Re: imagemagick

2016-03-25 Thread Salvatore Bonaccorso
Hi Brian, Not luciano here but I think can reply to part of it as well: On Sat, Mar 26, 2016 at 05:40:39PM +1100, Brian May wrote: > Luciano Bello writes: > > > On Thursday 10 March 2016 13.39.31 Brian May wrote: > >> I have wheezy packages for testing: > >> https://people.debian.org/~bam/wheez

Re: imagemagick

2016-03-25 Thread Brian May
Luciano Bello writes: > On Thursday 10 March 2016 13.39.31 Brian May wrote: >> I have wheezy packages for testing: >> https://people.debian.org/~bam/wheezy/imagemagick/ >> >> I also have jessie packages for testing: >> https://people.debian.org/~bam/jessie/imagemagick/ > > Sorry for the delay in

Re: Xen security updates on Wheezy

2016-03-25 Thread Brian May
Antoine Beaupré writes: > They seem to hold, although I have yet to test them in production. One > thing I noticed is that they don't seem to fix CVE-2015-8104 and > CVE-2015-5307, ie. that the patches you posted in > <87d1qvvzhi@prune.linuxpenguins.xyz> were not factored into the > package.

Re: working for wheezy-security until wheezy-lts starts

2016-03-25 Thread Brian May
Antoine Beaupré writes: > I am not aware of any such tool. How did you do the following comparison > - by hand? Yes, I did. What I imagine is having same tool that will look at an input file (e.g. debian/changelog) and find everything that looks like a CVE, and then compare against distribution

Re: nss: CVE-2015-7181, CVE-2015-7182 and CVE-2015-4000 [was nss: CVE-2015-4000]

2016-03-25 Thread Luciano Bello
On Friday 25 March 2016 13.13.57 Antoine Beaupré wrote: > I don't know if Luciano did, but I looked at the patch and they are > okay, insofar as they match the upstream ones. Oh.. geez. This fall out of my table. Sorry. Two small comments, we usually use urgency=high (yes, even when I'm answering

Re: nss: CVE-2015-7181, CVE-2015-7182 and CVE-2015-4000 [was nss: CVE-2015-4000]

2016-03-25 Thread Antoine Beaupré
On 2016-01-23 09:04:53, Guido Günther wrote: > Hi Luciano, > On Thu, Dec 10, 2015 at 06:27:54PM +0100, Luciano Bello wrote: >> On Saturday 28 November 2015 14.16.33 Guido Günther wrote: >> > I've attached the patches for review. These also add some minimal >> > autopkgtest to exercise the ASN1 pars

Re: Xen security updates on Wheezy

2016-03-25 Thread Moritz Mühlenhoff
On Thu, Mar 24, 2016 at 01:37:19PM -0400, Antoine Beaupré wrote: > (Opening a new thread to clarify topic.) > > Brian, I have tested the packages you have proided here: > > https://people.debian.org/~bam/wheezy/xen/amd64/ > > They seem to hold, although I have yet to test them in production. One