-
Posts
4970 -
Joined
-
Last visited
-
Days Won
372
Everything posted by aelius
-
Are si greselile gramaticale la fel. A aparut la tine in PC precum chipul bunului nostru mantuitor pe vreun perete al bisericii ?
-
Specifica sursa. https://www.dropbox.com/s/pycitx5vuxzfqjn/Screenshot%202014-04-20%2020.30.42.png
-
Ala vrea un VPS moca sa scaneze bre, ce-i recomanzi tu ))
-
In loc de linia: for i in `cat ids.txt` ; do Vine: for i in `cat ids.txt |awk -F "@" '{print $1}'` ; do In fisierul ids.txt sunt adrese de email direct. Asa functioneaza si cu lista de email-uri Test macbook ~$ ./val Dicubogdan@yahoo.com - Valid email address ab.5685@yahoo.com - Valid email address abramanca@yahoo.com - Invalid email address adelacretucaragel@yahoo.com - Invalid email address adinahandolescu@yahoo.com - Valid email address adinastirbu04@yahoo.com - Valid email address adinuta_dum@yahoo.com - Valid email address aditatodea@yahoo.com - Valid email address adrianagoia999@yahoo.com - Invalid email address adrianapatrichi@yahoo.com - Invalid email address alexandrescuoctavian@yahoo.com - Valid email address alexandru_vajda@yahoo.com - Invalid email address alexfoto29@yahoo.com - Valid email address alice.stroe@yahoo.com - Valid email address aliderviselfida@yahoo.com - Invalid email address alina.busi@yahoo.com - Invalid email address alina_cat28@yahoo.com - Valid email address alina_muresan2004@yahoo.com - Invalid email address alinaiacob02@yahoo.com - Valid email address amaliavali@yahoo.com - Valid email address ana.umbrarescu@yahoo.com - Valid email address anacovaciu2006@yahoo.com - Valid email address anaravar93@yahoo.com - Invalid email address anca_august24@yahoo.com - Valid email address ancapetrescu2003@yahoo.com - Valid email address andichis@yahoo.com - Valid email address andreivilius@yahoo.com - Invalid email address androre25@yahoo.com - Valid email address aneleaimiri@yahoo.com - Valid email address anetabot@yahoo.com - Valid email address angileu31@yahoo.com - Valid email address ank_m12@yahoo.com - Valid email address anusca_sss@yahoo.com - Valid email address apetroaiec@yahoo.com - Invalid email address aps28_74@yahoo.com - Invalid email address aress2u@yahoo.com - Invalid email address barbujenica32@yahoo.com - Valid email address becherualina@yahoo.com - Valid email address beda_ioan@yahoo.com - Valid email address bia_81tl@yahoo.com - Valid email address biancatanase@yahoo.com - Valid email address bianka.bogdan@yahoo.com - Valid email address bobutzu_81@yahoo.com - Valid email address bogdan181984@yahoo.com - Valid email address bubulinna_1980@yahoo.com - Valid email address camelia_clem@yahoo.com - Valid email address camelia_ursut@yahoo.com - Invalid email address cami.fogorosi@yahoo.com - Invalid email address carllyka@yahoo.com - Valid email address carmen.armeanu@yahoo.com - Valid email address carmen_leo2003@yahoo.com - Valid email address
-
Salut, Multumim pentru tutorial dar sunt cateva chestii gresite: 1. Instalare pe linux. Trebuie specificata distributie. Managerul de pachete apt-get exista doar pe debian si pe distributii derivate din acesta (ex: ubuntu) 2. 'ssh user@ip: port' - Este gresit. Corect este ssh username@ip ; Daca portul este altul decat cel default, se specifica cu -p (exemplu: ssh user@ip -p 515)
-
Profil existent: macbook ~$ curl --head http://img.msg.yahoo.com/v1/displayImage/yahoo/flash_seby HTTP/1.1 200 OK Date: Sat, 19 Apr 2014 17:49:14 GMT P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" cache-control: public,must-revalidate x-yahoo-msgr-imageurl: http://msgr.zenfs.com/msgrDisImg/5Z5CK35BBKRIN7376POR4ZD2RI Connection: close Content-Type: Profil inexistent: macbook ~$ curl --head http://img.msg.yahoo.com/v1/displayImage/yahoo/rherssgeaeshaw4wecsa HTTP/1.1 200 OK Date: Sat, 19 Apr 2014 17:49:17 GMT P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" cache-control: public,must-revalidate x-yahoo-msgr-imageurl: http://l.yimg.com/a/i/identity/profile_96a.png Connection: close Content-Type: get_headers + preg_match (cateva linii in php)
-
Mass validator pentru ID-uri de yahoo facut in bash #!/bin/sh CURL="`which curl`" GREP="`which grep`" PARAMS="-s --head" YAHOO="http://img.msg.yahoo.com/v1/displayImage/yahoo" INVALID_STR="profile_96" for i in `cat ids.txt` ; do if [ -z "`$CURL $PARAMS $YAHOO/$i |$GREP $INVALID_STR`" ] then echo "$i - Valid user ID" else echo "$i - Invalid user ID" fi done Am facut o lista de test numita 'ids.txt' flash_seby amiradavison elly_deea18 anyta_mary93623 test_teste3r412 jojojaja35r2_r2 anyta_mary94 Test: macbook ~$ ./val flash_seby - Valid user ID amiradavison - Valid user ID elly_deea18 - Valid user ID anyta_mary93623 - Invalid user ID test_teste3r412 - Invalid user ID jojojaja35r2_r2 - Invalid user ID anyta_mary94 - Valid user ID macbook ~$ ** Nota: Functioneaza pe orice distributie de linux + FreeBSD si Mac OS X. Sunt necesare doar curl si grep.
-
Era si pe aici o stire referitoare la asta: http://thehackernews.com/2014/04/hacker-exploits-heartbleed-bug-to.html Asta suna putin trasa de par:
-
Baieti, sunt bautor de cafea inrait, dar threadul este deschis in 2006. Cel mai probabil nici nu mai este de actualitate ceva din el. O cafea la un automat costa 1-2 lei, va recomand sa o platiti si sa nu fiti milogi. Inchidem threadul pentru ca sunt altele mai interesante decat asta.
-
TCP32764 backdoor again
aelius replied to Nytro's topic in Reverse engineering & exploit development
Legal de subiect, un mic tutorial pentru binwalk, utilizat la investigarea imaginilor de routere. -
Pe langa mod rewrite, poti oferi fisierele printr-un script php.
-
Pentru ca si-au luat de 3-4 ori ban pe chat cel putin 6 useri in interval de 10 minute. Are ban o zi.
-
Ma plictiseam la cafea si cautam cu ce sa ma joc, asa ca am dat de binwalk 1. Descarcam binwalk si extragem fisierele din arhiva root@pluto:~# wget https://github.com/devttys0/binwalk/archive/v1.3.0.tar.gz root@pluto:~# tar zxvf v1.3.0.tar.gz root@pluto:~# cd binwalk-1.3.0/ 2. Instalam dependintele principale pentru binwalk cat si ceva tool-uri pentru dezarhivare root@pluto:~/binwalk-1.3.0# apt-get install python-magic root@pluto:~/binwalk-1.3.0# apt-get install libfuzzy2 root@pluto:~/binwalk-1.3.0# apt-get install python-opengl python-qt4 python-qt4-gl python-numpy python-scipy root@pluto:~/binwalk-1.3.0# apt-get install mtd-utils zlib1g-dev liblzma-dev ncompress gzip bzip2 tar arj p7zip p7zip-full openjdk-6-jdk squashfs-tools root@pluto:~/binwalk-1.3.0# wget http://www.pyqtgraph.org/downloads/pyqtgraph-0.9.8.tar.gz root@pluto:~/binwalk-1.3.0# tar zxvf pyqtgraph-0.9.8.tar.gz root@pluto:~/binwalk-1.3.0# cd pyqtgraph-0.9.8/ root@pluto:~/binwalk-1.3.0/pyqtgraph-0.9.8# python setup.py install 3. Instalam binwalk root@pluto:~/binwalk-1.3.0/pyqtgraph-0.9.8# cd ../src/ root@pluto:~/binwalk-1.3.0/src# python setup.py install 4. Stergem arhiva si directorul cu sursele din care am compilat root@pluto:~/binwalk-1.3.0/src# cd root@pluto:~# rm -rf v1.3.0.tar.gz binwalk-1.3.0/ 5. Sa facem cateva teste pe o imagine de Router luata de pe dd wrt root@pluto:~# su - marian marian@pluto:~$ cd work/ marian@pluto:~/work$ wget ftp://ftp.dd-wrt.com/stable/dd-wrt.v23/standard/dd-wrt.v23_generic.bin marian@pluto:~/work$ binwalk dd-wrt.v23_generic.bin DECIMAL HEX DESCRIPTION ------------------------------------------------------------------------------------------------------------------- 0 0x0 TRX firmware header, little endian, header size: 28 bytes, image size: 3522560 bytes, CRC32: 0x54888AF2 flags: 0x0, version: 1 28 0x1C gzip compressed data, maximum compression, from Unix, NULL date: Thu Jan 1 01:00:00 1970 2264 0x8D8 LZMA compressed data, properties: 0x5D, dictionary size: 8388608 bytes, uncompressed size: 1941504 bytes 604396 0x938EC Squashfs filesystem, little endian, version 2.1, size: 2912869 bytes, 793 inodes, blocksize: 65536 bytes, created: Sun Dec 25 17:00:26 2005 6. Ce ne intereseaza pe noi, este in filesystem. O sa extragem tot ce este dupa 604396 cu dd-ul intr-o imagine. marian@pluto:~/work$ dd if=dd-wrt.v23_generic.bin bs=1 skip=604396 of=ddwrt.squashfs 2918164+0 records in 2918164+0 records out 2918164 bytes (2.9 MB) copied, 2.72447 s, 1.1 MB/s 7. Sa vedem cum arata imaginea extrasa cu dd-ul spre diferenta de cea originala. marian@pluto:~/work$ binwalk ddwrt.squashfs DECIMAL HEX DESCRIPTION ------------------------------------------------------------------------------------------------------------------- 0 0x0 Squashfs filesystem, little endian, version 2.1, size: 2912869 bytes, 793 inodes, blocksize: 65536 bytes, created: Sun Dec 25 17:00:26 2005 marian@pluto:~/work$ file ddwrt.squashfs ddwrt.squashfs: Squashfs filesystem, little endian, version 2.1, 2912869 bytes, 793 inodes, blocksize: 65536 bytes, created: Sun Dec 25 17:00:26 2005 De aici cred ca va puteti juca si voi (squashfs/unsquashfs). Sfanta documentatie o puteti gasi aici: Wiki | Binwalk Spor la joaca ;-)
-
Salut, Si la Severin ce faci ? Ca e cam frig de facut baie-n dunare acum.
-
Lasa-l asa maestre, e prefect! Il facem pe asta si aducem imbunatatiri mai bine. Decat versiunea aia alfa .. Si restul, nu va mai plangeti ca muierile. Au incercat baietii sa faca ceva si au platit si gramada de bani pe licenta. Ca nu a mers, asta nu e vina lor.
-
Spre diferenta de altii care sterg frecvent '.bash_history' sau altereaza environmentul astfel incat sa nu existe un istoric al comenzilor executate, eu prefer sa maresc dimensiunea acestuia si sa imi afiseze data exacta la care a fost data o comanda. Motivul este simplu, mai uit ce am facut pe acel server si am nevoie sa vad exact. Am adaugat in '~/.bashrc' urmatoarele linii: export HISTTIMEFORMAT="%d/%m/%y %T " export HISTFILESIZE=5000000 export HISTSIZE=5000000 Cam asa arata history default: macbook ~$ history 1 cat Documents/provision 2 cat Documents/status 3 echo 540+876+7320+54|bc 4 pico Work/ARM/echip/usr/src/sys.c 5 pico Work/ARM/echip/usr/src/sys.c 6 ssh root@ns.xxx.org macbook ~$ Asa arata pe un server cu history modificat: root@pluto:~# history ...... 329 03/04/14 21:39:18 tail -f /var/log/mail.log 330 03/04/14 21:39:18 cd /etc/amavis/ 331 03/04/14 21:39:18 ls 332 03/04/14 21:39:18 cd conf.d/ 333 03/04/14 21:39:18 ls 334 03/04/14 21:39:18 pico 01-debian 335 03/04/14 21:39:18 grep group * 336 03/04/14 21:39:18 pico 50-user 337 03/04/14 21:39:18 apt-get install libnet-dns-perl libmail-spf-query-perl pyzor razor 338 03/04/14 21:39:18 apt-get install arj 339 03/04/14 21:39:18 apt-get install unarj ......
-
Utilizez tot timpul tool-ul pagespeed de la google pentru a verifica site-urile mele. Dorind sa obtin un scor cat mai mare la pagespeed, am facut o functie bash si am introdus-o in '.bashrc'. Cu ajutorul acestei simple functii, pot optimiza automat toate imaginile din site. function optimizeaza() { echo "Optimize jpg/jpeg images ....." for i in `find $1 -type f -name *.jpg` ; do jpegoptim $i ; done echo "Optimize png images ....." for i in `find $1 -type f -name *.png` ; do optipng $i ; done } Cum functioneaza ? root@pluto:~# optimizeaza /home/marian/www/mywebsite.ro Cum arata output-ul ? Optimize jpg/jpeg images ..... /home/marian/www/mywebsite.ro/stuff/maunel2.jpg 640x426 24bit Exif IPTC ICC JFIF [OK] 87586 --> 85650 bytes (2.21%), optimized. /home/marian/www/mywebsite.ro/stuff/photo4.jpg 2592x1936 24bit Exif [OK] 1406815 --> 1393885 bytes (0.92%), optimized. /home/marian/www/mywebsite.ro/stuff/maunel.jpg 640x426 24bit Exif IPTC ICC JFIF [OK] 74139 --> 72027 bytes (2.85%), optimized. /home/marian/www/mywebsite.ro/devel/mediaplayer-4.4/preview.jpg 352x256 24bit JFIF [OK] 8295 --> 7602 bytes (8.35%), optimized. /home/marian/www/mywebsite.ro/lsgc/admin/themes/NCleanGrey/images/layout/body.jpg 1x300 24bit JFIF [OK] 338 --> 338 bytes (0.00%), skipped. /home/marian/www/mywebsite.ro/lsgc/admin/themes/NCleanGrey/docs/screenNCleanGrey.jpg 500x388 24bit JFIF [OK] 98373 --> 98373 bytes (0.00%), skipped. /home/marian/www/mywebsite.ro/lsgc/admin/themes/OneEleven/images/layout/cmsms-logo.jpg 205x69 24bit Exif Adobe [OK] 9858 --> 8988 bytes (8.83%), optimized. Optimize png images ..... OptiPNG 0.6.4: Advanced PNG optimizer. Copyright (C) 2001-2010 Cosmin Truta. ** Processing: /home/marian/www/mywebsite.ro/easypaypal/documents/DatabaseSchema.png 952x500 pixels, 3x8 bits/pixel, RGB Input IDAT size = 49464 bytes Input file size = 49611 bytes Trying: zc = 9 zm = 8 zs = 0 f = 0 IDAT size = 40765 Selecting parameters: zc = 9 zm = 8 zs = 0 f = 0 IDAT size = 40765 Output IDAT size = 40765 bytes (8699 bytes decrease) Output file size = 40840 bytes (8771 bytes = 17.68% decrease) ......... Avantaje ? - Incarcare mai rapida in browser si o parere mai buna a utilizatorilor. - Trafic mai mic - Pagespeed score mai mare. Va ajuta la SEO. Tool-uri utilizate: - jpegoptim => jpegoptim – Freecode - optipng => OptiPNG Home Page Pentru mai multe detalii, va rog sa cititi manualele tool-urilor. Daca aveti intrebari le puteti pune in acest thread.
-
Pentru a vedea la ce pachete este disponibil un update (fara apticon), puteti utiliza urmatoarele comenzi: Cu aptitude: aptitude search '~U' Cu apt-get: apt-get -s upgrade
-
Daca doriti sa fiti notificati atunci cand sunt disponibile update-uri la pachetele de pe Debian, puteti utiliza apticron. Apticron este un script bash ce este rulat din crontab si verifica daca exista upgrade-uri la pachetele instalate. In cazul in care exista, va trimite o notificare detaliata prin email. Este foarte customizabil si util. Instalarea acestuia se face foarte simplu: root@pluto:~# apt-get install apticron Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: apticron 0 upgraded, 1 newly installed, 0 to remove and 70 not upgraded. Need to get 20.1 kB of archives. After this operation, 88.1 kB of additional disk space will be used. Get:1 http://ftp.de.debian.org/debian/ wheezy/main apticron all 1.1.55 [20.1 kB] Fetched 20.1 kB in 0s (120 kB/s) Preconfiguring packages ... Selecting previously unselected package apticron. (Reading database ... 53927 files and directories currently installed.) Unpacking apticron (from .../apticron_1.1.55_all.deb) ... Processing triggers for man-db ... Setting up apticron (1.1.55) ... Creating config file /etc/apticron/apticron.conf with new version Creating config file /etc/cron.d/apticron with new version root@pluto:~# Am editat fisierul '/etc/apticron/apticron.conf' si l-am configurat dupa cum urmeaza: EMAIL="tex@myfuckingdomain.org" SYSTEM="pluto.myfuckingdomain.org" IPADDRESSNUM="1" CUSTOM_SUBJECT="Pluto Server - available update packages" CUSTOM_FROM="system@myfuckingdomain.org" Am sters fisierul '/etc/cron.d/apticron' si am adaugat in loc de el un crontab in '/etc/crontab' care sa ruleze la ora 10.30: root@pluto:~# rm -f /etc/cron.d/apticron root@pluto:~# echo "30 10 * * * root if test -x /usr/sbin/apticron; then /usr/sbin/apticron --cron; else true; fi" >> /etc/crontab Cam asa arata reportul trimis pe email: apticron report [Thu, 03 Apr 2014 23:24:38 +0100] ======================================================================== apticron has detected that some packages need upgrading on: pluto.myfuckingdomain.org [ 188.240.xx 94.177.xx 94.177.xx 188.240.xx ] The following packages are currently pending an upgrade: apache2.2-bin 2.2.22-13+deb7u1 apache2.2-common 2.2.22-13+deb7u1 apache2-mpm-prefork 2.2.22-13+deb7u1 apache2-prefork-dev 2.2.22-13+deb7u1 apache2-utils 2.2.22-13+deb7u1 apt 0.9.7.9+deb7u1 apt-utils 0.9.7.9+deb7u1 base-files 7.1wheezy4 curl 7.26.0-1+wheezy8 dropbox 1.6.1 gnupg 1.4.12-7+deb7u3 gpgv 1.4.12-7+deb7u3 libapache2-mod-php5 5.4.4-14+deb7u8 libapache2-mod-rpaf 0.6-7+wheezy1 libapt-inst1.5 0.9.7.9+deb7u1 libapt-pkg4.12 0.9.7.9+deb7u1 libavcodec53 6:0.8.10-1 libavformat53 6:0.8.10-1 libavutil51 6:0.8.10-1 libc6 2.13-38+deb7u1 libc6-dev 2.13-38+deb7u1 libc-bin 2.13-38+deb7u1 libc-dev-bin 2.13-38+deb7u1 libcurl3 7.26.0-1+wheezy8 libcurl3-gnutls 7.26.0-1+wheezy8 libexpat1 2.1.0-1+deb7u1 libexpat1-dev 2.1.0-1+deb7u1 libgnutls26 2.12.20-8+deb7u1 libmysqlclient18 5.5.35-rel33.0-611.wheezy libmysqlclient18.1 5.6.15-25.5-759.wheezy libmysqlclient-dev 5.6.15-25.5-759.wheezy libnet-server-perl 2.006-1+deb7u1 libperconaserverclient18 5.5.36-rel34.2-648.wheezy libpq5 9.1.12-0wheezy1 libpq-dev 9.1.12-0wheezy1 libpython2.7 2.7.3-6+deb7u2 librsvg2-2 2.36.1-2 librsvg2-common 2.36.1-2 libssl-doc 1.0.1e-2+deb7u4 libswscale2 6:0.8.10-1 linux-image-3.2.0-4-amd64 3.2.54-2 linux-libc-dev 3.2.54-2 locales 2.13-38+deb7u1 memcached 1.4.13-0.2+deb7u1 multiarch-support 2.13-38+deb7u1 mutt 1.5.21-6.2+deb7u2 openssl 1.0.1e-2+deb7u4 percona-server-client-5.5 5.5.36-rel34.2-648.wheezy percona-server-common-5.5 5.5.36-rel34.2-648.wheezy percona-server-server-5.5 5.5.36-rel34.2-648.wheezy php5 5.4.4-14+deb7u8 php5-cli 5.4.4-14+deb7u8 php5-common 5.4.4-14+deb7u8 php5-curl 5.4.4-14+deb7u8 php5-dev 5.4.4-14+deb7u8 php5-fpm 5.4.4-14+deb7u8 php5-gd 5.4.4-14+deb7u8 php5-intl 5.4.4-14+deb7u8 php5-mcrypt 5.4.4-14+deb7u8 php5-mysql 5.4.4-14+deb7u8 php5-sqlite 5.4.4-14+deb7u8 php5-sybase 5.4.4-14+deb7u8 php5-tidy 5.4.4-14+deb7u8 php5-xmlrpc 5.4.4-14+deb7u8 php5-xsl 5.4.4-14+deb7u8 php-pear 5.4.4-14+deb7u8 python2.7 2.7.3-6+deb7u2 python2.7-minimal 2.7.3-6+deb7u2 tzdata 2013i-0wheezy1 wget 1.13.4-3+deb7u1 whois 5.1.1~deb7u1 ======================================================================== Package Details: Reading changelogs... --- Changes for curl (curl libcurl3 libcurl3-gnutls) --- curl (7.26.0-1+wheezy8) wheezy-security; urgency=high * Fix re-use of wrong HTTP NTLM connection as per CVE-2014-0015 http://curl.haxx.se/docs/adv_20140129.html * Set urgency=high accordingly -- Alessandro Ghedini <ghedo@debian.org> Wed, 29 Jan 2014 19:01:03 +0100 curl (7.26.0-1+wheezy7) stable-security; urgency=high * Fix GnuTLS checking of a certificate CN or SAN name field when the digital signature verification is turned off as per CVE-2013-6422 http://curl.haxx.se/docs/adv_20131217.html * Set urgency=high accordingly -- Alessandro Ghedini <ghedo@debian.org> Wed, 11 Dec 2013 18:00:59 +0100 --- Changes for gnupg (gnupg gpgv) --- gnupg (1.4.12-7+deb7u3) wheezy-security; urgency=high * Fixed the RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis attack as described by Genkin, Shamir, and Tromer. See <http://www.cs.tau.ac.il/~tromer/acoustic/>. [CVE-2013-4576] -- Thijs Kinkhorst <thijs@debian.org> Sat, 14 Dec 2013 09:18:28 +0100 --- Changes for gnutls26 (libgnutls26) --- gnutls26 (2.12.20-8+deb7u1) wheezy-security; urgency=high * 38_CVE-2014-0092.diff by Nikos Mavrogiannopoulos: Fix certificate validation issue. CVE-2014-0092 -- Andreas Metzler <ametzler@debian.org> Sat, 01 Mar 2014 07:44:51 +0100 gnutls26 (2.12.20-8) wheezy-security; urgency=high * 26_fix_rejection-of-v1-intermedi.diff pulled and unfuzzed from GIT 3.x: A version 1 intermediate certificate will be considered as a CA certificate by default (something that deviates from the documented behavior). CVE-2014-1959 / GNUTLS-SA-2014-1 -- Andreas Metzler <ametzler@debian.org> Sat, 15 Feb 2014 18:27:37 +0100 --- Changes for linux (linux-image-3.2.0-4-amd64 linux-libc-dev) --- linux (3.2.54-2) wheezy; urgency=high * [arm] Ignore ABI change in omap_dsp_get_mempool_base (fixes FTBFS) -- dann frazier <dannf@debian.org> Sat, 01 Feb 2014 13:08:46 +0000 linux (3.2.54-1) wheezy; urgency=high * New upstream stable update: http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.54 - NFSv4: Fix a use-after-free situation in _nfs4_proc_getlk() - USB: mos7840: fix tiocmget error handling - ALSA: 6fire: Fix probe of multiple cards - can: c_can: Fix RX message handling, handle lost message before EOB - dm mpath: fix race condition between multipath_dtr and pg_init_done - ext4: avoid bh leak in retry path of ext4_expand_extra_isize_ea() - KVM: IOMMU: hva align mapping page size - crypto: s390 - Fix aes-cbc IV corruption - audit: printk USER_AVC messages when audit isn't enabled - audit: fix info leak in AUDIT_GET requests - audit: use nlmsg_len() to get message payload length - PM / hibernate: Avoid overflow in hibernate_preallocate_memory() - blk-core: Fix memory corruption if blkcg_init_queue fails - block: fix a probe argument to blk_register_region - SUNRPC: Fix a data corruption issue when retransmitting RPC calls - mwifiex: correct packet length for packets from SDIO interface - vsprintf: check real user/group id for %pK - ipc, msg: fix message length check for negative values - hwmon: (lm90) Fix max6696 alarm handling - rtlwifi: rtl8192cu: Fix more pointer arithmetic errors - setfacl removes part of ACL when setting POSIX ACLs to Samba - nfsd: make sure to balance get/put_write_access - nfsd4: fix xdr decoding of large non-write compounds (regression in 3.2.49) - NFSv4 wait on recovery for async session errors - powerpc/signals: Mark VSX not saved with small contexts - iscsi-target: fix extract_param to handle buffer length corner case - iscsi-target: chap auth shouldn't match username with trailing garbage - configfs: fix race between dentry put and lookup - [powerpc] signals: Improved mark VSX not saved with small contexts fix - mac80211: don't attempt to reorder multicast frames - Staging: zram: Fix access of NULL pointer - Staging: zram: Fix memory leak by refcount mismatch - irq: Enable all irqs unconditionally in irq_resume - tracing: Allow events to have NULL strings - [armhf/omap] Staging: tidspbridge: disable driver - cpuset: Fix memory allocator deadlock - crypto: authenc - Find proper IV address in ablkcipher callback - crypto: scatterwalk - Set the chain pointer indication bit - [s390] crypto: s390 - Fix aes-xts parameter corruption - crypto: ccm - Fix handling of zero plaintext when computing mac - net: update consumers of MSG_MORE to recognize MSG_SENDPAGE_NOTLAST (fixes regression in 3.2.17) - hpsa: do not discard scsi status on aborted commands - hpsa: return 0 from driver probe function on success, not 1 - [arm] 7912/1: check stack pointer in get_wchan - [arm] 7913/1: fix framepointer check in unwind_frame - ALSA: memalloc.h - fix wrong truncation of dma_addr_t - dm snapshot: avoid snapshot space leak on crash - dm table: fail dm_table_create on dm_round_up overflow - hwmon: (w83l786ng) Fix fan speed control mode setting and reporting - hwmon: (w83l768ng) Fix fan speed control range - futex: fix handling of read-only-mapped hugepages - KVM: Improve create VCPU parameter (CVE-2013-4587) - [x86] KVM: Fix potential divide by 0 in lapic (CVE-2013-6367) - net: Fix "ip rule delete table 256" (Closes: #724783) - 6lowpan: Uncompression of traffic class field was incorrect - ipv4: fix possible seqlock deadlock - inet: prevent leakage of uninitialized memory to user in recv syscalls - net: rework recvmsg handler msg_name and msg_namelen logic - net: add BUG_ON if kernel advertises msg_namelen > sizeof(struct sockaddr_storage) - inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu functions - ipv6: fix leaking uninitialized port number of offender sockaddr - net: core: Always propagate flag changes to interfaces - packet: fix use after free race in send path when dev is released - inet: fix possible seqlock deadlocks - ipv6: fix possible seqlock deadlock in ip6_finish_output2 - ftrace: Check module functions being traced on reload - ftrace: Fix function graph with loading of modules - mmc: block: fix a bug of error handling in MMC driver [ Ben Hutchings ] * SCSI: virtio_scsi: fix memory leak on full queue condition (Closes: #730138) * drm, agp: Update to 3.4.76: - drm/radeon: fix asic gfx values for scrapper asics - drm/edid: add quirk for BPC in Samsung NP700G7A-S01PL notebook - drm/radeon: fixup bad vram size on SI [ dann frazier ] * ath9k_htc: properly set MAC address and BSSID mask (CVE-2013-4579) * KVM: x86: Convert vapic synchronization to _cached functions (CVE-2013-6368) * x86, fpu, amd: Clear exceptions in AMD FXSAVE workaround (CVE-2014-1438) * hamradio/yam: fix info leak in ioctl (CVE-2014-1446) -- dann frazier <dannf@debian.org> Wed, 29 Jan 2014 13:42:01 -0700 linux (3.2.53-2) wheezy; urgency=high * [sparc] Ignore insignificant ABI changes (fixes FTBFS) * [powerpc] Update CPU device backport to work after 'powerpc/sysfs: Disable writing to PURR in guest mode' in 3.2.52 (fixes FTBFS) * exec/ptrace: Fix typo in backport of 'fix get_dumpable() incorrect tests' (CVE-2013-2929) (Closes: #732208) * net: Fix infinite loop in in skb_flow_dissect() (CVE-2013-4348) -- Ben Hutchings <ben@decadent.org.uk> Tue, 17 Dec 2013 03:24:07 +0000 linux (3.2.53-1) wheezy; urgency=medium * New upstream stable update: http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.52 - 8139cp: Add dma_mapping_error checking - ipv6: drop packets with multiple fragmentation headers - ipv6: Don't depend on per socket memory for neighbour discovery messages - HID: hidraw: correctly deallocate memory on device disconnect - xen-gnt: prevent adding duplicate gnt callbacks - usb: config->desc.bLength may not exceed amount of data returned by the device - USB: cdc-wdm: fix race between interrupt handler and tasklet - [powerpc] Handle unaligned ldbrx/stdbrx - intel-iommu: Fix leaks in pagetable freeing - ath9k: fix rx descriptor related race condition - ath9k: avoid accessing MRC registers on single-chain devices - rculist: list_first_or_null_rcu() should use list_entry_rcu() - USB: mos7720: fix big-endian control requests - of: Fix missing memory initialization on FDT unflattening - fuse: postpone end_page_writeback() in fuse_writepage_locked() - fuse: invalidate inode attributes on xattr modification - fuse: hotfix truncate_pagecache() issue - hdpvr: register the video node at the end of probe - hdpvr: fix iteration over uninitialized lists in hdpvr_probe() - fuse: readdir: check for slash in names - crypto: api - Fix race condition in larval lookup - sd: Fix potential out-of-bounds access - ocfs2: fix the end cluster offset of FIEMAP - mm/huge_memory.c: fix potential NULL pointer dereference - sched/fair: Fix small race where child->se.parent,cfs_rq might point to invalid ones - HID: zeroplus: validate output report details (CVE-2013-2889) - HID: LG: validate HID output report details (CVE-2013-2893) - HID: validate feature and input report details (CVE-2013-2897) - HID: logitech-dj: validate output report details (CVE-2013-2895) - nilfs2: fix issue with race condition of competition between segments for dirty blocks - powerpc: Fix parameter clobber in csum_partial_copy_generic() - powerpc: Restore registers on error exit from csum_partial_copy_generic() - net: sctp: fix smatch warning in sctp_send_asconf_del_ip - net: sctp: fix ipv6 ipsec encryption bug in sctp_v6_xmit (CVE-2013-4350) - ip: generate unique IP identificator if local fragmentation is allowed - ipv6: udp packets following an UFO enqueued packet need also be handled by UFO (CVE-2013-4387) - esp_scsi: Fix tag state corruption when autosensing. - [sparc] Fix not SRA'ed %o5 in 32-bit traced syscall - perf: Use css_tryget() to avoid propping up css refcount - Revert "zram: use zram->lock to protect zram_free_page() in swap free notify path" (regression in 3.2.49) - macvtap: do not zerocopy if iov needs more pages than MAX_SKB_FRAGS - sfc: Fix efx_rx_buf_offset() for recycled pages - cgroup: fail if monitored file and event_control are in different cgroup - perf: Fix perf_cgroup_switch for sw-events - Revert "sctp: fix call to SCTP_CMD_PROCESS_SACK in sctp_cmd_interpreter()" (regression in 3.2.34) - iscsi: don't hang in endless loop if no targets present - cpqarray: fix info leak in ida_locked_ioctl() (CVE-2013-2147) - cciss: fix info leak in cciss_ioctl32_passthru() (CVE-2013-2147) - staging: comedi: ni_65xx: (bug fix) confine insn_bits to one subdevice http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.53 - tcp: must unclone packets before mangling them - tcp: do not forget FIN in tcp_shifted_skb() (fixes regression in 2.6.39) - net: do not call sock_put() on TIMEWAIT sockets - net: heap overflow in __audit_sockaddr() - proc connector: fix info leaks - ipv6: restrict neighbor entry creation to output flow (fixes regression in 3.2.39) - farsync: fix info leak in ioctl - connector: use nlmsg_len() to check message length - wanxl: fix info leak in ioctl - net: unix: inherit SOCK_PASS{CRED, SEC} flags from socket to fix race (fixes regression in 3.2) - net: fix cipso packet validation when !NETLABEL - zram: allow request end to coincide with disksize - perf: Fix perf ring buffer memory ordering - inet: fix possible memory corruption with UDP_CORK and UFO (CVE-2013-4470) - tracing: Fix potential out-of-bounds in trace_get_user() - include/linux/fs.h: disable preempt when acquire i_size_seqcount write lock - jfs: fix error path in ialloc - random: run random_int_secret_init() run after all late_initcalls - mac80211: drop spoofed packets in ad-hoc mode - libata: make ata_eh_qc_retry() bump scmd->allowed on bogus failures - [powerpc] KVM: PPC: Book3S HV: Fix typo in saving DSCR - compiler/gcc4: Add quirk for 'asm goto' miscompilation bug - ext4: fix memory leak in xattr - [hppa] fix interruption handler to respect pagefault_disable() - dm snapshot: fix data corruption (CVE-2013-4299) - ecryptfs: Fix memory leakage in keystore.c - target/pscsi: fix return value check - Fix a few incorrectly checked [io_]remap_pfn_range() calls (CVE-2013-4511) - uml: check length in exitcode_proc_write() (CVE-2013-4512) - aacraid: missing capable() check in compat ioctl - staging: wlags49_h2: buffer overflow setting station name - Staging: bcm: info leak in ioctl - lib/scatterlist.c: don't flush_kernel_dcache_page on slab page * [armel/orion5x] i2c: mv64xxx: work around signals causing I2C transactions to be aborted * [armel/orion5x] I2C: mv64xxx: fix race between FSM/interrupt and process context (Closes: #622325) * aufs: Set version to 3.2.x-debian * drm: fix DRM_IOCTL_MODE_GETFB handle-leak * drm, agp: Update to 3.4.72: - drm/edid: add quirk for Medion MD30217PG - drm/ttm: fix the tt_populated check in ttm_tt_destroy() - drm/radeon: fix LCD record parsing - drm/radeon: fix endian bugs in hw i2c atom routines - drm/radeon: update line buffer allocation for dce4.1/5 - drm/radeon: update line buffer allocation for dce6 - drm/radeon: fix resume on some rs4xx boards (v2) - drm/radeon: fix handling of variable sized arrays for router objects - drm/radeon/atom: workaround vbios bug in transmitter table on rs880 (v2) - drm/i915/dp: increase i2c-over-aux retry interval on AUX DEFER - drm/radeon: disable tests/benchmarks if accel is disabled - drm/radeon: fix hw contexts for SUMO2 asics - drm: Prevent overwriting from userspace underallocating core ioctl structs - drm/radeon/atom: workaround vbios bug in transmitter table on rs780 - drm/ttm: Handle in-memory region copies - drm/i915: flush cursors harder - drm/nouveau: when bailing out of a pushbuf ioctl, do not remove previous fence - drm/radeon/si: fix define for MC_SEQ_TRAIN_WAKEUP_CNTL - radeon: workaround pinning failure on low ram gpu * [rt] Update to 3.2.53-rt75: - genirq: Set the irq thread policy without checking CAP_SYS_NICE - hwlat-detector: Don't ignore threshold module - mm/memcontrol: Don't call schedule_work_on in preemption disabled context - drm: remove preempt_disable() from drm_calc_vbltimestamp_from_scanoutpos() * net: clamp ->msg_namelen instead of returning an error (fixes regression in 3.2.53) * rds: prevent BUG_ON triggered on congestion update to loopback (CVE-2012-2372) * HID: multitouch: validate indexes details (CVE-2013-2897) * exec/ptrace: fix get_dumpable() incorrect tests (CVE-2013-2929) * crypto: ansi_cprng - Fix off by one error in non-block size request (CVE-2013-4345) * KVM: perform an invalid memslot step for gpa base change * KVM: Fix iommu map/unmap to handle memory slot moves (CVE-2013-4592) * [armhf] 7527/1: uaccess: explicitly check __user pointer when !CPU_USE_DOMAINS (CVE-2013-6282) * libertas: potential oops in debugfs (CVE-2013-6378) * aacraid: prevent invalid pointer dereference (CVE-2013-6380) * [s390,s390x] qeth: avoid buffer overflow in snmp ioctl (CVE-2013-6381) * xfs: underflow bug in xfs_attrlist_by_handle() (CVE-2013-6382) -- Ben Hutchings <ben@decadent.org.uk> Fri, 06 Dec 2013 07:23:56 +0000 --- Changes for memcached --- memcached (1.4.13-0.2+deb7u1) wheezy-security; urgency=high * Non-maintainer upload by the Security Team. * Add 06_CVE-2011-4971.patch patch. CVE-2011-4971: Fix remote denial of service. Sending a specially crafted packet cause memcached to segfault. (Closes: #706426) * Add 07_CVE-2013-7239.patch patch. CVE-2013-7239: SASL authentication allows wrong credentials to access memcache. (Closes: #733643) -- Salvatore Bonaccorso <carnil@debian.org> Mon, 30 Dec 2013 17:47:44 +0100 --- Changes for mutt --- mutt (1.5.21-6.2+deb7u2) wheezy-security; urgency=high * Non-maintainer upload. * Fix buffer overrun caused by not updating a string length after address expansion. Fixes: CVE-2014-0467 Closes: #708731 -- Evgeni Golov <evgeni@debian.org> Tue, 11 Mar 2014 18:31:30 +0100 --- Changes for postgresql-9.1 (libpq5 libpq-dev) --- postgresql-9.1 (9.1.12-0wheezy1) wheezy-security; urgency=high * New upstream security/bugfix release. + Shore up GRANT ... WITH ADMIN OPTION restrictions (Noah Misch) Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a role member can revoke the access of others, contrary to the wishes of his grantor. Unapproved role member additions are a lesser concern, since an uncooperative role member could provide most of his rights to others anyway by creating views or SECURITY DEFINER functions. (CVE-2014-0060) + Prevent privilege escalation via manual calls to PL validator functions (Andres Freund) The primary role of PL validator functions is to be called implicitly during CREATE FUNCTION, but they are also normal SQL functions that a user can call explicitly. Calling a validator on a function actually written in some other language was not checked for and could be exploited for privilege-escalation purposes. The fix involves adding a call to a privilege-checking function in each validator function. Non-core procedural languages will also need to make this change to their own validator functions, if any. (CVE-2014-0061) + Avoid multiple name lookups during table and index DDL (Robert Haas, Andres Freund) If the name lookups come to different conclusions due to concurrent activity, we might perform some parts of the DDL on a different table than other parts. At least in the case of CREATE INDEX, this can be used to cause the permissions checks to be performed against a different table than the index creation, allowing for a privilege escalation attack. (CVE-2014-0062) + Prevent buffer overrun with long datetime strings (Noah Misch) The MAXDATELEN constant was too small for the longest possible value of type interval, allowing a buffer overrun in interval_out(). Although the datetime input functions were more careful about avoiding buffer overrun, the limit was short enough to cause them to reject some valid inputs, such as input containing a very long timezone name. The ecpg library contained these vulnerabilities along with some of its own. (CVE-2014-0063) + Prevent buffer overrun due to integer overflow in size calculations (Noah Misch, Heikki Linnakangas) Several functions, mostly type input functions, calculated an allocation size without checking for overflow. If overflow did occur, a too-small buffer would be allocated and then written past. (CVE-2014-0064) + Prevent overruns of fixed-size buffers (Peter Eisentraut, Jozef Mlich) Use strlcpy() and related functions to provide a clear guarantee that fixed-size buffers are not overrun. Unlike the preceding items, it is unclear whether these cases really represent live issues, since in most cases there appear to be previous constraints on the size of the input string. Nonetheless it seems prudent to silence all Coverity warnings of this type. (CVE-2014-0065) + Avoid crashing if crypt() returns NULL (Honza Horak, Bruce Momjian) There are relatively few scenarios in which crypt() could return NULL, but contrib/chkpass would crash if it did. One practical case in which this could be an issue is if libc is configured to refuse to execute unapproved hashing algorithms (e.g., "FIPS mode"). (CVE-2014-0066) + Document risks of make check in the regression testing instructions (Noah Misch, Tom Lane) Since the temporary server started by make check uses "trust" authentication, another user on the same machine could connect to it as database superuser, and then potentially exploit the privileges of the operating-system user who started the tests. A future release will probably incorporate changes in the testing procedure to prevent this risk, but some public discussion is needed first. So for the moment, just warn people against using make check when there are untrusted users on the same machine. (CVE-2014-0067) * The upstream tarballs no longer contain a plain HISTORY file, but point to the html documentation. Note the location of these files in our changelog.gz file. -- Christoph Berg <christoph.berg@credativ.de> Thu, 20 Feb 2014 13:34:54 +0100 postgresql-9.1 (9.1.11-0wheezy1) stable; urgency=low * New upstream bug fix release: - Fix "VACUUM"'s tests to see whether it can update relfrozenxid In some cases "VACUUM" (either manual or autovacuum) could incorrectly advance a table's relfrozenxid value, allowing tuples to escape freezing, causing those rows to become invisible once 2^31 transactions have elapsed. The probability of data loss is fairly low since multiple incorrect advancements would need to happen before actual loss occurs, but it's not zero. Users upgrading from releases 9.0.4 or 8.4.8 or earlier are not affected, but all later versions contain the bug. The issue can be ameliorated by, after upgrading, vacuuming all tables in all databases while having vacuum_freeze_table_age set to zero. This will fix any latent corruption but will not be able to fix all pre-existing data errors. However, an installation can be presumed safe after performing this vacuuming if it has executed fewer than 2^31 update transactions in its lifetime (check this with SELECT txid_current() < 2^31). - Fix initialization of "pg_clog" and "pg_subtrans" during hot standby startup This bug can cause data loss on standby servers at the moment they start to accept hot-standby queries, by marking committed transactions as uncommitted. The likelihood of such corruption is small unless, at the time of standby startup, the primary server has executed many updating transactions since its last checkpoint. Symptoms include missing rows, rows that should have been deleted being still visible, and obsolete versions of updated rows being still visible alongside their newer versions. This bug was introduced in versions 9.3.0, 9.2.5, 9.1.10, and 9.0.14. Standby servers that have only been running earlier releases are not at risk. It's recommended that standby servers that have ever run any of the buggy releases be re-cloned from the primary (e.g., with a new base backup) after upgrading. - See HISTORY/changelog.gz for details about other bug fixes. -- Martin Pitt <mpitt@debian.org> Thu, 05 Dec 2013 06:28:57 +0100 postgresql-9.1 (9.1.10-0wheezy1) stable; urgency=low * New upstream bug fix release. See HISTORY/changelog.gz for details. (No security or critical issues this time.) -- Martin Pitt <mpitt@debian.org> Tue, 15 Oct 2013 11:49:53 +0200 --- Changes for apache2 (apache2.2-bin apache2.2-common apache2-mpm-prefork apache2-prefork-dev apache2-utils) --- apache2 (2.2.22-13+deb7u1) wheezy; urgency=medium Low impact security fixes: * CVE-2013-1862: mod_rewrite: Ensure that client data written to the RewriteLog is escaped to prevent terminal escape sequences from entering the log file. Closes: #722333 * CVE-2013-1896: mod_dav: denial of service via MERGE request. Closes: #717272 * mod_dav: Fix segfaults in certain error conditions. https://issues.apache.org/bugzilla/show_bug.cgi?id=52559 * Make apache2ctl create the necessary directories even if started with special options for apache2. Closes: #731531 * Adjust paragraph in README.Debian about MaxMemFree not working properly. The issue has been fixed with apr 1.4.5-1. -- Stefan Fritsch <sf@debian.org> Fri, 31 Jan 2014 19:43:07 +0100 --- Changes for openssl (libssl-doc openssl) --- openssl (1.0.1e-2+deb7u4) stable; urgency=medium * enable ec_nistp_64_gcc_128 on *-amd64 (Closes: #698447) * Enable assembler for the arm targets, and remove armeb. Patch by Riku Voipio <riku.voipio@iki.fi> (Closes: #676533) -- Kurt Roeckx <kurt@roeckx.be> Sat, 01 Feb 2014 21:25:20 +0100 openssl (1.0.1e-2+deb7u3) stable-security; urgency=medium * Don't change version number if session established -- Kurt Roeckx <kurt@roeckx.be> Mon, 06 Jan 2014 20:28:20 +0100 openssl (1.0.1e-2+deb7u2) stable-security; urgency=medium * The patch we applied for CVE-2013-6450 was causing segfaults, also apply the previous commit checking for NULL in EVP_MD_CTX_destroy() * Fix for TLS record tampering bug CVE-2013-4353 -- Kurt Roeckx <kurt@roeckx.be> Mon, 06 Jan 2014 18:17:13 +0100 openssl (1.0.1e-2+deb7u1) stable-security; urgency=medium * Fix CVE-2013-6449 (Closes: #732754) * Fix CVE-2013-6450 * disable rdrand by default. It was used as only source of entropy when available. (Closes: #732710) * Disable Dual EC DRBG. -- Kurt Roeckx <kurt@roeckx.be> Mon, 23 Dec 2013 17:47:19 +0100 --- Changes for whois --- whois (5.1.1~deb7u1) proposed-updates; urgency=low * Rebuilt for wheezy. -- Marco d'Itri <md@linux.it> Sat, 11 Jan 2014 03:16:43 +0100 whois (5.1.1) unstable; urgency=medium * Added the servers for 29 "new" gTLDs. -- Marco d'Itri <md@linux.it> Sat, 11 Jan 2014 00:51:05 +0100 whois (5.1.0) unstable; urgency=low * Added the .ga, .ml, .pf, .xn--l1acc (.???, Mongolia) and .xn--mgba3a4f16a (.?????, Iran) TLD servers. * Added the servers for 54 "new" gTLDs. * Updated the .bw, .gd, .hn, .sb, .xn--j1amh and .xn--mgberp4a5d4ar TLD servers. * Added new RIPE and APNIC ASN allocations. * Removed the .ck TLD server. * Updated one or more translations. * Applied multiple small fixes contributed by Petr Písa? of Red Hat. * Correctly hide the disclaimers for .be and .sx. (Closes: #729366) * Direct queries for private ASN blocks to RIPE. (Closes: #724661) -- Marco d'Itri <md@linux.it> Thu, 26 Dec 2013 10:05:43 +0100 whois (5.0.26) unstable; urgency=low * Added the .cf TLD server. * Updated the .bi TLD server. * Added a new ASN allocation. -- Marco d'Itri <md@linux.it> Wed, 17 Jul 2013 00:48:12 +0200 whois (5.0.25) unstable; urgency=low * Added the .ax, .bn, .iq, .pw and .rw TLD servers. * Updated one or more translations. -- Marco d'Itri <md@linux.it> Fri, 10 May 2013 05:13:47 +0200 whois (5.0.24) unstable; urgency=low * Merged documentation fixes and the whois.conf(5) man page, courtesy of Petr Písa? of Red Hat. * Added a new ASN allocation. * Updated one or more translations. (Closes: #705163) -- Marco d'Itri <md@linux.it> Thu, 18 Apr 2013 03:36:17 +0200 --- Changes for apt (apt apt-utils libapt-inst1.5 libapt-pkg4.12) --- apt (0.9.7.9+deb7u1) wheezy; urgency=low * Non-maintainer upload. * Apply patch for large .debs (Closes: #725483) Thanks Mark Hymers for the patch, Vincent Sanders for the review * Apply patch for strict multi-arch checking in single-architecture environments (Closes: #723586) -- Jonathan Wiltshire <jmw@debian.org> Sat, 16 Nov 2013 11:14:39 +0000 --- Changes for base-files --- base-files (7.1wheezy4) stable; urgency=low * Changed /etc/debian_version to 7.4, for Debian 7.4 point release. -- Santiago Vila <sanvila@debian.org> Tue, 28 Jan 2014 11:49:40 +0100 base-files (7.1wheezy3) stable; urgency=low * Changed /etc/debian_version to 7.3, for Debian 7.3 point release. -- Santiago Vila <sanvila@debian.org> Wed, 04 Dec 2013 12:30:04 +0100 --- Changes for dropbox --- dropbox (1.6.1) stable; urgency=low * Initial Release, This package doesn't use a changelog -- Rian Hunter <rian@dropbox.com> Wed, 18 Dec 2013 09:08:46 -0800 --- Changes for eglibc (libc6 libc6-dev libc-bin libc-dev-bin locales multiarch-support) --- eglibc (2.13-38+deb7u1) wheezy; urgency=low [ Aurelien Jarno ] * debian/testsuite-checking/compare.sh: disable failing the build on test regressions to ease the pain of ongoing stable/security maintenance. * patches/any/cvs-CVE-2012-44xx.diff: backport overflow fixes in strcoll, addressing CVE-2012-4412 and CVE-2012-4424 (Closes: #687530, #689423). * patches/any/CVE-2013-0242.diff: backport buffer overrun fix in regexp matcher, addressing CVE-2013-0242 (Closes: #699399). * patches/cvs-CVE-2013-1914.diff: backport stack overflow fixes in getaddrinfo(), addressing CVE-2013-1914 (Closes: #704623). * patches/any/cvs-CVE-2013-4237.diff: backport buffer overwrite fix in readdir_r for file systems returning file names longer than NAME_MAX characters, addressing CVE-2013-4237 (Closes: #719558). patches/kfreebsd/local-readdir_r.diff: remove superseded by the CVE patch. * patches/any/cvs-CVE-2013-4332.diff: backport integer overflow fixes in pvalloc, valloc, posix_memalign, memalign and aligned_alloc functions, addressing CVE-2013-4332 (Closes: #722536). * patches/any/cvs-CVE-2013-4458.diff: backport stack (frame) overflow fixes in getaddrinfo() when called with AF_INET6, addressing CVE-2013-4458 (Closes: #727181). * patches/any/cvs-CVE-2013-4788.diff: backport patch to fix PTR_MANGLE ineffectivity for statically linked binaries, addressing CVE-2013-4788 (Closes: #717178). *** Note that static binaries need to be recompiled to take advantage of the fix ***. * patches/any/cvs-findlocale-div-by-zero.diff: patch from upstream to fix a SIGFPE when locale-archive has been corrupted to all zeros (Closes: #718890, #730336). * patches/mips/cvs-prlimit64.diff: patch from upstream to fix getrlimit64 and setrlimit64 with recent 64-bit kernels (Closes: #665897). [ Petr Salinger ] * patches/kfreebsd/local-initgroups-order.diff: always put supplied extra gid as the first entry of group list in setgroups(). Closes: #699593. * inline is not keyword in c89 mode, use __inline. Closes: #704598. * sys_ktimer_settime have 4 parameters. Closes: #712196. -- Aurelien Jarno <aurel32@debian.org> Thu, 05 Dec 2013 23:19:48 +0100 --- Changes for expat (libexpat1 libexpat1-dev) --- expat (2.1.0-1+deb7u1) wheezy; urgency=low [ Matthias Klose ] * Don't ship the pkgconfig file in lib64expat1-dev. Closes: #706932. [ Laszlo Boszormenyi (GCS) ] * New maintainer (closes: #660681). -- Andreas Beckmann <anbe@debian.org> Thu, 05 Dec 2013 12:39:53 +0100 --- Changes for libapache2-mod-rpaf --- libapache2-mod-rpaf (0.6-7+wheezy1) stable; urgency=low * Restore 030_ipv6.patch, removed by QA upload in 0.6-1 (Closes: #726529) -- Sergey B Kirpichev <skirpichev@gmail.com> Mon, 20 Jan 2014 17:56:07 +0400 --- Changes for libav (libavcodec53 libavformat53 libavutil51 libswscale2) --- libav (6:0.8.10-1) stable-security; urgency=low * Imported Upstream version 0.8.9, new releases fixes: - CVE-2013-0855, CVE-2013-0856, CVE-2013-0865, CVE-2013-4358, CVE-2013-7010, CVE-2013-7014 * Too many security related upstream changes to list here, please cf. to upstream changelog: http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.9 -- Reinhard Tartler <siretart@tauware.de> Tue, 04 Feb 2014 20:09:57 -0500 --- Changes for libnet-server-perl --- libnet-server-perl (2.006-1+deb7u1) wheezy; urgency=low * Team upload. * Add fix-use-of-uninitialized-value-in-pattern-match.patch. Fixes use of uninitialized value in pattern match. This in particular affects munin-nodes under wheezy. Logs are spammed with entries: "Use of uninitialized value in pattern match (m//) at /usr/share/perl5/Net/Server.pm line 600.". (Closes: #693320) -- Salvatore Bonaccorso <carnil@debian.org> Thu, 28 Nov 2013 12:31:37 +0100 --- Changes for librsvg (librsvg2-2 librsvg2-common) --- librsvg (2.36.1-2) stable; urgency=low [ Raphaël Geissert ] * Fix CVE-2013-1881: disable loading of external entities. Closes: #724741. [ Josselin Mouette ] * Break libgtk-3-0 (<< 3.4.2-7) which uses the anti-feature that is disabled by the security fix. -- Josselin Mouette <joss@debian.org> Wed, 04 Dec 2013 21:08:25 +0100 --- Changes for percona-server-5.5 (libmysqlclient18 percona-server-client-5.5 percona-server-common-5.5 percona-server-server-5.5) --- percona-server-5.5 (5.5.36-rel34.2-648.wheezy) wheezy; urgency=low * Update distribution -- Jenkins User <jenkins@debian> Mon, 24 Mar 2014 12:09:43 -0400 percona-server-5.5 (5.5.36-34.2-1) unstable; urgency=low * Update to new upstream release Percona Server 5.5.36-34.2 -- Jenkins User <jenkins@debian> Mon, 24 Mar 2014 12:03:33 -0400 --- Changes for percona-xtradb-cluster-5.6 (libmysqlclient18.1 libmysqlclient-dev) --- percona-xtradb-cluster-5.6 (5.6.15-25.5-759.wheezy) wheezy; urgency=low * Update distribution -- Raghavendra Prabhu <raghavendra.prabhu@percona.com> Thu, 20 Mar 2014 06:39:36 -0400 percona-xtradb-cluster-5.6 (5.6.15-rel62.0) unstable; urgency=low * Release bump. -- Raghavendra Prabhu <raghavendra.prabhu@percona.com> Thu, 30 Jan 2014 17:00:00 -0300 percona-xtradb-cluster-5.6 (5.6.15-rel62.0) unstable; urgency=low * Updated to 5.6.15. -- Raghavendra Prabhu <raghavendra.prabhu@percona.com> Wed, 14 Dec 2013 17:00:00 -0300 --- Changes for php5 (libapache2-mod-php5 php5 php5-cli php5-common php5-curl php5-dev php5-fpm php5-gd php5-intl php5-mcrypt php5-mysql php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl php-pear) --- php5 (5.4.4-14+deb7u8) wheezy-security; urgency=low * [CVE-2014-1943]: Fix segmentation fault in libmagic (Closes: #739012) -- Ond?ej Surý <ondrej@debian.org> Mon, 17 Feb 2014 10:07:18 +0100 php5 (5.4.4-14+deb7u7) wheezy-security; urgency=low * [CVE-2013-6420]: Fix memory corruption in openssl_x509_parse (Closes: #731895) * [CVE-2013-6712]: Fix heap buffer over-read in DateInterval (Closes: #731112) -- Ond?ej Surý <ondrej@debian.org> Thu, 12 Dec 2013 09:28:14 +0100 php5 (5.4.4-14+deb7u6) stable; urgency=low [ William Dauchy ] * upstream fix: curl memory leak (Closes: #725868) * upstream fix: allow root to run php-fpm (Closes: #725890) * upstream fix: remove annoying warnings with php-fpm and user usage (Closes: #725972) * upstream fix: memoryleak in function declaration (Closes: #726033) * upstream fix: munmap() is called with the incorrect length (Closes: #726037) * upstream fix: segfault on zend_deactivate (Closes: #726295) * upstream fix: Possible null dereference (Closes: #726320) * upstream fix: Phar::buildFromDirectory creates corrupt archives (Closes: #726379) * upstream fix: segfault while loading extensions (Closes: #726627) * upstream fix: (un)serialize() leaves dangling pointers, causes crashes (Closes: #726633) -- Ond?ej Surý <ondrej@debian.org> Tue, 22 Oct 2013 08:33:07 +0200 --- Changes for python2.7 (libpython2.7 python2.7 python2.7-minimal) --- python2.7 (2.7.3-6+deb7u2) stable-security; urgency=low * Fix installation of modules in python2.7-minimal, thanks to Jakub Wilk for the analysis -- Moritz Mühlenhoff <jmm@debian.org> Wed, 12 Mar 2014 23:45:44 +0100 python2.7 (2.7.3-6+deb7u1) stable-security; urgency=low * CVE-2014-1912, CVE-2013-4238 -- Moritz Mühlenhoff <jmm@debian.org> Wed, 05 Mar 2014 00:18:28 +0100 --- Changes for tzdata --- tzdata (2013i-0wheezy1) stable; urgency=low * New upstream version. * Remove solar87, solar88 and solar89 from the list of timezones, as they have been removed upstream. -- Aurelien Jarno <aurel32@debian.org> Sun, 26 Jan 2014 19:33:55 +0000 tzdata (2013h-0wheezy1) stable; urgency=low * New upstream version. -- Aurelien Jarno <aurel32@debian.org> Sat, 07 Dec 2013 15:06:58 +0100 --- Changes for wget --- wget (1.13.4-3+deb7u1) stable-proposed-updates; urgency=low * backported TLS Server Name Indication (SNI) to stable (patches/wget-tls-sni) from wget 1.14 http://git.savannah.gnu.org/cgit/wget.git/commit/?id=fd582e454378db9a1e218acf79f24fbe042bed98 closes: #653267 -- Noël Köthe <noel@debian.org> Sat, 1 Feb 2014 20:29:14 +0100 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on pluto.myfuckingdomain.org -- apticron
-
// Update: e doar un server Xeon 3065 @ 2.33 GHz 2 Core, 4MB L2 Cache 2 x 160 GB SATA2, Raid 1 Mirror Memory: 8 GB Monthly traffic: 20 TB Network Port Speed: 100Mbps 2 IP Addresses included with custom reverse DNS Monthly cost: 35 euro Setup fee: 50 euro // s-a dat imediat.
-
Nu auzi ma ca nu face simlink in filesystem. El face la firma. ln -s /bulevard/firma /home/sickspawn/simlink Haterilor, poate va dau un flood dinala de va tremura pijamaua-n cur la drum de seara
-
Pentru un avocat spamer cu care m-am certat: Aici e history la site: CASA DE AVOCATURA COLTUC | COLTUC MARIUS VICENTIU | COLTUC Stand in cur langa un nuc, Si tragand dintr-un trabuc Iata, apare un Coltuc, Ce mananca dintr-un muc. Si suge dintr-un ciubuc ;-)) Este neam de avocat, Dar, ... cam calca in cacat, Da cu spam-ul de-ti indoaie, Si pula pe langa coaie. El din frageda pruncie, E Labar de meserie, A-nvatat legea si scopul, Sa-i fut mama si norocul. Iar nevasta-sa cea grasa, Sa ma suga pe sub masa. Sa ma mangaie la coaie, Pana incepe sa se-nmoaie ;-)) Tu Coltuc mareata stea, Ai ajuns la pula mea. Iti fac site-uri, poezii, Iti trag muie, Sa te tii! Nu vreau bani, nici spam-uri multe Vreau pe ma-ta, de se fute. Sa-i plantez un copilas Din pula de ingineras ;-)) Acum inchei, ca ma grabesc, O sa revin, si nu gresesc. Iti las si pula amanet, S-o mulgi Suav, ca esti pamflet.
-
@alexu: Daca ai backup la el, iti dau eu hosting pt. el (gratis). Ti-l pot face deseara cand ajung acasa.
-
Nu cred. Ele folosesc "protocol VOIP" ** si trebuiesc conectate la un VOIP Gateway. Poti folosi o platforma open source instalata pe un server facut dintr-un mini-pc sau poti cumpara un voip gateway. Cea mai buna si mai ieftina varianta ar fi sa faci un abonament voip si ai convorbiri nelimitate in retea. ** Voip nu este un protocol defapt, m-am exprimat asa sa intelegi.