tion: 88
Last 80 unconsumed characters:
>
The fix for the above seems straightforward. This is the patch applied
by Ubuntu:
https://pastebin.ubuntu.com/p/VCvB6DrHnm/
<https://pastebin.ubuntu.com/p/VCvB6DrHnm/>
Bastien, I'd like to know if you want to follow-up on that since you
released this DLA. Otherwise, I can release the fix for this regression.
Cheers
--
Lucas Kanashiro
maintainers) are planning a SPU to also fix another bug, we
should squeeze in the no-DSA fixes as well.
For ruby3.3, we should update to the latest upstream patch release
before the trixie release.
Cheers!
--
Lucas Kanashiro
Hi Bastien,
On 11/01/2025 19:14, Lucas Kanashiro wrote:
Hi,
Em 11 de jan. de 2025, à(s) 19:08, Bastien Roucariès
escreveu:
Hi,
Can someone review
https://salsa.debian.org/ruby-team/ruby/-/commits/debian/bullseye ?
Yes, I can do it next week.
First, thanks for the proposed update!
I
enssl bug (security
> team notified)
Ack.
Cheers,
Lucas Kanashiro
/-/issues/63
<https://gitlab.com/freexian/services/deblts-team/debian-lts/-/issues/63#note_1998974134>
--
Lucas Kanashiro
ebian/#sponsors
[3]
https://gitlab.com/freexian/services/deblts-team/debian-lts/-/issues/63#note_1998974134
<https://gitlab.com/freexian/services/deblts-team/debian-lts/-/issues/63#note_1998974134>
--
Lucas Kanashiro
version 1.70.0+dfsg2-1 to
bullseye, this work will be used to update src:rustc-web. Next step is
to check whether we can backport this to buster and stretch.
[1] https://www.freexian.com/lts/
[2] https://www.freexian.com/lts/debian/#sponsors
--
Lucas Kanashiro
oberto and Santiago for supporting me during my
on-boarding, and also Emilio for helping me with the rust ecosystem in
Debian (not too familiar with it).
[1] https://gitlab.com/freexian/services/deblts-team/debian-lts/-/issues/63
Cheers!
--
Lucas Kanashiro
FWIW, in Ubuntu, we had a similar issue trying to fix this CVE in ruby2.7,
and in the end we reverted the fix:
https://launchpad.net/ubuntu/+source/ruby2.7/2.7.0-5ubuntu1.10
Lucas Kanashiro.
Em qua., 7 de jun. de 2023 07:47, Utkarsh Gupta
escreveu:
> Hiya,
>
> On Wed, Jun 7, 2023 a
-2018-19969: I was not able to confirm
yet whether the version in Jessie is affected or not.
[1] https://lists.debian.org/debian-lts-announce/2019/02/msg3.html
Best regards.
--
Lucas Kanashiro
signature.asc
Description: OpenPGP digital signature
ixed. :)
>
> Good job,
>
> A.
>
> On 2019-01-29 15:27:59, Lucas Kanashiro wrote:
>> Hugo,
>>
>> I just uploaded a new package fixing the issue that you pointed out here
>> again: https://people.debian.org/~kanashiro/jessie_lts/phpmyadmin/
>>
>> I
rs want
also to test it.
Cheers.
On 1/29/19 3:27 PM, Lucas Kanashiro wrote:
> Hugo,
>
> I just uploaded a new package fixing the issue that you pointed out here
> again: https://people.debian.org/~kanashiro/jessie_lts/phpmyadmin/
>
> I didn't perform any new testing yet, I
Hugo,
I just uploaded a new package fixing the issue that you pointed out here
again: https://people.debian.org/~kanashiro/jessie_lts/phpmyadmin/
I didn't perform any new testing yet, I want to do it soon. But if you
could have a try again it would be great.
Cheers.
On 1/29/19 11:37 AM,
gt; I guess a ; is missing here :)
Great, sorry for being a victim of my lack of attention... I've never
used phpmyadmin (that's why I requested some testing) and my local tests
were so basic that they didn't catch this issue. Shame on me.
I'll fix it and perform some tests. Thanks for the review and the time
that you spent on this.
Cheers!
--
Lucas Kanashiro
Hi,
I uploaded version 4.2.12-2+deb8u4 of phpmyadmin to:
https://people.debian.org/~kanashiro/jessie_lts/phpmyadmin/
It has patches fixing CVE-2018-19968 and CVE-2018-19970. I did not have
the time to determine whether jessie is affected by CVE-2018-19969
(requested by sunweaver), I did some
https://lists.debian.org/debian-lts-announce/2018/12/msg00019.html
Kind regards,
--
Lucas Kanashiro
signature.asc
Description: OpenPGP digital signature
] https://lists.debian.org/debian-lts-announce/2018/11/msg00019.html
Best regards,
--
Lucas Kanashiro
signature.asc
Description: OpenPGP digital signature
disks, create instances (some different
architectures), boot existent disks. Everything seems fine so far.
Cheers.
--
Lucas Kanashiro
signature.asc
Description: OpenPGP digital signature
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
On Wed, 2017-12-13 at 17:44 +, Chris Lamb wrote:
> Hi Lucas,
>
> > I will apply your patch, run another round of tests and upload the
> > fixed version.
>
> Any update on this? :) Feels bad (and bad "publicity" of sorts) to
> have known r
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi Frank,
You were faster than me, seems that you found the problem.
Probably I did not exercise this part of the source code in my tests,
thanks for the report and the provided patch.
I will apply your patch, run another round of tests and upload
Hi,
> Hi Frank,
>
>> After the update xrdp-sesman started to segfault in libscp:
>
Thanks for the report. I did not catch this segfault during my tests.
> Thank you for the report. I'm adding Lucas Kanashiro to the CC as
> he performed this upload and will likely
, thanks for point me to that. I'll prepare
an upload to jessie and contact the release team (I'll Cc you).
Apologize for the missunderstanding.
Cheers.
--
Lucas Kanashiro
this looks kinda strange to me, and is just wasted efford
> because I will have to push them there if you don't.
>
> So long,
> Rhonda
>
>
> * Lucas Kanashiro [2017-09-04 18:54:45 CEST]:
>> Hi,
>>
>> After review the 4 CVEs [0] that affect irssi
y the
Security Team to fix the mentioned CVEs in jessie, the debdiff is attached.
If someone has a different idea in mind share with me please.
Cheers.
[0] https://security-tracker.debian.org/tracker/source-package/irssi
2017-08-31 8:02 GMT-03:00 Lucas Kanashiro :
> Hi Rhonda,
>
> D
:
> Hi,
> please give the thunderbird packages
>
> https://people.debian.org/~agx/icedove-lts/
>
> a try. I'll add a new enighmail soonish since the current version
> conflicts with the one in Wheezy.
> Cheers,
> -- Guido
>
>
--
Lucas Kanashiro
time to
tackle it pretty please also do a jessie one right ahead too, otherwise
it looks kinda skew and gives a false impression of your intentions.
Enjoy,
Rhonda
* Lucas Kanashiro [2017-08-30 22:42:27 CEST]:
> Hi all,
>
> Any news about this? Will maintainers take care of irssi CVEs in
absolue dans un monde que l'on sait
> condamné. Puisque le pouvoir est partout, c'est partout et tout le temps
> qu'il faut le combattre. - Jean-François Brient, de la servitude moderne
>
>
--
Lucas Kanashiro
e want to fix it before, just warn me to avoid duplicate work.
Cheers.
--
Lucas Kanashiro
On 07/28/2016 05:55 PM, Lucas Kanashiro wrote:
> On 07/28/2016 05:02 PM, Sebastian Harl wrote:
>> Thanks. I updated dla-needed.
>>
>> The fixed packages are ready for upload now. Please find the full
>> debdiff (source and binary) attached to this email. Note th
ead to claim an DLA as documented. Should I wait for and
> synchronize with the DSA or should I come up with my own text?
>
I think you can go ahead with your own text if you are able to explain
the fixed vulnerabilities, helping users to understand them. If I am
wrong, please, correct me :
iting some feedback.
Best regards.
--
Lucas Kanashiro
8ED6 C3F8 BAC9 DB7F C130 A870 F823 A272 9883 C97C
diff -Nru libidn-1.25/debian/changelog libidn-1.25/debian/changelog
--- libidn-1.25/debian/changelog 2016-05-15 20:36:27.0 -0300
+++ libidn-1.25/debian/changelog 2016-07-28 16:11:30.0
On 07/27/2016 11:16 AM, Sebastian Harl wrote:
> On Wed, Jul 27, 2016 at 04:14:25PM +0200, Sebastian Harl wrote:
>> On Wed, Jul 27, 2016 at 10:40:13AM -0300, Lucas Kanashiro wrote:
>>> But we want your opinion. Would you like to take care of this yourself?
>> I'm happ
re of this update, it's not a problem, we
will do our best with your package. Just let us know whether you would
like to review and/or test the updated package before it gets released.
Thank you very much.
Lucas Kanashiro,
on behalf of the Debian LTS team.
PS: A member of the LTS team m
On 07/22/2016 03:43 PM, Lucas Kanashiro wrote:
> I can try to help to rebase wheezy on latest 1.4.x, are you talking
> about debian/wheezy or debian/wheezy-security branch?
>
My bad, I checked out the repo and I saw that the mentioned branch is
debian/wheezy :)
--
Lucas Kanashiro
point.
>
I can try to help to rebase wheezy on latest 1.4.x, are you talking
about debian/wheezy or debian/wheezy-security branch?
Cheers,
--
Lucas Kanashiro
8ED6 C3F8 BAC9 DB7F C130 A870 F823 A272 9883 C97C
signature.asc
Description: OpenPGP digital signature
nto master branch and release it, this CVE is a minor issue.
Thanks for your fast feedback Christian.
Cheers,
--
Lucas Kanashiro
8ED6 C3F8 BAC9 DB7F C130 A870 F823 A272 9883 C97C
signature.asc
Description: OpenPGP digital signature
able. Could we work
with that patch for version 3.1 (version in oldstable)?
[0] https://github.com/PowerDNS/pdns/pull/4134
Best regards,
--
Lucas Kanashiro
8ED6 C3F8 BAC9 DB7F C130 A870 F823 A272 9883 C97C
signature.asc
Description: OpenPGP digital signature
Sorry, I thought that I could help. I will not do any front desk work
again. Apologize.
Regards.
On Wed, Jul 20, 2016, 18:50 Chris Lamb wrote:
> > I tried to help with front desk work today
>
> May I ask why? There is a frontdesk "rota" to avoid duplicate work of
> this sort and, as you have n
Hi,
I tried to help with front desk work today, but unfortunately I sent
some redundant emails because I did not realize that they had already
been sent. Sorry, I'll take more care before start to send these kind of
emails.
Regards.
--
Lucas Kanashiro
8ED6 C3F8 BAC9 DB7F C130 A870 F823
On 07/20/2016 05:55 PM, intrigeri wrote:
> Hi Lucas,
>
> Lucas Kanashiro wrote (20 Jul 2016 20:47:20 GMT) :
>> the Debian LTS team would like to fix the security issues which are
>> currently open in the Wheezy version of mat:
>> https://security-tracker.debian.org/
r test the updated package before it gets released.
Thank you very much.
Lucas Kanashiro,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this f
r test the updated package before it gets released.
Thank you very much.
Lucas Kanashiro,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this f
nd/or test the updated package before it gets released.
Thank you very much.
Lucas Kanashiro,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this f
r test the updated package before it gets released.
Thank you very much.
Lucas Kanashiro,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this f
r test the updated package before it gets released.
Thank you very much.
Lucas Kanashiro,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this f
ur package. Just let us know whether you would
like to review and/or test the updated package before it gets released.
Thank you very much.
Lucas Kanashiro,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify wheth
r test the updated package before it gets released.
Thank you very much.
Lucas Kanashiro,
on behalf of the Debian LTS team.
PS: I intend to work on this package if you do not want to do it.
Regards,
--
Lucas Kanashiro
8ED6 C3F8 BAC9 DB7F C130 A870 F823 A272 9883 C97C
signature.asc
D
> whole CSRF complex requires much more work IMO and unless you are
> already familiar with Roundcube and PHP it might not be the right
> package to start with. It's up to you.
>
Sure, so I guess I'll claim another package.
Thanks again.
--
Lucas Kanashiro
8ED6 C3F
that
worth work on CVE-2014-9587? Or should I leave this package and try to
work on another one?
Thanks a lot!
Cheers.
--
Lucas Kanashiro
8ED6 C3F8 BAC9 DB7F C130 A870 F823 A272 9883 C97C
signature.asc
Description: OpenPGP digital signature
it up to you.
Thank you very much.
Lucas Kanashiro,
on behalf of the Debian LTS team.
PS: if you want the new packages are available here:
https://people.debian.org/~kanashiro/wheezy_lts/
--
Lucas Kanashiro
8ED6 C3F8 BAC9 DB7F C130 A870 F823 A272 9883 C97C
diff -Nru roundcube-0.7.2/d
Hi Ola,
I had a look in this package a couple of weeks ago and I found the same
problem. I discussed it with Antonio and I think that we can skip this
package instead of add a new dependency in wheezy. We guess that implement
a cookie_jar "by hand" is not a good idea :)
Cheers,
Em sex, 20 de mai
51 matches
Mail list logo
