From cfp at ruxcon.org.au Tue Sep 2 05:14:34 2008 From: cfp at ruxcon.org.au (cfp at ruxcon.org.au) Date: Tue, 2 Sep 2008 05:14:34 +0000 (UTC) Subject: RUXCON 2008 Final Call For Papers Message-ID: <20080902051434.12DA436F0C9@mail.ruxcon.org.au> RUXCON 2008 FINAL CALL FOR PAPERS Ruxcon would like to announce the final call for papers for the fifth annual Ruxcon conference. This year the conference will take place over the weekend of 29th to the 30th of November. As with previous years, Ruxcon will be held at the University of Technology, Sydney, Australia. The deadline for submissions is the 15th of November. * What is Ruxcon? Ruxcon strives to be Australia's most technical and interesting computer security conference. We're back for the fifth year and intend on bringing you another high quality conference. The conference is held over two days in a relaxed atmosphere, allowing attendees to enjoy themselves whilst expanding their knowledge of security. Live presentations and activities will cover a full range of defensive and offensive security topics, varying from unpublished research to required reading for the public security community. For more information, please visit http://www.ruxcon.org.au * Presentation Information Presentations are set to run for 50 minutes, and will be of a formal nature, with slides and a speech. * Presentation Submissions Ruxcon would like to invite people who are interested in security to submit a presentation. Topics of interest include, but are not limited to: o Code analysis o Exploitation techniques o Network scanning and analysis o Cryptography o Malware Analysis o Reverse engineering o Forensics and Anti-forensics o Social engineering o Web application security o Database security o Legal aspects of computer security and surrounding issues o Law enforcement activities o Telecommunications security (mobile, GSM, VOIP, etc.) Submissions should thoroughly outline your desired presentation subject. Accompanying your submission should be the slides you intend to use or a detailed paper explaining your subject. If you have any enquiries about submissions, or would like to make a submission, please send an e-mail to presentations @ ruxcon dot org dot au The deadline for submissions is the 15th of November. If approved we will additionally require: i. A brief personal biography (between 2-5 paragraphs in length), including: skill set, experience, and credentials. ii. A description on your presentation or workshop (between 2-5 paragraphs in length). * Contact Details Presentation Submissions: presentations @ ruxcon dot org dot au General Enquiries: staff @ ruxcon dot org dot au From opensource at till.name Fri Sep 5 08:34:30 2008 From: opensource at till.name (Till Maas) Date: Fri, 05 Sep 2008 10:34:30 +0200 Subject: pam_mount security update Message-ID: <200809051034.39998.opensource@till.name> Hiyas, pam_mount just released an update that fixes a security vulnerability: https://sourceforge.net/project/shownotes.php?release_id=624240 are there some special procedures to get security updates out currently or do the users have to wait until the transisition to the new signing key is completed? Regards, Till -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 827 bytes Desc: This is a digitally signed message part. URL: From sundaram at fedoraproject.org Fri Sep 5 08:41:35 2008 From: sundaram at fedoraproject.org (Rahul Sundaram) Date: Fri, 05 Sep 2008 14:11:35 +0530 Subject: pam_mount security update In-Reply-To: <200809051034.39998.opensource@till.name> References: <200809051034.39998.opensource@till.name> Message-ID: <48C0F0BF.2060601@fedoraproject.org> Till Maas wrote: > Hiyas, > > pam_mount just released an update that fixes a security vulnerability: > https://sourceforge.net/project/shownotes.php?release_id=624240 > > are there some special procedures to get security updates out currently or do > the users have to wait until the transisition to the new signing key is > completed? There is no special procedure in place now. Letting the rel-eng team know can't hurt however. Rahul From opensource at till.name Fri Sep 5 20:55:26 2008 From: opensource at till.name (Till Maas) Date: Fri, 05 Sep 2008 22:55:26 +0200 Subject: pam_mount security update In-Reply-To: <200809051034.39998.opensource@till.name> References: <200809051034.39998.opensource@till.name> Message-ID: <200809052255.39389.opensource@till.name> On Fri September 5 2008, Till Maas wrote: > pam_mount just released an update that fixes a security vulnerability: > https://sourceforge.net/project/shownotes.php?release_id=624240 Will someone create the needed tracking bugs[1] for this and maybe request / assign a CVE number? Regards, Till [1] https://fedoraproject.org/wiki/Security/TrackingBugs -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 827 bytes Desc: This is a digitally signed message part. URL: From opensource at till.name Fri Sep 5 22:42:07 2008 From: opensource at till.name (Till Maas) Date: Sat, 06 Sep 2008 00:42:07 +0200 Subject: pam_mount security update In-Reply-To: <200809052255.39389.opensource@till.name> References: <200809051034.39998.opensource@till.name> <200809052255.39389.opensource@till.name> Message-ID: <200809060042.19308.opensource@till.name> On Fri September 5 2008, Till Maas wrote: > On Fri September 5 2008, Till Maas wrote: > > pam_mount just released an update that fixes a security vulnerability: > > https://sourceforge.net/project/shownotes.php?release_id=624240 > > Will someone create the needed tracking bugs[1] for this and maybe request > / assign a CVE number? FYI: I asked via e-mail: upstream did not request a CVE number. Regards, Till -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 827 bytes Desc: This is a digitally signed message part. URL: From eteo at redhat.com Sat Sep 6 00:42:39 2008 From: eteo at redhat.com (Eugene Teo) Date: Sat, 06 Sep 2008 08:42:39 +0800 Subject: CVE request: pam_mount: conf: re-add luserconf security checks In-Reply-To: <200809052255.39389.opensource@till.name> References: <200809051034.39998.opensource@till.name> <200809052255.39389.opensource@till.name> Message-ID: <48C1D1FF.7050704@redhat.com> Till Maas wrote: > On Fri September 5 2008, Till Maas wrote: > >> pam_mount just released an update that fixes a security vulnerability: >> https://sourceforge.net/project/shownotes.php?release_id=624240 > > Will someone create the needed tracking bugs[1] for this and maybe request / > assign a CVE number? This email was posted in fedora-security-list at rc. v0.47 (September 04 2008) ========================= This release incorporates a security fix (item 3 on the list). All administrators who have enabled in the configuration file should upgrade. A workaround is to comment out . - mount.crypt: add missing null command to conform to sh syntax (SF bug #2089446) - conf: fix printing of strings when luser volume options were not ok - conf: re-add luserconf security checks [...] https://sourceforge.net/project/shownotes.php?release_id=624240 http://dev.medozas.de/gitweb.cgi?p=pam_mount;a=commitdiff;h=33b91d7659ae3aa78b1e94fd3f8e545ae5ff25db Thanks, Eugene -- Eugene Teo / Red Hat Security Response Team From thoger at redhat.com Mon Sep 8 10:23:40 2008 From: thoger at redhat.com (Tomas Hoger) Date: Mon, 8 Sep 2008 12:23:40 +0200 Subject: pam_mount security update In-Reply-To: <200809052255.39389.opensource@till.name> References: <200809051034.39998.opensource@till.name> <200809052255.39389.opensource@till.name> Message-ID: <20080908122340.18a0a32d@redhat.com> Hi Till! On Fri, 05 Sep 2008 22:55:26 +0200 Till Maas wrote: > On Fri September 5 2008, Till Maas wrote: > > > pam_mount just released an update that fixes a security > > vulnerability: > > https://sourceforge.net/project/shownotes.php?release_id=624240 > > Will someone create the needed tracking bugs[1] for this and maybe > request / assign a CVE number? I have created 'Security Response' bug for the issue, that can be used to record further details about the flaw, as well as CVE id once it's assigned. I do not see any point in creating tracking bugs once updates are already submitted in Bodhi. That tracking bugs process was developed to be similar to process used internally by Red Hat for Red Hat Enterprise Linux, and it is not applied to Fedora when it makes little sense. In Fedora, you do not need per-version approved tracking bug to do the update, and tracking bugs are sometimes viewed as too much extraneous overhead for those not used to them (which is more than understandable). I also did some minor changes to your update requests. One thing that remains quite unclear with them is why libHX update is included in the same update request. Thank you! -- Tomas Hoger / Red Hat Security Response Team From bugzilla at redhat.com Mon Sep 8 12:25:57 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 8 Sep 2008 08:25:57 -0400 Subject: [Bug 240397] CVE-2007-2721: jasper DoS, heap corruption In-Reply-To: References: Message-ID: <200809081225.m88CPvUe024000@bz-web1.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=240397 Tomas Hoger changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |346501 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. From opensource at till.name Mon Sep 8 13:26:03 2008 From: opensource at till.name (Till Maas) Date: Mon, 8 Sep 2008 15:26:03 +0200 Subject: pam_mount security update In-Reply-To: <20080908122340.18a0a32d@redhat.com> References: <200809051034.39998.opensource@till.name> <200809052255.39389.opensource@till.name> <20080908122340.18a0a32d@redhat.com> Message-ID: <200809081526.15972.opensource@till.name> On Monday 08 September 2008 12:23:40 Tomas Hoger wrote: > I also did some minor changes to your update requests. One thing that > remains quite unclear with them is why libHX update is included in the > same update request. The libHX update is included there, because the pam_mount update needs the newer libHX library. Afaik both packages need to be in one update to make sure they are both synced to the server at the same time. LibHX is afaik only used by the upstream maintainer for his various projects. The changelog is also intended, because there was no 0.42 release of pam_mount afaik. Regards, Till -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 827 bytes Desc: This is a digitally signed message part. URL: From thoger at redhat.com Mon Sep 8 14:19:49 2008 From: thoger at redhat.com (Tomas Hoger) Date: Mon, 8 Sep 2008 16:19:49 +0200 Subject: pam_mount security update In-Reply-To: <200809081526.15972.opensource@till.name> References: <200809051034.39998.opensource@till.name> <200809052255.39389.opensource@till.name> <20080908122340.18a0a32d@redhat.com> <200809081526.15972.opensource@till.name> Message-ID: <20080908161949.12c55401@redhat.com> On Mon, 8 Sep 2008 15:26:03 +0200 Till Maas wrote: > On Monday 08 September 2008 12:23:40 Tomas Hoger wrote: > > > I also did some minor changes to your update requests. One thing > > that remains quite unclear with them is why libHX update is > > included in the same update request. > > The libHX update is included there, because the pam_mount update > needs the newer libHX library. Afaik both packages need to be in one > update to make sure they are both synced to the server at the same > time. LibHX is afaik only used by the upstream maintainer for his > various projects. Sure, that's understandable. I just prefer to have that explicit in the update notes, so I added it there. Thanks! -- Tomas Hoger / Red Hat Security Response Team From bressers at redhat.com Thu Sep 11 12:59:15 2008 From: bressers at redhat.com (Josh Bressers) Date: Thu, 11 Sep 2008 08:59:15 -0400 (EDT) Subject: Test message Message-ID: <760039626.70691221137955343.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com> This is a test message, please disregard. -- JB