Hi Guido,
2017-08-28 10:07 GMT+02:00 Guido Günther :
> Hi Balint,
> looking at
>
> https://security-tracker.debian.org/tracker/source-package/wireshark
>
> we have some CVEs open in Wheezy. Since Jessie ships the same version I
> wanted to check that you're not already working (or planning to
Hi All,
For the record there is something which we need to check, but the fix
is in progress.
Cheers,
Balint
2017-03-01 22:34 GMT+01:00 Bálint Réczey :
> Hi,
>
> 2017-03-01 21:48 GMT+01:00 Rene Engelhard :
>> Hi,
>>
>> On Tue, Feb 28, 2017 at 01:51:08AM +0100, Báli
Hi,
Thanks for all the input!
2017-02-28 9:12 GMT+01:00 Sébastien Delafond :
> On Feb/28, Peter Palfrader wrote:
>> Maybe we should be able to pass the name of the .changes file to
>> gen-DSA, and then the script can go and use all the information from
>> there?
>
> Implementation-wise, this soun
Hi,
2017-03-01 21:48 GMT+01:00 Rene Engelhard :
> Hi,
>
> On Tue, Feb 28, 2017 at 01:51:08AM +0100, Bálint Réczey wrote:
>> Do you have a PoC for testing?
>> I tried triggering the issue on Wheezy without any luck so far.
>
> Forwarded you the original mail from Septemb
Hi Rene,
2017-02-25 17:01 GMT+01:00 Rene Engelhard :
> Hi,
>
> On Fri, Feb 24, 2017 at 12:38:29PM +0100, Rene Engelhard wrote:
...
>> make[1]: Leaving directory
>> `/home/rene/Debian/Pakete/LibreOffice/libreoffice/libreoffice-3.5.4+dfsg2/tail_build'
>> make: *** [source-env-and-recurse] Error 2
>
Hi,
Since I made mistakes in setting the package version in DLA texts (and
I'm not alone ;-)) I came up with the attached patch which makes
gen-DLA and guess the proper one.
If both teams like it I'll push it to the repo.
Cheers,
Balint
From 4cae74f5c825aa17e3e847689eab5ea37454db60 Mon Sep 17 00
Hi,
I'll take care of that wearing both my Multimedia Team and LTS hats.
Cheers,
Balint
2017-02-25 16:29 GMT+01:00 Thorsten Alteholz :
> Hello dear maintainer(s),
>
> the Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of libquicktime:
> htt
Hi Dominik,
2017-02-07 19:23 GMT+01:00 Dominik George :
> Hi,
>
>> >> the Debian LTS team would like to fix the security issues which are
>> >> currently open in the Wheezy version of xrdp:
>> >> https://security-tracker.debian.org/tracker/source-package/xrdp
>> >>
>> >> Would you like to take car
Dear Team,
I will take care of CVE-2017-2616 in wheezy.
Cheers,
Balint
Hi René,
2017-02-24 7:39 GMT+01:00 Rene Engelhard :
> Hi,
>
> On Thu, Feb 23, 2017 at 11:13:34PM +0100, Moritz Muehlenhoff wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> - -
>> Debian Security Advisory DSA-
Hi All,
Thank you for the upload, but I would have happily handled the CVE
since I have already prepared
other CVE-s for the next batch in the packaging repository.
I saw the email on my phone but I expected longer timeout for waiting
for my response.
There is also debian/README.Debian.security i
Hi Roberto,
2017-02-10 13:14 GMT+01:00 Roberto C. Sánchez :
> On Fri, Feb 10, 2017 at 12:03:34PM +0100, Bálint Réczey wrote:
>>
>> I see Roberto you already claimed the package in dla-needed.txt, but if
>> you don't want to finish it I can make the Wheezy update, too.
(CC-ing Leo, who is uploader, too)
Hi,
I was about to offer stepping up as a co-maintainer for libevent because
my forked-daapd package would profit from having a newer version
in Buster and it seems the packaging team could use some help.
I have uploaded an alpha version to experimental long ti
Hi Emilio,
2017-01-31 22:23 GMT+01:00 Bálint Réczey :
> Hi Emilio,
>
> 2017-01-31 22:14 GMT+01:00 Emilio Pozuelo Monfort :
>> Hi Balint,
>>
>> On 31/01/17 21:46, Balint Reczey wrote:
>>> Log:
>>> wavpack's issues don't affect wheezy
>>&
Hi,
I have prepared a patch for the issue, I'm just waiting for the CVE
assignment till tomorrow (2 Feb) with the upload.
Cheers,
Balint
2017-01-28 22:03 GMT+01:00 Ola Lundqvist :
> Hello dear maintainer(s),
>
> the Debian LTS team would like to fix the security issues which are
> currently open
Hi Dominik,
2016-12-23 12:08 GMT+01:00 Dominik George :
> Hi Chris,
>
>> the Debian LTS team would like to fix the security issues which are
>> currently open in the Wheezy version of xrdp:
>> https://security-tracker.debian.org/tracker/source-package/xrdp
>>
>> Would you like to take care of this
Hi Emilio,
2017-01-31 22:14 GMT+01:00 Emilio Pozuelo Monfort :
> Hi Balint,
>
> On 31/01/17 21:46, Balint Reczey wrote:
>> Log:
>> wavpack's issues don't affect wheezy
>>
>> The first part of the upstream patch is not needed since the
>> code is very different and not vulnerable.
>> The second par
Hi,
I have just patched ratt to allow automatic rebuilding of reverse
build dependencies in distributions other than unstable:
https://github.com/Debian/ratt/pull/8
Sbuild running on jessie (building for wheezy) still emits errors like:
...
dpkg-deb: error: failed to read archive
`libming1_0.4.4-
Hi,
2017-01-04 21:08 GMT+01:00 Bálint Réczey :
> Hi Zigo,
>
> 2017-01-04 16:28 GMT+01:00 Thomas Goirand :
>> Hi,
>>
>> I don't think any of the maintainers of RabbitMQ cares about Wheezy
>> anymore, so it'd be very nice if someone from the LTS team was t
Dear LTS Team,
Since ming is still being used on many systems [1] of I have prepared
fixes for the known vulnerabilities [2] and upstreamed them.
While preparing the fixes I could not avoid noticing the lack of
proper input checking at numerous other places which could be
exploited for various kin
Hi Zigo,
2017-01-04 16:28 GMT+01:00 Thomas Goirand :
> Hi,
>
> I don't think any of the maintainers of RabbitMQ cares about Wheezy
> anymore, so it'd be very nice if someone from the LTS team was taking
> care of it.
OK, I'll take care of it. (Claimed in dla-needed.txt, too.)
Cheers,
Balint
>
>
Hi Ola,
2016-12-29 18:43 GMT+01:00 Ola Lundqvist :
> Hi
>
> Do this mean that we should not make a new wheezy release due to this? I
> guess so.
Yes, IMO. I have already removed maradns from DLA queue.
Cheers,
Balint
>
> / Ola
>
> Sent from a phone
>
> Den 29 dec 2016 18:36 skrev "Dariusz Dworn
Hi,
2016-12-28 11:59 GMT+01:00 Ola Lundqvist :
> Thank you.
>
> It was added to dla-needed.txt one or two days ago.
I'm in the process of uploading the fixed packaga.
For the record curl_mprintf() is formatting floating point values in a
buggy way in
Wheezy's version and I have adapted the added
Hi Dariusz,
2016-11-22 12:05 GMT+01:00 Dariusz Dwornikowski :
> I surely would like help with these CVSs.
For the record the CVEs got rejected thus the LTS Team won't work on them.
Cheers,
Balint
>
> On 21 November 2016 at 23:18, Ola Lundqvist wrote:
>>
>> Hello dear maintainer(s),
>>
>> The D
ssie, too, or someone else from the team will take care of this?
Cheers,
Balint
2016-12-20 17:17 GMT+01:00 Balint Reczey :
> On 12/19/2016 03:58 PM, Bálint Réczey wrote:
>> Hi,
>>
>> 2016-12-19 9:10 GMT+01:00 Sébastien Jodogne :
>>> Dear all,
>>>
>>&g
Hi,
2016-12-19 9:10 GMT+01:00 Sébastien Jodogne :
> Dear all,
>
>> On Sun, Dec 18, 2016 at 10:47:05PM +0100, Markus Koschany wrote:
>> > Hello dear maintainer(s),
>> >
>> > the Debian LTS team would like to fix the security issues which are
>> > currently open in the Wheezy version of dcmtk:
>> >
Hi,
2016-01-07 18:22 GMT+01:00 Raphael Hertzog :
> Hi,
>
> On Wed, 30 Dec 2015, Moritz Mühlenhoff wrote:
>> The kodi/xbmc one needs some work, let's wait for Balint to reply.
>> The others look good to me.
>
> Ok, reverted that one and uploaded it to sid and then backported it to
> squeeze-lts too
Hi,
2016-11-15 1:52 GMT+01:00 Bálint Réczey :
> Hi All,
>
> 2016-11-09 10:44 GMT+01:00 Andreas Beckmann :
>> On 2016-10-31 23:17, Andreas Beckmann wrote:
>>> Please go ahead - probably we could use the fix (that someone produces
>>> for wheezy) for jessie and s
Hi John,
2016-11-16 10:16 GMT+01:00 John H. Mitchell :
>
> Good day,
>
> I'm trying to use the Debian LTS repo but its not working. Can someone have a
> look for me?
>
> The guide documentation that I used is here: https://wiki.debian.org/LTS/Using
>
> From what I understand, this repo should be
Hi All,
2016-11-09 10:44 GMT+01:00 Andreas Beckmann :
> On 2016-10-31 23:17, Andreas Beckmann wrote:
>> Please go ahead - probably we could use the fix (that someone produces
>> for wheezy) for jessie and sid as well. Please put everything into git,
>> branch wheezy, the repo is in collab-maint.
>
2016-11-13 19:11 GMT+01:00 Balint Reczey :
> Hi,
>
> I have prepared an update for sudo in Wheezy.
>
> Please see the diff to previous version and a small test program attached.
>
> Changes:
> sudo (1.8.5p2-1+nmu3+deb7u2) wheezy-security; urgency=medium
> .
>* LTS Team upload.
>* Fix noex
Hi,
It seems the nss update broke chromium:
https://lists.debian.org/debian-user/2016/10/msg00981.html
Maybe when we update gcc for firefox we can also continue supporting chromium:
https://lists.debian.org/debian-security-announce/2015/msg00031.html
Cheers,
Balint
2016-10-23 23:43 GMT+02:00 Ol
Hello dear maintainer(s),
the Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of kde-runtime:
https://security-tracker.debian.org/tracker/CVE-2016-7787
Would you like to take care of this yourself?
If yes, please follow the workflow we have de
Hi Lars,
2016-10-27 18:07 GMT+02:00 Lars Tangvald :
>
> - bal...@balintreczey.hu wrote:
>
>> Hi Lars,
>>
>> I noticed you have prepared the MySQL update for wheezy in git:
>> https://anonscm.debian.org/cgit/pkg-mysql/mysql-5.5.git/log/?id=refs/heads/debian/wheezy
>>
>> Would you like the LTS T
Hi Lars,
I noticed you have prepared the MySQL update for wheezy in git:
https://anonscm.debian.org/cgit/pkg-mysql/mysql-5.5.git/log/?id=refs/heads/debian/wheezy
Would you like the LTS Team to perform the upload and issue the DLA
like in the previous case?
Thanks,
Balint
on behalf of the Debia
Hi,
2016-10-20 18:31 GMT+02:00 Markus Koschany :
> On 20.10.2016 17:15, Holger Levsen wrote:
>> On Thu, Oct 20, 2016 at 04:52:07PM +0200, Markus Koschany wrote:
>>> Fixing bugs in unstable or any other suite in Debian is not a part of
>>> Wheezy LTS.
>>
>> yes, but it should be! That was entirely
t
vagrant@debian-wheezy:~$ env -i SHELLOPTS=xtrace PS4='$(id)' ./test
uid=0(root) gid=1000(vagrant)
groups=0(root),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(vid/bin/date
Fri Oct 7 07:19:34 GMT 2016
vagrant@debian-wheezy:~$
Cheers,
Balint
>
> Best regards,
>
> // Ola
>
Hi Ola,
2016-10-06 23:08 GMT+02:00 Ola Lundqvist :
> Hi Matthias and Balint
>
> I have tried to reproduce the problem described in the openwall email.
> However I can not reproduce it. Have you been able to?
>
> On wheezy:
>
> ola@tigereye:/$ env -i SHELLOPTS=xtrace PS4='$(id)' ./test
Hi Fabian,
2016-10-05 17:26 GMT+02:00 Fabian Wolff :
> Dear LTS team,
>
> On Sat, Sep 24, 2016 at 08:00:09AM +0100, Chris Lamb wrote:
>> the Debian LTS team would like to fix the security issues which are
>> currently open in the Wheezy version of dwarfutils:
>> https://security-tracker.debian.org
Hi,
2016-10-05 9:27 GMT+02:00 Jan Ingvoldstad :
> On 2016-10-05 09:04, Brian May wrote:
>>
>> Hello All,
>>
>> Just looking at this issue in Wheezy. Looks like it should be easy to
>> patch, assuming we consider this deserving a security update - it
>> requires local access.
>
>
> If "local access
Hi,
2016-09-25 2:40 GMT+02:00 Mike Hommey :
> On Sun, Sep 25, 2016 at 01:08:55AM +0200, Bálint Réczey wrote:
>> Hi,
>>
>> 2016-09-24 15:34 GMT+02:00 Balint Reczey :
>> > Hi,
>> >
>> > On 09/24/2016 12:51 AM, Mike Hommey wrote:
>> >> O
2016-09-28 13:56 GMT+02:00 Bálint Réczey :
> Hi,
>
> I have prepared an update for chicken in Wheezy.
>
> Please see the diff to previous version:
> https://people.debian.org/~rbalint/ppa/wheezy-lts/chicken_4.7.0-1+deb7u1.patch.gz
>
> Changes:
> chicken (4.7.0-1+deb7u
Hi,
I have prepared an update for chicken in Wheezy.
Please see the diff to previous version:
https://people.debian.org/~rbalint/ppa/wheezy-lts/chicken_4.7.0-1+deb7u1.patch.gz
Changes:
chicken (4.7.0-1+deb7u1) wheezy-security; urgency=medium
.
* LTS Team upload
* Don't overflow staticall
Hi Jean-Yves Avenard,
2016-09-28 3:04 GMT+02:00 Jean-Yves Avenard :
> Hi
>
> On Tue, Sep 27, 2016 at 7:54 PM, James Cowgill wrote:
>>
>> > We discovered a serious security vulnerability in libavcodec 54 and
>> > earlier. Only libavcodec from LibAV is impacted.#
>>
>> What is the security vulnerab
2016-09-25 1:08 GMT+02:00 Bálint Réczey :
> Hi,
>
> 2016-09-24 15:34 GMT+02:00 Balint Reczey :
>> Hi,
>>
>> On 09/24/2016 12:51 AM, Mike Hommey wrote:
>>> On Fri, Sep 23, 2016 at 07:57:45PM +0200, Bálint Réczey wrote:
>>>> Hi,
>>>>
&
Hi,
2016-09-24 15:34 GMT+02:00 Balint Reczey :
> Hi,
>
> On 09/24/2016 12:51 AM, Mike Hommey wrote:
>> On Fri, Sep 23, 2016 at 07:57:45PM +0200, Bálint Réczey wrote:
>>> Hi,
>>>
>>> 2016-09-20 23:43 GMT+02:00 Chris Lamb :
>>>> Hello dear main
Hi,
2016-09-20 23:43 GMT+02:00 Chris Lamb :
> Hello dear maintainer(s),
>
> the Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of firefox-esr:
> https://security-tracker.debian.org/tracker/source-package/firefox-esr
>
> Would you like to take
Hi,
I have prepared an update for wireshark in Wheezy.
Please see the diff to previous version attached. A practically
identical changeset has been already accepted to jessie-security.
Changes:
wireshark (1.12.1+g01b65bf-4+deb8u6~deb7u4) wheezy-security; urgency=medium
.
* security fixes fr
Hi All,
Please use clean chroot (sbuild/pbuilder/etc.) for LTS uploads.
This would prevent accidental regressions related to additional
installed packages or some VM related issues such as funny symlink
handling
of vboxsf.
I have updated https://wiki.debian.org/LTS/Development with reminders.
Th
Hi Hugo,
2016-09-12 0:18 GMT+02:00 Hugo Lefeuvre :
> Hi,
>
> I'd like to prepare an LTS upload for libav[0]. The upstream patch for
> CVE-2016-7393 is very simple and could be grouped with patches from older
> analogous CVEs like CVE-2015-8662 in a broad LTS upload.
>
> Does anybody think it's a b
Hi Hugo,
2016-09-11 10:23 GMT+02:00 Hugo Lefeuvre :
> Hi,
>
> I've got nothing from the QEMU team, and another security issue has
> been reported for qemu[0]. A patch for CVE-2016-7170 is available,
> but I'd like to wait for an upstream approval before doing anything.
> It may take some time.
OK
ou like to handle the LTS update or just
unstable and stable?
Cheers,
Balint
>
>
> On Friday 09 September 2016 21:49:49 Bálint Réczey wrote:
>> Hi Jean-Michel,
>>
>> Thank you for your prompt response.
>>
>> 2016-09-09 20:25 GMT+02:00 Jean-Michel Vourgère (d
Hi Jean-Michel,
Thank you for your prompt response.
2016-09-09 20:25 GMT+02:00 Jean-Michel Vourgère (debian) :
> Hi
>
> On Debian, the affected php script is deployed as
> /usr/share/doc/libphp-adodb/examples/test.php.gz
> and NOT in a browser reachable location:
>
> It's not in /usr/share/php/ad
Hi,
I have prepared an update for curl in Wheezy.
Please see the diff to previous version attached.
Changes:
curl (7.26.0-1+wheezy15) wheezy-security; urgency=medium
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2016-7141: Incorrect reuse of client certificates
The binary package
Hi Jonas,
2016-09-07 0:52 GMT+02:00 Jonas Meurer :
> Hi Bálint,
>
> Am 07.09.2016 um 00:21 schrieb Bálint Réczey:
>> 2016-09-04 17:51 GMT+02:00 Michael Stapelberg :
>>> Thanks for your work on LTS.
>>>
>>> Time does not permit me to do any of this work my
Hi,
2016-09-07 8:00 GMT+02:00 Guido Günther :
> Hi Bálint,
> On Wed, Sep 07, 2016 at 12:21:28AM +0200, Bálint Réczey wrote:
>> Hi Michael,
>>
>> 2016-09-04 17:51 GMT+02:00 Michael Stapelberg :
>> > Thanks for your work on LTS.
>> >
>> > Ti
Hi Roberto,
2016-09-07 4:06 GMT+02:00 Roberto C. Sánchez :
> Hi Balint,
>
> On Wed, Sep 07, 2016 at 03:12:46AM +0200, Bálint Réczey wrote:
>> Hi Roberto,
>>
>> I think there is no need wait more (wearing my frontdesk hat).
>> There are fixes in upstream
Hi Roberto,
2016-08-17 15:29 GMT+02:00 Roberto C. Sánchez :
> On Sun, Jul 24, 2016 at 04:26:20PM -0400, Roberto C. Sánchez wrote:
>> FYI, I did the last LTS update of ICU earlier this month, so I think I
>> will be able to easily prepare another update. I went ahead and claimed
>> it in dla-neede
Hi Thorsten,
2016-05-18 22:08 GMT+02:00 Thorsten Alteholz :
> Hi Antoine,
>
> On Tue, 17 May 2016, Antoine Beaupré wrote:
>>
>> Those issues should have been fixed in the same upload,
>
>
> ah, ok, I think this is the problem. In case you know that fixing an issue
> takes a longer time than usual,
Hi Michael,
2016-09-04 17:51 GMT+02:00 Michael Stapelberg :
> Thanks for your work on LTS.
>
> Time does not permit me to do any of this work myself.
>
> Please go ahead and make any changes as you see fit, there’s no need for my
> review.
Thank you for your quick answer.
I (on behalf of the LTS
Hi Alessandro,
2015-04-27 14:12 GMT+02:00 Alessandro Ghedini :
> On ven, apr 24, 2015 at 11:26:22 +0200, Raphael Hertzog wrote:
>> Hello Alessandro,
>
> Hi, and sorry for the delay.
>
>> the Debian LTS team would like to fix the security issues which are
>> currently open in the Squeeze version of
Hi Hugo,
2016-09-04 13:25 GMT+02:00 Hugo Lefeuvre :
>> Yes, qemu is supported (and there has was lots of file renaming after
>> the Wheezy version). If you handle qemu please look at qemu-kvm as well
>> (they're the same version).
>
> Thanks for the hint.
I took the liberty of claiming qemu-kvm f
Hi,
I have prepared an update for eog in Wheezy.
Please see the diff to previous version attached. A practically
identical changeset has been added to the packaging repository
for a later jessie update.
Changes:
eog (3.4.2-1+build1+deb7u1) wheezy-security; urgency=medium
.
* Team Upload
2016-08-27 12:14 GMT+02:00 Chris Lamb :
> Balint,
>
>> I see Chris already claimed it a few minutes ago in dla-needed.txt.
>
> Makes much more sense for you to take it. If you agree, please edit
> dla-needed.txt within 24h.
OK, thanks.
Cheers,
Balint
>
>
> Regards,
>
> --
> ,''`.
> :
2016-08-27 11:16 GMT+02:00 Bálint Réczey :
> Hi,
>
> 2016-08-27 2:27 GMT+02:00 :
>> Hello dear maintainer(s),
>>
>> the Debian LTS team would like to fix the security issues which are
>> currently open in the Wheezy version of eog:
>> https://security-t
Hi,
2016-08-27 2:27 GMT+02:00 :
> Hello dear maintainer(s),
>
> the Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of eog:
> https://security-tracker.debian.org/tracker/CVE-2016-6855
>
> Would you like to take care of this yourself?
I'll ta
Hi,
I have prepared an update for wireshark in Wheezy.
Please see the diff to previous version attached. A practically
identical changeset has been already accepted to jessie-security.
Changes:
wireshark (1.12.1+g01b65bf-4+deb8u6~deb7u3) wheezy-security; urgency=medium
.
* security fixes fr
Hi Rene,
2016-08-04 19:34 GMT+02:00 Rene Engelhard :
> Hi,
>
> On Thu, Aug 04, 2016 at 09:12:04AM +0200, Rene Engelhard wrote:
>> I noticed Balint did some additional changes to deb7u7 (build-depends
>> on fixed graphite2 - thanks for that), so this needs
>> either be merged into my deb7u8 or I ca
Hi Markus,
2016-08-01 10:35 GMT+02:00 Markus Koschany :
> Hi all,
>
> DLA-577-1 has been issued two days ago but redis hasn't been uploaded
> yet. Chris could you investigate please?
>
> I also noticed that sometimes the delay between the upload and actual
> security announcement takes too long. F
Hi Rene,
2016-07-28 18:29 GMT+02:00 Rene Engelhard :
> Hi again,
>
> On Wed, Jul 27, 2016 at 10:03:13AM +0200, Balint Reczey wrote:
>> If that workflow is a burden to you, feel free to just prepare an
>> updated source package and send it to debian-lts@lists.debian.org
>> (via a debdiff, or with a
Hi Nick,
2016-07-19 15:35 GMT+02:00 Nick Leverton :
> On Tue, Jul 19, 2016 at 08:54:18AM +0200, Chris Lamb wrote:
>> Hello dear maintainer(s),
>>
>> the Debian LTS team would like to fix the security issues which are
>> currently open in the Wheezy version of libupnp:
>> https://security-tracker.d
Hi Maximiliano,
2016-07-25 15:41 GMT+02:00 Bálint Réczey :
> Hi,
>
> 2016-07-19 23:12 GMT+02:00 Brian May :
>> Maximiliano Curia writes:
>>
>>> I just did the upload to unstable, with the karchive fix from upstream and
>>> an
>>> modified versio
Hi,
2016-07-19 23:12 GMT+02:00 Brian May :
> Maximiliano Curia writes:
>
>> I just did the upload to unstable, with the karchive fix from upstream and an
>> modified version of that one for kde4libs. The second one needs some test,
>> sadly adding the (binary) test file used in karchive is a bit
Hi,
2016-07-23 21:24 GMT+02:00 Bálint Réczey :
...
> I have prepared an update for Wheezy's cakephp package fixing
> TEMP-000-698CF7, please see the diff attached.
> The fix could also be applied to Jessie's version.
I have updated the changelog to list #832283 instead
Hi Serge & All,
2016-07-21 16:16 GMT+02:00 Serge E. Hallyn :
> Quoting Christian PERRIER (bubu...@debian.org):
>> Quoting Chris Lamb (la...@debian.org):
>> > Hello dear maintainer(s),
>> >
>> > the Debian LTS team would like to fix the security issues which are
>> > currently open in the Wheezy ve
Hi Dmitry,
2016-01-25 0:24 GMT+01:00 Dmitry Smirnov :
> On Sat, 23 Jan 2016 07:37:02 PM Thorsten Alteholz wrote:
>> the Debian LTS team would like to fix the security issues which are
>> currently open in the Squeeze version of cakephp:
>> https://security-tracker.debian.org/tracker/CVE-2015-8379
Hi,
2016-07-06 18:22 GMT+02:00 Holger Levsen :
> On Wed, Jul 06, 2016 at 05:57:43PM +0200, Markus Koschany wrote:
>> In this specific case I wouldn't do it because of the reasons I have
>> mentioned before but more input from others is welcome. If we decide to
>> fix these issues we also need to t
Hi Christian,
2016-07-01 10:03 GMT+02:00 Christian Hofstaedtler :
> * Balint Reczey [160630 00:20]:
> [..]
>> >>> I plan updating Jessie's version through jessie-proposed-updates, since
>> >>> the issue is marked as no-DSA.
>> >>
>> >> This can probably still go through debian-security?
>> >
>> >
Hi Christian,
2016-06-28 7:27 GMT+02:00 Christian Hofstaedtler :
> Hi,
>
> * Bálint Réczey [160628 00:28]:
>> Dear Ruby and LTS Maintainers,
>>
>> I plan updating the ruby-eventmachine package in Wheezy LTS to
>> fix the following security issue:
>> http
Dear Ruby and LTS Maintainers,
I plan updating the ruby-eventmachine package in Wheezy LTS to
fix the following security issue:
https://security-tracker.debian.org/tracker/TEMP-0678512-2E167C
Please see the diff to previous version attached.
Changes:
ruby-eventmachine (0.12.10-3+deb7u1) wheezy-
Hi,
I have prepared an update for wireshark in Wheezy.
Please see the diff to previous version attached. I have submitted
a practically identical changeset to the Security Team for accepting
it as an update to Jessie's version.
Changes:
wireshark (1.12.1+g01b65bf-4+deb8u6~deb7u2) wheezy-securit
Hi Emilio,
2016-06-26 9:58 GMT+02:00 Emilio Pozuelo Monfort :
> On 26/06/16 02:19, Bálint Réczey wrote:
>> Hi,
>>
>> There are newly discovered vulnerabilities in tiff [1].
>>
>> I no one objects I plan looking into them and working with the
>> maintainer(s)
Hi,
There are newly discovered vulnerabilities in tiff [1].
I no one objects I plan looking into them and working with the
maintainer(s) to get them fixed in Wheezy LTS and in newer
releases.
Damyan, who prepared the latest DLA is marked as inactive
for the month and I'm also CC-ing Santiago and
2016-05-31 14:31 GMT+02:00 Bálint Réczey :
> Dear LTS Team,
>
> 2016-05-31 14:19 GMT+02:00 Bálint Réczey :
>> Hi Bjoern,
>>
>> 2016-05-31 13:27 GMT+02:00 Bjoern Nyjorden :
>>> Hi there;
>>>
>>> Unfortunately, as at 11:17 (+); This UPDATE IS
Dear LTS Team,
2016-05-31 14:19 GMT+02:00 Bálint Réczey :
> Hi Bjoern,
>
> 2016-05-31 13:27 GMT+02:00 Bjoern Nyjorden :
>> Hi there;
>>
>> Unfortunately, as at 11:17 (+); This UPDATE IS NOT AVAILABLE at the
>> AUSTRALIAN REGION MIRROR (IP: 150.203.164.61) of:
Hi Bjoern,
2016-05-31 13:27 GMT+02:00 Bjoern Nyjorden :
> Hi there;
>
> Unfortunately, as at 11:17 (+); This UPDATE IS NOT AVAILABLE at the
> AUSTRALIAN REGION MIRROR (IP: 150.203.164.61) of:
>
> http://security.debian.org/debian-security/pool/updates/main/w/wireshark/
>
> If the update is alr
Hi,
I have prepared the backport of wireshark from jessie-security for
wheezy-security:
https://people.debian.org/~rbalint/ppa/wheezy-lts/wheezy-security/
Changes from jessie-security's latest:
wireshark (1.12.1+g01b65bf-4+deb8u6~deb7u1) wheezy-security; urgency=high
.
* Backport to wheezy-s
2015-06-09 17:55 GMT+02:00 Raphael Hertzog :
> Hello Balint,
>
> the Debian LTS team would like to fix the security issues which are
> currently open in the Squeeze version of wireshark:
> https://security-tracker.debian.org/tracker/CVE-2015-3811
>
> I see it's already fixed in wheezy in 1.8.2-5whe
Hi Raphael,
2015-04-21 15:58 GMT+02:00 Raphael Hertzog :
> Hi Balint,
>
> On Tue, 14 Apr 2015, Bálint Réczey wrote:
>> I have prepared the DLA and uploaded the fixed package but it ended up in
>> NEW.
>> Dear FTP Masters, please accept it.
>
> FTR the package
2015-04-14 14:47 GMT+02:00 Holger Levsen :
> Hi Balint,
>
> On Dienstag, 14. April 2015, Bálint Réczey wrote:
>> I have prepared the DLA and uploaded the fixed package but it ended up in
>> NEW. Dear FTP Masters, please accept it.
>
> what distribution did you use in de
Hi,
2015-04-12 20:36 GMT+02:00 Raphael Hertzog :
> On Sun, 12 Apr 2015, Bálint Réczey wrote:
>> I have prepared the attached patch implementing b.). If no one opposes
>> I will upload it on Tuesday.
>> The change is not backwards-compatible in a sense that custom software
&g
Hi,
2015-04-12 9:14 GMT+02:00 Raphael Hertzog :
> Hi,
>
> On Sun, 12 Apr 2015, Ben Hutchings wrote:
>> On Sun, 2015-04-12 at 01:05 +0200, Bálint Réczey wrote:
>> [...]
>> > I assume this situation is not unique to Wireshark. What do you think,
>> > what w
Hi Ben,
2015-04-12 1:38 GMT+02:00 Ben Hutchings :
> On Sun, 2015-04-12 at 01:05 +0200, Bálint Réczey wrote:
> [...]
>> I assume this situation is not unique to Wireshark. What do you think,
>> what would be the best for the LTS project in Wireshark's case and
>> wha
Hi,
2015-03-30 10:40 GMT+02:00 Holger Levsen :
> Hi,
>
> On Montag, 30. März 2015, Michael Banck wrote:
>> Please keep in mind that wheezy will get regular maintenance for one
>> year after the jessie release, so the question whether there will be a
>> wheezy-lts or not is not imminent.
>
> while
Hi Raphael,
2015-04-10 23:59 GMT+02:00 Raphael Hertzog :
> Hello Balint,
>
> I would like to clarify the situation of wireshark in squeeze.
> In https://bugs.debian.org/774312 you requested to mark the
> package as "not-supported" and this has now been done.
>
> So in theory I should tag all CVE a
Hi Holger,
2014-08-20 13:22 GMT+02:00 Holger Levsen :
> Hi Balint,
>
> On Mittwoch, 20. August 2014, Balint Reczey wrote:
>> I have prepared a security update for the wireshark source package.
>
> great.
>
>> Please see the diffs attached.
>
> and then, what do you want us to do? Review the patch?
96 matches
Mail list logo
