PHP 5.6 EOD of Life Support and Debian 8 LTS.

Hello, With the end of life support of PHP 5.6 from upstream, do you know if Debian LTS team will still support php5.6 in the future ? I'm talking about the packaging of PHP 5.6.40 but also about next potential vulnerabilities which may happened. By the way; does PHP 7.0 will be supported by Deb

Re: [SECURITY] [DLA 1644-1] policykit-1 security update

Thank you Le Lun 28 Jan 2019 14:05, Emilio Pozuelo Monfort a écrit : > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Package: policykit-1 > Version: 0.105-15~deb8u4 > CVE ID : CVE-2018-19788 CVE-2019-6133 > > Two vulnerabilities were found in Policykit, a framewor

Question about contact maintainers script

Hi LTS team In some old version of the contact maintainers script it was sending an email to $pack...@packages.debian.org instead of individually to each maintainer. We got a complaint from one of the maintainer teams that it do this. My conclusion is that it sends an email to the maintainer and

Re: [Qemu-devel] [PATCH v2] bt: use size_t type for length parameters instead of int

Hi Hugo, On 1/28/19 10:31 AM, Hugo Lefeuvre wrote: > Hi, > >> The length parameter values are not negative, thus use an unsigned >> type 'size_t' for them. Many routines pass 'len' values to memcpy(3) >> calls. If it was negative, it could lead to memory corruption issues. >> Add check to avoid i

Re: Review and testing phpmyadmin for Jessie LTS

Hi Hugo, On 1/28/19 6:40 AM, Hugo Lefeuvre wrote: > Hi Lucas, > > Sorry for the late answer. Do not worry. > I had an issue with your patch and took a while to find out what was going > wrong. > > This update broke table creation... > >> +--- a/libraries/transformations.lib.php >> b/libraries

Re: [Qemu-devel] [PATCH v2] bt: use size_t type for length parameters instead of int

Hi, > The length parameter values are not negative, thus use an unsigned > type 'size_t' for them. Many routines pass 'len' values to memcpy(3) > calls. If it was negative, it could lead to memory corruption issues. > Add check to avoid it. I'm working on a Debian LTS security update for qemu and

Re: qemu - CVE-2018-19665: bt subsystem mishandles negative length variables

Hi Adrian, > On 1/12/19 5:52 PM, Hugo Lefeuvre wrote: > > the subsystem doesn't seem to be very actively maintained and that the user > > base is quite small, it is maybe better to mark this no-dsa in stretch and > > Please don't forget thet Debian has derivates that do not get summed up in > pop

Re: Review and testing phpmyadmin for Jessie LTS

Hi Lucas, Sorry for the late answer. I had an issue with your patch and took a while to find out what was going wrong. This update broke table creation... > +--- a/libraries/transformations.lib.php > b/libraries/transformations.lib.php > +@@ -145,9 +145,10 @@ function PMA_getTransformation