Re: Missing openssl build for i386

On Fri, Jun 06, 2014 at 09:15:11AM +1000, Matt Palmer wrote: > On Thu, Jun 05, 2014 at 11:30:12PM +0100, Steven Chamberlain wrote: > > Hi again, > > > > Looking at the Packages file on the same mirror, I see the > > openssl packages available for amd64, but not i386? > > The amd64 build got uploa

Re: Workflow for Debian LTS / First update released

On Fri, Jun 06, 2014 at 02:23:26AM +0200, Carlos Alberto Lopez Perez wrote: > On 02/06/14 09:59, Moritz Muehlenhoff wrote: > > As discussed earlier we'll use the same workflow to coordinate work as used > > in the Debian Security Team: A simple text file. I've commited a first > > version to the Se

Re: Missing openssl build for i386

On 2014-06-06 02:46, Carlos Alberto Lopez Perez wrote: For the future... is there any site where one can manually download the packages waiting on the queue? I know about incoming.debian.org, but this openssl:i386=0.9.8o-4squeeze15 don't seems to be there The package doesn't appear to be upda

Re: linux-2.6 (2.6.32-48squeeze7) CVE-2014-3153

On 06/06/14 03:09, Carlos Alberto Lopez Perez wrote: > On 06/06/14 02:06, Carlos Alberto Lopez Perez wrote: >> Hi, >> >> >> I can see on the svn that the updated package for linux-2.6 is ready [1] >> (or at least seems so) >> >> However, I can't find it on buildd [2] neither on incoming.debian.org

Re: linux-2.6 (2.6.32-48squeeze7) CVE-2014-3153

On 06/06/14 02:06, Carlos Alberto Lopez Perez wrote: > Hi, > > > I can see on the svn that the updated package for linux-2.6 is ready [1] > (or at least seems so) > > However, I can't find it on buildd [2] neither on incoming.debian.org > > Any hint? > > Thanks! > > > [1] http://anonscm.debi

Re: Missing openssl build for i386

On 06/06/14 01:15, Matt Palmer wrote: > On Thu, Jun 05, 2014 at 11:30:12PM +0100, Steven Chamberlain wrote: >> Hi again, >> >> Looking at the Packages file on the same mirror, I see the >> openssl packages available for amd64, but not i386? > > The amd64 build got uploaded just before a dinstall r

Re: Workflow for Debian LTS / First update released

On 02/06/14 09:59, Moritz Muehlenhoff wrote: > As discussed earlier we'll use the same workflow to coordinate work as used > in the Debian Security Team: A simple text file. I've commited a first > version to the Security Tracker SVN: > http://anonscm.debian.org/viewvc/secure-testing/data/lts-neede

linux-2.6 (2.6.32-48squeeze7) CVE-2014-3153

Hi, I can see on the svn that the updated package for linux-2.6 is ready [1] (or at least seems so) However, I can't find it on buildd [2] neither on incoming.debian.org Any hint? Thanks! [1] http://anonscm.debian.org/viewvc/kernel?view=revision&revision=21392 [2] https://buildd.debian.org/s

Re: openssl dsa?

On Thu, Jun 05, 2014 at 08:51:36AM -0500, Brian Kroth wrote: > Hi, I was wondering if we can expect an openssl update for > squeeze-lts for [1] (also reported as DSA-2950-1)? Looks like it went out a few hours ago: https://lists.debian.org/debian-lts-announce/2014/06/msg2.html - Matt signa

Re: try to fix CVE-2012-4528

Hi Matteo, On Thu, Jun 05, 2014 at 11:25:23PM +0200, matteo filippetto wrote: > 2014-06-05 14:42 GMT+02:00 matteo filippetto : > >> > >> I'm following https://wiki.debian.org/BuildingTutorial > >> to fix https://security-tracker.debian.org/tracker/CVE-2012-4528 > >> > > So, > > I manage to creat

Re: Missing openssl build for i386

On Thu, Jun 05, 2014 at 11:30:12PM +0100, Steven Chamberlain wrote: > Hi again, > > Looking at the Packages file on the same mirror, I see the > openssl packages available for amd64, but not i386? The amd64 build got uploaded just before a dinstall run, while the i386 build was uploaded some time

Missing openssl build for i386

Hi again, Looking at the Packages file on the same mirror, I see the openssl packages available for amd64, but not i386? $ diff -Nru binary-*/Packages | grep Package --- binary-amd64/Packages 2014-06-05 21:06:34.0 +0100 +++ binary-i386/Packages2014-06-05 21:06:34.0 +

Re: try to fix CVE-2012-4528

2014-06-05 14:42 GMT+02:00 matteo filippetto : >> >> I'm following https://wiki.debian.org/BuildingTutorial >> to fix https://security-tracker.debian.org/tracker/CVE-2012-4528 >> So, I manage to create the patch (see attachment). This is my first debdiff patch and I'm still learning so it could

Re: openssl security update

Unsubscribe— Sent from my phone On Thu, Jun 5, 2014 at 9:36 AM, Kurt Roeckx wrote: > Package: openssl > Version: 0.9.8o-4squeeze15 > CVE ID: CVE-2014-0076 CVE-2014-0195 CVE-2014-0221 CVE-2014-3470 CVE-2014-0224 > CVE-2014-0195 > Jueri Aedla discovered that a buffer overflow in processing DTL

Re: what to leave in sources.list?

On Thu, 2014-06-05 at 19:39 +0200, Christoph Biedl wrote: > Matus UHLAR - fantomas wrote... > > > which sources I should keep in sources.list? [...] > > - main squeeze > > - updates (formerly volatile) > > These two should not see any further updates, but see above. "main squeeze" will, once - t

Re: openssl dsa?

Brian Kroth wrote... > Hi, I was wondering if we can expect an openssl update for > squeeze-lts for [1] (also reported as DSA-2950-1)? Since, as far as I know, the squeeze version is also affected, I've added openssl on the "lts-needed.txt" list. Christoph signature.asc Description: Digi

Re: what to leave in sources.list?

Matus UHLAR - fantomas wrote... > which sources I should keep in sources.list? If you leave them all, little can go wrong. In the worst case the might start failing at some point in the future, you can still remove them then. > I have four now: > > - main squeeze > - updates (formerly volatile)

Re: what to leave in sources.list?

On Thu, Jun 05, 2014 at 05:27:30PM +0200, Matus UHLAR - fantomas wrote: which sources I should keep in sources.list? I have four now: - main squeeze - updates (formerly volatile) - security updates - LTS updates I expect moving squeese-updates (formerly backports) along with security update

Re: what to leave in sources.list?

Hi, On Thu, Jun 05, 2014 at 05:27:30PM +0200, Matus UHLAR - fantomas wrote: > which sources I should keep in sources.list? The ones you need ;) > I have four now: > > - main squeeze > - updates (formerly volatile) > - security updates > - LTS updates > > > I expect moving squeese-updates (fo

what to leave in sources.list?

Hello, which sources I should keep in sources.list? I have four now: - main squeeze - updates (formerly volatile) - security updates - LTS updates I expect moving squeese-updates (formerly backports) along with security updates to main archive and leave only it and LTS. What about backports?

openssl dsa?

Hi, I was wondering if we can expect an openssl update for squeeze-lts for [1] (also reported as DSA-2950-1)? I'm not on this list at the moment. Thanks, Brian [1] signature.asc Description: Digital signature

Iceweasel not in security-support-ended

Hello, I am wondering that Iceweasel is not in the security-support-ended file. Do I have to put this kind of bugs in the BTS for the sid-version? With regards, Paul van der Vlis. -- Paul van der Vlis Linux systeembeheer, Groningen http://www.vandervlis.nl/ -- To UNSUBSCRIBE, email to deb

Re: try to fix CVE-2012-4528

2014-06-05 14:13 GMT+02:00 matteo filippetto : > Hi, > > I'm following https://wiki.debian.org/BuildingTutorial > to fix https://security-tracker.debian.org/tracker/CVE-2012-4528 > > I have modified the source files to fix the CVE and know I should > create a .patch files. > > But I get it done usi

try to fix CVE-2012-4528

Hi, I'm following https://wiki.debian.org/BuildingTutorial to fix https://security-tracker.debian.org/tracker/CVE-2012-4528 I have modified the source files to fix the CVE and know I should create a .patch files. But I get it done using dpatch ... is it the right tool to use ? I found that quil