squeeze update of nbd?
Hello Wouter, the Debian LTS team would like to fix the security issues which are currently open in the Squeeze version of nbd: https://security-tracker.debian.org/tracker/CVE-2015-0847 Would you like to take care of this yourself? We are still understaffed so any help is always highly appreciated. If yes, please follow the workflow we have defined here: http://wiki.debian.org/LTS/Development If that workflow is a burden to you, feel free to just prepare an updated source package and send it to debian-lts@lists.debian.org (via a debdiff, or with an URL pointing to the the source package, or even with a pointer to your packaging repository), and the members of the LTS team will take care of the rest. Indicate clearly whether you have tested the updated package or not. If you don't want to take care of this update, it's not a problem, we will do our best with your package. Just let us know whether you would like to review and/or test the updated package before it gets released. Thank you very much. Raphaël Hertzog, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150513125049.ga8...@home.ouaza.com
About the security issues affecting phpbb3 in Squeeze
Hello David, the Debian LTS team recently reviewed the security issue(s) affecting your package in Squeeze: https://security-tracker.debian.org/tracker/CVE-2015-3880 We decided that we would not prepare a squeeze security update (usually because the security impact is low and that we concentrate our limited resources on higher severity issues and on the most widely used packages). That said the squeeze users would most certainly benefit from a fixed package. If you want to work on such an update, you're welcome to do so. Please try to follow the workflow we have defined here: http://wiki.debian.org/LTS/Development If that workflow is a burden to you, feel free to just prepare an updated source package and send it to debian-lts@lists.debian.org (via a debdiff, or with an URL pointing to the the source package, or even with a pointer to your packaging repository), and the members of the LTS team will take care of the rest. However please make sure to submit a tested package. Thank you very much. Raphaël Hertzog, on behalf of the Debian LTS team. -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150513125344.ga8...@home.ouaza.com
squeeze update of dnsmasq?
Hello Simon, the Debian LTS team would like to fix the security issues which are currently open in the Squeeze version of dnsmasq: https://security-tracker.debian.org/tracker/CVE-2015-3294 (but there are other lower severities issues also open see https://security-tracker.debian.org/tracker/source-package/dnsmasq) Would you like to take care of this yourself? We are still understaffed so any help is always highly appreciated. If yes, please follow the workflow we have defined here: http://wiki.debian.org/LTS/Development If that workflow is a burden to you, feel free to just prepare an updated source package and send it to debian-lts@lists.debian.org (via a debdiff, or with an URL pointing to the the source package, or even with a pointer to your packaging repository), and the members of the LTS team will take care of the rest. Indicate clearly whether you have tested the updated package or not. If you don't want to take care of this update, it's not a problem, we will do our best with your package. Just let us know whether you would like to review and/or test the updated package before it gets released. Thank you very much. Raphaël Hertzog, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150513130738.ga9...@home.ouaza.com
squeeze update of hostapd?
Hello dear maintainer(s), the Debian LTS team would like to fix the security issues which are currently open in the Squeeze version of hostapd: https://security-tracker.debian.org/tracker/source-package/hostapd Would you like to take care of this yourself? We are still understaffed so any help is always highly appreciated. If yes, please follow the workflow we have defined here: http://wiki.debian.org/LTS/Development If that workflow is a burden to you, feel free to just prepare an updated source package and send it to debian-lts@lists.debian.org (via a debdiff, or with an URL pointing to the the source package, or even with a pointer to your packaging repository), and the members of the LTS team will take care of the rest. Indicate clearly whether you have tested the updated package or not. If you don't want to take care of this update, it's not a problem, we will do our best with your package. Just let us know whether you would like to review and/or test the updated package before it gets released. Thank you very much. Raphaël Hertzog, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150513131928.ga10...@home.ouaza.com
Re: squeeze update of nbd?
On Wed, May 13, 2015 at 02:50:49PM +0200, Raphael Hertzog wrote: > Hello Wouter, > > the Debian LTS team would like to fix the security issues which are > currently open in the Squeeze version of nbd: > https://security-tracker.debian.org/tracker/CVE-2015-0847 > > Would you like to take care of this yourself? We are still understaffed so > any help is always highly appreciated. I was planning to, yes. Time has been an issue, but this weekend is a long weekend (thursday is a public holiday, friday most companies are closed). > If yes, please follow the workflow we have defined here: > http://wiki.debian.org/LTS/Development Will do. Regards, -- It is easy to love a country that is famous for chocolate and beer -- Barack Obama, speaking in Brussels, Belgium, 2014-03-26 -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150513224230.gb3...@grep.be
Re: icu package for test
On Thu, May 07, 2015 at 12:25:44AM +0200, Santiago Ruano Rincón wrote: > On Wed, Apr 29, 2015 at 11:02:40AM +0200, Santiago Ruano Rincón wrote: > > Hi, and thanks for the welcome! > > > > icu has several issues to be fixed [0]. For the moment, I have backported > > from wheezy a patch that fixes four of them: CVE-2013-1569, > > CVE-2013-2383, CVE-2013-2384, and CVE-2013-2419. > > Packages are available for test at [1]. > > > > [0] https://security-tracker.debian.org/tracker/source-package/icu > > > > [1] https://people.debian.org/~santiago/debian/santiago-squeeze-lts/ > > > > Hi, > > I've backported the whole set of patches. Tests are appreciated! Hi Ghedo, I wanted to upload icu to squeeze-lts (see attached .changes) when I saw you have also claimed it on data/dla-needed.txt. I have tested the package and it seems ok. I'd like to proceed with the upload if you don't oposite to it. Kind regards, Santiago Format: 1.8 Date: Sat, 09 May 2015 10:21:30 +0200 Source: icu Binary: libicu44 libicu44-dbg libicu-dev lib32icu44 lib32icu-dev icu-doc Architecture: source all amd64 Version: 4.4.1-8+squeeze3 Distribution: squeeze-lts Urgency: medium Maintainer: Jay Berkenbilt Changed-By: Santiago Ruano Rincón Description: icu-doc- API documentation for ICU classes and functions lib32icu-dev - Development files for International Components for Unicode (32-bi lib32icu44 - International Components for Unicode (32-bit) libicu-dev - Development files for International Components for Unicode libicu44 - International Components for Unicode libicu44-dbg - International Components for Unicode Changes: icu (4.4.1-8+squeeze3) squeeze-lts; urgency=medium . * Non-maintainer upload by the Squeeze LTS team. * Backports from wheezy: * CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, and CVE-2013-2419 * CVE-2014-6585: out-of-bounds read. * CVE-2014-6591: more out-of-bounds reads. * CVE-2014-7923: memory corruption in regular expression comparison. * CVE-2014-7926: memory corruption in regular expression comparison. * CVE-2014-7940: uninitialized memory in i18n/icol.cpp. * CVE-2014-9654: more regular expression handling issues. Checksums-Sha1: 16c96bde590438378619ab9be85ae2d1bdf5f412 1137 icu_4.4.1-8+squeeze3.dsc ed8028e3a7c95e83f58b6ab5acf1c291a3856ad5 205721 icu_4.4.1-8+squeeze3.debian.tar.gz ea1438ae16105caa66da5dde1ca87975a4378eff 4076688 icu-doc_4.4.1-8+squeeze3_all.deb d0b90a5f67ed5655fdb8a97a44ce5219afbd4ca8 7105316 libicu44_4.4.1-8+squeeze3_amd64.deb 6c1390242502b35aa30109dfc4425e7dc90aeffc 3699878 libicu44-dbg_4.4.1-8+squeeze3_amd64.deb 0e3d24648934ef9bde282d4f2eed7179edceb3c3 8663366 libicu-dev_4.4.1-8+squeeze3_amd64.deb 69a272555bf5858a51c9d2420a88c97f6ca74764 7119388 lib32icu44_4.4.1-8+squeeze3_amd64.deb e2f8137efa28ae97d6588a2b656b5ff6e58b26b2 7405740 lib32icu-dev_4.4.1-8+squeeze3_amd64.deb Checksums-Sha256: ce46e262af52e83fb428f212f0479dd6d7bd472f99648aa47f7bff9c711e4f27 1137 icu_4.4.1-8+squeeze3.dsc a76a65a536975de7d56127e9e5b490076ea1df46728ac52c0c8c818b48897bcd 205721 icu_4.4.1-8+squeeze3.debian.tar.gz decec78a00d4f3294fa7617afad126d9e271eb5e2615f21526214136dc84ba8b 4076688 icu-doc_4.4.1-8+squeeze3_all.deb 61e56ed028ded458a3b5d9480770f8afabcae3939cf5f204e84240bfcb19cf6c 7105316 libicu44_4.4.1-8+squeeze3_amd64.deb 5500f243bc0065d75a8d81b697c58b69adad19c33634d59e75f5cb8c6ca54ad4 3699878 libicu44-dbg_4.4.1-8+squeeze3_amd64.deb 52fe77b424b72f2bf66b1e3e57a7b40493dc5e1823e7ebbcced3058ba75cf2d6 8663366 libicu-dev_4.4.1-8+squeeze3_amd64.deb ceacb37770be71436a54b877fc944737dc86dd870e76bd000195f1bcd324c00b 7119388 lib32icu44_4.4.1-8+squeeze3_amd64.deb b156695e4d23dedfe80647aea90f11ebb4d1fad8620a3863860e5a892e4d6167 7405740 lib32icu-dev_4.4.1-8+squeeze3_amd64.deb Files: 6b415fe8998f591637a1fb5fb57e57e5 1137 libs optional icu_4.4.1-8+squeeze3.dsc 39b428a650b37592ad2ea0aa033b0f70 205721 libs optional icu_4.4.1-8+squeeze3.debian.tar.gz 7580ac044915baa92115c0ce8d40ee74 4076688 doc optional icu-doc_4.4.1-8+squeeze3_all.deb f3e1ffed4d2c0db28a55ec715746c263 7105316 libs optional libicu44_4.4.1-8+squeeze3_amd64.deb 979758098d992d9e3042bb2509b36f95 3699878 debug extra libicu44-dbg_4.4.1-8+squeeze3_amd64.deb 5c4b4b25bd82246c87818ee59a13716a 8663366 libdevel optional libicu-dev_4.4.1-8+squeeze3_amd64.deb 18c23dfb4a0846a5096e8d6866346f73 7119388 libs optional lib32icu44_4.4.1-8+squeeze3_amd64.deb f2d1da42b44f03e3398b10ef02b31588 7405740 libdevel optional lib32icu-dev_4.4.1-8+squeeze3_amd64.deb signature.asc Description: Digital signature
Re: icu package for test
On Thu, May 14, 2015 at 12:51:08AM +0200, Santiago Ruano Rincón wrote: > On Thu, May 07, 2015 at 12:25:44AM +0200, Santiago Ruano Rincón wrote: > > On Wed, Apr 29, 2015 at 11:02:40AM +0200, Santiago Ruano Rincón wrote: > > > Hi, and thanks for the welcome! > > > > > > icu has several issues to be fixed [0]. For the moment, I have backported > > > from wheezy a patch that fixes four of them: CVE-2013-1569, > > > CVE-2013-2383, CVE-2013-2384, and CVE-2013-2419. > > > Packages are available for test at [1]. > > > > > > [0] https://security-tracker.debian.org/tracker/source-package/icu > > > > > > [1] https://people.debian.org/~santiago/debian/santiago-squeeze-lts/ > > > > > > > Hi, > > > > I've backported the whole set of patches. Tests are appreciated! > > Hi Ghedo, > > I wanted to upload icu to squeeze-lts (see attached .changes) when I saw > you have also claimed it on data/dla-needed.txt. > > I have tested the package and it seems ok. I'd like to proceed with the > upload if you don't oposite to it. Forget it. I was too tired and mixed up dsa and dla. Sorry for the noise. Santiago signature.asc Description: Digital signature
