squeeze update of rails?
Hello dear maintainer(s), the Debian LTS team would like to fix the security issues which are currently open in the Squeeze version of rails: https://security-tracker.debian.org/tracker/CVE-2015-3226 https://security-tracker.debian.org/tracker/CVE-2015-3227 Would you like to take care of this yourself? We are still understaffed so any help is always highly appreciated. If yes, please follow the workflow we have defined here: http://wiki.debian.org/LTS/Development If that workflow is a burden to you, feel free to just prepare an updated source package and send it to debian-lts@lists.debian.org (via a debdiff, or with an URL pointing to the the source package, or even with a pointer to your packaging repository), and the members of the LTS team will take care of the rest. Indicate clearly whether you have tested the updated package or not. If you don't want to take care of this update, it's not a problem, we will do our best with your package. Just let us know whether you would like to review and/or test the updated package before it gets released. Thank you very much. Thorsten Alteholz, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/alpine.deb.2.02.1507051024100.6...@jupiter.server.alteholz.net
Re: squeeze update of rails?
On Sun, Jul 05, 2015 at 10:24:57AM +0200, Thorsten Alteholz wrote: > Hello dear maintainer(s), > > the Debian LTS team would like to fix the security issues which are > currently open in the Squeeze version of rails: > https://security-tracker.debian.org/tracker/CVE-2015-3226 > https://security-tracker.debian.org/tracker/CVE-2015-3227 That doesn't make sense, rails is EOLed in squeeze... Cheers, Moritz -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150705085340.ga24...@inutil.org
Re: squeeze update of rails?
On Sun, 5 Jul 2015, Moritz Muehlenhoff wrote: That doesn't make sense, rails is EOLed in squeeze... Oh, sorry for the noise, it seems to be too hot over here ... Thorsten -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/alpine.deb.2.02.1507051118170.6...@jupiter.server.alteholz.net
Re: bin/genDLA proposal: auto-commit requested DLA numbers (was: Re: [SECURITY] [DLA 265-1] unattended-upgrades security update)
HI Raphael,
On Sa 04 Jul 2015 08:25:27 CEST, Raphael Hertzog wrote:
Hi,
On Sat, 04 Jul 2015, Mike Gabriel wrote:
>It displays a colorful warning and offers to commit only the
>modified file (if you use svn, if you use git-svn like me, you're on your
>own).
Why not also commit the changes to the dla-needed.txt file?
I just forgot about it. You're right we should do that too.
What about this then (not entirely tested, I use git-svn):
diff --git a/bin/gen-DSA b/bin/gen-DSA
index 395a8f1..9156d0b 100755
--- a/bin/gen-DSA
+++ b/bin/gen-DSA
@@ -368,4 +368,17 @@ EOF
sed -rn '/^'"$PACKAGE"'\b/{: next;n;/^\s/b next;d};p'
$needed_file > $needed_file.new
mv $needed_file.new $needed_file
echo "$IDMODE text written to ./$IDMODE-$DAID"
+if [ "$IDMODE" = "DLA" ]; then
+ warn "you need to commit the changes to data/$IDMODE/list to
actually reserve the $IDMODE number and avoid conflicts with others."
+ if [ -d .svn ]; then
+ idmode=$(echo "$IDMODE" | tr A-Z a-z)
+ echo "Here are the pending changes:"
+ svn diff data/$IDMODE/list data/$idmode-needed.txt
+ echo -n "Do you want to commit them now ? [Yn] "
+ read reply
+ if [ "$reply" = "Y" ] || [ "$reply" = "" ] || [ "$reply" = "y" ];
then
+ svn commit data/$IDMODE/list data/$idmode-needed.txt
+ fi
+ fi
+fi
fi
Cheers,
I just looked at the patch and played with it a little.
Comments:
o We maybe want to do an "svn update" before manipulating data/DLA/list
and data/dla-needed.txt file? Probably a minor thing, but it svn
updating could
be handeled by the script, as well
o I'd auto-generate a commit message, something like:
-m "reserve $IDMODE-$DAID for $PACKAGE"
I'd actually even prefer having the package version in that
commit message, but with my little son
sitting next to me, this is a non-trivial task
o Also, the "warning" text message on screen is above the svn diff
output. There it somehow
gets lost and "stayed unseen" for me, the first time I tested
this patch. Maybe the warning
message should be right above the "Do you want to commit now?"
question.(?)
All three comments above are more in the "cosmetic improvements"
category, so I'd say using your changes without modifications is just
fine and helps a lot if people are not accustomed to the LTS upload /
announcing workflow that much. If you think some of the above thoughts
are useful, I can work on a follow-up commit during the coming week.
Greets,
Mike
--
DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
pgpY2E3qY5nSu.pgp
Description: Digitale PGP-Signatur
squeeze update of libunwind?
Hello Matthieu, the Debian LTS team would like to fix the security issues which are currently open in the Squeeze version of libunwind: https://security-tracker.debian.org/tracker/CVE-2015-3239 Would you like to take care of this yourself? We are still understaffed so any help is always highly appreciated. If yes, please follow the workflow we have defined here: http://wiki.debian.org/LTS/Development If that workflow is a burden to you, feel free to just prepare an updated source package and send it to debian-lts@lists.debian.org (via a debdiff, or with an URL pointing to the the source package, or even with a pointer to your packaging repository), and the members of the LTS team will take care of the rest. Indicate clearly whether you have tested the updated package or not. If you don't want to take care of this update, it's not a problem, we will do our best with your package. Just let us know whether you would like to review and/or test the updated package before it gets released. Thank you very much. Thorsten Alteholz, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/alpine.deb.2.02.1507052235210.6...@jupiter.server.alteholz.net
squeeze update of openssh?
Hello dear maintainer(s), the Debian LTS team would like to fix the security issues which are currently open in the Squeeze version of openssh: https://security-tracker.debian.org/tracker/CVE-2015-5352 Would you like to take care of this yourself? We are still understaffed so any help is always highly appreciated. If yes, please follow the workflow we have defined here: http://wiki.debian.org/LTS/Development If that workflow is a burden to you, feel free to just prepare an updated source package and send it to debian-lts@lists.debian.org (via a debdiff, or with an URL pointing to the the source package, or even with a pointer to your packaging repository), and the members of the LTS team will take care of the rest. Indicate clearly whether you have tested the updated package or not. If you don't want to take care of this update, it's not a problem, we will do our best with your package. Just let us know whether you would like to review and/or test the updated package before it gets released. Thank you very much. Thorsten Alteholz, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/alpine.deb.2.02.1507052233540.6...@jupiter.server.alteholz.net
Re: bin/genDLA proposal: auto-commit requested DLA numbers (was: Re: [SECURITY] [DLA 265-1] unattended-upgrades security update)
Hi, On Sun, 05 Jul 2015, Mike Gabriel wrote: > I just looked at the patch and played with it a little. > > Comments: > > o We maybe want to do an "svn update" before manipulating data/DLA/list > and data/dla-needed.txt file? Probably a minor thing, but it svn > updating could > be handeled by the script, as well No opinion here. > o I'd auto-generate a commit message, something like: > -m "reserve $IDMODE-$DAID for $PACKAGE" Done. > o Also, the "warning" text message on screen is above the svn diff output. > There it somehow > gets lost and "stayed unseen" for me, the first time I tested this > patch. Maybe the warning > message should be right above the "Do you want to commit now?" > question.(?) Done. And committed the result. Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150706065325.gb24...@home.ouaza.com
