Re: smb4k CVE-2017-8849

2017-08-14 Thread Markus Koschany 
Hi,

Am 12.08.2017 um 22:40 schrieb Moritz Mühlenhoff:
> On Wed, Jun 21, 2017 at 06:54:57PM +0200, Markus Koschany wrote:
>> Am 15.06.2017 um 18:49 schrieb Markus Koschany:
>> [...]
>>> Then I suggest we backport the Stretch version of smb4k to Wheezy and
>>> Jessie. I have done this a few minutes ago for Wheezy and it was quite
>>> painless. It pulls in a new dependency, libqt4-test, but apart from
>>> that, mounting and unmounting of shares works as expected.
>>>
>>> What do you think?
>>
>> Since I haven't heard back from you and it appears that we can't rule
>> out that Wheezy/Jessie are affected, I intend to backport the Stretch
>> version of smb4k to Wheezy in two days.
> 
> But now we have failing upgrades: during an updadt to jessie it would
> be held back since the version is lower then in jessie (but still
> depends on the old libs).

Correct. That's what I wanted to imply with this e-mail.

> So we'll need to do the same rebase for jessie, could you prepare
> an update?

Sure. I will prepare the update this week.

Regards,

Markus



signature.asc
Description: OpenPGP digital signature

Re: Wheezy update of git?

2017-08-14 Thread Jonathan Nieder 
Hi,

Chris Lamb wrote:

> The Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of git:
> https://security-tracker.debian.org/tracker/source-package/git
>
> Would you like to take care of this yourself?
[...]
> If you don't want to take care of this update, it's not a problem, we
> will do our best with your package. Just let us know whether you would
> like to review and/or test the updated package before it gets released.

I'm happy to review patches for the git package.

I generally feel that securing such old versions of packages is a bit
of a fool's errand, so I don't expect to spend time proactively fixing
security bugs there.  That said, I am always happy reviewing debdiffs
and other patches, and perhaps I can learn something or get a chance
to share knowledge along the way.

Thanks,
Jonathan