This security vulnerability is described here:
https://bugzilla.redhat.com/show_bug.cgi?id=1357345
as:
"sets environmental variable based on user supplied Proxy request
header"
In particular it is talking about HTTP_PROXY, and it only a problem if
the server makes an outgoing HTTP request using
Hi,
I had a quick look at the code too (both in wheezy and jessie), but I
couldn't find the offending bits. Perhaps it'd be good to put together a
small web server and see what happens when you pass the 'Proxy' header.
Free
On 5 August 2016 at 10:26, Brian May wrote:
> This security vulnerabil
Hi Rene,
2016-08-04 19:34 GMT+02:00 Rene Engelhard :
> Hi,
>
> On Thu, Aug 04, 2016 at 09:12:04AM +0200, Rene Engelhard wrote:
>> I noticed Balint did some additional changes to deb7u7 (build-depends
>> on fixed graphite2 - thanks for that), so this needs
>> either be merged into my deb7u8 or I ca
Hi Magnus and LTS team
Magnus, Niels and I have been discussing the nettle update due to
https://security-tracker.debian.org/tracker/CVE-2016-6489
Magnus has started to prepare a wheezy update but had a few
questions. Here are some information that you should know about.
https://wiki.debian.org/L
Hi Magnus
You are of course welcome to improve the language in the changelog. :-)
I should probably have put quite marks to clarify the language, that the
text after the CVE number is a part of the CVE name.
Like this:
Protect against potential timing attacks against exponentiation operations
as
On 02/08/16 19:48, Emilio Pozuelo Monfort wrote:
> On 01/08/16 23:26, Markus Koschany wrote:
>> On 01.08.2016 23:01, Emilio Pozuelo Monfort wrote:
>>> On 31/07/16 19:41, Roberto C. Sánchez wrote:
On Sun, Jul 31, 2016 at 07:34:28PM +0200, Emilio Pozuelo Monfort wrote:
> Hi,
>
> Curr
On 04/08/16 23:02, Mike Hommey wrote:
> On Thu, Aug 04, 2016 at 07:50:28PM +0200, Guido Günther wrote:
>> Hi,
>> On Thu, Aug 04, 2016 at 06:32:14PM +0900, Mike Hommey wrote:
>>> On Thu, Aug 04, 2016 at 11:04:47AM +0200, Markus Koschany wrote:
Hello Mike,
Thank you for preparing the s
fredagen den 5 augusti 2016 22.16.29 skrev Ola Lundqvist:
> Hi Magnus and LTS team
>
> Magnus, Niels and I have been discussing the nettle update due to
> https://security-tracker.debian.org/tracker/CVE-2016-6489
>
> Magnus has started to prepare a wheezy update but had a few
> questions. Here a
Em Sexta-feira, 5 de Agosto de 2016 17:15, Emilio Pozuelo Monfort
escreveu:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package : openjdk-7
Version : 7u111-2.6.7-1~deb7u1
CVE ID : CVE-2016-3458 CVE-2016-3500 CVE-2016-3508 CVE-2016-3550
CVE-2016
