Hi
Thank you for quick response.
The check I did for wheezy was simply to grep for ghe validation function
and it was missing. Thins is whag I mean with clearly vulnerable. I should
have said clearly not patched.
I have not seen a patch that works for eheezy yet.
I will investigate this more if
On Wed, 7 Jun. 2017, 06:33 Ola Lundqvist, wrote:
> I can see the following comments from you:
> + * Backport patches from 4.7.5 Closes: #862816
> + CVEs to be added once issued
> + - CVE-2017-XXX
> + Insufficient redirect validation in the HTTP class.
>
The changelog now reads:
* CVE-20
Dear maintainer(s),
The Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of wordpress:
https://security-tracker.debian.org/tracker/CVE-2017-9066
Would you like to take care of this yourself?
If yes, please follow the workflow we have defined he
Hi Craig
I can see the following comments from you:
+ * Backport patches from 4.7.5 Closes: #862816
+ CVEs to be added once issued
+ - CVE-2017-XXX
+ Insufficient redirect validation in the HTTP class.
+ (may not be vulnerable, no patch found)
The patch is available here:
https://git
Dear maintainer(s),
The Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of samba:
https://security-tracker.debian.org/tracker/source-package/samba
Specifically bug #864291.
Would you like to take care of this yourself?
If yes, please follow th
Dear maintainer(s),
The Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of otrs2:
https://security-tracker.debian.org/tracker/CVE-2017-9324
Would you like to take care of this yourself?
If yes, please follow the workflow we have defined here:
Hi Raphael,
On Tue, Jun 06, 2017 at 12:05:14PM +0200, Raphael Hertzog wrote:
> Hi,
>
> On Fri, 02 Jun 2017, Guido Günther wrote:
> > > but it's not worth arguing and providing that in jessie might be useful
> > > for
> > > building building custom tools still.
> >
> > But then again the fix for
Hi,
On Fri, 02 Jun 2017, Guido Günther wrote:
> > but it's not worth arguing and providing that in jessie might be useful for
> > building building custom tools still.
>
> But then again the fix for this should be in Wheezy already as far as I
> can tell. Raphael (since you provided the upstream
