Jessie update of twig?
Dear maintainer(s), The Debian LTS team has started fixing the security issues which are currently open in the Jessie version of twig: https://security-tracker.debian.org/tracker/CVE-2018-13818 Would you like to take care of this yourself? If yes, please follow the workflow we have defined here: https://wiki.debian.org/LTS/Development If that workflow is a burden to you, feel free to just prepare an updated source package and send it to debian-lts@lists.debian.org (via a debdiff, or with an URL pointing to the source package, or even with a pointer to your packaging repository), and the members of the LTS team will take care of the rest. Indicate clearly whether you have tested the updated package or not. If you don't want to take care of this update, it's not a problem, we will do our best with your package. Just let us know whether you would like to review and/or test the updated package before it gets released. You can also opt-out from receiving future similar emails in your answer and then the LTS Team will take care of twig updates for the LTS releases. Thank you very much. Mike Gabriel, on behalf of the Debian LTS team. PS: A member of the LTS team has already started working on this update. You can verify who is registered on this update in this file: https://salsa.debian.org/security-tracker-team/security-tracker/raw/master/data/dla-needed.txt -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net signature.asc Description: PGP signature
Jessie update of sam2p?
Dear maintainer(s), The Debian LTS team would like to fix the security issues which are currently open in the Jessie version of sam2p: https://security-tracker.debian.org/tracker/CVE-2018-12578 https://security-tracker.debian.org/tracker/CVE-2018-12601 Would you like to take care of this yourself? If yes, please follow the workflow we have defined here: https://wiki.debian.org/LTS/Development If that workflow is a burden to you, feel free to just prepare an updated source package and send it to debian-lts@lists.debian.org (via a debdiff, or with an URL pointing to the source package, or even with a pointer to your packaging repository), and the members of the LTS team will take care of the rest. Indicate clearly whether you have tested the updated package or not. If you don't want to take care of this update, it's not a problem, we will do our best with your package. Just let us know whether you would like to review and/or test the updated package before it gets released. You can also opt-out from receiving future similar emails in your answer and then the LTS Team will take care of sam2p updates for the LTS releases. Thank you very much. Mike Gabriel, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https://salsa.debian.org/security-tracker-team/security-tracker/raw/master/data/dla-needed.txt -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net signature.asc Description: PGP signature
Jessie update of mutt?
Dear maintainer(s), The Debian LTS team would like to fix the security issues which are currently open in the Jessie version of mutt: https://security-tracker.debian.org/tracker/source-package/mutt Would you like to take care of this yourself? If yes, please follow the workflow we have defined here: https://wiki.debian.org/LTS/Development If that workflow is a burden to you, feel free to just prepare an updated source package and send it to debian-lts@lists.debian.org (via a debdiff, or with an URL pointing to the source package, or even with a pointer to your packaging repository), and the members of the LTS team will take care of the rest. Indicate clearly whether you have tested the updated package or not. If you don't want to take care of this update, it's not a problem, we will do our best with your package. Just let us know whether you would like to review and/or test the updated package before it gets released. You can also opt-out from receiving future similar emails in your answer and then the LTS Team will take care of mutt updates for the LTS releases. Thank you very much. Mike Gabriel, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https://salsa.debian.org/security-tracker-team/security-tracker/raw/master/data/dla-needed.txt -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net signature.asc Description: PGP signature
Jessie update of ruby-zip?
Dear maintainer(s), The Debian LTS team would like to fix the security issues which are currently open in the Jessie version of ruby-zip: https://security-tracker.debian.org/tracker/CVE-2018-1000544 Would you like to take care of this yourself? If yes, please follow the workflow we have defined here: https://wiki.debian.org/LTS/Development If that workflow is a burden to you, feel free to just prepare an updated source package and send it to debian-lts@lists.debian.org (via a debdiff, or with an URL pointing to the source package, or even with a pointer to your packaging repository), and the members of the LTS team will take care of the rest. Indicate clearly whether you have tested the updated package or not. If you don't want to take care of this update, it's not a problem, we will do our best with your package. Just let us know whether you would like to review and/or test the updated package before it gets released. You can also opt-out from receiving future similar emails in your answer and then the LTS Team will take care of ruby-zip updates for the LTS releases. Thank you very much. Mike Gabriel, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https://salsa.debian.org/security-tracker-team/security-tracker/raw/master/data/dla-needed.txt -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net signature.asc Description: PGP signature
Jessie update of vim-syntastic?
Dear maintainer(s), The Debian LTS team would like to fix the security issues which are currently open in the Jessie version of vim-syntastic: https://security-tracker.debian.org/tracker/CVE-2018-11319 Would you like to take care of this yourself? If yes, please follow the workflow we have defined here: https://wiki.debian.org/LTS/Development If that workflow is a burden to you, feel free to just prepare an updated source package and send it to debian-lts@lists.debian.org (via a debdiff, or with an URL pointing to the source package, or even with a pointer to your packaging repository), and the members of the LTS team will take care of the rest. Indicate clearly whether you have tested the updated package or not. If you don't want to take care of this update, it's not a problem, we will do our best with your package. Just let us know whether you would like to review and/or test the updated package before it gets released. You can also opt-out from receiving future similar emails in your answer and then the LTS Team will take care of vim-syntastic updates for the LTS releases. Thank you very much. Mike Gabriel, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https://salsa.debian.org/security-tracker-team/security-tracker/raw/master/data/dla-needed.txt -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net signature.asc Description: PGP signature
Jessie update of resiprocate?
Dear maintainer(s), The Debian LTS team would like to fix the security issues which are currently open in the Jessie version of resiprocate: https://security-tracker.debian.org/tracker/CVE-2018-12584 Would you like to take care of this yourself? If yes, please follow the workflow we have defined here: https://wiki.debian.org/LTS/Development If that workflow is a burden to you, feel free to just prepare an updated source package and send it to debian-lts@lists.debian.org (via a debdiff, or with an URL pointing to the source package, or even with a pointer to your packaging repository), and the members of the LTS team will take care of the rest. Indicate clearly whether you have tested the updated package or not. If you don't want to take care of this update, it's not a problem, we will do our best with your package. Just let us know whether you would like to review and/or test the updated package before it gets released. You can also opt-out from receiving future similar emails in your answer and then the LTS Team will take care of resiprocate updates for the LTS releases. Thank you very much. Mike Gabriel, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https://salsa.debian.org/security-tracker-team/security-tracker/raw/master/data/dla-needed.txt -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net signature.asc Description: PGP signature
Jessie update of phpldapadmin?
Dear maintainer(s), The Debian LTS team would like to fix the security issues which are currently open in the Jessie version of phpldapadmin: https://security-tracker.debian.org/tracker/CVE-2018-12689 Would you like to take care of this yourself? If yes, please follow the workflow we have defined here: https://wiki.debian.org/LTS/Development If that workflow is a burden to you, feel free to just prepare an updated source package and send it to debian-lts@lists.debian.org (via a debdiff, or with an URL pointing to the source package, or even with a pointer to your packaging repository), and the members of the LTS team will take care of the rest. Indicate clearly whether you have tested the updated package or not. If you don't want to take care of this update, it's not a problem, we will do our best with your package. Just let us know whether you would like to review and/or test the updated package before it gets released. You can also opt-out from receiving future similar emails in your answer and then the LTS Team will take care of phpldapadmin updates for the LTS releases. Thank you very much. Mike Gabriel, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https://salsa.debian.org/security-tracker-team/security-tracker/raw/master/data/dla-needed.txt -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net signature.asc Description: PGP signature
Jessie update of clamav?
Dear maintainer(s), The Debian LTS team would like to fix the security issues which are currently open in the Jessie version of clamav: https://security-tracker.debian.org/tracker/CVE-2018-0360 https://security-tracker.debian.org/tracker/CVE-2018-0361 Would you like to take care of this yourself? If yes, please follow the workflow we have defined here: https://wiki.debian.org/LTS/Development If that workflow is a burden to you, feel free to just prepare an updated source package and send it to debian-lts@lists.debian.org (via a debdiff, or with an URL pointing to the source package, or even with a pointer to your packaging repository), and the members of the LTS team will take care of the rest. Indicate clearly whether you have tested the updated package or not. If you don't want to take care of this update, it's not a problem, we will do our best with your package. Just let us know whether you would like to review and/or test the updated package before it gets released. You can also opt-out from receiving future similar emails in your answer and then the LTS Team will take care of clamav updates for the LTS releases. Thank you very much. Mike Gabriel, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https://salsa.debian.org/security-tracker-team/security-tracker/raw/master/data/dla-needed.txt -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net signature.asc Description: PGP signature
Re: Jessie update of phpldapadmin?
Dear Mike, I'm really sorry to inform you I don't have enough time to prepare the upload of phpldapadmin for the CVE. Best regards, Fabio On 19/07/2018 16:25, Mike Gabriel wrote: Dear maintainer(s), The Debian LTS team would like to fix the security issues which are currently open in the Jessie version of phpldapadmin: https://security-tracker.debian.org/tracker/CVE-2018-12689 Would you like to take care of this yourself? If yes, please follow the workflow we have defined here: https://wiki.debian.org/LTS/Development If that workflow is a burden to you, feel free to just prepare an updated source package and send it to debian-lts@lists.debian.org (via a debdiff, or with an URL pointing to the source package, or even with a pointer to your packaging repository), and the members of the LTS team will take care of the rest. Indicate clearly whether you have tested the updated package or not. If you don't want to take care of this update, it's not a problem, we will do our best with your package. Just let us know whether you would like to review and/or test the updated package before it gets released. You can also opt-out from receiving future similar emails in your answer and then the LTS Team will take care of phpldapadmin updates for the LTS releases. Thank you very much. Mike Gabriel, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https://salsa.debian.org/security-tracker-team/security-tracker/raw/master/data/dla-needed.txt
linux-4.9 in jessie, broken dependency on linux-base
Hi, I saw the recent announcement about linux-4.9 [1,2] in jessie. However, these new packages are not installable without jessie-backports, because they depend on linux-base >= 4.3~, while only linux-base 3.5 is available on plain jessie: # apt install linux-image-4.9.0-0.bpo.7-amd64 The following packages have unmet dependencies: linux-image-4.9.0-0.bpo.7-amd64 : Depends: linux-base (>= 4.3~) but 3.5 is to be installed Aren't these linux-image-4.9* packages supposed to be used without jessie-backports? I may have misunderstood the intent. Thanks and best regards, Baptiste [1] https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html [2] https://lists.debian.org/debian-lts-announce/2018/07/msg00021.html signature.asc Description: PGP signature
Re: linux-4.9 in jessie, broken dependency on linux-base
On Thu, 2018-07-19 at 17:26 +0200, Baptiste Jonglez wrote: > Hi, > > I saw the recent announcement about linux-4.9 [1,2] in jessie. > > However, these new packages are not installable without jessie-backports, > because they depend on linux-base >= 4.3~, while only linux-base 3.5 is > available on plain jessie: > > # apt install linux-image-4.9.0-0.bpo.7-amd64 > The following packages have unmet dependencies: > linux-image-4.9.0-0.bpo.7-amd64 : Depends: linux-base (>= 4.3~) but 3.5 > is to be installed > > Aren't these linux-image-4.9* packages supposed to be used without > jessie-backports? I may have misunderstood the intent. No-one should install these unless they are already using jessie- backports. The intent is primarily that they can be updated even though jessie-backports will not be updated. However, this dependency on a version not in jessie is a real bug. It is probably safe to update linux-base in jessie, but I'll have to take some time to verify that. Ben. -- Ben Hutchings We get into the habit of living before acquiring the habit of thinking. - Albert Camus signature.asc Description: This is a digitally signed message part
Re: #860064 dnsmasq will not start after dns-root-data upgrade
tags 860064 +stretch tags 860064 +jessie thanks Am 01.07.2018 um 15:38 schrieb Adam D. Barratt: > On Sun, 2018-07-01 at 11:38 +, Martin, Christoph wrote: >> dns-root-data had an update a week before. the file with the dns root >> keys was updated. at least the format has changed. > > To re-iterate, no such change has happened recently in stretch. > > I understand that the update in jessie may have introduced such a > change, but at this stage there's unfortunately nothing that either the > security or release teams can do about that, as jessie is EOL and has > moved to the LTS team. The file /usr/share/dns/root.ds was changed in both jessie and stretch with the update at june 24th: # ls -l /tmp/usr/share/dns/root.ds /usr/share/dns/root.ds -rw-r--r-- 1 root root 83 Aug 24 2017 /tmp/usr/share/dns/root.ds -rw-r--r-- 1 root root 180 Dec 8 2017 /usr/share/dns/root.ds # diff -u /tmp/usr/share/dns/root.ds /usr/share/dns/root.ds --- /tmp/usr/share/dns/root.ds 2017-08-24 11:37:46.0 +0200 +++ /usr/share/dns/root.ds 2017-12-08 07:31:40.0 +0100 @@ -1 +1,2 @@ -. IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5 +. 172800 IN DS 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 +. 172800 IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d So both jessie and stretch are affected und should get an update of /etc/init.d/dnsmasq . The following patch fixes it: # diff -u /etc/init.d/dnsmasq~ /etc/init.d/dnsmasq --- /etc/init.d/dnsmasq~2015-05-05 11:17:08.0 +0200 +++ /etc/init.d/dnsmasq 2018-06-25 10:04:05.138221809 +0200 @@ -111,7 +111,8 @@ ROOT_DS="/usr/share/dns/root.ds" if [ -f $ROOT_DS ]; then - DNSMASQ_OPTS="$DNSMASQ_OPTS `sed -e s/". IN DS "/--trust-anchor=.,/ -e s/" "/,/g $ROOT_DS | tr '\n' ' '`" +# DNSMASQ_OPTS="$DNSMASQ_OPTS `sed -e s/". IN DS "/--trust-anchor=.,/ -e s/" "/,/g $ROOT_DS | tr '\n' ' '`" + DNSMASQ_OPTS="$DNSMASQ_OPTS `sed -e s/".*\sIN\sDS\s"/--trust-anchor=.,/ -e s/" "/,/g $ROOT_DS | tr '\n' ' '`" fi start() -- Christoph Martin, Leiter Unix-Systeme Zentrum für Datenverarbeitung, Uni-Mainz, Germany Anselm Franz von Bentzel-Weg 12, 55128 Mainz Telefon: +49(6131)3926337 Instant-Messaging: Jabber/XMPP: mar...@jabber.uni-mainz.de <> signature.asc Description: OpenPGP digital signature
Re: #860064 dnsmasq will not start after dns-root-data upgrade
On Thu, 2018-07-19 at 18:42 +0200, Christoph Martin wrote: > tags 860064 +stretch > tags 860064 +jessie > thanks > > Am 01.07.2018 um 15:38 schrieb Adam D. Barratt: > > On Sun, 2018-07-01 at 11:38 +, Martin, Christoph wrote: > > > dns-root-data had an update a week before. the file with the dns > > > root > > > keys was updated. at least the format has changed. > > > > To re-iterate, no such change has happened recently in stretch. [...] > > The file /usr/share/dns/root.ds was changed in both jessie and > stretch > with the update at june 24th: Please explain how the file was changed in stretch on that date. Specifically, which version of dns-root-data was updated, from which version. Sorry to keep going on about this, but there wasn't a dns-root-data update in the stretch point release that occurred on June 24th, so I'm very confused as to what effect you're apparently seeing. regards, Adam
Re: #860064 dnsmasq will not start after dns-root-data upgrade
On Thu, 2018-07-19 at 18:23 +0100, Adam D. Barratt wrote: > On Thu, 2018-07-19 at 18:42 +0200, Christoph Martin wrote: > > tags 860064 +stretch > > tags 860064 +jessie > > thanks > > > > Am 01.07.2018 um 15:38 schrieb Adam D. Barratt: > > > On Sun, 2018-07-01 at 11:38 +, Martin, Christoph wrote: > > > > dns-root-data had an update a week before. the file with the > > > > dns > > > > root > > > > keys was updated. at least the format has changed. > > > > > > To re-iterate, no such change has happened recently in stretch. > > [...] > > > The file /usr/share/dns/root.ds was changed in both jessie and > > > > stretch > > with the update at june 24th: > > Please explain how the file was changed in stretch on that date. > Specifically, which version of dns-root-data was updated, from which > version. > > Sorry to keep going on about this, but there wasn't a dns-root-data > update in the stretch point release that occurred on June 24th, so > I'm very confused as to what effect you're apparently seeing. To correct myself, there wasn't even a stretch point release on that date, just a jessie one. The remainder of my request still stands - please provide exact details of the upgrade demonstrating the breakage in stretch, including binary package names and before and after versions. Regards, Adam
Re: Jessie update of clamav?
On 2018-07-19 17:06:30 [+0200], Mike Gabriel wrote: > The Debian LTS team would like to fix the security issues which are > currently open in the Jessie version of clamav: > https://security-tracker.debian.org/tracker/CVE-2018-0360 > https://security-tracker.debian.org/tracker/CVE-2018-0361 > > Would you like to take care of this yourself? I will look after the Stretch update. I won't do it for Jessie. I *strongly* recommend that you take the Stretch version and and push it into Jessie. That means you end up with 0.100.1 and not 0.100.0 plus those two CVEs. One thing that did not receive a CVE was the fix in the libmspack library which in bundled in clamav and libmspack upstream fixed it differently (hint: the debian version uses the library). The same goes for the unrar parts. > PS: A member of the LTS team might start working on this update at > any point in time. You can verify whether someone is registered > on this update in this file: > https://salsa.debian.org/security-tracker-team/security-tracker/raw/master/data/dla-needed.txt As I said, I strongly recommend to not only fix the CVEs mentioned. Upstream is not very good at it. Sebastian
Re: #860064 dnsmasq will not start after dns-root-data upgrade
tags 860064 -stretch thanks Am 19.07.2018 um 19:34 schrieb Adam D. Barratt: >> >> Please explain how the file was changed in stretch on that date. >> Specifically, which version of dns-root-data was updated, from which >> version. >> >> Sorry to keep going on about this, but there wasn't a dns-root-data >> update in the stretch point release that occurred on June 24th, so >> I'm very confused as to what effect you're apparently seeing. > > To correct myself, there wasn't even a stretch point release on that > date, just a jessie one. The remainder of my request still stands - > please provide exact details of the upgrade demonstrating the breakage > in stretch, including binary package names and before and after > versions. Sorry, I have to apologize. I manage several hundred Debian machines. Most of them are already stretch. I was shure that one of the two machines which I checked is stretch, but it is still jessie. I found out when I tried to gather the data, which you regested: >From jessie dpkg.log: 2018-06-24 06:49:52 upgrade dns-root-data:all 2017072601~deb8u1 2017072601~deb8u2 So. Sorry again. The bug is really only in jessie and it came with the update of dns-root-data for jessie on 2018-06-24. So hopefully the Debian-LTS team can do something about the problem in Jessie. Regards Christoph
Re: Jessie update of clamav?
Hi all, On Do 19 Jul 2018 21:18:13 CEST, Sebastian Andrzej Siewior wrote: On 2018-07-19 17:06:30 [+0200], Mike Gabriel wrote: The Debian LTS team would like to fix the security issues which are currently open in the Jessie version of clamav: https://security-tracker.debian.org/tracker/CVE-2018-0360 https://security-tracker.debian.org/tracker/CVE-2018-0361 Would you like to take care of this yourself? I will look after the Stretch update. I won't do it for Jessie. I *strongly* recommend that you take the Stretch version and and push it into Jessie. That means you end up with 0.100.1 and not 0.100.0 plus those two CVEs. One thing that did not receive a CVE was the fix in the libmspack library which in bundled in clamav and libmspack upstream fixed it differently (hint: the debian version uses the library). The same goes for the unrar parts. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https://salsa.debian.org/security-tracker-team/security-tracker/raw/master/data/dla-needed.txt As I said, I strongly recommend to not only fix the CVEs mentioned. Upstream is not very good at it. Sebastian Thanks for the quick response and the feedback. Much appreciated. We will discuss your proposal and someone will pick up the task soon. Mike -- mike gabriel aka sunweaver (Debian Developer) mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net pgpDNpx0y_d_J.pgp Description: Digitale PGP-Signatur
Re: Jessie update of phpldapadmin?
Hi Fabio, On Do 19 Jul 2018 16:34:36 CEST, Fabio Tranchitella wrote: Dear Mike, On 19/07/2018 16:25, Mike Gabriel wrote: Dear maintainer(s), The Debian LTS team would like to fix the security issues which are currently open in the Jessie version of phpldapadmin: https://security-tracker.debian.org/tracker/CVE-2018-12689 Would you like to take care of this yourself? If yes, please follow the workflow we have defined here: https://wiki.debian.org/LTS/Development If that workflow is a burden to you, feel free to just prepare an updated source package and send it to debian-lts@lists.debian.org (via a debdiff, or with an URL pointing to the source package, or even with a pointer to your packaging repository), and the members of the LTS team will take care of the rest. Indicate clearly whether you have tested the updated package or not. If you don't want to take care of this update, it's not a problem, we will do our best with your package. Just let us know whether you would like to review and/or test the updated package before it gets released. You can also opt-out from receiving future similar emails in your answer and then the LTS Team will take care of phpldapadmin updates for the LTS releases. Thank you very much. Mike Gabriel, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https://salsa.debian.org/security-tracker-team/security-tracker/raw/master/data/dla-needed.txt I'm really sorry to inform you I don't have enough time to prepare the upload of phpldapadmin for the CVE. That is totally fine. One reason for having a paid team for Debian LTS is that many package maintainers normally lack bandwidth to handle long-term support of packages. The LTS team will take over. light+love, Mike -- mike gabriel aka sunweaver (Debian Developer) mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net pgpzbS2PfxEtF.pgp Description: Digitale PGP-Signatur
Re: linux-4.9 in jessie, broken dependency on linux-base
On 19-07-18, Ben Hutchings wrote: > On Thu, 2018-07-19 at 17:26 +0200, Baptiste Jonglez wrote: > > I saw the recent announcement about linux-4.9 [1,2] in jessie. > > > > However, these new packages are not installable without jessie-backports, > > because they depend on linux-base >= 4.3~, while only linux-base 3.5 is > > available on plain jessie: > > > > # apt install linux-image-4.9.0-0.bpo.7-amd64 > > The following packages have unmet dependencies: > > linux-image-4.9.0-0.bpo.7-amd64 : Depends: linux-base (>= 4.3~) but > > 3.5 is to be installed > > > > Aren't these linux-image-4.9* packages supposed to be used without > > jessie-backports? I may have misunderstood the intent. > > No-one should install these unless they are already using jessie- > backports. The intent is primarily that they can be updated even > though jessie-backports will not be updated. Ok, but that is only for updating from the kernel version in jessie-backports. To use linux 4.9 on a fresh jessie, it looks like jessie-backports is no longer needed? (notwithstanding the bug below) > However, this dependency on a version not in jessie is a real bug. It > is probably safe to update linux-base in jessie, but I'll have to take > some time to verify that. Ok, thanks! Baptiste signature.asc Description: PGP signature
Re: linux-4.9 in jessie, broken dependency on linux-base
On Fri, 2018-07-20 at 01:09 +0200, Baptiste Jonglez wrote: > On 19-07-18, Ben Hutchings wrote: > > On Thu, 2018-07-19 at 17:26 +0200, Baptiste Jonglez wrote: > > > I saw the recent announcement about linux-4.9 [1,2] in jessie. > > > > > > However, these new packages are not installable without jessie-backports, > > > because they depend on linux-base >= 4.3~, while only linux-base 3.5 is > > > available on plain jessie: > > > > > > # apt install linux-image-4.9.0-0.bpo.7-amd64 > > > The following packages have unmet dependencies: > > > linux-image-4.9.0-0.bpo.7-amd64 : Depends: linux-base (>= 4.3~) but > > > 3.5 is to be installed > > > > > > Aren't these linux-image-4.9* packages supposed to be used without > > > jessie-backports? I may have misunderstood the intent. > > > > No-one should install these unless they are already using jessie- > > backports. The intent is primarily that they can be updated even > > though jessie-backports will not be updated. > > Ok, but that is only for updating from the kernel version in jessie-backports. > > To use linux 4.9 on a fresh jessie, it looks like jessie-backports is no > longer needed? (notwithstanding the bug below) Yes, that's the intent. However some systems will need firmware that is not included in the non-free section for jessie. I will probably update firmware-nonfree as well. Ben. > > However, this dependency on a version not in jessie is a real bug. It > > is probably safe to update linux-base in jessie, but I'll have to take > > some time to verify that. > > Ok, thanks! > > Baptiste -- Ben Hutchings No political challenge can be met by shopping. - George Monbiot signature.asc Description: This is a digitally signed message part
Re: Advice for building tomcat8 on jessie?
On Wed, Jul 18, 2018 at 02:48:56PM -0400, Roberto C. Sánchez wrote: > On Mon, Jul 09, 2018 at 09:07:00AM -0400, Roberto C. Sánchez wrote: > > On Sun, Jul 08, 2018 at 09:15:26PM -0700, tony mancill wrote: > > > Hello Roberto, > > > > > > If you're still running into build failures, I would be interested in > > > taking a look. Could you push your branch to Salsa when you have a > > > chance? > > > > > > > Hi Tony, > > > > I am still getting failures. I have pushed the minimal set of changes > > that I think should work. Here is my fork on Salsa: > > > > g...@salsa.debian.org:roberto/tomcat8.git > > > > Anything? Hi Roberto, I was able to build your jessie branch in clean jessie chroot without any problems. I use sbuild on amd64. It took about 50 minutes: > Build Architecture: amd64 > Build Type: full > Build-Space: n/a > Build-Time: 3049 > Distribution: jessie > Host Architecture: amd64 > Install-Time: 39 > Job: /data/debian/sponsor/tomcat8/build-area/tomcat8_8.0.14-1+deb8u12.dsc > Lintian: warn > Machine Architecture: amd64 > Package: tomcat8 > Package-Time: 3093 > Piuparts: fail > Source-Version: 8.0.14-1+deb8u12 > Space: n/a > Status: successful > Version: 8.0.14-1+deb8u12 Piuparts isn't consistent on my box, so I wouldn't worry about that. It seems okay. Cheers, tony signature.asc Description: PGP signature
Re: Advice for building tomcat8 on jessie?
On Thu, Jul 19, 2018 at 10:35:50PM -0700, tony mancill wrote: > > Hi Roberto, > > I was able to build your jessie branch in clean jessie chroot without > any problems. I use sbuild on amd64. It took about 50 minutes: > > > Build Architecture: amd64 > > Build Type: full > > Build-Space: n/a > > Build-Time: 3049 > > Distribution: jessie > > Host Architecture: amd64 > > Install-Time: 39 > > Job: /data/debian/sponsor/tomcat8/build-area/tomcat8_8.0.14-1+deb8u12.dsc > > Lintian: warn > > Machine Architecture: amd64 > > Package: tomcat8 > > Package-Time: 3093 > > Piuparts: fail > > Source-Version: 8.0.14-1+deb8u12 > > Space: n/a > > Status: successful > > Version: 8.0.14-1+deb8u12 > > Piuparts isn't consistent on my box, so I wouldn't worry about that. It > seems okay. > Tony, That is very puzzling. Do you mind sending me the .build file along with the complete command you used to invoke the build so that I can compare it to what I am doing on my system? If the file would be too large for the mailing list, feel free to mail it to me directly. Regards, -Roberto -- Roberto C. Sánchez
