,
which can be done via the gcc patch ProPolice.
I have been flirting with SSP for months now, but the most recent
patches included with GCC do not apply
On Sun, Jul 25, 2004 at 02:26:15PM -0400, John Richard Moser wrote:
| I have been flirting with SSP for months now, but the most recent
| patches included with GCC do not apply cleanly. Watch for a bug
| against GCC shortly with updated SSP patches.
|
Yeah I think on 3.3.4 on Gentoo
On Fri, Jul 16, 2004 at 05:30:44PM +0200, Thomas Sj?gren wrote:
PaX support in binutils and SSP compiled packages are two very nice
things to have. The problem at this moment is that you cant have
both at the same time at this moment.
Using for example Steve Kemp's GCC w SSP[1], binutils
On Sat, Jun 19, 2004 at 10:42:56AM +1000, Ross Tsolakidis wrote:
Hi all,
I did a search in the logs on some of the suspicious users and found a
match.
The files that are being downloaded then executed see to be IRC bots.
http://www.energymech.net/
Here are some log files.
On Sat, Jun 19, 2004 at 10:42:56AM +1000, Ross Tsolakidis wrote:
Hi all,
I did a search in the logs on some of the suspicious users and found a
match.
The files that are being downloaded then executed see to be IRC bots.
http://www.energymech.net/
Here are some log files.
On Thu, Jun 17, 2004 at 04:09:49PM +0200, Javier Fern?ndez-Sanguino Pe?a wrote:
2.- Besides the kernel changes, Adamantix recompiles the distribution with
a GCC patch that should limit buffer overflows, this one is called SPP
(formerly known as ProPolice). Steven Kemp is currently testing its
On Thu, Jun 17, 2004 at 04:09:49PM +0200, Javier Fern?ndez-Sanguino Pe?a wrote:
2.- Besides the kernel changes, Adamantix recompiles the distribution with
a GCC patch that should limit buffer overflows, this one is called SPP
(formerly known as ProPolice). Steven Kemp is currently testing its
On Wed, Jun 16, 2004 at 11:44:17AM -0500, Micah Anderson wrote:
Install some rules for it to harden your webserver, see if anything is
flagged in the security log.
other web server testing tools
http://www.linux-sec.net/Web/#Testing
Has anyone actually used any of these to
On Thu, Jun 03, 2004 at 02:42:59AM +0200, Florian Weimer wrote:
Has [EMAIL PROTECTED] been directed away from debian-private?
Yes.
See #184114 for all the details:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=184114
Steve
--
# The Debian Security Audit Project.
On Thu, Jun 03, 2004 at 02:42:59AM +0200, Florian Weimer wrote:
Has [EMAIL PROTECTED] been directed away from debian-private?
Yes.
See #184114 for all the details:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=184114
Steve
--
# The Debian Security Audit Project.
On Fri, Apr 16, 2004 at 11:02:56PM +0100, Mario Ohnewald wrote:
Everybody knows that files with a suid bit set can be dangerous.
Everybody knows that almost everything is dangerous.
Well, i was asking myself today why exactly linux uses the suid bit files?!
Could someone please explain
On Fri, Apr 16, 2004 at 11:02:56PM +0100, Mario Ohnewald wrote:
Everybody knows that files with a suid bit set can be dangerous.
Everybody knows that almost everything is dangerous.
Well, i was asking myself today why exactly linux uses the suid bit files?!
Could someone please explain
On Wed, Mar 10, 2004 at 02:34:44PM -0500, Noah Meyerhans wrote:
It was, generally, a fairly painful experience, and although I did get
some patches applied (and tested!) I never felt like I made significant
progress toward fixing all the known bugs.
This was my feeling as well, applying
On Wed, Mar 10, 2004 at 02:34:44PM -0500, Noah Meyerhans wrote:
It was, generally, a fairly painful experience, and although I did get
some patches applied (and tested!) I never felt like I made significant
progress toward fixing all the known bugs.
This was my feeling as well, applying
On Tue, Mar 09, 2004 at 05:15:42PM +0100, Jan L??hr wrote:
over the last months, various security related bugs in mozilla appeared and
were fixed in new versions of mozilla - but what about the debian package?
Are there any efforts for making mozilla secure or to backport the mozilla
On Tue, Mar 09, 2004 at 05:15:42PM +0100, Jan L??hr wrote:
over the last months, various security related bugs in mozilla appeared and
were fixed in new versions of mozilla - but what about the debian package?
Are there any efforts for making mozilla secure or to backport the mozilla
1 - 100 of 122 matches
Mail list logo