Re: DSA for lxc CVE-2015-1335 [was Re: working for wheezy-security until wheezy-lts starts]

2016-03-28 Thread Guido Günther
Hi Salvatore, On Mon, Mar 28, 2016 at 07:32:38AM +0200, Salvatore Bonaccorso wrote: > Hi Guido, > > On Sun, Mar 27, 2016 at 04:15:10PM +0200, Guido Günther wrote: [..snip..] > > O.k. to grab lxc fixing CVE-2015-1335 to dsa-needed ? > > Honestly I tend to actually mark this as no-dsa. My argument

Re: tracking security issues without CVEs

2016-03-28 Thread Andrew Deck
On a related note, does anyone know what happened to OSF and the OSVDB? There still seem to be blog updates, but I remember OSVDB having a web UI, and the OSF website seems to be down. https://en.wikipedia.org/wiki/Open_Source_Vulnerability_Database#Contributors -- "Institutions will try to pr

Re: DSA for lxc CVE-2015-1335 [was Re: working for wheezy-security until wheezy-lts starts]

2016-03-28 Thread Salvatore Bonaccorso
Hi Guido, On Mon, Mar 28, 2016 at 11:49:55AM +0200, Guido Günther wrote: > Hi Salvatore, > On Mon, Mar 28, 2016 at 07:32:38AM +0200, Salvatore Bonaccorso wrote: > > Hi Guido, > > > > On Sun, Mar 27, 2016 at 04:15:10PM +0200, Guido Günther wrote: > [..snip..] > > > O.k. to grab lxc fixing CVE-2015

Re: [PATCH] Given a package allow to check in which releases security support has ended

2016-03-28 Thread Guido Günther
Hi, On Thu, Feb 18, 2016 at 06:02:12PM +0100, Holger Levsen wrote: > Hi Guido, > > On Mittwoch, 17. Februar 2016, Guido Günther wrote: > > When triaging LTS issues I always have to look up what we still support > > and what not. Attached script simplifies this a bit: > > > > $ bin/support-end

Status report: Making OpenJDK 7 the default in Wheezy LTS

2016-03-28 Thread Markus Koschany
Hi all, here is a summary about the current status of making OpenJDK 7 the default Java JRE / JDK in Wheezy-LTS. Intended changes === 1. Making OpenJDK 7 the default by updating src:java-common, so that default-jre and default-jdk will install OpenJDK 7 instead of OpenJDK 6

Re: Archive of squeeze-lts ?

2016-03-28 Thread Antoine Beaupré
On 2016-03-27 15:01:01, Matus UHLAR - fantomas wrote: >>On Thu, 24 Mar 2016, Luke Hall wrote: >>> I'm seeing this when trying to fetch lts packages from >>> archive.debian.org at the moment. Anyone know a good contact for them? >>> >>> E: Release file expired, ignoring >>> http://archive.debian.org

Re: Archive of squeeze-lts ?

2016-03-28 Thread Raphael Hertzog
On Mon, 28 Mar 2016, Antoine Beaupré wrote: > > some time ago I have upgraded few lenny hosts (on private networks) from > > achive to latest lenny available, without error message of this kind. > > Happily works before I'm able to transfer services to new installation. > > > > I would like to do