On Thu, Jul 27, 2017 at 03:42:30PM +0100, Adam Weremczuk wrote:
>
> These are the vulnerability I'm referring to and they have been addressed in
> OpenSSH versions 6.6 and 7.2p2:
>
> Threat 1:
>
> The sshd server fails to validate user-supplied X11 authentication
> credentials
> when establishin
Adam Weremczuk writes:
> Does their flagging mean they don't know how Debian security patching
> works?
They probably just don't care. Most of those firms do literally nothing
other than running Nessus on your server remotely and then giving you the
results formatted to make a manager happy (an
On 27.07.17 15:42, Adam Weremczuk wrote:
These are the vulnerability I'm referring to and they have been
addressed in OpenSSH versions 6.6 and 7.2p2:
Threat 1:
The sshd server fails to validate user-supplied X11 authentication
credentials
when establishing an X11 forwarding session. An authen
On Thu, 27 Jul 2017, Adam Weremczuk wrote:
> deb http://ftp.debian.org/debian wheezy-backports main
No. Not backports, just the regular LTS updates.
https://wiki.debian.org/LTS
> How to I hard prove it and convince the external company flagging it on our
> server?
Tell them to not look at upst
On 27/07/2017 15:53, Thorsten Glaser wrote:
On Thu, 27 Jul 2017, Adam Weremczuk wrote:
These are the vulnerability I'm referring to and they have been addressed in
OpenSSH versions 6.6 and 7.2p2:
That’s *upstream* version numbers. As Roberto said, the LTS team
will take those changes (and *on
On Thu, 27 Jul 2017, Adam Weremczuk wrote:
> These are the vulnerability I'm referring to and they have been addressed in
> OpenSSH versions 6.6 and 7.2p2:
That’s *upstream* version numbers. As Roberto said, the LTS team
will take those changes (and *only* those security-related fixes),
backport
Hi Roberto,
My replies in line below.
On 27/07/2017 14:43, Roberto C. Sánchez wrote:
We have a server running Wheezy 7.1 running openssh_6.0p1 which we are not
ready to rebuild and migrate just yet.
We have recently been asked to update openssh to fix all known security
vulnerabilities.
The
Hi Raphael,
I apologize for answering you so late.
On Thu, Apr 20, 2017 at 07:04:49PM +0200, Raphael Hertzog wrote:
> I prepared an updated version of slurm-llnl to fix CVE-2016-10030 which
> is a rather severe issue even if only applies to some rare cases (when there's
> a prolog script and when
On Thu, Jul 27, 2017 at 02:16:46PM +0100, Adam Weremczuk wrote:
> Hello,
>
> Can somebody advise if there is any openssh_7.2p2 or newer version available
> for wheezy?
I am not aware of any such packages being available.
> Is there any chance it will find its way into official or backport releas
Hello,
Can somebody advise if there is any openssh_7.2p2 or newer version
available for wheezy?
Is there any chance it will find its way into official or backport
releases in the upcoming weeks?
We have a server running Wheezy 7.1 running openssh_6.0p1 which we are
not ready to rebuild and m
Am 27.07.2017 um 10:22 schrieb Michael Laß:
> Hi,
>
> I just wanted to make sure that the LTS team is aware of a regression that
> was introduced in roundcube with version 0.7.2-9+deb7u4 provided by the LTS
> team:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=843795
>
> The discussion in
Hi,
during July I worked 10 of the allocated 10 hours on LTS. During this
time I did the following:
- fix CVE-2017-11103 (Orpheus' Lyre) in heimdal resulting in DLA-1027-1
- look at CVE-2017-11103 in samba4 (not affected)
- test new bind9 packages prepared by Thorsten Altenholz
- one week of CVE t
- po...@debian.org wrote:
> Hi Lars,
>
> I see that you prepared mysql 5.5.57 for wheezy. Thanks! I'll take
> care of
> uploading it (after doing some testing) and announcing it, as usual.
>
> Cheers,
> Emilio
Thanks! Should have passed it on to lts, as we still don't have a DD on the
tea
Hi,
I just wanted to make sure that the LTS team is aware of a regression that was
introduced in roundcube with version 0.7.2-9+deb7u4 provided by the LTS team:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=843795
The discussion in the bug report seems to have stalled for nearly two months
14 matches
Mail list logo
