Re: Certbot security update (Bug #969126)
Hi Harlan, On Sun, Dec 6, 2020 at 5:37 AM Harlan Lieberman-Berg wrote: > Took a look at this and tried to duplicate it by updating my stretch > sbuild to use the security repo in case that did anything. No joy. > The only difference between our environments now is eatmydata -- which > could explain odd file existance problems, considering. > > I think it's good to go as is. Great, thanks. I had uploaded it yesterday and it has been in the archive since then! \o/ I'll shortly release the announcement for this update and update the website as well! Thank you for your work and your help on this! \o/ - u
(semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)
hi, today one package was unclaimed for LTS: - snapd (Brian May) and none for ELTS. Thorsten Alteholz probably claimed too many, 4, packages: minidlna openjpeg2 slirp x11vnc Finally there are two DLAs which have been reserved but not yet been published: - DLA 2483-1 (05 Dec 2020) (linux-4.19) - DLA 2482-1 (04 Dec 2020) (debian-security-support) (plus one missing DLAs from today. And the debian-security-support one is from me...) Have a great week! (and please publish your reports and give back any remaining ELTS hours from November if you still have some.) -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature
Re: golang-1.7 / CVE-2019-9514 / CVE-2019-9512
Brian May writes: > I have a patch to fix this. As attached. I believe that there are exactly two additional packages that would need to be rebuilt in stretch (i.e. that include the http2 server code): - dnss - gobgpd Not 100% sure if these support creating a http2 server, but might be worth rebuilding just in case. Is it OK for me to add these to dla-needed.txt? -- Brian May
