On Thu, Sep 14, 2017 at 10:39:14AM +0100, Dominic Hargreaves wrote:
> On Wed, Sep 13, 2017 at 06:51:10PM +0100, Chris Lamb wrote:
> > Package: wordpress-shibboleth
> > Version: 1.4-2+deb7u1
> > CVE ID : CVE-2017-14313
> > Debian Bug : #874416
On Wed, Sep 13, 2017 at 06:51:10PM +0100, Chris Lamb wrote:
> Package: wordpress-shibboleth
> Version: 1.4-2+deb7u1
> CVE ID : CVE-2017-14313
> Debian Bug : #874416
>
> It was discovered that there was a an XSS vulnerability in the login form of
> the "Shibboleth" ident
is as I won't have
much more time to work on this.
Thanks,
Dominic.
On Thu, Jun 01, 2017 at 11:10:46PM +0100, Dominic Hargreaves wrote:
> Hi,
>
> I think this should wait until we are happy that the jessie packages are
> working out, since there is backporting work to do
Hi,
I think this should wait until we are happy that the jessie packages are
working out, since there is backporting work to do cascading back through
versions. I'm just testing my jessie packages now.
I'll let you know if I have any time left to work on wheezy or not.
Cheers,
Dominic.
On Thu,
It looks (at least based on #833030) that the Debian BTS doesn't know
about LTS version numbers of packages - since the graph thinks that all
versions are affected when the submitter specifid the LTS release
version in the report.
If so, can this be fixed?
(Please CC me on replies)
Thanks,
Domin
+debian-lts
On Wed, Jul 27, 2016 at 02:17:12PM +0200, Thorsten Alteholz wrote:
>
>
> On Tue, 26 Jul 2016, Dominic Hargreaves wrote:
> >Thoughts? I can do a final build and upload this evening if appropriate.
>
> you are the expert, so I am totally fine with this.
Okay.
On Wed, Nov 04, 2015 at 05:42:43PM +0100, Raphael Hertzog wrote:
> > movabletype-opensource
> > -> Upstream went closed source, Dominic kept in on life support,
> > should be checked with him
>
> Dominic, do you think movabletype-opensource can be supported in wheezy
> until May 2018?
No, I would
On Sun, Apr 26, 2015 at 09:34:00AM +0200, David Ayers wrote:
> and congratulations on the release of Jessie! But I think im seeing
> some unexpected side effects, at least from my point of view.
>
> This is the contents an sources.list of one of my squeeze systems:
...
> an aptitude update curr
On Sun, Jun 22, 2014 at 03:06:37PM +0200, Jan Wagner wrote:
> I'm wondering if there are IDs for the releases on *-lts are planed,
> similar to DSA and BSA. It would be usefull to have them for reference.
I think it has been discussed before, but with no conclusion.
DSA team: how are DSA IDs curr
On Wed, Jun 11, 2014 at 09:14:45AM +0200, Salvatore Bonaccorso wrote:
> Hi,
>
> On Mon, Jun 09, 2014 at 10:51:48PM +0200, Andrea Zwirner wrote:
> > Uops, I've erroneously sent this question to debian-security. They will
> > (justly) kill me!
> >
> > Before it happens, just let me ask you if fix
On Fri, Jun 06, 2014 at 02:06:37AM +0200, Carlos Alberto Lopez Perez wrote:
>
> I can see on the svn that the updated package for linux-2.6 is ready [1]
> (or at least seems so)
> [1] http://anonscm.debian.org/viewvc/kernel?view=revision&revision=21392
I noticed that lts-needed.txt says:
"Some
On Fri, May 23, 2014 at 03:07:33PM +0200, Moritz Muehlenhoff wrote:
> Hi,
>
> I've incorporated various updates, see new version attached.
All looks good!
Cheers,
Dominic.
--
To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas
On Fri, May 23, 2014 at 11:54:06AM +0200, Moritz Muehlenhoff wrote:
> please review and comment on attached draft (especially those among you who
> are native speakers in English). I'm planning to send it on Sunday.
To debian-security-announce and debian-announce?
> Anything I'm missing in the a
Hi,
With LTS support being planned for squeeze, it would be good to also keep
squeeze-backports{,-sloppy} open for business (for packages from wheezy,
of course); have there been any discussions about this? sarge and etch
backports got closed at the same time as security support was terminated
for
On Sat, May 17, 2014 at 09:43:20AM +0200, Raphael Geissert wrote:
> On Friday 16 May 2014 17:39:02 Moritz Muehlenhoff wrote:
> [...]
> > What could be done is to provide the wheezy kernel with the source package
> > name linux-3.2. This way it would benefit from all the security backports
> > done
15 matches
Mail list logo
