Hi Brian,
I am currently testing the update. I already had a look at the patches.
> diff -Nru tiff-4.0.3/debian/patches/CVE-2018-12900.patch
> tiff-4.0.3/debian/patches/CVE-2018-12900.patch
> --- tiff-4.0.3/debian/patches/CVE-2018-12900.patch1970-01-01
> 10:00:00.0 +1000
> +++ tiff-
Hi Ola,
Thanks for your answer, much appreciated.
About PHP7.0, I was asking if it would be supported in next LTS
release (when Stretch become oldstable), but I might be anticipating
way too far.
Thomas
Le sam. 9 févr. 2019 à 21:35, Ola Lundqvist a écrit :
>
> Hi Thomas
>
> I do not see that
Hi,
On Sat, Feb 09, 2019 at 03:55:44AM +0100, Laura Arjona Reina wrote:
> * We still need the Apache redirects, so the people that try the old
> URLs (wether directly because they knew, or via the security tracker),
> find the files they need. What we need to do is send a patch to
>
> https://sal
On Mon, 11 Feb 2019, Brad Warren wrote:
> I agree with the concerns about updating python3-cryptography in jessie.
>
> If we can’t update jessie, I’d ideally love to see the packages in
> jessie-backports updated. Despite the announcement that jessie-backports was
> discontinued ~6 months ago,
Hi Markus and Roberto
On Tuesday 12 February 2019 02:13 AM, Markus Koschany wrote:
> Hello,
>
> I noticed that both of you work on PHP5. Please coordinate the next
> upload. We should package version 5.6.40 which will fix all known
> issues. I have contacted secur...@php.net and they confirmed to
I agree with the concerns about updating python3-cryptography in jessie.
If we can’t update jessie, I’d ideally love to see the packages in
jessie-backports updated. Despite the announcement that jessie-backports was
discontinued ~6 months ago, tens of thousands of users and many more domains
c
Hi Ola,
On 10.02.19 17:27, Ola Lundqvist wrote:
> Dear maintainers,
>
> The Debian LTS team would like to fix the security issues which are
> currently open in the Jessie version of libsdl1.2 and libsdl2:
> https://security-tracker.debian.org/tracker/CVE-2019-7572
> https://security-tracker.debia
On 2019-02-09 11:39:18, Elena ``of Valhalla'' wrote:
> On 2019-02-07 at 11:44:45 -0500, Antoine Beaupré wrote:
>> Hi,
>>
>> Recently, python-gnupg was triaged for maintenance in Debian LTS, which
>> brought my attention to this little wrapper around GnuPG that I'm
>> somewhat familiar with.
>>
>>
On 2019-02-09 14:39:50, Holger Levsen wrote:
> Hi Laura,
>
> many many thanks for your work on this, including and especially this
> writeup!
>
> some comments below, where I dont say anything I mean 'yay"! :)
>
> On Sat, Feb 09, 2019 at 03:55:44AM +0100, Laura Arjona Reina wrote:
>> * The /lts/sec
On 2019-02-09 03:55:44, Laura Arjona Reina wrote:
> Hello all
>
> Holger Levsen merged the generated DLAs and I've worked to create the
> /lts tree to show them separated from the DSA. I have moved to this new
> /lts folder the DLAs from years 2014, 2015 and 2016 that we had already,
> and remove t
Hello,
I noticed that both of you work on PHP5. Please coordinate the next
upload. We should package version 5.6.40 which will fix all known
issues. I have contacted secur...@php.net and they confirmed to me that
they will assign new CVE numbers shortly.
Regards,
Markus
signature.asc
Descript
Thanj you merci
Le Lun 11 Fév 2019 16:44, Chris Lamb a écrit :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Package: curl
> Version: 7.38.0-4+deb8u14
> CVE IDs: CVE-2018-16890 CVE-2019-3822 CVE-2019-3823
>
> It was discovered that there were three vulnerabiliti
On 2019-02-11 10:57:20, Holger Levsen wrote:
> hi,
>
> I've just unclaimed faad2 and systemd as the last documented activity on these
> packages was more than two weeks ago...
>
> If you intend to continue working on them, please just reclaim them and
> update the note.
Hehe... "arroseur arrosé" a
On 11/02/2019 02:38, Steve McIntyre wrote:
> On Fri, Feb 08, 2019 at 11:23:54AM +0100, Emilio Pozuelo Monfort wrote:
>>
>> I have done an automated install (ncurses frontend, installing GNOME) using
>> the
>> netinst/amd64 image, with an LVM encrypted volume. I have also tested the CD1
>> media, u
hi,
I've just unclaimed faad2 and systemd as the last documented activity on these
packages was more than two weeks ago...
If you intend to continue working on them, please just reclaim them and
update the note.
Thanks.
--
tschau,
Holger
--
On Mon, 2019-02-11 at 12:06 +0200, Adrian Bunk wrote:
> certbot is not in jessie, so nothing to fix/update there.
Oh, I hadn't realised that bit, thanks for clarifying.
I have no advice/suggestions then.
Ian.
On Sat, Feb 09, 2019 at 08:37:09AM +, Ian Campbell wrote:
>...
> There is no need for an exception, jessie-backports is not the right
> place to be fixing this issue even if it were still open. It should be
> fixed by an update to either Jessie itself of the security suite.
>...
certbot is not
On Mon, 11 Feb 2019 at 21:28, Emilio Pozuelo Monfort
wrote:
> On 11/02/2019 09:24, Chris Lamb wrote:
> > Hi Tobias,
> >
> >> The remaining packages on the list maybe need a rebuild for jessie:
> >>
> >> aptly
> >> direnv
> >> golang-bindata
> >> golang-gogoprotobuf
> >> golang-goprotobuf
> >> hea
Hello,
Do you have any information about PHP 5.6.40 date of availability for
Jessie ?
Thanks,
JB
Le mer. 30 janv. 2019 à 15:56, Jean-Baptiste Martin-Ariès <
jean.baptiste.mar...@gmail.com> a écrit :
> Hello,
>
> PHP 5.6.40 had been made available on 10 Jan 2019 and contains several
> bugs and se
On 11/02/2019 09:24, Chris Lamb wrote:
> Hi Tobias,
>
>> The remaining packages on the list maybe need a rebuild for jessie:
>>
>> aptly
>> direnv
>> golang-bindata
>> golang-gogoprotobuf
>> golang-goprotobuf
>> heartbleeder
>> kxd
>> ngrok
>> obfs4proxy
>> pt-websocket
>> slt
>
> Great stuff — t
Hi Tobias,
> The remaining packages on the list maybe need a rebuild for jessie:
>
> aptly
> direnv
> golang-bindata
> golang-gogoprotobuf
> golang-goprotobuf
> heartbleeder
> kxd
> ngrok
> obfs4proxy
> pt-websocket
> slt
Great stuff — thanks for this. LTS team, just as a sanity check;
uploading
21 matches
Mail list logo
