Re: man-db hardening fixes

2024-02-05 Thread Colin Watson
g/debian/man-db ? > If yes, it would be needed to create a (debian/)buster branch, and tag > the commit you recently released. I could also do it if you wish. I'd meant to push it to debian/man-db, but apparently forgot, sorry. There's a buster branch there

Re: man-db hardening fixes

2024-02-01 Thread Colin Watson
On Thu, Feb 01, 2024 at 05:41:19PM +0530, Utkarsh Gupta wrote: > On Thu, Feb 1, 2024 at 1:44 AM Colin Watson wrote: > > I'm both the Debian and upstream maintainer of man-db. I'm considering > > uploading some variation of the attached diff to buster-security LTS. &

man-db hardening fixes

2024-01-31 Thread Colin Watson
sion potential, since they just add a couple of extra entries to existing rulesets and so shouldn't disallow anything that's currently allowed. Thanks, -- Colin Watson (he/him) [cjwat...@debian.org] diff --git a/debian/.git-dpm b/debian/.git-dpm index 0c

Re: Wheezy update of icoutils?

2017-01-08 Thread Colin Watson
https://bugs.debian.org/cgi-bin/bugreport.cgi?att=4;bug=850017;filename=0001-Fix-check_offset-overflow-on-64-bit-systems.patch;msg=8 But yes, much the same thing. Cheers, -- Colin Watson [cjwat...@debian.org]

Re: Wheezy update of icoutils?

2017-01-07 Thread Colin Watson
> > Would you like to take care of this yourself? I'm afraid I'm not going to have time to issue stable/LTS updates, but I've attached a patch to the bug which should be usable for this. Thanks, -- Colin Watson [cjwat...@debian.org]

Re: squeeze update of openssh?

2016-01-29 Thread Colin Watson
that could easily be fixed. Fine words, and you're not the first to utter them; but they need to be backed up with action in graphical toolkits, and such action has not been in evidence for a decade or more. -- Colin Watson [cjwat...@debian.org]

Re: squeeze update of openssh?

2016-01-15 Thread Colin Watson
lly blessed a fix for real. https://security-tracker.debian.org/tracker/source-package/openssh is mistaken in claiming that this is fixed in sid. It's not. -- Colin Watson [cjwat...@debian.org]

Re: About the security issues affecting man-db in Squeeze

2015-12-16 Thread Colin Watson
As you say it doesn't appear urgent. I'm not at all promising that a fix will be sanely backportable, though; it is likely to take considerable refactoring work. -- Colin Watson [cjwat...@debian.org]

Re: squeeze update of putty?

2015-03-14 Thread Colin Watson
ke care of this yourself? We are still understaffed so > any help is always highly appreciated. Yes, I'm working on this, and have claimed it in dla-needed. One part of the backport is a bit non-trivial so I may not finish it today, but will get there as soon as I can. Ch