On Fri, Jun 02, 2017 at 10:42:18AM +0200, Guido Günther wrote:
> Dear maintainer(s),
>
> The Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of yodl:
> https://security-tracker.debian.org/tracker/CVE-2016-10375
>
> Would you like to take care
Hi Antoine,
> > I need to fix up the jessie PU I have filed (and update to 2.11), and
> > I'll do a wheezy PU at the same time. Thanks!
Will the jessie & wheezy uploads include the changes made in ca-certificates
20161130+nmu1? [0] I hope so :)
[0] https://tracker.debian.org/news/846121
Reg
On 2017-05-12 12:13:04, Raphael Hertzog wrote:
> Hello,
>
> On Mon, 27 Mar 2017, Michael Shuler wrote:
>> On 03/25/2017 03:32 AM, Paul Wise wrote:
>> > Hi all,
>> >
>> > I note that there have been some CA removals and additions that would
>> > be nice to have in wheezy, in particular the ISRG Ro
Hi,
during May I worked 8 of the allocated 8 hours on LTS. During this time
I did the following:
- qemu-kvm: Release DLA 939-1 fixing 3 video related CVEs. The actual
work for this was mostly done in April already.
- qemu-kvm: backport large parts of the 9pfs driver from qemu 2.8 to the
wheezy
Hi,
I was a bit embarassed by the fact the I didn't get the sorting correct
(again) in dla-needed.txt:
So I came up with this:
https://github.com/agx/emacs-tools/commit/2028d7a5548fb9cae641e45dc6f3a659f3b1839a
With that "C-, L" adds a new entry at the right position in
dla-needed.txt (for ds
On Fri, Jun 02, 2017 at 01:11:31PM +0200, Moritz Muehlenhoff wrote:
> On Fri, Jun 02, 2017 at 12:53:58PM +0200, Guido Günther wrote:
> > On Fri, Jun 02, 2017 at 12:27:47PM +0200, Moritz Muehlenhoff wrote:
> > > On Fri, Jun 02, 2017 at 12:21:01PM +0200, Guido Günther wrote:
> > > > Hi,
> > > > On Fr
On Fri, Jun 02, 2017 at 12:53:58PM +0200, Guido Günther wrote:
> On Fri, Jun 02, 2017 at 12:27:47PM +0200, Moritz Muehlenhoff wrote:
> > On Fri, Jun 02, 2017 at 12:21:01PM +0200, Guido Günther wrote:
> > > Hi,
> > > On Fri, Jun 02, 2017 at 11:32:07AM +0200, Raphael Hertzog wrote:
> > > > Hi,
> > >
On Fri, Jun 02, 2017 at 12:27:47PM +0200, Moritz Muehlenhoff wrote:
> On Fri, Jun 02, 2017 at 12:21:01PM +0200, Guido Günther wrote:
> > Hi,
> > On Fri, Jun 02, 2017 at 11:32:07AM +0200, Raphael Hertzog wrote:
> > > Hi,
> > >
> > > On Fri, 02 Jun 2017, Guido Günther wrote:
> > > > > I updated the
Hi Guido,
On Fri, Jun 02, 2017 at 12:29:29PM +0200, Guido Günther wrote:
> On Fri, Jun 02, 2017 at 11:02:06AM +0200, Moritz Muehlenhoff wrote:
> > On Fri, Jun 02, 2017 at 10:25:29AM +0200, Guido Günther wrote:
> > > Hi Moritz,
> > > I'm trying to figure out the reasoning for @51764. This marks tif
On Fri, Jun 02, 2017 at 11:02:06AM +0200, Moritz Muehlenhoff wrote:
> On Fri, Jun 02, 2017 at 10:25:29AM +0200, Guido Günther wrote:
> > Hi Moritz,
> > I'm trying to figure out the reasoning for @51764. This marks tiff as
> > affected by CVE-2016-10095. However from the upstream bug and the
> > cha
On Fri, Jun 02, 2017 at 12:21:01PM +0200, Guido Günther wrote:
> Hi,
> On Fri, Jun 02, 2017 at 11:32:07AM +0200, Raphael Hertzog wrote:
> > Hi,
> >
> > On Fri, 02 Jun 2017, Guido Günther wrote:
> > > > I updated the git repository of debian-security-support. Shall we
> > > > release
> > > > an up
Hi,
On Fri, Jun 02, 2017 at 11:32:07AM +0200, Raphael Hertzog wrote:
> Hi,
>
> On Fri, 02 Jun 2017, Guido Günther wrote:
> > > I updated the git repository of debian-security-support. Shall we release
> > > an update of that package?
> >
> > We did not do so for the last updates so that would be
Hi,
On Fri, 02 Jun 2017, Guido Günther wrote:
> > I updated the git repository of debian-security-support. Shall we release
> > an update of that package?
>
> We did not do so for the last updates so that would be good. Will you
> handle this?
Feel free to do it. I'm going away for 3 days in a f
Hi VigneshDhanraj G,
On Fri, Jun 02, 2017 at 12:41:18PM +0530, VigneshDhanraj G wrote:
> Hi Team,
>
> I have a query regarding the security updatesof eglibc and libxml, there
> was a vulnerability in eglibc and libxml. Will we get any update or fix for
> this vulnerabilities, I know that wheezy in
On Fri, Jun 02, 2017 at 10:25:29AM +0200, Guido Günther wrote:
> Hi Moritz,
> I'm trying to figure out the reasoning for @51764. This marks tiff as
> affected by CVE-2016-10095. However from the upstream bug and the
> changes we made in wheezy it looks like the changes we made already are
> suffici
On Fri, Jun 02, 2017 at 10:06:32AM +0200, Raphael Hertzog wrote:
> On Mon, 29 May 2017, Guido Günther wrote:
> > > https://security-tracker.debian.org/tracker/source-package/autotrace
> >
> > Agreed.
>
> I updated the git repository of debian-security-support. Shall we release
> an update of that
Dear maintainer(s),
The Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of ming:
https://security-tracker.debian.org/tracker/CVE-2017-8782
Would you like to take care of this yourself?
If yes, please follow the workflow we have defined here:
h
Dear maintainer(s),
The Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of yodl:
https://security-tracker.debian.org/tracker/CVE-2016-10375
Would you like to take care of this yourself?
If yes, please follow the workflow we have defined here:
W. Martin Borgert wrote:
> Just to be sure, we talk about the same patch...
> I meant the one I added Tue, 30 May 2017 to the bug report:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=863671;filename=fix-command-injection-vulnerability;msg=14
No :)
Regards,
--
,''`.
: :
Chris Lamb wrote:
> No :)
As in, there are no other changes. (Sorry, removed too much of the
quote context...)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
On 2017-06-02 09:21, Chris Lamb wrote:
> It's the "same" patch but I also needed to backport split.[ch]. Some
> of the run_cmd callsites were also different in the 1.7 version so it's
> not identical.
Just to be sure, we talk about the same patch...
I meant the one I added Tue, 30 May 2017 to the
Hi Moritz,
I'm trying to figure out the reasoning for @51764. This marks tiff as
affected by CVE-2016-10095. However from the upstream bug and the
changes we made in wheezy it looks like the changes we made already are
sufficient to fix the issue. Do you have a hint why you think this is
not the ca
[Adding debian-lts@lists.debian.org to CC]
W. Martin Borgert wrote:
> Is your patch identical to the one I posted on -security Wed, 31 May 2017?
> (https://lists.debian.org/debian-security/2017/05/msg00021.html)
It's the "same" patch but I also needed to backport split.[ch]. Some
of the run_cmd
On Mon, 29 May 2017, Guido Günther wrote:
> > https://security-tracker.debian.org/tracker/source-package/autotrace
>
> Agreed.
I updated the git repository of debian-security-support. Shall we release
an update of that package?
Do we want to send a DLA to announce this?
Cheers,
--
Raphaël Hert
Hi,
May 2017 was my tenth month as a payed Debian LTS contributor.
I was allocated 15 hours. I spent all of them doing the following
tasks:
* Investigate CVE-2016-8686 in potrace. We finally decided to let
this issue no-dsa (low importance issue, hich patch complexity)
(https://lists.debian.
Hi Ola,
> I have reviewed your code and it looks good to me. I do not know this
> library very well however so may have overlooked something. But the
> checks looks ok.
>
> What I'm not sure of is the break statement, but I guess you have
> control over that part.
Thanks for your review !
This
Hi Team,
I have a query regarding the security updatesof eglibc and libxml, there
was a vulnerability in eglibc and libxml. Will we get any update or fix for
this vulnerabilities, I know that wheezy in LTS mode.
Regards,
VigneshDhanraj G
27 matches
Mail list logo
