On Fri, Dec 19, 2014 at 02:58:13PM +0100, Mark Kettenis wrote:
> > Date: Fri, 19 Dec 2014 23:41:56 +1000
> > From: Jonathan Matthew
> >
> > On Thu, Dec 18, 2014 at 11:14:54PM +0100, Frederic Nowak wrote:
> > > Hi!
> > >
> > > The diff for extracting memory ranges from ACPI was obviously not test
On Fri, Dec 19, 2014 at 20:56, Fred wrote:
> On 12/19/14 18:12, Ted Unangst wrote:
>> On Fri, Dec 19, 2014 at 13:04, Stuart Cassoff wrote:
>>> On 12/19/14 07:18, Stuart Cassoff wrote:
$ pstat -T
221/7030 open files
Segmentation fault
>>>
>>> I suppose more info from me is desired.
>>
On 2014-12-20, Peter Hessler wrote:
>:And it is probably vulnerable to this:
>:https://github.com/PentesterES/Delorean
>:(tl;dr Man-in-the-Middle)
>
> OpenNTPd embeds random cookies into several fields of the ntp packet,
> the server is required to copy them back into the reply, and the client
>
This diff allows us to set net.inet.gre.wccp sysctl to 2, in which
case gre(4) will skip the WCCPv2 redirect header, allowing us to
handle the packet in the same way as WCCPv1.
Squid knows how to set up the WCCPv2 session with the Cisco and
handles transparent HTTP proxying, use PF divert the tra
On Fri, Dec 19, 2014 at 8:55 AM, Martin Pieuchot wrote:
> On 19/12/14(Fri) 08:04, David Higgs wrote:
>> Split upd_update_sensors() behavior to gather all values prior to updating
>> sensor contents.
>>
>> Because sensors were updated in report_ID order, it could take multiple
>> passes of upd_re
On 2014 Dec 20 (Sat) at 12:42:52 +0100 (+0100), Hanno B??ck wrote:
:On Fri, 19 Dec 2014 18:22:47 -0700
:Theo de Raadt wrote:
:
:> openntpd is not vulnerable.
:
:Depends on which vulnerability you mean.
:
:It is probably vulnerable to this one:
:http://zero-entropy.de/autokey_analysis.pdf
:(tl;dr n
On Fri, 19 Dec 2014 18:22:47 -0700
Theo de Raadt wrote:
> openntpd is not vulnerable.
Depends on which vulnerability you mean.
It is probably vulnerable to this one:
http://zero-entropy.de/autokey_analysis.pdf
(tl;dr ntp authentication is not secure)
And it is probably vulnerable to this:
http