On 02/12/16 06:40, Salvatore Bonaccorso wrote:
> Hi Emilio, Jonas, Antoine,
>
> Thanks for all feedback.
>
> On Thu, Dec 01, 2016 at 04:44:22PM +0100, Emilio Pozuelo Monfort wrote:
>> On 01/12/16 16:25, Jonas Meurer wrote:
>>> Hi Security and LTS folks,
>>>
>>> Am 01.12.2016 um 15:54 schrieb Salv
Hi Emilio, Jonas, Antoine,
Thanks for all feedback.
On Thu, Dec 01, 2016 at 04:44:22PM +0100, Emilio Pozuelo Monfort wrote:
> On 01/12/16 16:25, Jonas Meurer wrote:
> > Hi Security and LTS folks,
> >
> > Am 01.12.2016 um 15:54 schrieb Salvatore Bonaccorso:
> >> On Wed, Nov 30, 2016 at 04:05:20PM
Hi,
For November, I had 11 hours allocated. I unfortunately wasn't able to
free up enough time to do all my hours. I have spent around 4 hours on
various tasks, including some triage of libxml2, ntp, openssl and tiff
issues. I have also spent a significant amount of time working on
clarifying the
Hi,
In this month I was allocated 11h, which I spent doing the following:
- DLA-700-1: libxslt: fixed heap overread bug
- DLA-702-1: tzdata: updated for the 2016i release
- DLA-703-1: libdatetime-timezone-perl: updated for the 2016i release
- DLA-704-1: openjdk-7: backported version in experiment
On 2016-12-01 10:06:46, Antoine Beaupré wrote:
> On 2016-11-30 23:59:32, Guido Günther wrote:
>> I remember the nss testsuite to run cleanly last time I checked a couple
>> of months ago so we should IMHO investigate.
>
> It seems that there are a lot of failing tests regarding FIPS support:
>
> [1
Hi
This was the case when I run the tests last time. If I remenber correctly
FIPS had to be enabled with sysctl and even with that I couldn't make it
work.
After reading more about FIPS I concluded that this is likely something
that nobody uses, at least likely not on wheezy.
/ Ola
Sent from a
For November I had available 11 hours. I spent them on the following
tasks:
* imagemagick: multiple issues: I backported fixes for all remaining
issues, resolved numerous unit test failures resulting from several
of the patches, and posted a candidate package for review and testing;
an uplo
On Thu, Dec 01, 2016 at 04:34:20PM +0100, Raphael Hertzog wrote:
> On Tue, 29 Nov 2016, Antoine Beaupré wrote:
> > I wonder if we should standardize something about this.
> >
> > I usually name security patches with the following scheme:
> > debian/patches/CVE--(-commithash)?.patch
>
> I
On 2016-12-01 10:34:20, Raphael Hertzog wrote:
> On Tue, 29 Nov 2016, Antoine Beaupré wrote:
>> I wonder if we should standardize something about this.
>>
>> I usually name security patches with the following scheme:
>> debian/patches/CVE--(-commithash)?.patch
>
> I use CVE--(-patc
On 2016-12-01 10:25:58, Jonas Meurer wrote:
> Hi Security and LTS folks,
>
> Am 01.12.2016 um 15:54 schrieb Salvatore Bonaccorso:
>> On Wed, Nov 30, 2016 at 04:05:20PM -0500, Antoine Beaupré wrote:
>>> +nss (2:3.26.2-1+debu7u1) UNRELEASED; urgency=high
>>> +
>>> + * Non-maintainer upload by the LT
On Tue, 29 Nov 2016, Antoine Beaupré wrote:
> I wonder if we should standardize something about this.
>
> I usually name security patches with the following scheme:
> debian/patches/CVE--(-commithash)?.patch
I use CVE--(-patchnumber)?.patch as some issues require multiple
patches
On 01/12/16 16:25, Jonas Meurer wrote:
> Hi Security and LTS folks,
>
> Am 01.12.2016 um 15:54 schrieb Salvatore Bonaccorso:
>> On Wed, Nov 30, 2016 at 04:05:20PM -0500, Antoine Beaupré wrote:
>>> +nss (2:3.26.2-1+debu7u1) UNRELEASED; urgency=high
>>> +
>>> + * Non-maintainer upload by the LTS Se
On Thu, 01 Dec 2016, Ben Hutchings wrote:
> Would it make sense to add a Bug header field to patches, e.g.:
> Bug-CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE--
> or:
> Bug-Debian-Security:
> https://security-tracker.debian.org/tracker/CVE--
> ?
I don't have any
Hi Security and LTS folks,
Am 01.12.2016 um 15:54 schrieb Salvatore Bonaccorso:
> On Wed, Nov 30, 2016 at 04:05:20PM -0500, Antoine Beaupré wrote:
>> +nss (2:3.26.2-1+debu7u1) UNRELEASED; urgency=high
>> +
>> + * Non-maintainer upload by the LTS Security Team.
>> + * New upstream release to fix
On 2016-11-30 23:59:32, Guido Günther wrote:
> I remember the nss testsuite to run cleanly last time I checked a couple
> of months ago so we should IMHO investigate.
It seems that there are a lot of failing tests regarding FIPS support:
[1034]anarcat@angela:nss-3.26.2$ grep 'FAILED$'
/var/cache
On 2016-12-01 09:54:44, Salvatore Bonaccorso wrote:
> Hi Antoine,
>
> On Wed, Nov 30, 2016 at 04:05:20PM -0500, Antoine Beaupré wrote:
>> +nss (2:3.26.2-1+debu7u1) UNRELEASED; urgency=high
>> +
>> + * Non-maintainer upload by the LTS Security Team.
>> + * New upstream release to fix CVE-2016-9074
Hi Antoine,
On Wed, Nov 30, 2016 at 04:05:20PM -0500, Antoine Beaupré wrote:
> +nss (2:3.26.2-1+debu7u1) UNRELEASED; urgency=high
> +
> + * Non-maintainer upload by the LTS Security Team.
> + * New upstream release to fix CVE-2016-9074
Depending on what is done this should be either 2:3.26.2-0+
On 2016-12-01 02:44:44, Ola Lundqvist wrote:
> Hi
>
> In LTS the hook is available in debian/rules but commented. The number
> of failed test cases seems to be the same as I remember from when I
> had to disable it.
Sorry, which hook?
The only dh_auto_test target I could find was in some obscure
On 2016-11-30 23:59:32, Guido Günther wrote:
> Hi Antoine,
> On Wed, Nov 30, 2016 at 11:03:39PM -0500, Antoine Beaupré wrote:
>> On 2016-11-30 16:46:17, Ola Lundqvist wrote:
>> > Hi
>> >
>> > There were no test suite before the update so I could not tell if it was a
>> > regression or not.
>>
>> I
Hi,
November 2016 was my third month as a payed Debian LTS contributor.
I was allocated 11 hours. I spent all of them in CVE triage for Xen.
Longer explanation:
It has been reported by Guido Günter that Xen before v4.4.0-1 embeds
a copy of QEMU 0.10.2. Xen has version 4.1.4 in wheezy, so it is
20 matches
Mail list logo
