LTS Activity Report for October 2017

2017-11-08 Thread Guido Günther
Hi, during October I worked 6.5 of the allocated 12 hours on LTS. During this time I did the following: * Triaged several qemu CVEs marking the unimportant ones as no-dsa and released DLA-1128-1 and DLA-1129-1 for qemu/qemu-kvm to fix CVE-2017-14167 and CVE-2017-15038. * Tested the dnsmasq pac

Re: Wheezy update of ruby-yajl?

2017-11-08 Thread Antonio Terceiro
On Tue, Nov 07, 2017 at 07:11:06PM +0100, Ola Lundqvist wrote: > Dear maintainers, > > The Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of ruby-yajl: > https://security-tracker.debian.org/tracker/CVE-2017-16516 > > Would you like to take c

To be removed from wheezy as well

2017-11-08 Thread Ola Lundqvist
Hi Considering that this package is about to be removed from jessie I guess it should be removed from wheezy too. How is that done? Should I contact the FTP maintainers about it, or do we simply ignore the issue? For people who wonder what we are discussing it is about CVE-2008-7319 Best regards

Wheezy update of cacti?

2017-11-08 Thread Ola Lundqvist
Dear maintainer, The Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of cacti: https://security-tracker.debian.org/tracker/CVE-2017-16641 https://security-tracker.debian.org/tracker/CVE-2017-16660 https://security-tracker.debian.org/tracker/CVE-

About the security issues affecting sam2p in Wheezy

2017-11-08 Thread Ola Lundqvist
Dear maintainer, The Debian LTS team recently reviewed the security issue(s) affecting your package in Wheezy: https://security-tracker.debian.org/tracker/CVE-2017-16663 We decided that we would not prepare a wheezy security update (usually because the security impact is low and that we concentra

Security update of OpenSSL 1.0.1t-1+deb7u3

2017-11-08 Thread Markus Koschany
Hello Kurt, we saw that you reserved a DLA number for OpenSSL last week but the new version 1.0.1t-1+deb7u3 has not been uploaded yet. Is there anything we can do to assist you? Regards, Markus signature.asc Description: OpenPGP digital signature

Re: Security update of OpenSSL 1.0.1t-1+deb7u3

2017-11-08 Thread Kurt Roeckx
On Wed, Nov 08, 2017 at 10:07:57PM +0100, Markus Koschany wrote: > Hello Kurt, > > we saw that you reserved a DLA number for OpenSSL last week but the new > version 1.0.1t-1+deb7u3 has not been uploaded yet. Is there anything we > can do to assist you? The package has been ready in svn since then

Re: Security update of OpenSSL 1.0.1t-1+deb7u3

2017-11-08 Thread Markus Koschany
Am 08.11.2017 um 23:04 schrieb Kurt Roeckx: > On Wed, Nov 08, 2017 at 10:07:57PM +0100, Markus Koschany wrote: >> Hello Kurt, >> >> we saw that you reserved a DLA number for OpenSSL last week but the new >> version 1.0.1t-1+deb7u3 has not been uploaded yet. Is there anything we >> can do to assist

Re: Security update of OpenSSL 1.0.1t-1+deb7u3

2017-11-08 Thread Kurt Roeckx
On Wed, Nov 08, 2017 at 11:22:24PM +0100, Markus Koschany wrote: > Am 08.11.2017 um 23:04 schrieb Kurt Roeckx: > > On Wed, Nov 08, 2017 at 10:07:57PM +0100, Markus Koschany wrote: > >> Hello Kurt, > >> > >> we saw that you reserved a DLA number for OpenSSL last week but the new > >> version 1.0.1t-