Hi,
On Mon, 02 Jun 2014, Moritz Mühlenhoff wrote:
> Following a very rough methodology:
>
> For updates in leaf packages with a patch available for stable-security
> four updates should be sufficient for the updated packages and tests.
s/updates/hours/ ?
> Sometimes the update is more involved
On Mon, Jun 02, 2014 at 11:31:15PM +0200, Christoph Biedl wrote:
> Thijs Kinkhorst wrote...
>
> > On Mon, June 2, 2014 09:59, Moritz Muehlenhoff wrote:
> > > Everyone who wants to participate should request write access to that
> > > repo, as documented here:
> > > https://security-tracker.debian.
On Mon, Jun 02, 2014 at 11:10:54PM +0200, matteo filippetto wrote:
> Hi,
>
> I was looking at CVE-2009-5023 of fail2ban: as reported in this page
> https://security-tracker.debian.org/tracker/source-package/fail2ban
> squeeze should be vulnerable.
>
> But looking at the code (apt-get source fail2
Thijs Kinkhorst wrote...
> On Mon, June 2, 2014 09:59, Moritz Muehlenhoff wrote:
> > Everyone who wants to participate should request write access to that
> > repo, as documented here:
> > https://security-tracker.debian.org/tracker/data/report
As I don't have write access yet (see below), please
matteo filippetto wrote...
> Moreover
>
> http://metadata.ftp-master.debian.org/changelogs//main/f/fail2ban/fail2ban_0.8.4-3+squeeze2_changelog
>
> states that #544232 was closed in fail2ban (0.8.4-3+squeeze1).
I was just about the write the same thing. Appearently CVE-2009-5023
is no longer an
Hi,
I was looking at CVE-2009-5023 of fail2ban: as reported in this page
https://security-tracker.debian.org/tracker/source-package/fail2ban
squeeze should be vulnerable.
But looking at the code (apt-get source fail2ban) I saw no evidence of
the bug...so I installed fail2ban and the config files
Moritz Mühlenhoff wrote...
> On Fri, May 30, 2014 at 04:08:01PM +0200, Christoph Biedl wrote:
> > Moritz Muehlenhoff wrote...
> >
> > > On Wed, May 28, 2014 at 09:49:45AM +0200, Christoph Biedl wrote:
> > > > So I
> > > > am thinking of an an updated version of libdbi-perl for squeeze-lts
> > > >
Thorsten Alteholz wrote:
> On Tue, 27 May 2014, Moritz Muehlenhoff wrote:
> >>BTW, did you really mean 2014 (so that would be only a few months) or
> >>did you rather mean 2013 (so that we have a full year of history to make it
> >>more representative)?
> >
> >The full 2013 would be even better, y
On 02/06/14 15:17, Steven Chamberlain wrote:
> Fortunately at
> least CURL seems to link with OpenSSL instead.
Actually the curl binary links to OpenSSL *and* GnuTLS, so I don't know
which is used normally.
Regards,
--
Steven Chamberlain
ste...@pyro.eu.org
--
To UNSUBSCRIBE, email to debian-l
Within the past hour or so it seems to be on mirrors now.
Initially I had some trouble with the indices:
> W: A error occurred during the signature verification. The repository is not
> updated and the previous index files will be used. GPG error:
> http://http.debian.net squeeze-lts Release: T
Hi,
On Mon, 02 Jun 2014 15:38:35 +0300, Wolfgang Jeltsch wrote:
> Unfortunately, I still do not get any update for gnutls26, although the
> update should be available now, according to the recent e-mail by Moritz
> Muehlenhoff.
Regular security.d.o usually has all mirrors updated before the
annou
Am Montag, den 02.06.2014, 09:50 +0200 schrieb Moritz Muehlenhoff:
Package: gnutls26
Version: 2.8.6-1+squeeze4
CVE ID : CVE-2014-3466
Joonas Kuorilehto discovered that GNU TLS performed insufficient
validation of session IDs during TLS/SSL handshakes. A malicious
server c
Am Montag, den 02.06.2014, 09:50 +0200 schrieb Moritz Muehlenhoff:
> Package: gnutls26
> Version: 2.8.6-1+squeeze4
> CVE ID : CVE-2014-3466
>
> Joonas Kuorilehto discovered that GNU TLS performed insufficient
> validation of session IDs during TLS/SSL handshakes. A malicio
On Mon, Jun 02, 2014 at 12:19:01PM +0200, Moritz Muehlenhoff wrote:
> Note that the gnutls26 package isn't available yet. It landed in the NEW queue
> which is a bug in the dak installation. I've contacted FTP masters to
> fix that.
It has been processed in NEW by now, so gnutls26 should be availa
Note that the gnutls26 package isn't available yet. It landed in the NEW queue
which is a bug in the dak installation. I've contacted FTP masters to
fix that.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
On Mon, June 2, 2014 09:59, Moritz Muehlenhoff wrote:
> Everyone who wants to participate should request write access to that
> repo, as documented here:
> https://security-tracker.debian.org/tracker/data/report
Note that all DD's should already be able to commit to this repository
without request
On Fri, May 30, 2014 at 04:08:01PM +0200, Christoph Biedl wrote:
> Moritz Muehlenhoff wrote...
>
> > On Wed, May 28, 2014 at 09:49:45AM +0200, Christoph Biedl wrote:
> > > So I
> > > am thinking of an an updated version of libdbi-perl for squeeze-lts
> > > that lowers the dependency on libplrpc-pe
Hi,
now that the official security support for Squeeze has ended, Squeeze LTS
can go live!
I've just released the first update (for gnutls26) and it seems to have worked
fine. Now everyone else should pick up some work :-)
As discussed earlier we'll use the same workflow to coordinate work as use
18 matches
Mail list logo
