Hi,
On Fri, Jul 21, 2017 at 11:03:22PM +0200, Moritz Mühlenhoff wrote:
> On Fri, Jul 21, 2017 at 09:51:45AM -0400, Antoine Beaupré wrote:
> > On 2017-07-20 18:15:00, Philipp Kern wrote:
> > > On 07/17/2017 09:41 PM, Antoine Beaupré wrote:
> > >> Let's not jump the gun here. We're not shipping NSS i
On Fri, Jul 21, 2017 at 09:51:45AM -0400, Antoine Beaupré wrote:
> On 2017-07-20 18:15:00, Philipp Kern wrote:
> > On 07/17/2017 09:41 PM, Antoine Beaupré wrote:
> >> Let's not jump the gun here. We're not shipping NSS in ca-certificates,
> >> just a tiny part of it: one text file, more or less.
>
On 2017-07-21 22:19:20, Philipp Kern wrote:
> My point was that you state what your delta is and essentially boils
> down to attach the diff of what will actually happen to the .deb. I
> think it's generally fine to add new CAs and remove fully distrusted
> ones, instead of saying "it should jus
On 2017-07-20 18:15:00, Philipp Kern wrote:
> On 07/17/2017 09:41 PM, Antoine Beaupré wrote:
>> Let's not jump the gun here. We're not shipping NSS in ca-certificates,
>> just a tiny part of it: one text file, more or less.
>
> Yeah, and the consensus of the world external to Debian seems to be tha
TL;DR: New proposed package (deb7u11) doesn't actually show a new
regression, please test:
https://people.debian.org/~anarcat/debian/wheezy-lts/apache2_2.2.22-13+deb7u11_amd64.changes
In particular, Brian Kroth: are you *sure* you had that ErrorDocument
400 working in apache2_2.2.22-13+deb7u7 (ie
Hi Guido,
On Fri, Jul 21, 2017 at 10:02:37AM +0200, Guido Günther wrote:
> Hi security team,
> I looked at CVE-2017-131 yesterday. After failing to exploit it
> via a SQL injection getting "validation errors". I then contacted the
> maintainer Paul Gevers and he replied promptly that this look
Hi security team,
I looked at CVE-2017-131 yesterday. After failing to exploit it
via a SQL injection getting "validation errors". I then contacted the
maintainer Paul Gevers and he replied promptly that this looks like a
duplicate of CVE-2014-4002. Do you agree that this can be marked as
not a
Hi Antoine,
On Wednesday, 19 July 2017 15:45:20 CEST Antoine Beaupre wrote:
> As I mentioned in the #858373 bug report, I started looking at fixing
> the regression introduced by the 2.2.22-13+deb7u8 upload, part of
> DLA-841-1. The problem occurs when a CGI(d) ErrorDocument is configured
> to han
