Re: Wheezy update of ledger?

2017-09-06 Thread David Bremner
Ola Lundqvist writes: > Dear maintainers, > > The Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of ledger: > https://security-tracker.debian.org/tracker/CVE-2017-2807 > https://security-tracker.debian.org/tracker/CVE-2017-2808 > > These two

About the security issues affecting libraw in Wheezy

2017-09-06 Thread Ola Lundqvist
Dear maintainers, The Debian LTS team recently reviewed the security issue(s) affecting your package in Wheezy: https://security-tracker.debian.org/tracker/CVE-2017-13735 We decided that we would not prepare a wheezy security update (usually because the security impact is low and that we concentr

Wheezy update of bzr?

2017-09-06 Thread Ola Lundqvist
Dear maintainers, The Debian LTS team would like to fix the security issuewhich is currently open in the Wheezy version of bzr: https://security-tracker.debian.org/tracker/source-package/bzr For more information see bug #874429. No CVE has been assigned yet. The same problem has been fixed in git.

Wheezy update of ledger?

2017-09-06 Thread Ola Lundqvist
Dear maintainers, The Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of ledger: https://security-tracker.debian.org/tracker/CVE-2017-2807 https://security-tracker.debian.org/tracker/CVE-2017-2808 These two issues do not seem to be trivial to e

About the security issues affecting python-django in Wheezy

2017-09-06 Thread Ola Lundqvist
Dear maintainers, The Debian LTS team recently reviewed the security issue(s) affecting your package in Wheezy: https://security-tracker.debian.org/tracker/CVE-2017-12794 We decided that we would not prepare a wheezy security update (usually because the security impact is low and that we concentr

About the security issues affecting openldap in Wheezy

2017-09-06 Thread Ola Lundqvist
Dear maintainers, The Debian LTS team recently reviewed the security issue(s) affecting your package in Wheezy: https://security-tracker.debian.org/tracker/CVE-2017-14159 We decided that we would not prepare a wheezy security update (usually because the security impact is low and that we concentr

Wheezy update of opencv?

2017-09-06 Thread Ola Lundqvist
Dear maintainers, The Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of opencv: https://security-tracker.debian.org/tracker/CVE-2016-1516 https://security-tracker.debian.org/tracker/CVE-2017-12597 https://security-tracker.debian.org/tracker/CVE

About the security issues affecting binutils in Wheezy

2017-09-06 Thread Ola Lundqvist
Dear maintainers, The Debian LTS team recently reviewed the security issue(s) affecting your package in Wheezy: https://security-tracker.debian.org/tracker/CVE-2017-14128 https://security-tracker.debian.org/tracker/CVE-2017-14129 https://security-tracker.debian.org/tracker/CVE-2017-14130 We decid

Re: Accepted icedove 1:52.3.0-4~deb7u1 (source amd64 all) into oldoldstable

2017-09-06 Thread Guido Günther
Hi, On Wed, Sep 06, 2017 at 08:15:17PM +0200, Pascal Hambourg wrote: > Hello, > > The new icedove packages are not available for i386 yet. > If I understand correctly > > the i386 build failed. Yept, noticed already.

Re: Accepted icedove 1:52.3.0-4~deb7u1 (source amd64 all) into oldoldstable

2017-09-06 Thread Pascal Hambourg
Hello, The new icedove packages are not available for i386 yet. If I understand correctly the i386 build failed.

Re: unrar-free: CVE-2017-14120: directory traversal vulnerability

2017-09-06 Thread Chris Lamb
tags 874059 + patch thanks Patch attached. It includes autopkgtests checking this CVE and a smoketest of a regular (ie. non-exploit) extraction to prevent a regression. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- diff --g

Re: Wheezy update of rbenv?

2017-09-06 Thread Antonio Terceiro
On Sat, Jul 22, 2017 at 06:24:45PM +0200, Guido Günther wrote: > Dear maintainer, > > (This is rather low impact so tagging no-dsa would be fine too but I > wanted to check with you guys first). > > The Debian LTS team would like to fix the security issue which is > currently open in the Wheezy v

Re: August Report

2017-09-06 Thread Hugo Lefeuvre
Hi Raphaël, Roberto, > > >These CVEs are especially difficult to reproduce because wheezy's gcc > > >doesn't have asan and reproduction conditions might require a specific > > >setup. > > > > FWIW, I have been able to reproduce quite a few issues detected by ASAN > > with valgrind whi

Re: graphicsmagick CVE-2017-14103

2017-09-06 Thread Moritz Mühlenhoff
On Wed, Sep 06, 2017 at 05:39:33PM +1000, Brian May wrote: > Hello, > > What does " (Incomplete fix not applied)" mean? > > The part seems to say it is not even affected, while the > comment seems to say it hasn't been fixed? Fix foo introduced a new vulnerability, but since foo hadn't been app

graphicsmagick CVE-2017-14103

2017-09-06 Thread Brian May
Hello, What does " (Incomplete fix not applied)" mean? The part seems to say it is not even affected, while the comment seems to say it hasn't been fixed? Regards -- Brian May https://linuxpenguins.xyz/brian/