Re: Redundant emails - front desk
> Sorry, I thought that I could help. I will not do any front desk work > again. Apologize. No need to apologise! I really admire your ethusiasm and gusto - I hope this hasn't put you off frontdesk or LTS work in general; our comments are more on that that your efforts were, in this case, regrettably misplaced. :) Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Re: Wheezy update of extplorer?
On 07/20/2016 10:35 PM, Lucas Kanashiro wrote: > Hello dear maintainer(s), > > the Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of shadow: > https://security-tracker.debian.org/tracker/CVE-2016-4313 Hi, The topic of this mail doesn't match the content. What package are we talking about here? Cheers, Thomas Goirand (zigo)
Wheezy update of dietlibc?
Hello dear maintainer(s), the Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of dietlibc: https://security-tracker.debian.org/tracker/TEMP-000-0F9220 Would you like to take care of this yourself? If yes, please follow the workflow we have defined here: https://wiki.debian.org/LTS/Development If that workflow is a burden to you, feel free to just prepare an updated source package and send it to debian-lts@lists.debian.org (via a debdiff, or with an URL pointing to the source package, or even with a pointer to your packaging repository), and the members of the LTS team will take care of the rest. Indicate clearly whether you have tested the updated package or not. If you don't want to take care of this update, it's not a problem, we will do our best with your package. Just let us know whether you would like to review and/or test the updated package before it gets released. Thank you very much. Chris Lamb, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Re: Wheezy update of dietlibc?
> I've already prepared an updated package, did you not see the > original email I Cc'd to debian-lts? > https://lists.debian.org/debian-lts/2016/07/msg00067.html My sincere apologies. There was a large backlog of LTS mails this morning so each package somewhat "merged" in my head. > So I assume as a next step I should upload the package > I've already prepared, right? Is that possible for DMs? I.. don't actually know! No harm in trying to upload as an DM. If it fails, please me know and I can upload it for you. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Re: Wheezy update of dietlibc?
Hi Chris, On Thu, Jul 21, 2016 at 11:02:07AM +0200, Chris Lamb wrote: > I.. don't actually know! No harm in trying to upload as an DM. If it > fails, please me know and I can upload it for you. DM's cannot upload to security-master, cf. https://bugs.debian.org/796095 Regards, Salvatore
Re: Wheezy update of dietlibc?
Hi, On 07/21/2016 10:51 AM, Chris Lamb wrote: > the Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of dietlibc: > https://security-tracker.debian.org/tracker/TEMP-000-0F9220 > > Would you like to take care of this yourself? I've already prepared an updated package, did you not see the original email I Cc'd to debian-lts? https://lists.debian.org/debian-lts/2016/07/msg00067.html (Please also read the part about required binNMUs.) > If yes, please follow the workflow we have defined here: > https://wiki.debian.org/LTS/Development So I assume as a next step I should upload the package I've already prepared, right? Is that possible for DMs? Regards, Christian
Re: Wheezy update of pdns?
Hi, * Lucas Kanashiro [160720 21:52]: > Hello dear maintainer(s), > > the Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of pdns: > https://security-tracker.debian.org/tracker/CVE-2016-6172 > > > Would you like to take care of this yourself? I'll probably not be doing the update, but note that there are no final patches from upstream yet. -- ,''`. Christian Hofstaedtler : :' : Debian Developer `. `' 7D1A CFFA D9E0 806C 9C4C D392 5C13 D6DB 9305 2E03 `-
Re: Wheezy update of dietlibc?
On 07/21/2016 11:07 AM, Salvatore Bonaccorso wrote: > On Thu, Jul 21, 2016 at 11:02:07AM +0200, Chris Lamb wrote: >> I.. don't actually know! No harm in trying to upload as an DM. If it >> fails, please me know and I can upload it for you. > > DM's cannot upload to security-master, cf. > https://bugs.debian.org/796095 Well, then it would be great if someone could upload the fixed package for me. :) I had attached a debdiff against current Wheezy to my original email, but you can also build it from git, whichever you prefer: git clone https://anonscm.debian.org/git/collab-maint/dietlibc.git -b wheezy cd dietlibc git checkout pristine-tar # to populate the local branch git checkout wheezy gbp buildpackage --git-pristine-tar --git-debian-branch=wheezy Thanks! Regards, Christian
Re: xen_4.1.6.1-1+deb7u2.dsc
Hi Raphael, Brian On Fri, Jul 15, 2016 at 02:59:00PM +0200, Bastian Blank wrote: > > So I would suggest that you go for this and provide some Xen tree free > > of known security issues, then Brian (or someone else) can build test > > packages and we can ask some users to test the update. > All security problems affecting the hypervisor itself are fixed in here: Did you get the chance to look at this source? Regards, Bastian -- Insults are effective only where emotion is present. -- Spock, "Who Mourns for Adonais?" stardate 3468.1
Re: Wheezy update of pdns?
On 07/21/2016 06:12 AM, Christian Hofstaedtler wrote: > I'll probably not be doing the update, but note that there are no > final patches from upstream yet. > Some hours ago upstream accepted a pull request that fix this flaw in version 3.4.x [0], which allows one to fix it in stable. Could we work with that patch for version 3.1 (version in oldstable)? [0] https://github.com/PowerDNS/pdns/pull/4134 Best regards, -- Lucas Kanashiro 8ED6 C3F8 BAC9 DB7F C130 A870 F823 A272 9883 C97C signature.asc Description: OpenPGP digital signature
Re: [Pkg-shadow-devel] Wheezy update of shadow?
Quoting Christian PERRIER (bubu...@debian.org): > Quoting Chris Lamb (la...@debian.org): > > Hello dear maintainer(s), > > > > the Debian LTS team would like to fix the security issues which are > > currently open in the Wheezy version of shadow: > > https://security-tracker.debian.org/tracker/CVE-2016-6251 > > https://security-tracker.debian.org/tracker/CVE-2016-6252 > > > > Would you like to take care of this yourself? > > There is probably zero chances that this happens. I handled over the > maintenance of shadow to the "team" but the movement is very slow. So > I suspect that nearly nothing will happen. > > As for Nicolas, he is pretty much inactive for years now, so don't > expect more from his side. > > > So, well, even though I'm not happy to send suuch news, this is more > or less the reality nowadays. Dimitri, are you able to help here? I had a candidate package up on mentors for awhile for a new release (https://mentors.debian.net/debian/pool/main/s/shadow/shadow_4.3-1~b1.dsc). Would be great if someone would either test that and fix it up / push, or start over and ditch my work if they prefer. -serge
Wheezy LTS - apt error with recent apache2 update - monit issue?
Hello, I saw that Apache2 had a Wheezy LTS update today and did the usual : apt-get update && apt-get dist-upgrade However, this gave me an error, and it seems to be "monit" : Processing triggers for man-db ... Setting up apache2.2-bin (2.2.22-13+deb7u7) ... Setting up apache2-utils (2.2.22-13+deb7u7) ... Setting up apache2.2-common (2.2.22-13+deb7u7) ... insserv: warning: script 'K02klogd' missing LSB tags and overrides insserv: warning: script 'K04sysklogd' missing LSB tags and overrides insserv: warning: script 'sysklogd' missing LSB tags and overrides insserv: warning: script 'modutils' missing LSB tags and overrides insserv: warning: script 'klogd' missing LSB tags and overrides insserv: There is a loop between service monit and modutils if stopped insserv: loop involving service modutils at depth 2 insserv: loop involving service monit at depth 1 insserv: Stopping modutils depends on monit and therefore on system facility `$all' which can not be true! insserv: exiting now without changing boot order! update-rc.d: error: insserv rejected the script header dpkg: error processing apache2.2-common (--configure): subprocess installed post-installation script returned error exit status 1 dpkg: dependency problems prevent configuration of apache2-mpm-prefork: apache2-mpm-prefork depends on apache2.2-common (= 2.2.22-13+deb7u7); however: Package apache2.2-common is not configured yet. dpkg: error processing apache2-mpm-prefork (--configure): dependency problems - leaving unconfigured dpkg: dependency problems prevent configuration of apache2: apache2 depends on apache2-mpm-worker (= 2.2.22-13+deb7u7) | apache2-mpm-prefork (= 2.2.22-13+deb7u7) | apache2-mpm-event (= 2.2.22-13+deb7u7) | apache2-mpm-itk (= 2.2.22-13+deb7u7); however : Package apache2-mpm-worker is not installed. Package apache2-mpm-prefork is not configured yet. Package apache2-mpm-event is not installed. Package apache2-mpm-itk is not installed. apache2 depends on apache2.2-common (= 2.2.22-13+deb7u7); however: Package apache2.2-common is not configured yet. dpkg: error processing apache2 (--configure): dependency problems - leaving unconfigured Errors were encountered while processing: apache2.2-common apache2-mpm-prefork apache2 Log ended: 2016-07-21 13:44:57 I messed around a bit, trying to get Apache2 updated correctly and get my server back up, and in the end just purged "monit". By this time, I had completely purged Apache as well, but could then reinstall and get stuff back in action from backups. Monit was a recent install and no loss to me just now. But I was a little surprised by this. Thoughts? Many Thanks, -- Alastair Sherringham http://www.sherringham.net
Re: Wheezy LTS - apt error with recent apache2 update - monit issue?
On 2016-07-21 21:13, Alastair Sherringham wrote: Hello, Hi! I saw that Apache2 had a Wheezy LTS update today and did the usual : apt-get update && apt-get dist-upgrade However, this gave me an error, and it seems to be "monit" : Processing triggers for man-db ... Setting up apache2.2-bin (2.2.22-13+deb7u7) ... Setting up apache2-utils (2.2.22-13+deb7u7) ... Setting up apache2.2-common (2.2.22-13+deb7u7) ... insserv: warning: script 'K02klogd' missing LSB tags and overrides insserv: warning: script 'K04sysklogd' missing LSB tags and overrides insserv: warning: script 'sysklogd' missing LSB tags and overrides insserv: warning: script 'modutils' missing LSB tags and overrides insserv: warning: script 'klogd' missing LSB tags and overrides insserv: There is a loop between service monit and modutils if stopped insserv: loop involving service modutils at depth 2 insserv: loop involving service monit at depth 1 insserv: Stopping modutils depends on monit and therefore on system facility `$all' which can not be true! insserv: exiting now without changing boot order! There is a problem with your init scripts, you have several ancient init scripts that have not been updated, not with jessie, and not with wheezy. You should probably have manually added LSB tags to these scripts to ensure that they function properly. This is most likely the entire cause of the problem for you. -- Cheers, Jan
Re: Wheezy LTS - apt error with recent apache2 update - monit issue?
Hi, El 21/07/16 a las 22:37, Jan Ingvoldstad escribió: > On 2016-07-21 21:13, Alastair Sherringham wrote: > > Hello, > > Hi! > > > I saw that Apache2 had a Wheezy LTS update today and did the usual : > > > > apt-get update && apt-get dist-upgrade > > > > However, this gave me an error, and it seems to be "monit" : > > > > Processing triggers for man-db ... > > Setting up apache2.2-bin (2.2.22-13+deb7u7) ... > > Setting up apache2-utils (2.2.22-13+deb7u7) ... > > Setting up apache2.2-common (2.2.22-13+deb7u7) ... > > insserv: warning: script 'K02klogd' missing LSB tags and overrides > > insserv: warning: script 'K04sysklogd' missing LSB tags and overrides > > insserv: warning: script 'sysklogd' missing LSB tags and overrides > > insserv: warning: script 'modutils' missing LSB tags and overrides > > insserv: warning: script 'klogd' missing LSB tags and overrides > > insserv: There is a loop between service monit and modutils if stopped > > insserv: loop involving service modutils at depth 2 > > insserv: loop involving service monit at depth 1 > > insserv: Stopping modutils depends on monit and therefore on system > > facility `$all' which can not be true! > > insserv: exiting now without changing boot order! > > There is a problem with your init scripts, you have several ancient init > scripts that have not been updated, not with jessie, and not with wheezy. > > You should probably have manually added LSB tags to these scripts to ensure > that they function properly. > > This is most likely the entire cause of the problem for you. I have just sudo apt-get update ; sudo apt-get install monit ; sudo apt-get dist-upgrade and apache was successfully upgraded. Santiago signature.asc Description: PGP signature
Wheezy update of mupdf?
Hello dear maintainer(s), the Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of mupdf: https://security-tracker.debian.org/tracker/CVE-2016-6265 Would you like to take care of this yourself? If yes, please follow the workflow we have defined here: https://wiki.debian.org/LTS/Development If that workflow is a burden to you, feel free to just prepare an updated source package and send it to debian-lts@lists.debian.org (via a debdiff, or with an URL pointing to the source package, or even with a pointer to your packaging repository), and the members of the LTS team will take care of the rest. Indicate clearly whether you have tested the updated package or not. If you don't want to take care of this update, it's not a problem, we will do our best with your package. Just let us know whether you would like to review and/or test the updated package before it gets released. Thank you very much. Chris Lamb, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Wheezy update of uclibc?
Hello dear maintainer(s), the Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of uclibc: https://security-tracker.debian.org/tracker/CVE-2016-6264 (Note that this affects the arm implementation, not x86.) Would you like to take care of this yourself? If yes, please follow the workflow we have defined here: https://wiki.debian.org/LTS/Development If that workflow is a burden to you, feel free to just prepare an updated source package and send it to debian-lts@lists.debian.org (via a debdiff, or with an URL pointing to the source package, or even with a pointer to your packaging repository), and the members of the LTS team will take care of the rest. Indicate clearly whether you have tested the updated package or not. If you don't want to take care of this update, it's not a problem, we will do our best with your package. Just let us know whether you would like to review and/or test the updated package before it gets released. Thank you very much. Chris Lamb, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Re: Wheezy update of mupdf?
Hi! Thanks for the notice. I'll try to prepare the LTS update once upstream or any others has fixed the bug. Kanru On Fri, Jul 22, 2016, at 05:49 AM, Chris Lamb wrote: > Hello dear maintainer(s), > > the Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of mupdf: > https://security-tracker.debian.org/tracker/CVE-2016-6265 > > Would you like to take care of this yourself? > > If yes, please follow the workflow we have defined here: > https://wiki.debian.org/LTS/Development > > If that workflow is a burden to you, feel free to just prepare an > updated source package and send it to debian-lts@lists.debian.org > (via a debdiff, or with an URL pointing to the source package, > or even with a pointer to your packaging repository), and the members > of the LTS team will take care of the rest. Indicate clearly whether you > have tested the updated package or not. > > If you don't want to take care of this update, it's not a problem, we > will do our best with your package. Just let us know whether you would > like to review and/or test the updated package before it gets released. > > Thank you very much. > > Chris Lamb, > on behalf of the Debian LTS team. > > PS: A member of the LTS team might start working on this update at > any point in time. You can verify whether someone is registered > on this update in this file: > https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup > > > Regards, > > -- > ,''`. > : :' : Chris Lamb > `. `'` la...@debian.org / chris-lamb.co.uk >`-
Re: Wheezy update of libupnp?
On Tue, Jul 19, 2016 at 08:54:18AM +0200, Chris Lamb wrote: > Hello dear maintainer(s), > > the Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of libupnp: > https://security-tracker.debian.org/tracker/TEMP-000-867096 > > Would you like to take care of this yourself? Hi, Thanks very much for the headsup on this. I've a bit to do for Squeeze at the moment and would really appreciate any help your team can provide on LTS. If I do get enough time though I'll check in on your task tracker as suggested. Thanks for your work on improving Debian, Nick
