Re: Security update of firefox-esr for Wheezy

2016-09-01 Thread Guido Günther
On Fri, Sep 02, 2016 at 01:26:05AM +0200, Emilio Pozuelo Monfort wrote: > On 08/08/16 10:20, Raphael Hertzog wrote: > > On Mon, 08 Aug 2016, Emilio Pozuelo Monfort wrote: > >>> Shall we mark gcc-4.8 as unsupported in wheezy, explaining that its only > >>> purpose is to enable build of other package

Re: Security update of firefox-esr for Wheezy

2016-09-01 Thread Emilio Pozuelo Monfort
On 08/08/16 10:20, Raphael Hertzog wrote: > On Mon, 08 Aug 2016, Emilio Pozuelo Monfort wrote: >>> Shall we mark gcc-4.8 as unsupported in wheezy, explaining that its only >>> purpose is to enable build of other packages? >> >> That would make sense. >> >> I'll see if I can take a look at this. >

Re: Wheezy update of mailman?

2016-09-01 Thread Chris Lamb
Hi Thijs, > > the Debian LTS team would like to fix the security issues which are > > currently open in the Wheezy version of mailman: > > https://security-tracker.debian.org/tracker/CVE-2016-6893 > > I'll look into it and will let you know. Any progress on this? I have prepared an update for LT

Wheezy update of mactelnet?

2016-09-01 Thread Thorsten Alteholz
Hello Håkon, the Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of mactelnet: https://security-tracker.debian.org/tracker/source-package/mactelnet Would you like to take care of this yourself? If yes, please follow the workflow we have defin

Re: matrixssl

2016-09-01 Thread Guido Günther
Hi Brian, On Thu, Sep 01, 2016 at 05:41:19PM +1000, Brian May wrote: > Guido Günther writes: > > > There are exploits mentioned in the paper. I think we should test them > > before releasing a DLA. > > What paper are you referring to here? > > There is the blog post here: > > https://blog.fuzz

Re: August Report

2016-09-01 Thread Chris Lamb
> * mailman (0.3 %) > NOTE: Thijs Kinkhorst said on debian-lts that he wants to have a look Does anyone know the current status of this one… ? Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-

Re: August Report

2016-09-01 Thread Ola Lundqvist
Hi Brian I had the same issue a month ago. It solved itself after a few days when new issues were found. // Ola On Thu, Sep 1, 2016 at 10:02 AM, Brian May wrote: > Hello, > > Just wondering how I should spend my LTS hours. If I look at the list of > unclaimed packages for LTS: this list is of p

Re: matrixssl

2016-09-01 Thread Brian May
Guido Günther writes: > There are exploits mentioned in the paper. I think we should test them > before releasing a DLA. What paper are you referring to here? There is the blog post here: https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html However I don't see