Ben Hutchings writes:
> [ Unknown signature status ]
> On Thu, 2016-06-02 at 17:39 +1000, Brian May wrote:
>> Hello,
>>
>> Do we care about vulerabilities that are specific to HFS+?
>>
>> http://www.talosintel.com/reports/TALOS-2016-0093/
>> CVE-2016-2334
>
> If a program automatically detects
Hi,
On Thu, 02 Jun 2016, Ola Lundqvist wrote:
> The reason for picking the Android fix was that the Android version was
> similar to the one in wheezy. The upstream fix was against a much more
[...]
> Was this an answer to your questions?
Yes, thanks.
On Thu, 02 Jun 2016, Ola Lundqvist wrote:
>
Brian May writes:
> Will continue to check the code to make sure.
Actually looks like the vulnerable HFS+ is not present in the wheezy
version p7zip. In this version CPP/7zip/Archive/Hfs/HfsHandler.cpp is
only 243 lines, the exploit is in a function that doesn't exist on lines
1496 to 1575.
For
Brian May writes:
> I think there would need to be some code to disable the UDF code if it
> isn't a UDF file system. Even if just for compression not
> decompression. Still looking for this however.
Just realized I have been talking a lot of nonsense. UDF support isn't
about compressing files f
Hi Brian,
On Fri, Jun 03, 2016 at 06:13:43PM +1000, Brian May wrote:
> Brian May writes:
>
> > I think there would need to be some code to disable the UDF code if it
> > isn't a UDF file system. Even if just for compression not
> > decompression. Still looking for this however.
>
> Just realize
Hello Marc,
On Thu, 02 Jun 2016, Marc SCHAEFER wrote:
> root@reliand:/home/schaefer# /usr/sbin/update-flashplugin-nonfree --status
> Flash Player version installed on this system : 11.2.202.616
> [---]
> Flash Player version available on up
Hi,
On Sat, May 28, 2016 at 11:35:18AM +0200, Salvatore Bonaccorso wrote:
> Hi
>
> The upcoming libxml2 security update is little more bigger than usual,
> thus we want to expose the package a bit for additional testing. If
> you find a problem introduced by updating to these packages, please
> re
On Fri, 2016-06-03 at 17:25 +1000, Brian May wrote:
> Ben Hutchings writes:
>
> > [ Unknown signature status ]
> > On Thu, 2016-06-02 at 17:39 +1000, Brian May wrote:
> > > Hello,
> > >
> > > Do we care about vulerabilities that are specific to HFS+?
> > >
> > > http://www.talosintel.com/report
Hi nss maintainer(s) and LTS team
I have prepared a security update of nss for wheezy to solve the problem
described in CVE-2015-4000, for more info see:
https://security-tracker.debian.org/tracker/CVE-2015-4000
One could argue that this is not a problem as the case:
"when a DHE_EXPORT ciphersuit
