On Wed, 01 Jun 2016, Ola Lundqvist wrote:
> As you can see from the below links, it is quite obvious that squid3
> is in better shape from a secuirty patching point of view compared to
> the squid package.
> https://security-tracker.debian.org/tracker/source-package/squid
> https://security-tracker
Hello,
Do we care about vulerabilities that are specific to HFS+?
http://www.talosintel.com/reports/TALOS-2016-0093/
CVE-2016-2334
Regards
--
Brian May
https://linuxpenguins.xyz/brian/
Brian May writes:
> Hello,
>
> Do we care about vulerabilities that are specific to HFS+?
>
> http://www.talosintel.com/reports/TALOS-2016-0093/
> CVE-2016-2334
Along similar lines, just noticed that the next issue is UDF specific.
http://www.talosintel.com/reports/TALOS-2016-0094/
CVE-2016-233
On Thu, 2016-06-02 at 17:39 +1000, Brian May wrote:
> Hello,
>
> Do we care about vulerabilities that are specific to HFS+?
>
> http://www.talosintel.com/reports/TALOS-2016-0093/
> CVE-2016-2334
If a program automatically detects file formats then every supported
file format is part of its attac
On 29.05.2016 22:21, Santiago Ruano Rincón wrote:
> El 29/05/16 a las 19:53, Thorsten Alteholz escribió:
>> Hello dear maintainer(s),
>>
>> the Debian LTS team would like to fix the security issues which are
>> currently open in the Wheezy version of vlc:
>> https://security-tracker.debian.org/trac
Hello,
I saw that you have claimed libxstream-java in dla-needed.txt. It's been
a while since the security update for Jessie has been released. Is there
a reason why libxstream-java hasn't been updated in Wheezy yet?
Regards,
Markus
signature.asc
Description: OpenPGP digital signature
Le 2/06/2016 à 11:19, Markus Koschany a écrit :
> I saw that you have claimed libxstream-java in dla-needed.txt. It's been
> a while since the security update for Jessie has been released. Is there
> a reason why libxstream-java hasn't been updated in Wheezy yet?
Hi Markus,
Sorry I forgot about
Hi
Thanks Raphael and Holger for feedback.
Holger, very good to know about the upgrade issue. I should have guessed
that considering that there were two versions in the same release.
Raphael, very good to know about the principles. I thought we primarily
supported what sponsors use but now I und
Hi Jose and LTS team
I have prepared a security update of dhcpcd5 to correct the problems
described in CVE-2014-7912 and CVE-2014-7913.
For more information see here:
https://security-tracker.debian.org/tracker/source-package/dhcpcd5
What I did was to manually apply the correction made for androi
On Thu, 02 Jun 2016, Ola Lundqvist wrote:
> Raphael, very good to know about the principles. I thought we primarily
> supported what sponsors use but now I understand that we support the whole
> release.
Yes we handle packages used by sponsors in priority. But when we have
dealt with all issues in
Hi
Thanks.
Do we have a good link to look at that describe what our sponsors use?
/ Ola
Sent from a phone
Den 2 jun 2016 13:38 skrev "Raphael Hertzog" :
> On Thu, 02 Jun 2016, Ola Lundqvist wrote:
> > Raphael, very good to know about the principles. I thought we primarily
> > supported what sp
On Thu, 02 Jun 2016, Ola Lundqvist wrote:
> Do we have a good link to look at that describe what our sponsors use?
You should have a look at the files available in the private git
repository of paid contributors... there's a "packages-to-support" file
(and you are supposed to use ./find-work to fi
On Thu, 02 Jun 2016, Ola Lundqvist wrote:
> What I did was to manually apply the correction made for android.
Why did you pick the android fix when the security tracker also lists
commits on the upstream VCS?
http://roy.marples.name/projects/dhcpcd/ci/528541c4c619520e?sbs=0
http://roy.marples.nam
Hello,
root@reliand:/home/schaefer# /usr/sbin/update-flashplugin-nonfree --status
Flash Player version installed on this system : 11.2.202.616
[---]
Flash Player version available on upstream site: 11.2.202.621
[ ... ]
Happens even if you
On Thu, Jun 02, 2016 at 04:54:24PM +0200, Marc SCHAEFER wrote:
> Apparently could be linked to this problem:
Sorry, wrong report, this happens:
options : --verbose --install --
temporary directory: /tmp/flashplugin-nonfree.V6BBxGzvnq
importing public key ...
selected action = --install
installed
Hi Raphael
The reason for picking the Android fix was that the Android version was
similar to the one in wheezy. The upstream fix was against a much more
recent with quite significantly changed code base (essentially a complete
rewrite). Also the Android fix was much smaller and corrected both
pro
Ok, thanks.
Sent from a phone
Den 2 jun 2016 14:35 skrev "Raphael Hertzog" :
> On Thu, 02 Jun 2016, Ola Lundqvist wrote:
> > Do we have a good link to look at that describe what our sponsors use?
>
> You should have a look at the files available in the private git
> repository of paid contributor
Hi Santiago,
On Sun, 29 May 2016, Santiago Ruano Rincón wrote:
Keep in mind that vlc was marked as not-supported in wheezy.
oh, I seem to have ignored that. So sorry for the noise.
Thorsten
On 02.06.2016 11:35, Emmanuel Bourg wrote:
> Le 2/06/2016 à 11:19, Markus Koschany a écrit :
>
>> I saw that you have claimed libxstream-java in dla-needed.txt. It's been
>> a while since the security update for Jessie has been released. Is there
>> a reason why libxstream-java hasn't been updated
On Thu, Jun 02, 2016 at 09:32:27PM +0200, Markus Koschany wrote:
> On 02.06.2016 11:35, Emmanuel Bourg wrote:
> > Le 2/06/2016 à 11:19, Markus Koschany a écrit :
> >
> >> I saw that you have claimed libxstream-java in dla-needed.txt. It's been
> >> a while since the security update for Jessie has
On 02.06.2016 22:03, Moritz Muehlenhoff wrote:
> On Thu, Jun 02, 2016 at 09:32:27PM +0200, Markus Koschany wrote:
>> On 02.06.2016 11:35, Emmanuel Bourg wrote:
>>> Le 2/06/2016 à 11:19, Markus Koschany a écrit :
>>>
I saw that you have claimed libxstream-java in dla-needed.txt. It's been
On 29.05.2016 19:53 +0200, Thorsten Alteholz wrote:
Hello dear maintainer(s),
the Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of vlc:
https://security-tracker.debian.org/tracker/CVE-2016-5108
Would you like to take care of this yourself?
Hi again
It was possible to build this but it was not trivial. The Android tests
must be done with some clever automation because I had to edit the dhcpcd.c
file to rename the main function there.
Building worked after that.
g++ -Wall -Werror -Wunused-parameter -I/usr/src/gtest -I.
/usr/src/gtest
Hi,
El 01/06/16 a las 16:43, Salvatore Bonaccorso escribió:
> Hi LTS team,
>
> On Sat, May 28, 2016 at 11:35:18AM +0200, Salvatore Bonaccorso wrote:
> [...]
> > While preparing the jessie-security update, The commits were
> > backported as well for libxml2 in wheezy. If you are using them please
24 matches
Mail list logo
