* Moritz Muehlenhoff [2006-02-05 19:47:45+0100]
> Recai Oktaş wrote:
> > Let me know whether it is fine and I'll make the upload to stable-security
> > (right?).
>
> Did you upload? I don't see any builds trickling in. If not, I'll do it.
Yes, uploaded on 28 January:
http://lists.debian.org/
Recai Okta? wrote:
> Let me know whether it is fine and I'll make the upload to stable-security
> (right?).
Did you upload? I don't see any builds trickling in. If not, I'll do it.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Co
Recai Okta? wrote:
> Debdiff is attached and here is the new changelog for your convenience:
>
> elog (2.5.7+r1558-4+sarge1) stable-security; urgency=critical
>
> * Major security update (big thanks to Florian Weimer)
> + Backport r1333 from upstream's Subversion repository:
>
* Recai Oktaş [2006-01-28 01:56:06+0200]
> Hmm, just found some other issues regarding this CVE-2005-4439. Previous
> tests had seemed fine to me, but when I made more tests, the bug came up
> again. I believe the attached patch should fix this completely. Stefan,
> could you have a look at i
* Moritz Muehlenhoff [2006-01-27 15:28:00+0100]
> Recai Oktaş wrote:
> > + Backport r1636 from upstream's Subversion repository:
> > "Added IP address to log file"
>
> Why is r1636 necessary? This seems like a new feature (better logging
> in case of an attack), but doesn't seem to f
* Recai Oktaş:
> * Recai Oktaş [2006-01-25 09:34:15+0200]
> Florian: If you haven't any objections, I'll upload to stable-security
You need to coordinate this with the stable-security team. If you
could upload a new upstream version to unstable, this would be fine,
though.
So far, the patch for
* Recai Oktaş [2006-01-25 09:34:15+0200]
> All three patches + your previous six patches were applied and compiled
> successfully. I've also tested the fixed package in my system without any
> glitches. Now, I'm going to build and test it in a Sarge chroot jail.
I've just tested the _pbuilded_ S
* Stefan Ritt:
> Florian Weimer wrote:
>> address you started with. Since DNS is quite dynamic, it's also a
>> good idea to include IP address information in the log file in all
>> cases, even if a proper host name was found in DNS.
>
> So I put the IP address there in any case, committed in revi
* Florian Weimer [2006-01-24 21:51:00+0100]
> * Stefan Ritt:
> >> Is this list complete as far as fixes past r1202 are concerned? What
> >> about r1487, is it a significant DoS condition?
> >
> > Yes.
>
> Okay, this patch shouldn't be too hard to extract. Recai, could you
> backport that one and
* Stefan Ritt:
>> - If host names are resolved, no forward lookup is performed to
>> verify the PTR RR. (This does not affect the sarge version
>> because it unconditionally uses addresses, not host names.)
>
> Can you specify what you mean by that exactly?
If I read the code correctly
Hi,
I fixed the issues reported in
http://marc.theaimsgroup.com/?m=113498708213563 in ELOG revision r1635.
I encourage you to update as soon as possible.
- If host names are resolved, no forward lookup is performed to
verify the PTR RR. (This does not affect the sarge version
beca
11 matches
Mail list logo
