On Sun, 2025-02-23 at 23:45 +0100, Hilmar Preusse wrote:
> The patch solves an annoying issue:
>
> Proftpd does use the same server port for multiple passive FTP
> connections.
> Even when executing multiple simultaneous FTP sessions from different
> clients. This does break simultaneous passive F
On Tue, 2025-02-18 at 15:04 -0500, Michael Jeanson wrote:
> Fix the dkms build of lttng-modules against the current bullseye
> kernel 5.10.0-33.
bullseye is no longer handled by the Release Team, but by the LTS Team
(CCed). Please co-ordinate with them about a possible update to the
package in bul
On Sun, 2024-11-03 at 12:52 +0800, Sean Whitton wrote:
> Hello,
>
> On Thu 31 Oct 2024 at 07:01am GMT, Adam D. Barratt wrote:
>
> > On Thu, 2024-10-31 at 13:14 +0800, Sean Whitton wrote:
> > > I just uploaded 1.1.1n-0+deb11u5 to bullseye-security, but then
> &
On Thu, 2024-10-31 at 13:14 +0800, Sean Whitton wrote:
> I just uploaded 1.1.1n-0+deb11u5 to bullseye-security, but then saw
> there is 1.1.1w-0+deb11u1 in bullseye. So my update will not get
> installed anywhere.
>
> 1.1.1w-0+deb11u1 was not pushed to the debian/bullseye branch in git,
> and I d
On Sun, 2023-10-01 at 22:33 +0100, Adam D. Barratt wrote:
> On Sun, 2023-10-01 at 18:37 +0100, Adam D. Barratt wrote:
> > wb nmu 10 gitit haskell-hakyll . ANY . unstable . -m "Rebuild to
> > clear version space for rebuilds in stable; see #1042058"
> > wb n
On Sun, 2023-10-01 at 18:37 +0100, Adam D. Barratt wrote:
> wb nmu 10 gitit haskell-hakyll . ANY . unstable . -m "Rebuild to
> clear version space for rebuilds in stable; see #1042058"
> wb nmu 6 gitit haskell-hakyll . ANY . bookworm . -m "Rebuild against
> new pando
On Sun, 2023-10-01 at 19:57 +0300, Adrian Bunk wrote:
> On Tue, Jul 25, 2023 at 11:39:38PM +0200, Guilhem Moulin wrote:
> > ...
> > The Security Team decided not to issue a DSA for that CVE, but it's
> > now fixed in
> > buster-security (2.2.1-3+deb10u1) as well as sid (2.17.1.1-2), so
> > it makes
[Please CC me on replies and keep discussion on d-release regardless of
how you received the mail]
Hi,
SRM is considering using an ed25519 GPG key for bookworm. Does anyone
see any issues with that?
We've tested merging signatures from a (different) ed25519 key and an
RSA key using dak's "gpg-me
Hi,
On Tue, 2021-08-31 at 19:50 +0530, Utkarsh Gupta wrote:
> Hi Christoph,
>
> On Tue, Aug 31, 2021 at 7:34 PM Christoph Berg
> wrote:
> > I just pushed the changes to the security-tracker git and mailed
> > -lts-announce.
> >
> > If you could update the website, that would be nice.
>
> Done,
Hi,
I noticed that postgresql-9.6 got uploaded to stretch-lts late last
week, but there doesn't appear to have been a DLA issued for it yet.
Is that already in progress?
Thanks,
Adam
Hi,
On Wed, 2020-10-21 at 11:27 +0300, Otto Kekäläinen wrote:
> I just realized Emilio represents the LTS team and he already took
> care of this.
On a related note, according to
https://mariadb.com/kb/en/mariadb-server/ , support for MariaDB 10.1
ended in October.
Assuming that's still accurat
On Mon, 2020-07-06 at 13:25 +0530, Pirate Praveen wrote:
> Just like gitlab was removed from stable, rails can also get removed
> from stable if no one steps up to maintain it. I'm happy with rails
> in just unstable for my use cases. A package can be supported only
> when people are willing to sup
Hi,
The next - and final - point release for "stretch" (9.13) is scheduled
for Saturday, July 18th. Processing of new uploads into stretch-
proposed-updates will be frozen during the preceding weekend.
Regards,
Adam
Hi,
stretch transitions from oldstable-with-security-support to LTS support
on Saturday July 4th. As usual, we should aim for the final point
release to be soon after that, most likely pulling in any remaining
updates from security.d.o that are still in oldstable-new.
I think Saturday July 11th m
On Mon, 2020-05-25 at 00:13 +1000, Hugh McMaster wrote:
> Hi Adam,
>
> On Thu, 21 May 2020 at 19:34, Adam D. Barratt wrote:
> > On Thu, 2020-05-21 at 09:30 +, Mike Gabriel wrote:
> > > Sorry for the delay. I have uploaded +deb9u2 and +deb10u2 of
> > > libexif
On Thu, 2020-05-21 at 09:30 +, Mike Gabriel wrote:
> Sorry for the delay. I have uploaded +deb9u2 and +deb10u2 of
> libexif
> now. I will write the SRU acceptance request bugs this afternoon.
>
There's already #961019 and #961020...
Regards,
Adam
On Mon, 2020-05-18 at 11:40 -0400, Roberto C. Sánchez wrote:
> On Mon, May 18, 2020 at 04:21:42PM +0100, Adam D. Barratt wrote:
> > On Thu, 2020-05-14 at 06:55 +0200, Mike Gabriel wrote:
> > > The Debian LTS team would like to fix the security issues which
> > > are
On Thu, 2020-05-14 at 06:55 +0200, Mike Gabriel wrote:
> The Debian LTS team would like to fix the security issues which are
> currently open in the Jessie version of exim4:
> https://security-tracker.debian.org/tracker/CVE-2020-12783
>
It looks like there was an LTS upload on Saturday night, but
On Thu, 2020-02-20 at 17:43 +, Ben Hutchings wrote:
> On Thu, 2020-02-20 at 17:09 +, Holger Levsen wrote:
> [...]
> > sec-master doesn't send mail to the bts. So currently one has to
> > close bugs manually. Or maybe we can change the archive software to
> > do something else.
> >
> > as t
Hi,
On 2020-01-07 04:10, robe...@debian.org wrote:
git (1:2.1.4-2.1+deb8u8) jessie-security; urgency=high
.
* Non-maintainer upload by the LTS Team.
* Apply patches addressing the security issues CVE-2019-1348,
CVE-2019-1349, CVE-2019-1352, CVE-2019-1353, and CVE-2019-1387.
.
On 2019-12-10 06:47, Brian May wrote:
Apparently the fix for ibus creates a regression in glibc that must get
fixed also:
https://gitlab.gnome.org/GNOME/glib/merge_requests/1176
However this patch patches GIO in glibc, and it looks like glibc in
Jessie (2.19-18+deb8u10) doesn't have this direct
On 2019-09-17 14:24, Roberto C. Sánchez wrote:
On Tue, Sep 17, 2019 at 07:18:54AM +0200, Pascal Hambourg wrote:
Le 16/09/2019 à 22:34, Roberto C. Sánchez a écrit :
> Package: python2.7
> Version: 2.7.9-2+deb8u5
The i386 build failed.
I just tried a local build and it succeeded
On 2019-08-19 20:54, Moritz Mühlenhoff wrote:
On Mon, Aug 19, 2019 at 02:27:09PM +0200, Hugo Lefeuvre wrote:
Hi,
I just had a look at xymon's vulnerabilities in jessie, stretch and
buster.
Upstream claims some of these issues to be exploitable, among others
the XSS
vulnerability. I plan to
On Fri, 2019-03-29 at 11:13 +0100, Pierre Fourès wrote:
> The way I understand it, but I asked for clarification and
> confirmation in my previous message [1], is that all « updates » goes
> into -proposed-updates/, but the one who need to be quickly applied
> into the distribution (but aren't secu
On 2019-03-27 11:50, Matus UHLAR - fantomas wrote:
On 27.03.19 11:20, Bernie Elbourn wrote:
If it is possible to wiz up a blank jessie-updates this will save me
visiting a bunch of systems throwing apt errors in next few days.
I wonder if it wasn't blank already. All of its contents was suppos
On Thu, 2018-07-19 at 18:23 +0100, Adam D. Barratt wrote:
> On Thu, 2018-07-19 at 18:42 +0200, Christoph Martin wrote:
> > tags 860064 +stretch
> > tags 860064 +jessie
> > thanks
> >
> > Am 01.07.2018 um 15:38 schrieb Adam D. Barratt:
> > > On Sun, 20
On Thu, 2018-07-19 at 18:42 +0200, Christoph Martin wrote:
> tags 860064 +stretch
> tags 860064 +jessie
> thanks
>
> Am 01.07.2018 um 15:38 schrieb Adam D. Barratt:
> > On Sun, 2018-07-01 at 11:38 +, Martin, Christoph wrote:
> > > dns-root-data had an update a
Control: tags -1 + wontfix
On Sun, 2018-06-10 at 20:33 -0500, Michael Shuler wrote:
> On 06/08/2018 03:37 PM, Adam D. Barratt wrote:
> >
> > Ping? We're a week away from the final chance to get an update into
> > jessie-as-oldstable before it becomes jessie-lts.
&
Control: tags -1 + moreinfo
On Mon, 2017-10-23 at 08:59 -0400, Antoine Beaupré wrote:
> On 2017-07-19 11:35:56, Michael Shuler wrote:
...
> > I spent a few sessions over the past few days getting the mozilla
> > bundle
> > 2.14 committed to all the suite branches wheezy and newer. I have
> > some
On 2018-05-04 8:20, Raphael Hertzog wrote:
Hello Marc,
On Thu, 03 May 2018, Marc SCHAEFER wrote:
Probably that a downgrade of the clamav suite would solve the problem;
however
there is something wrong in the coherency between wheezy LTS and
jessie, don't
you think?
A newer version is alread
On Wed, 2017-10-11 at 22:41 +0200, Tobias Köck wrote:
> Hi Adam,
>
> I have found it in the documentation. Thank's for your advice.
Predictably, I only received this after sending a reply to your
previous mail.
Hopefully it will be useful for anyone having similar queries in
future.
Regards,
A
On Wed, 2017-10-11 at 22:36 +0200, Tobias Köck wrote:
> Hi Adam,
> > They appear to be entirely missing
> > security.debian.org, which is a) quite important and b) where the
> > LTS
> > suites are hosted.
>
> No of course they are there, too. Thanks for asking.
> Is the the security apt source sup
On Wed, 2017-10-11 at 20:10 +, Holger Levsen wrote:
> On Wed, Oct 11, 2017 at 10:05:14PM +0200, Tobias Köck wrote:
> > does that mean if I don't touch the sources.list with
> >
> > deb http://deb.debian.org/debian/ jessie main
> > deb-src http://deb.debian.org/debian/ jessie main
> >
> > deb
On 2017-07-09 23:18, Chris Lamb wrote:
Hi -lts,
This is probably obvious to someone else, but I am rather confused by
this rejection from security-master.
[...]
The upload includes 'phpldapadmin_1.2.2-5+deb7u1_amd64.changes' whose
filename includes the architecture name amd64, but does not inc
On 2016-09-13 8:46, Chris Lamb wrote:
Hi Jean,
wheezy-pu: package libphp-adodb/5.15-1
I currently have the soft "lock" on this package in
data/dla-needed.txt.
Would you like me to upload this to LTS? Surely wheezy-pu doesn't even
exist anymore…?
In practical terms, indeed not.
fwiw, the
On 2016-08-08 10:52, Ola Lundqvist wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: mongodb
Version: 2.0.6-1+deb7u1
wheezy already has 2.0.6-1.1, which is a higher version.
Regards,
Adam
Hi,
On 2016-06-06 21:30, d...@security.debian.org wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Fri, 03 Jun 2016 10:05:19 +
[...]
nss (2:3.14.5-1+deb7u7) wheezy-security; urgency=high
.
* Non-maintainer upload by the Long Term Security Team.
* Add CVE-20
On Wed, 2016-05-04 at 18:51 +0100, Ben Hutchings wrote:
> As I understand it, packages are never moved directly from oldstable-
> security to archive.debian.org. Normally they are copied to oldstable
> in a final point release, and then moved to archive.debian.org. In
> this case, there was a poi
On Mon, 2016-02-22 at 18:42 +0100, Guido Günther wrote:
> Hi Adam,
> On Sat, Feb 20, 2016 at 02:27:27PM +, Adam D. Barratt wrote:
[...]
> > If so then we need to consider how the transition works in the short
> > term. For example, the final point release of oldstable occurs
[apologies to anyone who's ended up with three copies of this; the
original got eaten due to a misconfiguration on my side - please only
reply to this copy]
Hi,
As I understand it, the plan is for wheezy-lts to re-use
security.d.o:wheezy/updates directly, rather than a separate suite on
ftp-maste
On Thu, 2015-11-26 at 16:59 -0500, Antoine Beaupré wrote:
> On 2015-11-26 13:07:42, Antoine Beaupré wrote:
> > On 2015-11-26 12:41:38, Raphael Hertzog wrote:
> >> Hi,
> >>
> >> On Thu, 26 Nov 2015, Antoine Beaupré wrote:
> >>> Somehow i still built the package with the (harmless) fix... I wonder
>
On Thu, 2015-11-26 at 13:07 -0500, Antoine Beaupré wrote:
> On 2015-11-26 12:41:38, Raphael Hertzog wrote:
> > I don't see any "Accepted" mail in
> > https://lists.debian.org/debian-lts-changes/2015/11/threads.html and they
> > tend to appear rather shortly after the upload.
> >
> > So I guess that
On 2015-08-07 16:56, golinux wrote:
Unbelievable. You deleted - IOW censored - my comments and others in
this "kernel failure" question to this list.
https://lists.debian.org/debian-lts/2014/12/msg00035.html
I'm confused. That link shows two posts from you in that thread, which
is exactly wh
On Wed, 2015-07-01 at 23:35 +0200, Mats Erik Andersson wrote:
> Wednesday den 1 July 2015 klockan 21:26 skrev Thorsten Alteholz detta:
> > Hi Mats,
> >
> > from my point of view it would be great to have this patch
> > in oldoldstable as well.
>
> I did not understand that oldoldstable and squee
On Sun, 2014-11-23 at 21:03 +0100, Holger Levsen wrote:
> Hi Adam,
>
> On Sonntag, 23. November 2014, Adam D. Barratt wrote:
> > On Sun, 2014-11-23 at 19:43 +0100, Holger Levsen wrote:
> > > oh, "btw": jessie has -2, sid -3, with changes unsuitable for wheezy
On Sun, 2014-11-23 at 19:43 +0100, Holger Levsen wrote:
> oh, "btw": jessie has -2, sid -3, with changes unsuitable for wheezy and
> targeted at jessie. this needs an unblock request to let -3 migrate to jessie
> and have the binaries removed from sid first... anybody doing this?
It needs more t
On 2014-10-08 17:35, Adam D. Barratt wrote:
Hi,
On 2014-10-08 17:23, Holger Levsen wrote:
On Mittwoch, 8. Oktober 2014, Adam D. Barratt wrote:
The real question is "if there are different packages in squeeze and
squeeze-proposed-updates, to which one are security patches applied&
Hi,
On 2014-10-08 17:23, Holger Levsen wrote:
On Mittwoch, 8. Oktober 2014, Adam D. Barratt wrote:
The real question is "if there are different packages in squeeze and
squeeze-proposed-updates, to which one are security patches applied"
and
[...]
do you think there will be anoth
ueeze+o-p-u, until a point release). There
are never packages in squeeze-updates which are not also in
squeeze+o-p-u.
this is what I wanted to know and what I hoped for...
I think I have already asked about that some time ago.
On 08.10.14 13:32, Adam D. Barratt wrote:
It's also explai
On 2014-10-08 12:59, Matus UHLAR - fantomas wrote:
On 2014-10-04 11:30, Matus UHLAR - fantomas wrote:
What about squeeze-updates (formerly volatile)?
Are they still needed?
Are security fixes applied to packages in squeeze or squeeze-updates?
On 04.10.14 12:09, Adam D. Barratt wrote:
That
On 2014-10-04 11:30, Matus UHLAR - fantomas wrote:
What about squeeze-updates (formerly volatile)?
Are they still needed?
Are security fixes applied to packages in squeeze or squeeze-updates?
That question doesn't make sense. squeeze-updates is a strict subset of
squeeze (technically squeeze+o
On Fri, 2014-06-13 at 12:56 +0200, Raphael Hertzog wrote:
> I have been working with the security team, the press team and the leader
> on a proper announce of Debian LTS. We would like to use this opportunity
> to thank the (early|prospective) organizations that plan to contribute to
> Debian LTS.
On Thu, 2014-06-05 at 19:39 +0200, Christoph Biedl wrote:
> Matus UHLAR - fantomas wrote...
>
> > which sources I should keep in sources.list?
[...]
> > - main squeeze
> > - updates (formerly volatile)
>
> These two should not see any further updates, but see above.
"main squeeze" will, once - t
On 2014-05-29 15:22, Bret Austen wrote:
It does not appear that this package (check-support-status) is in
deb http://http.debian.net/debian [1] squeeze-lts main contrib
non-free
There is no "check-support-status" package. The script of that name is
in the "debian-security-support" package.
On Wed, 2014-05-28 at 03:53 +0800, Bret Busby wrote:
> I followed the procedure specified at
> https://wiki.debian.org/LTS/Development#Add_squeeze-lts_to_your_sources.list
[...]
> When I ran apt-get update and then apt-get upgrade (I usual use the
> update applet in the taskbar, to check for upda
55 matches
Mail list logo
