Just a place to be!
Cause the subject, I did build a new package which can be installed on etch, lenny and of course sid. You can fetch it from http://ftp.cyconet.org/debian/archive/bpo/wordpress/2.5.1-1~bpo40+1/ or get via
deb http://ftp.cyconet.org/debian etch-backports main non-free contrib
Selfnote: Dump the wordpress user into separate domU
This Tuesday Robert Felber released a new upstream version. It is a (local) security bugfix (and some minor fixes) which was reported on Sunday by Chris Howells to the Debian Security Team (as well as to other vendors). Today DSA-1531 was released.
Right from the DSA:
“… created its socket in an insecure way, which may be exploited to overwrite or remove arbitary files from the local system.”
So please update you systems if you use this package asap.
While we are at policyd-weight… there is one bug open (#471645) where I’m unsure if I want to fix it, cause only stable is effected and the problem can be solved by providing a adjusted array of rbl in the config file. Should I ask for inclusion directly into stable? But it’s a really minor issue. Or try to get 0.1.14.15 uploaded to volatile? I’m really unsure and suggestions are welcome.
Since some weeks I’m really busy, private and at work. It’s going into the end of the year and everybody is in hurry. There seems also coming some changes for our family down the road in the future, but more maybe later. Additionally one months ago Santiago Ruano Rincón did surprisingly turn up as my AM. We started fast, but I got stuck at P&P part 1 with the License comparisons, cause actually I’m so busy at work and with my family, that I can’t concentrate enough late at night, when trying to work on the papers. For example the graphviz license is completely overwhelming me. My hope in the last time was some bigger timeslots at the weekends, but they got smashed by my family and/or work issues. I hope Santiago is not getting annoyed by me and I can find hopefully some free time on holidays or in the first weeks next year.
Anyways … Christian Perrier started a review and translation process of ipplans debconf templates by the debian-i18n contributors. The templates was in really bad conditions, most of it was copied over from gallery2 and I did know that they wasn’t so good. Thanks for all your work, when the process is over I’m proud to include your really nice work.
Two other packages got updates. php-suhosin got new upstream release after months which fixes the broken perdir/.htaccess support. Unfortunatly I missed the release (cause there is no announcement list and there was no watch file) unless Raphael Geissert did leave a note. I integrated the new VCS and homepage stuff also and formorer did fix some minor issues. So we can hopefully upload now (when it arrives testing) the first package to backport.org and sleep little bit better, when using PHP on stable.
nagios-plugins also got updated. Since Seanius seems really busy (like allways), nobody did really took care of the package. In October it got two CVE which was solved via NMU by the testing-security team, also two new upstream releases where available. So I droped the obsolete patches, integrated new once, did make the new shiny lintian a bit more happy, some minor fixes and queued the package to Seanius. ;)
You can expect both packages on backport.org soon. My other (comaintained) packages will get updated to latest policy and VCS/homepage guidelines in the near future. Actually I’ve to prioritize what to do with the left time slots. :/
Since some time, Deutsche Bahn rolled public wireless lan called “WLAN am Bahnhof” out at 25 railroad stations, you can choose between 4 providers. Sounds really nice, but beside the economical conditions, there is also at least one security issue.
Connecting to the network and opening your favorite browser redirects you to a encrypted portal. So far, so good … the really bad news is, that the certificate expired over 6 years ago.
This seems to be a normal behavior, since it happens often, that invalid certificates are used. This leeds to blunted users, which aren’t verifying such certificates anymore, even when it’s important.
Does anybody know a reasonable way to notify anybody who can solve the problem there beside the normal contact forms?
