On Thu, 2016-11-24 at 14:59 +0100, Raphael Hertzog wrote:
> Hi,
>
> On Tue, 22 Nov 2016, Ola Lundqvist wrote:
[...]
> > Also I have in other discussions got the impression that gcc nowadays have
> > some kind of heap protection that prevent overwrite of data causing
> > arbitrary code execution. I
Hello dear maintainer(s),
The Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of tiff:
https://security-tracker.debian.org/tracker/CVE-2016-9533
https://security-tracker.debian.org/tracker/CVE-2016-9534
https://security-tracker.debian.org/tracke
Hello dear maintainer(s),
The Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of libsoap-lite-perl:
https://security-tracker.debian.org/tracker/CVE-2015-8978
Would you like to take care of this yourself?
If yes, please follow the workflow we h
Hello dear maintainer(s),
The Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of w3m:
https://security-tracker.debian.org/tracker/CVE-2016-9621
https://security-tracker.debian.org/tracker/CVE-2016-9625
https://security-tracker.debian.org/tracker
Hello dear maintainer(s),
The Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of lxc:
https://security-tracker.debian.org/tracker/CVE-2016-8649
Would you like to take care of this yourself?
If yes, please follow the workflow we have defined he
Hi
Thank you. It is now in dla-needed.txt
// Ola
On 24 November 2016 at 14:59, Raphael Hertzog wrote:
> Hi,
>
> On Tue, 22 Nov 2016, Ola Lundqvist wrote:
> > All of them are related to heap overflow that "can potentially cause
> > arbitrary code exection".
> > This is a security problem, but t
Hi,
On Sun, 20 Nov 2016, Markus Koschany wrote:
> the Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of libgc:
> https://security-tracker.debian.org/tracker/CVE-2016-9427
I have prepared an updated package (it required lots of manual
backpor
Hi,
On Tue, 22 Nov 2016, Ola Lundqvist wrote:
> All of them are related to heap overflow that "can potentially cause
> arbitrary code exection".
> This is a security problem, but the question is how important it is.
>
> The crash is a DoS problem, but my guess that from that perspective the
> wor
On Wed, 23 Nov 2016, Brian May wrote:
> I noticed that Asterisk was marked EOL for Debian squeeze; just wondered
> what the reasons were, and if these reasons apply to wheezy?
The reasons were just that it's a non-trivial package to support. It
tends to have regular security issues and upstream su
