Posted
about 1 month
ago
Peter Valchev discovered an error in expat, an XML parsing C library,
when parsing certain UTF-8 sequences, which can be exploited to crash an
application using the library.
Posted
about 1 month
ago
Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications, such as the Iceweasel web
browser. The Common Vulnerabilities and Exposures project identifies
the following problems:
Posted
about 1 month
ago
A Few Questions For
Gunnar Wolf
How did you end up using Debian and becoming a DD?
I have been a Free Software user for a very long time — In the
beginning, without even noticing.
Around 1983, when I was six
... [More]
or seven years old, I started going with my
father (a physicist) to the University on friday nights. He taught me
the basics of TeX and Emacs; we used it at a Foonly F2 machine. This
computer had the first TeX installation outside Stanford. So, yes, I am
the proud user of a piece of history.
Being well mentored, by age ten I started picking up programming. Soon
afterwards, I got some shareware - And the whole sense of sharing
software, allowing people to try before buying just... made sense to
me. I wrote some very amateurish shareware (BASIC, DOS), entered the
BBS scene in the early 1990s, and started getting involved in some
larger projects' development.
By 1995, I was a very happy Amiga user. Amiga faced a dead-end as a
platform, though, and I got in contact with the free Unix-like
systems, trying to find something usable that could be run on my
system. Sadly, my computer lacked a MMU, so only Minix could be run
(and it lacked hard disk support). I got stuck for about a year, but
got to know some of the systems available by then.
A year later, I got my first formal job, as a systems administrator at
a local ISP. I got a PC I could sink my teeth in, so the first thing I
did was to try this Linux thingy. I got a Slackware disk, based on
kernel 1.0.9, and -trying to get things running- learnt quite a
bit. Didn't manage to get the system to a useful state, though, until
I finally reached the Mexican Linux User Group.
In 1996, our group rolled a large (1000 copies) edition of RedHat
4.2. I was a RedHat fan until version 6.0, and was briefly involved
with a Mexican RedHat derivative (LinuxPPP).
RedHat 7 (around 2000) was a flop quality-wise. They started shaping
their distribution towards the corporate desktop, and that was quite
different from what I wanted. Also, at that time I was trying to get
more involved into Free Software as a developer.
Looking for some quality, I flirted with OpenBSD, but found their
system too limited compared to what I have already got used to with
Linux, and their community too aggressive. Then, after playing for a
couple of months with Debian, I felt right at home there.
I applied for NM in late 2001, being accepted as the first DD in
Mexico in April 2003.
How are you currently involved in the Debian project?
My main affiliation is with the pkg-perl and pkg-ruby-extras groups,
although my activity has declined in both due to real-life constraints
- But I'm always trying to step back in and get back to speed with
both. Package-wise, besides this, I am maintaining the Cherokee
webserver and few other minor packages.
Besides this, since 2005 (and except for 2008), I have been part of
the DebConf organization team. Organizing such a big, complex
conference is a real challenge - and a very, very rewarding
experience.
And lastly, I have just started working with Jonathan McDowell as a
Debian keyring maintainer. I am still picking up some details of this
task, but am quite honored by the appointment.
How do you currently use Debian?
Debian is the only operating system I use in the computers controlled
by me. My main job is as a systems and network administrator at
the Economic Research Institute Mexico's National Autonomous
University (IIEc-UNAM); all of our
services are run by using Debian.
What do you do when you're not working on Debian?
Umm... Tough one :-}
I very much enjoy biking. It is not like I go out that much often in
long rides, but I try to spend at least a couple of hours biking every
weekend - Plus, in average, I bike to work three to four days a
week. [Less]
Posted
about 1 month
ago
A denial of service vulnerability has been found in libhtml-parser-perl,
a collection of modules to parse HTML in text documents which is used by
several other projects like e.g. SpamAssassin.
Posted
about 1 month
ago
A denial of service vulnerability has been found in nginx, a small and
efficient web server.
Posted
about 1 month
ago
Several remote vulnerabilities have been discovered in Smarty, a PHP
templating engine. The Common Vulnerabilities and Exposures project
identifies the following problems:
Posted
about 1 month
ago
Several remote vulnerabilities have been discovered in phpMyAdmin, a tool
to administer MySQL over the web. The Common Vulnerabilities and Exposures
project identifies the following problems:
Posted
about 1 month
ago
Several vulnerabilities have been discovered in mimetex, a lightweight
alternative to MathML. The Common Vulnerabilities and Exposures project
identifies the following problems:
Posted
about 1 month
ago
Dan Kaminsky and Moxie Marlinspike discovered that kdelibs, core libraries from
the official KDE release, does not properly handle a '\0' character in a domain
name in the Subject Alternative Name field of an X.509 certificate, which
... [More]
allows
man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted
certificate issued by a legitimate Certification Authority. [Less]
Posted
about 1 month
ago
Several vulnerabilities have been discovered in mapserver, a CGI-based
web framework to publish spatial data and interactive mapping applications.
The Common Vulnerabilities and Exposures project identifies the following
problems:
