Re: ntp security update

On Sun, Oct 25, 2015 at 01:30:18PM +0900, Ben Hutchings wrote: > I've looked through the upstream repository for the patches that fix he > recently announced issues.  Quite a few of them turned out not to apply > to squeeze, or the newer stable releases, and I've updated the security > tracker acco

Re: ntp security update

On Sun, Oct 25, 2015 at 11:19:03AM +0100, Kurt Roeckx wrote: > On Sun, Oct 25, 2015 at 01:30:18PM +0900, Ben Hutchings wrote: > > I've looked through the upstream repository for the patches that fix he > > recently announced issues.  Quite a few of them turned out not to apply > > to squeeze, or th

Re: ntp security update

On Sun, Oct 25, 2015 at 11:51:24AM +0100, Kurt Roeckx wrote: > On Sun, Oct 25, 2015 at 11:19:03AM +0100, Kurt Roeckx wrote: > > On Sun, Oct 25, 2015 at 01:30:18PM +0900, Ben Hutchings wrote: > > > I've looked through the upstream repository for the patches that fix he > > > recently announced issue

Re: ntp security update

On Sun, 2015-10-25 at 11:19 +0100, Kurt Roeckx wrote: > On Sun, Oct 25, 2015 at 01:30:18PM +0900, Ben Hutchings wrote: > > I've looked through the upstream repository for the patches that fix he > > recently announced issues.  Quite a few of them turned out not to apply > > to squeeze, or the newer

Re: ntp security update

On Mon, Oct 26, 2015 at 06:13:07AM +0900, Ben Hutchings wrote: > > Your bug-2899.patch patch looks a little different.  You have: > > @@ -2207,8 +2221,8 @@ crypto_bob( > >    vp->sig = emalloc(sign_siglen); > >    EVP_SignInit(&ctx, sign_digest); > >    EVP_SignUpdate(&ctx, (u_char *)&v

Re: ntp security update

On Sun, 2015-10-25 at 22:45 +0100, Kurt Roeckx wrote: > On Mon, Oct 26, 2015 at 06:13:07AM +0900, Ben Hutchings wrote: [...] > > > While I have addiotional patches for: > > > CVE-2014-9750.patch (it was missing 1 patch while it was fixed it > > > seems) > > > > Which is split from CVE-2014-9297. >

Re: ntp security update

On Mon, Oct 26, 2015 at 06:55:06AM +0900, Ben Hutchings wrote: > On Sun, 2015-10-25 at 22:45 +0100, Kurt Roeckx wrote: > > On Mon, Oct 26, 2015 at 06:13:07AM +0900, Ben Hutchings wrote: > [...] > > > > While I have addiotional patches for: > > > > CVE-2014-9750.patch (it was missing 1 patch while i

Re: ntp security update

On Mon, Oct 26, 2015 at 06:13:07AM +0900, Ben Hutchings wrote: > On Sun, 2015-10-25 at 11:19 +0100, Kurt Roeckx wrote: > > On Sun, Oct 25, 2015 at 01:30:18PM +0900, Ben Hutchings wrote: > > > I've looked through the upstream repository for the patches that fix he > > > recently announced issues.  Q

ci-triggerfile contains unknown instruction "activate-nowaitt" (Re: Accepted libxml2 2.7.8.dfsg-2+squeeze13 (source i386 all) into squeeze-lts

Hi, I just did an upgrade and hit this: Vorbereitung zum Ersetzen von libxml2-dev 2.7.8.dfsg-2+squeeze12 (durch .../libxml2-dev_2.7.8.dfsg-2+squeeze13_i386.deb) ... Ersatz für libxml2-dev wird entpackt ... Vorbereitung zum Ersetzen von libxml2 2.7.8.dfsg-2+squeeze12 (durch .../libxml2_2.7.8.dfs

Re: ci-triggerfile contains unknown instruction "activate-nowaitt" (Re: Accepted libxml2 2.7.8.dfsg-2+squeeze13 (source i386 all) into squeeze-lts

Hi, well, it get's worse: # apt-get install -f Reading package lists... Done Building dependency tree Reading state information... Done Correcting dependencies... Done The following extra packages will be installed: libxml2 The following packages will be upgraded: libxml2 1 upgraded, 0