Re: Wheezy update of pngquant?

2017-05-30 Thread Andreas Tille
Hi Raphael, thanks for working on Debian LTS. On Thu, May 25, 2017 at 01:02:27PM +0200, Raphael Hertzog wrote: > > The Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of pngquant: > https://security-tracker.debian.org/tracker/CVE-2016-5735 >

Intention to correct nss

2017-05-30 Thread Ola Lundqvist
Hi fellow LTS maintainers I just want to inform you that I have patched nss and created a build. The files are available here (including debdiff and build-and-test log file). http://apt.inguza.net/wheezy-security/nss Please test if you have the possibility. I will upload the correction very soo

Re: heads-up: stretch release and changes to security-tracker

2017-05-30 Thread Chris Lamb
Dear Salvatore, > > Can you briefly explain what changes you are refering to? > > Sure, will send here a diff once I have it ready. But basically there > are some renaming needed (hardocded associatations e.g. stable -> > jessie, oldstable -> wheezy, adjusting the Makefile and last but not > leas

Re: heads-up: stretch release and changes to security-tracker

2017-05-30 Thread Salvatore Bonaccorso
Hi Chris, On Sat, May 27, 2017 at 10:06:38AM +0100, Chris Lamb wrote: > Salvatore Bonaccorso wrote: > > > I plan to work on the relvant changes to the security tracker for once > > stretch is released. > > Can you briefly explain what changes you are refering to? Sure, will send here a diff once

Re: libpodofo security update

2017-05-30 Thread Markus Koschany
Hi, Am 30.05.2017 um 20:05 schrieb Mattia Rizzolo: > On Tue, May 30, 2017 at 03:20:42PM +0200, Markus Koschany wrote: >> Hi Mattia, > > Hi Markus, > >> I prepared a new security update for libpodofo in Wheezy. You indicated >> that you would like to review the patches. Please find attached the >

Re: libpodofo security update

2017-05-30 Thread Mattia Rizzolo
On Tue, May 30, 2017 at 03:20:42PM +0200, Markus Koschany wrote: > Hi Mattia, Hi Markus, > I prepared a new security update for libpodofo in Wheezy. You indicated > that you would like to review the patches. Please find attached the > debdiff between the current version in Wheezy and the latest u

libpodofo security update

2017-05-30 Thread Markus Koschany
Hi Mattia, I prepared a new security update for libpodofo in Wheezy. You indicated that you would like to review the patches. Please find attached the debdiff between the current version in Wheezy and the latest update. Regards, Markus diff -Nru libpodofo-0.9.0/debian/changelog libpodofo-0.9.0/d

[SECURITY] [DLA 961-1] mosquitto security update

2017-05-30 Thread Gianfranco Costamagna
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: mosquitto Version: 0.15-2+deb7u1 CVE ID : CVE-2017-7650 Debian Bug : CVE-2017-7650: Pattern based ACLs can be bypassed by clients that set their username/client id to ‘#’ or ‘+’. This allows locally or remotely