Arturo Borrero González pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7e8d6e92 by Arturo Borrero Gonzalez at 2025-01-14T12:19:42+01:00
data/dla-needed.txt: claim frr
I will work on this package next.
Signed-off-by: Arturo Borrero Gonzalez <art...@debian.
On 1/10/25 05:21, Huji Lee wrote:
Hi all,
Are there any LLMs available on Cloud services, or are there any plans for them?
I think there are many possible use cases. Even free, lightweight LLMs (like
LLaMa) could be helpful, e.g. in bots that review edits, categorize pages, etc.
Hi Huji,
[
https://issues.apache.org/jira/browse/HTTPCLIENT-2354?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Arturo Bernal updated HTTPCLIENT-2354:
--
Fix Version/s: 5.4.2
> ResponseCachingPolicy::isExplicitlyCacheable does
[
https://issues.apache.org/jira/browse/HTTPCLIENT-2354?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Arturo Bernal resolved HTTPCLIENT-2354.
---
Resolution: Fixed
> ResponseCachingPolicy::isExplicitlyCacheable does
+1 Release the packages as HttpCore 5.3.2.
Thank you
Arturo
On Mon, Jan 6, 2025 at 6:55 PM Oleg Kalnichevski wrote:
> Please vote on releasing these packages as HttpCore 5.3.2.
> The vote is open for the at least 72 hours, and only votes from
> HttpComponents PMC members are bin
[
https://issues.apache.org/jira/browse/HTTPCLIENT-2353?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Arturo Bernal updated HTTPCLIENT-2353:
--
Fix Version/s: 5.5-alpha1
> Incorrect IDN-hostname validation from
[
https://issues.apache.org/jira/browse/HTTPCLIENT-2353?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Arturo Bernal resolved HTTPCLIENT-2353.
---
Resolution: Fixed
> Incorrect IDN-hostname validation from TLS-certifica
properly declared.
Jetty’s stricter enforcement reflects a security-conscious approach, which
is understandable, but it goes beyond the minimum requirements outlined by
the RFC IMO
Arturo
On Mon, Jan 6, 2025 at 3:47 AM jan luehe wrote:
> Hi Oleg,
> this is the response we have received fr
LGTM
Arturo
On Sun, Jan 5, 2025 at 9:15 AM Oleg Kalnichevski wrote:
> Folks
>
> Please review the release notes for HttpCcore 5.3.2 and amend them as
> you deem necessary
>
> https://github.com/apache/httpcomponents-core/blob/5.3.x/RELEASE_
CDI constructor simply serves an internal purpose, so any discrepancy
in defaults there is generally not considered a bug.
Kind regards
Arturo
On Fri, Jan 3, 2025 at 10:11 PM jan luehe
wrote:
> The reason I'm asking is because when we upgraded
> org.apache.httpcomponents.client5 f
Hi Patricia,
There’s no hard-coded request-size limit in Apache HttpClient itself . A 413
Request Entity Too Large error usually originates on the server or proxy
side when it decides that the incoming request (header + body) exceeds its
configured maximum size.
Arturo
On Fri, Jan 3, 2025 at 7
Hi Juan Pablo,
LGTM
Thank you.
Arturo
On Thu, Jan 2, 2025 at 4:13 PM Juan Pablo Santos Rodríguez <
juanpablo.san...@gmail.com> wrote:
> Hi,
>
> as usual, please see below for the draft for upcoming Board meeting.
> Any edits, comments, etc. as always are more than welcome
Hello,
This is my December 2024 monthly report for the Freexian LTS/ELTS [1]
initiative.
Many thanks to Freexian and sponsors [2] for providing this opportunity!
ELTS:
I spent all of my time this month working on activemq for Jessie.
Some highlights:
* CVE-2020-13920 -- patch backport co
[
https://issues.apache.org/jira/browse/HTTPCLIENT-2352?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17907495#comment-17907495
]
Arturo Bernal commented on HTTPCLIENT-2352:
---
Hi [~markslater] ç,
Mohamed
I remember that at least as authors we discussed some models that were
proposed in some discussions on the WG. At least the ones that we reviewed,
we found that the interconnection model was more about transport and
physical links and didn't fit well with public link peering links.
I trie
My co-authors and I are happy to announce the publication of a recent paper the
Comparative Immunology, Microbiology and Infectious Diseases:
Gerardo.G. Ballados-González, et al. 2025. Hemoplasma in melon-headed whale
(Peponocephala electra, Gray, 1846), Veracruz, Mexico. Comparative Immunology,
Hello,
This is my November 2024 monthly report for the Freexian LTS/ELTS [1]
initiative.
Many thanks to Freexian and sponsors [2] for providing this opportunity!
ELTS:
I spent most of my time this month working on ELTS releases (Jessie, Stretch,
Buster), with the activemq package.
Some
Hi there,
As part of the debian (E)LTS initiative, I'm working on trying to fix
CVE-2022-41678 on the activemq packages in Debian. In particular, I'm interested
in Debian Jessie and activemq 5.6.0.
The patch [0] to correct the jolokia config doesn't apply to the source code we
have in Debian
Hi there,
As part of the debian (E)LTS initiative, I'm working on trying to fix
CVE-2022-41678 on the activemq packages in Debian. In particular, I'm interested
in Debian Jessie and activemq 5.6.0.
The patch [0] to correct the jolokia config doesn't apply to the source code we
have in Debian
Hi there,
I'm looking for a fix for CVE-2023-46604 in activemq 5.6.0.
The patch that is published [0] does not apply to 5.6.0, and I would like you to
either:
* provide a patch that applies to the source tree in activemq 5.6.0
* confirm if the bug does not apply to activemq 5.6.0
regards.
[0
[
https://issues.apache.org/jira/browse/HTTPCLIENT-2350?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Arturo Bernal resolved HTTPCLIENT-2350.
---
Resolution: Fixed
In master.
> Option to prevent hostname resolution
Hello,
This is my October 2024 monthly report for the Freexian LTS/ELTS [1] initiative.
Many thanks to Freexian and sponsors [2] for providing this opportunity!
LTS:
I spent most of the time working on the nss package for Debian
Bullseye, plus some work to sync security changes with Debian
On 10/29/24 18:19, Arturo Borrero Gonzalez wrote:
Hi Chris,
the work has been done already. Packages with the patches will be uploaded
soon.
Offering more information here.
There are uploads scheduled for all ELTS releases:
* buster
* stretch
* jessie
The git repository contains all
Hi Chris,
the work has been done already. Packages with the patches will be uploaded
soon.
regards.
-- Forwarded message -
From: Chris Frey
Date: Tue, Oct 29, 2024, 08:36
Subject: CVE-2024-6602 & CVE-2024-6609 nss for debian/buster
To:
Just in case anyone else is in the same
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian LTS Advisory DLA-3937-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Arturo Borrero Gonzalez
October 27, 2024
Arturo Borrero González pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8256d066 by Arturo Borrero Gonzalez at 2024-10-27T20:49:31+01:00
Reserve DLA-3937-1 for nss
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes
s the data from
https://hg.mozilla.org/projects/nss/rev/525c5044cc9e53f5015c697b04b1405df91003ac,
I would feel more comfortable if upstream confirmed that the commit ^ above
fixes the vulnerability. Arturo, could you please ask upstream to confirm
that reference is correct?
Hi,
they have conf
Arturo Borrero González pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
52c90c3f by Arturo Borrero Gonzalez at 2024-10-27T20:01:18+01:00
CVE-2024-7531/nss: does not affect bullseye
See also:
https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c
El miércoles, 23 de octubre de 2024 a las 21:52:57 UTC+2, John Schanck
escribió:
Hi Arturo, NSS 3.61 is not affected. The bug was introduced in 3.72.
Hi John,
thanks for this information, it is really valuable for us.
Additionally, I would like to double check if this patch [0] is the
+1 Release the packages as HttpClient 5.4.1
Arturo
On Fri, Oct 25, 2024 at 9:50 AM Oleg Kalnichevski wrote:
> Please vote on releasing these packages as HttpClient 5.4.1.
> The vote is open for the at least 72 hours, and only votes from
> HttpComponents PMC members are binding.
Hi,
On 10/23/24 23:48, Santiago Ruano Rincón wrote:
I added the reference to the commit that introduced the vulnerability
after you committed it to the elts security tracker.
I have no recollection of this.
In any case, upstream confirmed [0] the vulnerability was introduced in nss
3.72.
So
Hi, sorry for the late follow up.
On 10/16/24 00:38, Santiago Ruano Rincón wrote:
Again, you can also ask upstream. They are in a better position to tell
you if the vulnerability is present in 3.61 or not.
For the record, I have just now sent an email to upstream:
https://groups.google.com/
Hi there,
I'm interesting in having a patch for CVE-2024-7531 available for the nss
version we have in Debian Bullseye (nss 3.61).
We have some information [0] about the code that introduced the
vulnerability [1] and the patch that fixes it [2], but the patch does not
apply cleanly to the code
On 10/22/24 12:13, Dreamy Jazz wrote:
I also got this error today for my instance.
Hi there,
I can confirm there was a problem today with puppetservers because a Java
upgrade.
See here for details:
https://phabricator.wikimedia.org/T377803
I think the problem should be solved now.
regard
+1 Release the packages as HttpCore 5.3.1.
Arturo
On Sat, Oct 19, 2024 at 12:33 PM Oleg Kalnichevski wrote:
> Please vote on releasing these packages as HttpCore 5.3.1.
> The vote is open for the at least 72 hours, and only votes from
> HttpComponents PMC members are binding. The vo
On 10/15/24 16:58, Santiago Ruano Rincón wrote:
Moreover, I do see the code introduced by that change as part of
2:3.61-1+deb11u3, that relate to HACL* AVX2 support for different crypto
algorithms. Could you please give more details about why do you say
bullseye doesn't contain the affected code
+1.
Being strict. No need to flood the logs
Arturo
On Sat, Oct 12, 2024 at 3:14 PM Oleg Kalnichevski wrote:
> On Sat, 2024-10-12 at 07:43 -0400, Gary Gregory wrote:
> > I think the remaining decisions are:
> >
> > - whether we should log a warning (but not throw an exc
Hi there,
this email is to propose we mark the nss package in debian bullseye as not
affected by CVE-2024-7531 [0].
The upstream patch is clearly identified [1], but debian/bullseye [2] just
doesn't contain the affected code.
We did a similar thing for debian/{jessie,stretch,buster} already
.
Arturo
On Sat, Oct 12, 2024 at 12:47 PM Oleg Kalnichevski wrote:
> Folks
>
> Presently HttpCore HTTP/2 protocol handler treats HTTP/2 request
> messages with a `Host` header as malformed.
>
> However I just recently discovered that Apache HTTPD happily sends us
> push pr
27;t state the same for Alibaba and virtio. I
would be thankful for any help in this regard.
Regards,
Arturo
[
https://issues.apache.org/jira/browse/HTTPCLIENT-2322?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Arturo Bernal closed HTTPCLIENT-2322.
-
Resolution: Fixed
Since the duplicate class listings no longer appear, and the
[
https://issues.apache.org/jira/browse/HTTPCLIENT-2322?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17887229#comment-17887229
]
Arturo Bernal commented on HTTPCLIENT-2322:
---
[~michael-o]
I believ
[
https://issues.apache.org/jira/browse/HTTPCLIENT-2343?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Arturo Bernal updated HTTPCLIENT-2343:
--
Fix Version/s: (was: 5.4.1)
Affects Version/s: (was: 5.4
[
https://issues.apache.org/jira/browse/HTTPCLIENT-2343?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17886779#comment-17886779
]
Arturo Bernal edited comment on HTTPCLIENT-2343 at 10/3/24 8:0
[
https://issues.apache.org/jira/browse/HTTPCLIENT-2343?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Arturo Bernal closed HTTPCLIENT-2343.
-
Resolution: Won't Fix
After thorough review and testing, it is clear tha
[
https://issues.apache.org/jira/browse/HTTPCLIENT-2233?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Arturo Bernal resolved HTTPCLIENT-2233.
---
Resolution: Fixed
In master
> Metrics miss
[
https://issues.apache.org/jira/browse/HTTPCLIENT-2233?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Arturo Bernal updated HTTPCLIENT-2233:
--
Fix Version/s: 5.4-alpha1
> Metrics miss
On 9/30/24 02:57, Sulav K Shetri wrote:
I had requested an new Cloud VPS project 6 days back and waiting for review or
approval but it has been 6 days since my request but till now no one has
reviewed it so I wanted to know when will be reviewed and this is the link of my
request Request creati
Hello,
This is my September 2024 monthly report for the Freexian LTS/ELTS [1]
initiative.
Many thanks to Freexian and sponsors [2] for providing this opportunity!
LTS:
I worked on the nss package for Debian Bullseye, with the following highlights:
* briefly evaluated CVE-2023-5388, but t
[
https://issues.apache.org/jira/browse/HTTPCLIENT-2159?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Arturo Bernal resolved HTTPCLIENT-2159.
---
Fix Version/s: 5.4-alpha1
Resolution: Fixed
In master
> Inva
[
https://issues.apache.org/jira/browse/HTTPCORE-769?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Arturo Bernal resolved HTTPCORE-769.
Fix Version/s: 5.4-alpha1
(was: Stuck)
Resolution: Fixed
+1
Arturo
On Thu, Sep 26, 2024 at 9:37 AM Oleg Kalnichevski wrote:
> Please lazy vote on releasing HttpComponents Parent 14 based on RC1.
>
> The vote is open for the at least 72 hours, and only votes from
> HttpComponents PMC members are binding. The vote passes if at least one
Hi there,
I'm interested in having a patch for CVE-2024-6609 available for the nss
version we have in Debian Bullseye (nss 3.61).
We have a note [0] that mentions this:
=== 8< ===
To address CVE in older versions of src:nss what is needed is to add the
error
handling code (confirmed by upstrea
Arturo Borrero González pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5d6adf76 by Arturo Borrero Gonzalez at 2024-09-25T21:16:28+02:00
LTS: claim nss in dla-needed.txt
- - - - -
1 changed file:
- data/dla-needed.txt
Changes
[
https://issues.apache.org/jira/browse/HTTPCLIENT-2344?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17884346#comment-17884346
]
Arturo Bernal commented on HTTPCLIENT-2344:
---
I still don’t see any i
[
https://issues.apache.org/jira/browse/HTTPCLIENT-2344?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17884323#comment-17884323
]
Arturo Bernal commented on HTTPCLIENT-2344:
---
IMO We should stri
Arturo Borrero González pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
551af19f by Arturo Borrero Gonzalez at 2024-09-23T22:13:20+02:00
CVE-2024-6609: bullseye: mark as fixed in nss > 3.61
The upstream source code for nss starting with 3.61 contains the
Arturo Borrero González pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
88b4b247 by Arturo Borrero Gonzalez at 2024-09-23T21:49:22+02:00
CVE-2023-6135: mark as ignored for debian bullseye
Upstream says it is too invasive to fix.
See also:
https
El viernes, 13 de septiembre de 2024 a las 19:13:37 UTC+2, Arturo Borrero
Gonzalez escribió:
Hi there,
I'm working on improving CI integration for the nss debian package.
[...]
If I'm reading the script correctly, it mostly expects to be executed in
the context of a freshly-built
[
https://issues.apache.org/jira/browse/HTTPCLIENT-2159?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17883624#comment-17883624
]
Arturo Bernal commented on HTTPCLIENT-2159:
---
Hi [~michael-o] [~res
+1
Arturo
On Fri, Sep 20, 2024 at 3:46 PM Oleg Kalnichevski wrote:
> Please lazy vote on releasing HttpComponents CheckStyle 3 based on RC1.
>
> The vote is open for the at least 72 hours, and only votes from
> HttpComponents PMC members are binding. The vote passes if at least o
[
https://issues.apache.org/jira/browse/HTTPCLIENT-2343?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17883475#comment-17883475
]
Arturo Bernal commented on HTTPCLIENT-2343:
---
HI [~bratkartoffel]
[
https://issues.apache.org/jira/browse/HTTPCLIENT-2342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17883231#comment-17883231
]
Arturo Bernal commented on HTTPCLIENT-2342:
---
Hi [~ctabin]
I ran a
[
https://issues.apache.org/jira/browse/HTTPCLIENT-1843?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17883111#comment-17883111
]
Arturo Bernal commented on HTTPCLIENT-1843:
---
Hi [~ggregory]
+1 Release the packages as HttpClient 5.4.
Arturo
On Mon, Sep 16, 2024 at 5:40 PM Oleg Kalnichevski wrote:
> Please vote on releasing these packages as HttpClient 5.4.
> The vote is open for the at least 72 hours, and only votes from
> HttpComponents PMC members are binding. The vo
Hi there,
I'm working on improving CI integration for the nss debian package.
The nss testsuite (which can be run via tests/all.sh) contains a lot of
test cases, and I would like to run this script from the debian CI
infrastructure.
Because the nss package in Debian can receive backported patc
Arturo Borrero González pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c0316a58 by Arturo Borrero Gonzalez at 2024-09-04T17:44:53+02:00
LTS: claim nss in dla-needed.txt
- - - - -
1 changed file:
- data/dla-needed.txt
Changes
Hello,
This is my August 2024 monthly report for the Freexian LTS/ELTS [1] initiative.
Many thanks to Freexian and sponsors [2] for providing this opportunity!
LTS:
I did not engage in any LTS activities this month.
ELTS:
I spent my available time this month working on two packages:
Package: wnpp
Severity: wishlist
Owner: Arturo Ingenito
* Package name : lightpad
Version : 0.0.8
Upstream Author : DEB Libre
* URL : https://github.com/libredeb
* License : GPL
Description : A plugin for XFCE DE that shows a grid menu like GNOME
The Lightpad plugin for XFCE is a lightweight
Package: wnpp
Severity: wishlist
Owner: Arturo Ingenito
* Package name : lightpad
Version : 0.0.8
Upstream Author : DEB Libre
* URL : https://github.com/libredeb
* License : GPL
Description : A plugin for XFCE DE that shows a grid menu like GNOME
The Lightpad plugin for XFCE is a lightweight
Hello,
Here is my July 2024 monthly report for the Freexian LTS/ELTS [1] initiative.
Many thanks to Freexian and sponsors [2] for providing this opportunity!
This month, again, I would like to thank Santiago for the assistance, review and
support.
LTS:
I did not engage in any LTS activi
Please go ahead, no need for delay.
I have no time (or interest) in this package anymore.
You may drop me from the maintainer list as well.
Hi there,
The Toolforge Kubernetes system has been scheduled to be upgraded to version
1.25 [0] next Tuesday 2024-07-17 @ 09:00 UTC.
The operation window will last 2 hours, and during this time, some Toolforge
components will briefly and intermittently become unavailable.
Examples of things
Hi there,
The Toolforge Kubernetes system has been scheduled to be upgraded to version
1.25 [0] next Tuesday 2024-07-17 @ 09:00 UTC.
The operation window will last 2 hours, and during this time, some Toolforge
components will briefly and intermittently become unavailable.
Examples of things
rights in the terms established in the
> current regulations by contacting us. Likewise, you can request us to send
> additional information about our data protection policy, tel 961 920 029,
> e-mail: proteccionda...@silomar.es
>
> Únete a Recursos AS400, nuestra Comunidad ( http://bit.ly/db68dd )
> Forum.Help400 � Publicaciones Help400, S.L.
>
--
*Jorge Arturo Pèrez Osorio.*
.
Únete a Recursos AS400, nuestra Comunidad ( http://bit.ly/db68dd )
Forum.Help400 � Publicaciones Help400, S.L.
upport and something is missing, we are open to it.
Regards
as
On Fri, 28 Jun 2024 at 19:06, Matthias Wichtlhuber <
matthias.wichtlhu...@de-cix.net> wrote:
> Hi Arturo,
>
> > One assumption that we have is that the Peering Database (in this case
> PeeringDB but it could be any)
Hello,
Here is my June 2024 monthly report for the Freexian LTS/ELTS [1] initiative.
Many thanks to Freexian and sponsors [2] for providing this opportunity!
Turns out, this was my first month working on the LTS/ELTS projects, and I would
like to thank Santiago for the assistance, review, suppo
Hello,
Here is my June 2024 monthly report for the Freexian LTS/ELTS [1] initiative.
Many thanks to Freexian and sponsors [2] for providing this opportunity!
Turns out, this was my first month working on the LTS/ELTS projects, and I would
like to thank Santiago for the assistance, review, suppo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-3846-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Arturo Borrero Gonzalez
June 28, 2024
Arturo Borrero González pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dd290270 by Arturo Borrero Gonzalez at 2024-06-28T23:28:37+02:00
data/CVE/list: ignore nss CVE-2023-6135 in buster
Not fixing nss CVE-2023-6135 in Debian Buster.
Signed-off-by: Arturo
Cheking
Arturo
On Fri, Jun 28, 2024 at 6:47 PM Florian Preinstorfer <
lists-jspw...@nblock.org> wrote:
> Hi,
> Am 2024-06-26 19:09, schrieb Arturo Bernal:
> >I apologize for the confusion and any inconvenience caused by the
> >invalid signatures. If you encounter any fu
Matthias
One assumption that we have is that the Peering Database (in this case
PeeringDB but it could be any) is the canonical source of most of the
information that you need to set up a peering session.
In the case of RS, all that information is already there and there is no
need to add it agai
+1 Release the packages as HttpCore 5.2.5.
Arturo
On Thu, Jun 27, 2024 at 10:25 AM Oleg Kalnichevski wrote:
> Please vote on releasing these packages as HttpCore 5.2.5.
> The vote is open for the at least 72 hours, and only votes from
> HttpComponents PMC members are binding. The vo
Arturo Borrero González pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7c515ba9 by Arturo Borrero Gonzalez at 2024-06-27T22:59:02+02:00
Reserve DLA-3846-1 for libmojolicious-perl
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes
On 6/27/24 21:12, John Schanck wrote:
Hi Arturo,
we don't plan on backporting any of the patches for CVE-2023-6135 to
the NSS 3.90 branch at this time. The patches you linked to are,
unfortunately, not sufficient to fix the issue. Short of copying the
entire lib/freebl/ecl directory fro
Arturo Bernal created JSPWIKI-1194:
--
Summary: CI/CD Pipeline Optimization for Apache JSPWiki with
JDK-17 Integration
Key: JSPWIKI-1194
URL: https://issues.apache.org/jira/browse/JSPWIKI-1194
Project
[
https://issues.apache.org/jira/browse/JSPWIKI-1194?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Arturo Bernal updated JSPWIKI-1194:
---
Assignee: Arturo Bernal
> CI/CD Pipeline Optimization for Apache JSPWiki with JDK
reach out.
Best regards,
Arturo
On Tue, Jun 25, 2024 at 11:38 AM Arturo Bernal wrote:
> Hi All,
>
> I'm okay with not doing a new release and instead replacing the files that
> have signature issues.
>
>
> Arturo
>
>
> On Mon, Jun 24, 2024 at
Hi there,
tomorrow 2024-06-26 @ 08:30Z we will start enforcing new Kubernetes security
rules in Toolforge [0].
We have taken measures to eliminate any user impact, but this being a
potentially sensitive change, I wanted to send a heads up email.
In a nut-shell, pod-related kubernetes resour
On 6/24/24 18:25, Dana Keeler wrote:
To save others from potential confusion, the CVE in question is CVE-2023-6135,
not 6125.
Correct, there was a typo on my side.
--
You received this message because you are subscribed to the Google Groups
"dev-tech-crypto@mozilla.org" group.
To unsubscrib
Hi All,
I'm okay with not doing a new release and instead replacing the files that
have signature issues.
Arturo
On Mon, Jun 24, 2024 at 9:57 PM Juan Pablo Santos Rodríguez <
juanpablo.san...@gmail.com> wrote:
> Hi!
>
> my bad: gpg --keyserver hkps://pgp.mit.edu/ --re
Hi,
The key is available (gpg --list-keys --fingerprint 2D51AAC6), but I don't
think that will solve the issue. It seems that I might have generated the
signature incorrectly.
I checked and, yes, there are binaries that were signed correctly.
Verification worked for jspwiki-portable-2.12.2-woas
resses all potential
issues.
what do you think?
Best regards,
Arturo
On Sat, Jun 22, 2024 at 6:05 PM Arturo Bernal wrote:
> Hi,
>
> Let me check.
>
> Cheers
>
>
> Arturo
>
>
> On Sat, Jun 22, 2024 at 6:03 PM Florian Preinstorfer <
> lists-jspw...@nblock.o
+1 Release the packages as HttpClient 5.4-beta1.
Arturo
On Sun, Jun 23, 2024 at 11:09 AM Oleg Kalnichevski wrote:
> Please vote on releasing these packages as HttpClient 5.4-beta1.
> The vote is open for the at least 72 hours, and only votes from
> HttpComponents PMC members are bin
Hi there,
I am exploring how to fix CVE-2023-6125 in the nss package (version 3.42.1) in
Debian Buster.
There is a note from a Debian college saying that we should wait until you have
backported the fix to the 3.90 series, but scanning your releases did not
immediately showed to me where (if
Hi,
Let me check.
Cheers
Arturo
On Sat, Jun 22, 2024 at 6:03 PM Florian Preinstorfer <
lists-jspw...@nblock.org> wrote:
> Hi,
> it seems the GPG signature for jspwiki-wikipages-de-2.12.2.zip is
> invalid:
>
>wget -q
> https://archive.apache.org/dist/jspwiki/
Arturo Borrero González pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7cf13c7e by Arturo Borrero Gonzalez at 2024-06-22T14:49:55+02:00
data/dla-needed: claim libmojolicious-perl
Claim this package, I'll work on it.
Signed-off-by: Arturo Borrero Gonzalez
Arturo Borrero González pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e5209be0 by Arturo Borrero Gonzalez at 2024-06-22T14:08:07+02:00
data/dla-needed: add note about CVE-2023-6125 for nss
Add new note.
Signed-off-by: Arturo Borrero Gonzalez <
[
https://issues.apache.org/jira/browse/HTTPCLIENT-2331?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Arturo Bernal resolved HTTPCLIENT-2331.
---
Resolution: Fixed
Solved
https://github.com/apache/httpcomponents-client/pull
:
https://jspwiki-wiki.apache.org/Wiki.jsp?page=NewIn2.12
We welcome your help and feedback. For more information on how to
report problems, and to get involved visit the project website at
http://jspwiki.apache.org/
The Apache JSPWiki Team
Arturo
1 - 100 of 3001 matches
Mail list logo
