Hi,
On Wed, Mar 29, 2017 at 06:28:49AM +0200, Salvatore Bonaccorso wrote:
> Hi,
>
> On Tue, Mar 28, 2017 at 10:16:52PM +, Holger Levsen wrote:
> > On Tue, Mar 28, 2017 at 10:35:34PM +0200, Moritz Muehlenhoff wrote:
> > > Well, you don't have a web site comparable to
> > > https://www.debian.
On Wed, Mar 29, 2017 at 12:28 PM, Salvatore Bonaccorso wrote:
> See as well https://bugs.debian.org/761945 (and respective clones for
> debian-).
Committed a patch for this, carnil deployed it.
One downside to this is that committing DLAs to the Debian website
hasn't happened since 2016 DLA-
Hi,
On Tue, Mar 28, 2017 at 10:16:52PM +, Holger Levsen wrote:
> On Tue, Mar 28, 2017 at 10:35:34PM +0200, Moritz Muehlenhoff wrote:
> > Well, you don't have a web site comparable to
> > https://www.debian.org/security/2017/dsa-3796, so where should
> > it possibly link to?
>
> I guess it's
On Tue, Mar 28, 2017 at 10:35:34PM +0200, Moritz Muehlenhoff wrote:
> Well, you don't have a web site comparable to
> https://www.debian.org/security/2017/dsa-3796, so where should
> it possibly link to?
I guess it's time to create this "web site" then :)
--
cheers,
Holger
signature
On Tue, Mar 28, 2017 at 04:08:19PM -0400, Antoine Beaupré wrote:
> I constantly find myself struggling to find the actual DLA announcements
> when I browse the security tracker. Take for example:
>
> https://security-tracker.debian.org/tracker/CVE-2016-8743
>
> If you click on the DSA there:
>
>
2017-03-28 21:07 GMT+02:00 Ola Lundqvist :
> Hi Mathieu and Roberto
Hi,
> Mathieu, do you mean that they patches should apply cleanly and if they do
> not, then we have missed some other important patch, or do you just mean
> that they should generally apply cleanly?
I don't know for sure, but I
I constantly find myself struggling to find the actual DLA announcements
when I browse the security tracker. Take for example:
https://security-tracker.debian.org/tracker/CVE-2016-8743
If you click on the DSA there:
https://security-tracker.debian.org/tracker/DSA-3796-1
You have a nice "Source"
Hi Mathieu and Roberto
Mathieu, do you mean that they patches should apply cleanly and if they do
not, then we have missed some other important patch, or do you just mean
that they should generally apply cleanly?
I'm asking as it is rather expected that patches do not apply cleanly when
we are de
Hi Roberto
When you write that the latest patches do not apply cleanly. Do you mean
that the code is substantially different so even a manual apply is
difficult or do you just mean that the patches do not apply cleanly when
running the patch command?
Best regards
// Ola
On 28 March 2017 at 16:2
Hi
Let us in the LTS team know if you need assistance on this.
Best regards
// Ola
On 28 March 2017 at 18:05, Michael Shuler wrote:
> On 03/27/2017 09:06 PM, Paul Wise wrote:
> > On Tue, Mar 28, 2017 at 8:12 AM, Michael Shuler wrote:
> >
> >> I need to fix up the jessie PU I have filed (and u
Hi
That should be fine.
// Ola
On 27 March 2017 at 22:16, Antoine Beaupré wrote:
> FWIW, the security team just marked all the currently pending security
> issues of binutils in jessie as "no-dsa (minor issue)" which means they
> consider the issues are not serious enough to warrant a security
On 2017-01-31 21:36:02, Guido Günther wrote:
> On Tue, Jan 31, 2017 at 04:07:19PM -0500, Antoine Beaupré wrote:
>> On 2017-01-31 21:42:41, Emilio Pozuelo Monfort wrote:
>> > I'd say it makes sense to release a regression update.
>> >
>> > BTW I'm not sure about this change, which is not mentioned i
On 03/27/2017 09:06 PM, Paul Wise wrote:
> On Tue, Mar 28, 2017 at 8:12 AM, Michael Shuler wrote:
>
>> I need to fix up the jessie PU I have filed (and update to 2.11), and
>> I'll do a wheezy PU at the same time. Thanks!
s/wheezy PU/wheezy LTS/
> Debian wheezy is no longer managed by the releas
LTS folks,
Based on Mathieu's comment related to the most recent samba patches not
applying cleanly to the version in wheezy, it seems that an update to
the latest upstream 3.6 release might be necessary. That said, I have
looked at the diffstat between the version in wheezy (3.6.6) and 3.6.25,
t
On Tue, Mar 28, 2017 at 03:55:12PM +0200, Raphael Hertzog wrote:
> On Tue, 28 Mar 2017, Moritz Muehlenhoff wrote:
> > I'd suggest a cron job running once or twice per day, which keeps
> > a table of (current source package name / old source package name(s))
> > and adds SOURCEPACKAGE for the older
On Tue, 28 Mar 2017, Moritz Muehlenhoff wrote:
> I'd suggest a cron job running once or twice per day, which keeps
> a table of (current source package name / old source package name(s))
> and adds SOURCEPACKAGE for the older source package.
> These can then be set to or after manual
> triage.
On Tue, Mar 28, 2017 at 03:11:41PM +0200, Raphael Hertzog wrote:
> Hello,
>
> So it looks like we have to tweak our worflow and/or build something
> to make sure that we do not miss to handle issues in such packages.
> What do you think ? What would be the proper approach ?
I'd suggest a cron job
Hello,
I recently assigned myself "tiff" and noticed that the CVE were
not properly tracked against "tiff3" (older version of the same codebase,
available only in wheezy). I asked the security team if there was a reason
to this and got this answer (on IRC):
we don't actively triage versions only
On Tue, Mar 28, 2017 at 11:34:44AM +0200, Mathieu Parent wrote:
> Hi,
>
> 2017-03-26 14:39 GMT+02:00 Roberto C. Sánchez :
> > On Thu, Mar 23, 2017 at 11:30:09AM +0100, Mathieu Parent wrote:
> >>
> >> See attached the backported patches for 3.6 (those are from the samba
> >> bugzilla which is still
Hi,
2017-03-26 14:39 GMT+02:00 Roberto C. Sánchez :
> On Thu, Mar 23, 2017 at 11:30:09AM +0100, Mathieu Parent wrote:
>>
>> See attached the backported patches for 3.6 (those are from the samba
>> bugzilla which is still embargoed).
>>
>> Please take care of it.
>>
>
> Hi Mathieu,
>
> I wanted to
20 matches
Mail list logo
