On 12.12.2016 20:41, Vincent Blut wrote:
> Hello,
>
> I would like to see chrony being updated in wheezy-lts to fix
> CVE-2016-1567. Also, I included a fix to make sure we don’t delete the
> /var/lib/chrony content. [...]
Hi,
the patch looks good to me. Please go ahead.
Regards,
Markus
sign
On Tue, Dec 13, 2016 at 09:17:54AM +0100, Markus Koschany wrote:
On 12.12.2016 20:41, Vincent Blut wrote:
Hello,
I would like to see chrony being updated in wheezy-lts to fix
CVE-2016-1567. Also, I included a fix to make sure we don’t delete the
/var/lib/chrony content. [...]
Hi,
the patch l
On 13.12.2016 16:30, Vincent Blut wrote:
> On Tue, Dec 13, 2016 at 09:17:54AM +0100, Markus Koschany wrote:
>> On 12.12.2016 20:41, Vincent Blut wrote:
>>> Hello,
>>>
>>> I would like to see chrony being updated in wheezy-lts to fix
>>> CVE-2016-1567. Also, I included a fix to make sure we don’t de
Ola Lundqvist wrote:
> I can take both weeks. I have hours left this month.
Many thanks.
(Has been taken in lts-frontdesk.2016.txt)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Hi,
While having a look at CVE-2016-9913, I noticed that the virtio_9p_init
function in hw/9pfs/virtio-9p-device.c (renamed virtio_9p_device_realize
here[0]) doesn't clean allocated memory when encountering errors (in
the wheezy version it just does exit(1), issue fixed since this
commit[1], jessi
On Tue, Dec 13, 2016 at 04:50:11PM +0100, Markus Koschany wrote:
On 13.12.2016 16:30, Vincent Blut wrote:
On Tue, Dec 13, 2016 at 09:17:54AM +0100, Markus Koschany wrote:
On 12.12.2016 20:41, Vincent Blut wrote:
Hello,
I would like to see chrony being updated in wheezy-lts to fix
CVE-2016-156
Hi
Sorry for my lack of understanding. But why do them memory have to be
explicitly deallocated if exit is called? In what way is that a security
issue?
I´m asking as I have seen problems with deallocation more than once.
Especially in error handlers.
/ Ola
Sent from a phone
Den 13 dec 2016 18
[Forwarding after getting ACK]
- Original message -
From: Chris Lamb
To: Philipp Hahn , secur...@debian.org, "Laszlo Boszormenyi
(GCS)"
Cc: Bob Friesenhahn
Subject: Re: BUG: graphicsmagick CVE-2016-5240 wrong in Debian-Wheezy
Date: Tue, 13 Dec 2016 17:34:20 +0100
Philipp Hahn wrote:
Hi Ola,
> Sorry for my lack of understanding. But why do them memory have to be
> explicitly deallocated if exit is called? In what way is that a security
> issue?
>
> I´m asking as I have seen problems with deallocation more than once.
> Especially in error handlers.
Thank you for the advice. Y
>From what I can tell, phpmyadmin may in wheezy may not be vulnerable to
CVE-2016-9861 / PMASA-2016-66 because I can't find the vulnerable code.
--
Brian May
Brian May writes:
> From what I can tell, phpmyadmin may in wheezy may not be vulnerable to
> CVE-2016-9861 / PMASA-2016-66 because I can't find the vulnerable code.
Hmmm... Looks like the PMA_isAllowedDomain() function was created in
response to CVE-2016-4412 / PMASA-2016-57 which hasn't been f
Hi Hugo
I guess it depends on how large the memory leak is and how often it would occur.
A small memory leak is not a security problem. But if it occurs often
and/or it is a very large thing seldom then it could cause DoS and
then it is a security problem.
I do not have the details to judge that.
12 matches
Mail list logo
