Hi Antoine,
Am 16.12.2016 um 15:15 schrieb Antoine Beaupré:
> I am looking at recent nagios3 vulnerabilities and I can't make sense of
> this:
>
> nagios3 (3.4.1-3+deb7u1) wheezy; urgency=low
>
> [...]
>
> -- Jonas Meurer Fri, 01 Nov 2013 14:32:18 +0100
>
> https://tracker.debian.org/media/
On 2016-12-18 10:05:48, Jonas Meurer wrote:
> I see that the current situation with a higher nagios3 version in
> backports than in wheezy-security is not very nice. I'll ping the
> backports ftpmasters and ask for removal of nagios3 from wheezy-backports.
Actually, after talking with an ftpmaster
Hi Guido,
> We don't have virtfs-proxy-helper in wheezy so I think we don't need
> support the "proxy" case.
>
> As for "handle" did you check that it works in Wheezy including unplug?
> If so please let me know and we can have a closer look.
>
> I've only used "local" so far which does not seem
Hello dear maintainer(s),
the Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of dcmtk:
https://security-tracker.debian.org/tracker/CVE-2015-8979
Would you like to take care of this yourself?
If yes, please follow the workflow we have defined
On Sun, Dec 18, 2016 at 09:55:55PM +0100, Hugo Lefeuvre wrote:
> Hi Guido,
>
> > We don't have virtfs-proxy-helper in wheezy so I think we don't need
> > support the "proxy" case.
> >
> > As for "handle" did you check that it works in Wheezy including unplug?
> > If so please let me know and we c
Hi Markus,
thanks for your work on LTS which I consider quite important.
On Sun, Dec 18, 2016 at 10:47:05PM +0100, Markus Koschany wrote:
> Hello dear maintainer(s),
>
> the Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of dcmtk:
> https:/
In working with the ImageMagick package, I noticed that the maintainer
uses gitpkg's debian/source/git-patches system to factor in upstream
patches in Debian. We haven't used this so far in the wheezy upload so I
kept working that way, especially since i'm not very familiar with that
system. I do w
TL;DR: please test and review:
https://people.debian.org/~anarcat/debian/wheezy-lts
diff -Nru imagemagick-6.7.7.10/debian/changelog imagemagick-6.7.7.10/debian/changelog
--- imagemagick-6.7.7.10/debian/changelog 2016-12-11 00:57:24.0 -0500
+++ imagemagick-6.7.7.10/debian/changelog 2016-12
Antoine Beaupré writes:
>> +--- a/url.php
>> b/url.php
>> ++// JavaScript redirection is necessary. Because if header() is used
>> ++// then web browser sometimes does not change the HTTP_REFERER
>> ++// field and so with old URL as Referer, token also goes to
>> ++// exte
Brian May writes:
> I am still a bit unclear in the CVE-2016-4412 / PMASA-2016-57
> vulnerability. Ok, so lets say the vulnerability is in the HTTP_REFERER
> having the token.
Curiously while I can reproduce this in Firefox, I can't under Chrome,
as it doesn't seem to provide the Referer header
Brian May writes:
> Curiously while I can reproduce this in Firefox, I can't under Chrome,
> as it doesn't seem to provide the Referer header in this situation.
It looks like replacing the HTTP header with a block of JavaScript code
really does hide the Referer header in Firefox ESR version 45.5
Hello Markus,
Am Sonntag, den 18.12.2016, 23:46 +0100 schrieb Andreas Tille:
> Hi Markus,
>
> thanks for your work on LTS which I consider quite important.
>
> On Sun, Dec 18, 2016 at 10:47:05PM +0100, Markus Koschany wrote:
> >
> > Hello dear maintainer(s),
> >
> > the Debian LTS team would
12 matches
Mail list logo
