On Mon, Apr 09, 2018 at 01:14:37PM +0200, Lars Kollstedt wrote:
> On Monday, 9 April 2018 12:56:12 CEST Lars Kollstedt wrote:
> [...]
> > This patch should IMHO work, but I have no opportunity to test it without
> > your help, since we're in udeb and testing preseed issues. ;-)
>
> Hi again,
>
>
On Mon, Jul 01, 2019 at 08:40:22PM +0200, Raphaël Halimi wrote:
> Hi Cyril,
>
> Le 29/06/2019 à 16:20, Cyril Brulebois a écrit :
> >> If installing gnupg is what it takes to fix the bug, IMHO it should be
> >> done; anyway, with this patch, it would be installed only if a local
> >> repository wit
On Sat, Jul 27, 2019 at 12:34:38PM +0200, Cyril Brulebois wrote:
> Adam D. Barratt (2019-07-26):
> > On 2019-07-16 06:36, Moritz Muehlenhoff wrote:
> > > This update for OpenSSH fixes a dead lock in AuthorizedKeysCommand
> > > (#905226).
> > >
> > > The fixed package is running fine on a formerly
On Mon, May 14, 2018 at 06:26:08PM +0100, Jonathan Wiltshire wrote:
> Hi,
>
> According to my records main security support for Jessie can end any time
> after 17th June.
>
> So to the security team: do you have a date in mind?
The 17th :-)
Cheers,
Moritz
retitle 875858 Revert default installation of unattended-upgrades
thanks
[Resending since the earlier unarchive wasn't effective yet, so the
followup got lost]
Moritz Mühlenhoff wrote:
> On Thu, Jan 04, 2018 at 01:31:25PM +0100, Raphael Hertzog wrote:
> > OK, putting team@securi
On Fri, May 18, 2018 at 11:53:42PM +0200, Cyril Brulebois wrote:
Sorry for the late reply, busy and backlogged in my inbox.
> > > That's pointless until testing becomes stable and by then it's too
> > > late, this needs to be disabled now.
>
> Do you have minutes/rationales or something that ca
On Wed, Jan 09, 2019 at 09:39:33PM +0100, Salvatore Bonaccorso wrote:
> Source: busybox
> Version: 1:1.27.2-3
> Severity: normal
> Tags: patch security upstream
> Forwarded: https://bugs.busybox.net/show_bug.cgi?id=11506
>
> Hi,
>
> The following vulnerability was published for busybox.
>
> CVE-
On Fri, Feb 15, 2019 at 07:28:57PM +0100, Cyril Brulebois wrote:
> Right, this also breaks the build of the debian-installer source package
> on amd64 since its build dependencies cannot be satisfied.
Is there an ETA for a fix?
Cheers,
Moritz
Moritz Muehlenhoff wrote:
> call. $MENU is set to '/usr/bin/main-menu' and in fact running
>
> "debconf -o d-i /usr/bin/main-menu" tries to emit some output (I can see the
> cursor
> moving), but drops back to the shell right away.
>
> I'm not familiar with cdebconf, if there's some suggested st
Source: busybox
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for busybox.
CVE-2023-39810[0]:
| An issue in the CPIO command of Busybox v1.33.2 allows attackers to
| execute a directory traversal.
https://www.pentagrid.ch
Source: busybox
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for busybox.
CVE-2022-48174[0]:
| There is a stack overflow vulnerability in ash.c:6030 in busybox
| before 1.35. In the environment of Internet of Vehicles, th
Source: busybox
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for busybox.
CVE-2023-42364[0]:
| A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers
| to cause a denial of service via a crafted awk pattern i
Source: busybox
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for busybox.
CVE-2023-42363[0]:
| A use-after-free vulnerability was discovered in xasprintf function
| in xfuncs_printf.c:344 in BusyBox v.1.36.1.
https://bug
Source: busybox
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for busybox.
CVE-2023-42365[0]:
| A use-after-free vulnerability was discovered in BusyBox v.1.36.1
| via a crafted awk pattern in the awk.c copyvar function.
Source: busybox
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for busybox.
CVE-2023-42366[0]:
| A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the
| next_token function at awk.c:1159.
https://bugs.busybox.ne
On Tue, Apr 14, 2015 at 03:44:37PM +0200, Cyril Brulebois wrote:
> I doubt we'll change anything in templates at this point (strings need
> to be translated), but we already have:
> https://www.debian.org/releases/testing/amd64/ch02s02.html
> https://www.debian.org/releases/testing/amd64/ch06s0
On Mon, Jun 17, 2013 at 12:00:45AM +0100, Steven Chamberlain wrote:
> On 16/06/13 19:57, Moritz Mühlenhoff wrote:
> > Wheezy has both kfreebsd-8 and kfreebsd-9. Shouldn't kfreebsd-8 be dropped
> > now?
>
> Some other things I'm wondering about are:
>
> s
On Fri, Sep 15, 2017 at 03:27:58PM +0100, Steve McIntyre wrote:
> On Fri, Sep 15, 2017 at 11:45:13AM +0200, Raphaël Hertzog wrote:
> >Source: pkgsel
> >Version: 0.45
> >Severity: wishlist
> >
> >Ubuntu has a patch adding a "pkgsel/update-policy" debconf question which
> >is used to control the inst
On Tue, Dec 12, 2017 at 09:23:50AM +0100, Raphael Hertzog wrote:
> > But my experience has mostly been with regular package updates. I haven't
> > focused much on security updates. Can security updates be applied with out
> > generating dependency chains and their updates?
>
> Yes. I am seriousl
Hi,
Sorry for the late reply, busy over the holiday season.
On Mon, Dec 18, 2017 at 12:12:08PM +0100, Raphael Hertzog wrote:
> Hi,
>
> On Sun, 17 Dec 2017, Moritz Mühlenhoff wrote:
> > unattended-upgrades are not an appropriate default. It's okay for a desktop
> > syst
20 matches
Mail list logo
