Re: Wheezy update of imagemagick?

2016-12-28 Thread Roberto C . Sánchez
Hi Ola, The issues CVE-2016-8677 and CVE-2016-9559 were fixed by Antione when he uploaded that latest imagemagick update to LTS. However, the announcement (DLA-756-1) did not list those issues among the issues that were addressed by that update. I have already mentioned it to him a couple of day

Re: Wheezy update of imagemagick?

2016-12-28 Thread Ola Lundqvist
Hi We will handle it. Take care. // Ola On 28 December 2016 at 21:15, Bastien Roucaries wrote: > Take care for this time. I lack tome now (babies) > > > Le 23 décembre 2016 23:32:17 GMT+01:00, Ola Lundqvist a > écrit : >> >> Hello dear maintainer(s), >> >> the Debian LTS team would like to fix

Re: Wheezy update of imagemagick?

2016-12-28 Thread Bastien Roucaries
Take care for this time. I lack tome now (babies) Le 23 décembre 2016 23:32:17 GMT+01:00, Ola Lundqvist a écrit : >Hello dear maintainer(s), > >the Debian LTS team would like to fix the security issues which are >currently open in the Wheezy version of imagemagick: >https://security-tracker.debi

Re: CVE triage for Xen

2016-12-28 Thread Guido Günther
Hi Hugo, On Wed, Dec 28, 2016 at 12:03:48AM +0100, Hugo Lefeuvre wrote: > Hi, > > Last month I've gone through most of the CVEs affecting qemu in the > past years and investigated whether they were likely to affect the > wheezy version of Xen. For that I have considered that any > vulnerability af

Re: Wheezy update of apache2?

2016-12-28 Thread Guido Günther
Hi Stefan, On Wed, Dec 28, 2016 at 03:44:25PM +0100, Stefan Fritsch wrote: > Hi Ola, > > On Friday, 23 December 2016 23:56:45 CET Ola Lundqvist wrote: > > the Debian LTS team would like to fix the security issues which are > > currently open in the Wheezy version of apache2: > > https://security-t

Re: Wheezy update of apache2?

2016-12-28 Thread Stefan Fritsch
Hi Ola, On Friday, 23 December 2016 23:56:45 CET Ola Lundqvist wrote: > the Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of apache2: > https://security-tracker.debian.org/tracker/CVE-2016-8743 > > Would you like to take care of this yourse

Re: Call for advice regarding curl CVE-2016-9586

2016-12-28 Thread Ola Lundqvist
Thank you. It was added to dla-needed.txt one or two days ago. / Ola Sent from a phone Den 27 dec 2016 22:37 skrev "Antoine Beaupré" : > On 2016-12-23 17:54:11, Ola Lundqvist wrote: > > Hi > > > > I have looked into CVE-2016-9586 affecting curl. > > What I'm trying to figure out is whether it