Hi Utkarsh,
You wrote for CVE-2019-1551:
+ [jessie] - openssl (Only affects OpenSSL > 1.1.0-pre1)
However the advisory says:
https://www.openssl.org/news/secadv/20191206.txt
"OpenSSL versions 1.1.1 and 1.0.2 are affected by this issue."
So the status for 1.0.1 (jessie, wheezy) isn't clear.
Hi Sylvain,
On 09/12/19 2:14 pm, Sylvain Beucler wrote:
> Hi Utkarsh,
>
> You wrote for CVE-2019-1551:
> + [jessie] - openssl (Only affects OpenSSL > 1.1.0-pre1)
>
> However the advisory says:
> https://www.openssl.org/news/secadv/20191206.txt
> "OpenSSL versions 1.1.1 and 1.0.2 are affected b
Hi,
On 09/12/2019 10:13, Utkarsh Gupta wrote:
> Here's what lead to this commit:
>
> - The upstream fix[1] provides a patch which is in the
> crypto/bn/asm/rsaz-x86_64.pl file.
> - Going back to the git history of this file, it leads to this
> commit[2], where the RSAZ assembly modules were first
Hi,
On 09/12/19 2:48 pm, Sylvain Beucler wrote:
> Hi,
>
> On 09/12/2019 10:13, Utkarsh Gupta wrote:
>> Here's what lead to this commit:
>>
>> - The upstream fix[1] provides a patch which is in the
>> crypto/bn/asm/rsaz-x86_64.pl file.
>> - Going back to the git history of this file, it leads to th
On 09/12/19 3:00 pm, Utkarsh Gupta wrote:
> Hi,
>
> On 09/12/19 2:48 pm, Sylvain Beucler wrote:
>> Hi,
>>
>> On 09/12/2019 10:13, Utkarsh Gupta wrote:
>>> Here's what lead to this commit:
>>>
>>> - The upstream fix[1] provides a patch which is in the
>>> crypto/bn/asm/rsaz-x86_64.pl file.
>>> - Goi
Hiya,
I request the sponsorship of htmldoc which fixes CVE-2019-19630.
I've upload the package to mentors.d.net and the relevant .dsc could be
found here[1].
Attaching the DLA file for the announcement.
Shall send the patch to the maintainer by tomorrow or so.
Best,
Utkarsh
---
[1]:
https://me
Hiya,
I request the sponsorship of htmldoc which fixes CVE-2019-19630.
I've upload the package to mentors.d.net and the relevant .dsc could be
found here[1].
Attaching the DLA file for the announcement.
Shall send the patch to the maintainer by tomorrow or so.
Best,
Utkarsh
---
[1]:
https://me
hi,
today I unclaimed
for LTS:
-clamav (hle)
-freeimage (hle)
-libjpeg-turbo (Utkarsh Gupta)
-python-reportlab (Hugo Lefeuvre)
-tightvnc (Mike Gabriel)
-xcftools (hle)
for eLTS:
-intel-microcode (Markus Koschany)
--
tschau,
Holger
-
Hi Utkarsh,
> I request the sponsorship of htmldoc which fixes CVE-2019-19630.
> I've upload the package to mentors.d.net and the relevant .dsc could be
> found here[1].
Uploaded htmldoc_1.8.27-8+deb8u1_amd64.changes and announced as
DLA-2026-1.
Best wishes,
--
,''`.
: :' : C
Hiya,
On 09/12/19 4:55 pm, Chris Lamb wrote:
> Hi Utkarsh,
>
>> I request the sponsorship of htmldoc which fixes CVE-2019-19630.
>> I've upload the package to mentors.d.net and the relevant .dsc could be
>> found here[1].
> Uploaded htmldoc_1.8.27-8+deb8u1_amd64.changes and announced as
> DLA-2026
Hours worked:
18 hours
Work done:
DLA 1698-2 file regression update
DLA 2017-1 asterisk CVE-2019-18610 CVE-2019-18790
DLA 2018-1 proftpd-dfsg CVE-2019-19269
Apparently the fix for ibus creates a regression in glibc that must get
fixed also:
https://gitlab.gnome.org/GNOME/glib/merge_requests/1176
However this patch patches GIO in glibc, and it looks like glibc in
Jessie (2.19-18+deb8u10) doesn't have this directory. Or anything
related to GIO that I c
12 matches
Mail list logo
