Hi,
I have prepared an update for wireshark in Wheezy.
Please see the diff to previous version attached. A practically
identical changeset has been already accepted to jessie-security.
Changes:
wireshark (1.12.1+g01b65bf-4+deb8u6~deb7u3) wheezy-security; urgency=medium
.
* security fixes fr
Hi,
2016-08-27 2:27 GMT+02:00 :
> Hello dear maintainer(s),
>
> the Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of eog:
> https://security-tracker.debian.org/tracker/CVE-2016-6855
>
> Would you like to take care of this yourself?
I'll ta
2016-08-27 11:16 GMT+02:00 Bálint Réczey :
> Hi,
>
> 2016-08-27 2:27 GMT+02:00 :
>> Hello dear maintainer(s),
>>
>> the Debian LTS team would like to fix the security issues which are
>> currently open in the Wheezy version of eog:
>> https://security-t
2016-08-27 12:14 GMT+02:00 Chris Lamb :
> Balint,
>
>> I see Chris already claimed it a few minutes ago in dla-needed.txt.
>
> Makes much more sense for you to take it. If you agree, please edit
> dla-needed.txt within 24h.
OK, thanks.
Cheers,
Balint
>
>
> Regards,
>
> --
> ,''`.
> :
Hi,
I have prepared an update for eog in Wheezy.
Please see the diff to previous version attached. A practically
identical changeset has been added to the packaging repository
for a later jessie update.
Changes:
eog (3.4.2-1+build1+deb7u1) wheezy-security; urgency=medium
.
* Team Upload
Hi Hugo,
2016-09-04 13:25 GMT+02:00 Hugo Lefeuvre :
>> Yes, qemu is supported (and there has was lots of file renaming after
>> the Wheezy version). If you handle qemu please look at qemu-kvm as well
>> (they're the same version).
>
> Thanks for the hint.
I took the liberty of claiming qemu-kvm f
Hi Alessandro,
2015-04-27 14:12 GMT+02:00 Alessandro Ghedini :
> On ven, apr 24, 2015 at 11:26:22 +0200, Raphael Hertzog wrote:
>> Hello Alessandro,
>
> Hi, and sorry for the delay.
>
>> the Debian LTS team would like to fix the security issues which are
>> currently open in the Squeeze version of
Hi Michael,
2016-09-04 17:51 GMT+02:00 Michael Stapelberg :
> Thanks for your work on LTS.
>
> Time does not permit me to do any of this work myself.
>
> Please go ahead and make any changes as you see fit, there’s no need for my
> review.
Thank you for your quick answer.
I (on behalf of the LTS
Hi Thorsten,
2016-05-18 22:08 GMT+02:00 Thorsten Alteholz :
> Hi Antoine,
>
> On Tue, 17 May 2016, Antoine Beaupré wrote:
>>
>> Those issues should have been fixed in the same upload,
>
>
> ah, ok, I think this is the problem. In case you know that fixing an issue
> takes a longer time than usual,
Hi Roberto,
2016-08-17 15:29 GMT+02:00 Roberto C. Sánchez :
> On Sun, Jul 24, 2016 at 04:26:20PM -0400, Roberto C. Sánchez wrote:
>> FYI, I did the last LTS update of ICU earlier this month, so I think I
>> will be able to easily prepare another update. I went ahead and claimed
>> it in dla-neede
Hi Roberto,
2016-09-07 4:06 GMT+02:00 Roberto C. Sánchez :
> Hi Balint,
>
> On Wed, Sep 07, 2016 at 03:12:46AM +0200, Bálint Réczey wrote:
>> Hi Roberto,
>>
>> I think there is no need wait more (wearing my frontdesk hat).
>> There are fixes in upstream
Hi,
2016-09-07 8:00 GMT+02:00 Guido Günther :
> Hi Bálint,
> On Wed, Sep 07, 2016 at 12:21:28AM +0200, Bálint Réczey wrote:
>> Hi Michael,
>>
>> 2016-09-04 17:51 GMT+02:00 Michael Stapelberg :
>> > Thanks for your work on LTS.
>> >
>> > Ti
Hi Jonas,
2016-09-07 0:52 GMT+02:00 Jonas Meurer :
> Hi Bálint,
>
> Am 07.09.2016 um 00:21 schrieb Bálint Réczey:
>> 2016-09-04 17:51 GMT+02:00 Michael Stapelberg :
>>> Thanks for your work on LTS.
>>>
>>> Time does not permit me to do any of this work my
Hi,
I have prepared an update for curl in Wheezy.
Please see the diff to previous version attached.
Changes:
curl (7.26.0-1+wheezy15) wheezy-security; urgency=medium
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2016-7141: Incorrect reuse of client certificates
The binary package
Hi Jean-Michel,
Thank you for your prompt response.
2016-09-09 20:25 GMT+02:00 Jean-Michel Vourgère (debian) :
> Hi
>
> On Debian, the affected php script is deployed as
> /usr/share/doc/libphp-adodb/examples/test.php.gz
> and NOT in a browser reachable location:
>
> It's not in /usr/share/php/ad
ou like to handle the LTS update or just
unstable and stable?
Cheers,
Balint
>
>
> On Friday 09 September 2016 21:49:49 Bálint Réczey wrote:
>> Hi Jean-Michel,
>>
>> Thank you for your prompt response.
>>
>> 2016-09-09 20:25 GMT+02:00 Jean-Michel Vourgère (d
Hi Hugo,
2016-09-11 10:23 GMT+02:00 Hugo Lefeuvre :
> Hi,
>
> I've got nothing from the QEMU team, and another security issue has
> been reported for qemu[0]. A patch for CVE-2016-7170 is available,
> but I'd like to wait for an upstream approval before doing anything.
> It may take some time.
OK
Hi Hugo,
2016-09-12 0:18 GMT+02:00 Hugo Lefeuvre :
> Hi,
>
> I'd like to prepare an LTS upload for libav[0]. The upstream patch for
> CVE-2016-7393 is very simple and could be grouped with patches from older
> analogous CVEs like CVE-2015-8662 in a broad LTS upload.
>
> Does anybody think it's a b
Hi All,
Please use clean chroot (sbuild/pbuilder/etc.) for LTS uploads.
This would prevent accidental regressions related to additional
installed packages or some VM related issues such as funny symlink
handling
of vboxsf.
I have updated https://wiki.debian.org/LTS/Development with reminders.
Th
Hi,
I have prepared an update for wireshark in Wheezy.
Please see the diff to previous version attached. A practically
identical changeset has been already accepted to jessie-security.
Changes:
wireshark (1.12.1+g01b65bf-4+deb8u6~deb7u4) wheezy-security; urgency=medium
.
* security fixes fr
Hi,
2016-09-20 23:43 GMT+02:00 Chris Lamb :
> Hello dear maintainer(s),
>
> the Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of firefox-esr:
> https://security-tracker.debian.org/tracker/source-package/firefox-esr
>
> Would you like to take
Hi,
2016-09-24 15:34 GMT+02:00 Balint Reczey :
> Hi,
>
> On 09/24/2016 12:51 AM, Mike Hommey wrote:
>> On Fri, Sep 23, 2016 at 07:57:45PM +0200, Bálint Réczey wrote:
>>> Hi,
>>>
>>> 2016-09-20 23:43 GMT+02:00 Chris Lamb :
>>>> Hello dear main
2016-09-25 1:08 GMT+02:00 Bálint Réczey :
> Hi,
>
> 2016-09-24 15:34 GMT+02:00 Balint Reczey :
>> Hi,
>>
>> On 09/24/2016 12:51 AM, Mike Hommey wrote:
>>> On Fri, Sep 23, 2016 at 07:57:45PM +0200, Bálint Réczey wrote:
>>>> Hi,
>>>>
&
Hi Jean-Yves Avenard,
2016-09-28 3:04 GMT+02:00 Jean-Yves Avenard :
> Hi
>
> On Tue, Sep 27, 2016 at 7:54 PM, James Cowgill wrote:
>>
>> > We discovered a serious security vulnerability in libavcodec 54 and
>> > earlier. Only libavcodec from LibAV is impacted.#
>>
>> What is the security vulnerab
Hi,
I have prepared an update for chicken in Wheezy.
Please see the diff to previous version:
https://people.debian.org/~rbalint/ppa/wheezy-lts/chicken_4.7.0-1+deb7u1.patch.gz
Changes:
chicken (4.7.0-1+deb7u1) wheezy-security; urgency=medium
.
* LTS Team upload
* Don't overflow staticall
2016-09-28 13:56 GMT+02:00 Bálint Réczey :
> Hi,
>
> I have prepared an update for chicken in Wheezy.
>
> Please see the diff to previous version:
> https://people.debian.org/~rbalint/ppa/wheezy-lts/chicken_4.7.0-1+deb7u1.patch.gz
>
> Changes:
> chicken (4.7.0-1+deb7u
Hi,
2016-09-25 2:40 GMT+02:00 Mike Hommey :
> On Sun, Sep 25, 2016 at 01:08:55AM +0200, Bálint Réczey wrote:
>> Hi,
>>
>> 2016-09-24 15:34 GMT+02:00 Balint Reczey :
>> > Hi,
>> >
>> > On 09/24/2016 12:51 AM, Mike Hommey wrote:
>> >> O
Hi,
2016-10-05 9:27 GMT+02:00 Jan Ingvoldstad :
> On 2016-10-05 09:04, Brian May wrote:
>>
>> Hello All,
>>
>> Just looking at this issue in Wheezy. Looks like it should be easy to
>> patch, assuming we consider this deserving a security update - it
>> requires local access.
>
>
> If "local access
Hi Fabian,
2016-10-05 17:26 GMT+02:00 Fabian Wolff :
> Dear LTS team,
>
> On Sat, Sep 24, 2016 at 08:00:09AM +0100, Chris Lamb wrote:
>> the Debian LTS team would like to fix the security issues which are
>> currently open in the Wheezy version of dwarfutils:
>> https://security-tracker.debian.org
Hi Ola,
2016-10-06 23:08 GMT+02:00 Ola Lundqvist :
> Hi Matthias and Balint
>
> I have tried to reproduce the problem described in the openwall email.
> However I can not reproduce it. Have you been able to?
>
> On wheezy:
>
> ola@tigereye:/$ env -i SHELLOPTS=xtrace PS4='$(id)' ./test
t
vagrant@debian-wheezy:~$ env -i SHELLOPTS=xtrace PS4='$(id)' ./test
uid=0(root) gid=1000(vagrant)
groups=0(root),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(vid/bin/date
Fri Oct 7 07:19:34 GMT 2016
vagrant@debian-wheezy:~$
Cheers,
Balint
>
> Best regards,
>
> // Ola
>
Hi,
2016-10-20 18:31 GMT+02:00 Markus Koschany :
> On 20.10.2016 17:15, Holger Levsen wrote:
>> On Thu, Oct 20, 2016 at 04:52:07PM +0200, Markus Koschany wrote:
>>> Fixing bugs in unstable or any other suite in Debian is not a part of
>>> Wheezy LTS.
>>
>> yes, but it should be! That was entirely
Hi Lars,
I noticed you have prepared the MySQL update for wheezy in git:
https://anonscm.debian.org/cgit/pkg-mysql/mysql-5.5.git/log/?id=refs/heads/debian/wheezy
Would you like the LTS Team to perform the upload and issue the DLA
like in the previous case?
Thanks,
Balint
on behalf of the Debia
Hi Lars,
2016-10-27 18:07 GMT+02:00 Lars Tangvald :
>
> - bal...@balintreczey.hu wrote:
>
>> Hi Lars,
>>
>> I noticed you have prepared the MySQL update for wheezy in git:
>> https://anonscm.debian.org/cgit/pkg-mysql/mysql-5.5.git/log/?id=refs/heads/debian/wheezy
>>
>> Would you like the LTS T
Hello dear maintainer(s),
the Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of kde-runtime:
https://security-tracker.debian.org/tracker/CVE-2016-7787
Would you like to take care of this yourself?
If yes, please follow the workflow we have de
Hi,
It seems the nss update broke chromium:
https://lists.debian.org/debian-user/2016/10/msg00981.html
Maybe when we update gcc for firefox we can also continue supporting chromium:
https://lists.debian.org/debian-security-announce/2015/msg00031.html
Cheers,
Balint
2016-10-23 23:43 GMT+02:00 Ol
2016-11-13 19:11 GMT+01:00 Balint Reczey :
> Hi,
>
> I have prepared an update for sudo in Wheezy.
>
> Please see the diff to previous version and a small test program attached.
>
> Changes:
> sudo (1.8.5p2-1+nmu3+deb7u2) wheezy-security; urgency=medium
> .
>* LTS Team upload.
>* Fix noex
Hi All,
2016-11-09 10:44 GMT+01:00 Andreas Beckmann :
> On 2016-10-31 23:17, Andreas Beckmann wrote:
>> Please go ahead - probably we could use the fix (that someone produces
>> for wheezy) for jessie and sid as well. Please put everything into git,
>> branch wheezy, the repo is in collab-maint.
>
Hi John,
2016-11-16 10:16 GMT+01:00 John H. Mitchell :
>
> Good day,
>
> I'm trying to use the Debian LTS repo but its not working. Can someone have a
> look for me?
>
> The guide documentation that I used is here: https://wiki.debian.org/LTS/Using
>
> From what I understand, this repo should be
Hi,
2016-11-15 1:52 GMT+01:00 Bálint Réczey :
> Hi All,
>
> 2016-11-09 10:44 GMT+01:00 Andreas Beckmann :
>> On 2016-10-31 23:17, Andreas Beckmann wrote:
>>> Please go ahead - probably we could use the fix (that someone produces
>>> for wheezy) for jessie and s
Hi,
2016-01-07 18:22 GMT+01:00 Raphael Hertzog :
> Hi,
>
> On Wed, 30 Dec 2015, Moritz Mühlenhoff wrote:
>> The kodi/xbmc one needs some work, let's wait for Balint to reply.
>> The others look good to me.
>
> Ok, reverted that one and uploaded it to sid and then backported it to
> squeeze-lts too
Hi,
2016-12-19 9:10 GMT+01:00 Sébastien Jodogne :
> Dear all,
>
>> On Sun, Dec 18, 2016 at 10:47:05PM +0100, Markus Koschany wrote:
>> > Hello dear maintainer(s),
>> >
>> > the Debian LTS team would like to fix the security issues which are
>> > currently open in the Wheezy version of dcmtk:
>> >
ssie, too, or someone else from the team will take care of this?
Cheers,
Balint
2016-12-20 17:17 GMT+01:00 Balint Reczey :
> On 12/19/2016 03:58 PM, Bálint Réczey wrote:
>> Hi,
>>
>> 2016-12-19 9:10 GMT+01:00 Sébastien Jodogne :
>>> Dear all,
>>>
>>&g
Hi Dariusz,
2016-11-22 12:05 GMT+01:00 Dariusz Dwornikowski :
> I surely would like help with these CVSs.
For the record the CVEs got rejected thus the LTS Team won't work on them.
Cheers,
Balint
>
> On 21 November 2016 at 23:18, Ola Lundqvist wrote:
>>
>> Hello dear maintainer(s),
>>
>> The D
Hi,
2016-12-28 11:59 GMT+01:00 Ola Lundqvist :
> Thank you.
>
> It was added to dla-needed.txt one or two days ago.
I'm in the process of uploading the fixed packaga.
For the record curl_mprintf() is formatting floating point values in a
buggy way in
Wheezy's version and I have adapted the added
Hi Ola,
2016-12-29 18:43 GMT+01:00 Ola Lundqvist :
> Hi
>
> Do this mean that we should not make a new wheezy release due to this? I
> guess so.
Yes, IMO. I have already removed maradns from DLA queue.
Cheers,
Balint
>
> / Ola
>
> Sent from a phone
>
> Den 29 dec 2016 18:36 skrev "Dariusz Dworn
Hi Zigo,
2017-01-04 16:28 GMT+01:00 Thomas Goirand :
> Hi,
>
> I don't think any of the maintainers of RabbitMQ cares about Wheezy
> anymore, so it'd be very nice if someone from the LTS team was taking
> care of it.
OK, I'll take care of it. (Claimed in dla-needed.txt, too.)
Cheers,
Balint
>
>
Dear LTS Team,
Since ming is still being used on many systems [1] of I have prepared
fixes for the known vulnerabilities [2] and upstreamed them.
While preparing the fixes I could not avoid noticing the lack of
proper input checking at numerous other places which could be
exploited for various kin
Hi,
2017-01-04 21:08 GMT+01:00 Bálint Réczey :
> Hi Zigo,
>
> 2017-01-04 16:28 GMT+01:00 Thomas Goirand :
>> Hi,
>>
>> I don't think any of the maintainers of RabbitMQ cares about Wheezy
>> anymore, so it'd be very nice if someone from the LTS team was t
Hi,
I have just patched ratt to allow automatic rebuilding of reverse
build dependencies in distributions other than unstable:
https://github.com/Debian/ratt/pull/8
Sbuild running on jessie (building for wheezy) still emits errors like:
...
dpkg-deb: error: failed to read archive
`libming1_0.4.4-
Hi Emilio,
2017-01-31 22:14 GMT+01:00 Emilio Pozuelo Monfort :
> Hi Balint,
>
> On 31/01/17 21:46, Balint Reczey wrote:
>> Log:
>> wavpack's issues don't affect wheezy
>>
>> The first part of the upstream patch is not needed since the
>> code is very different and not vulnerable.
>> The second par
Hi Dominik,
2016-12-23 12:08 GMT+01:00 Dominik George :
> Hi Chris,
>
>> the Debian LTS team would like to fix the security issues which are
>> currently open in the Wheezy version of xrdp:
>> https://security-tracker.debian.org/tracker/source-package/xrdp
>>
>> Would you like to take care of this
Hi,
I have prepared a patch for the issue, I'm just waiting for the CVE
assignment till tomorrow (2 Feb) with the upload.
Cheers,
Balint
2017-01-28 22:03 GMT+01:00 Ola Lundqvist :
> Hello dear maintainer(s),
>
> the Debian LTS team would like to fix the security issues which are
> currently open
Hi Emilio,
2017-01-31 22:23 GMT+01:00 Bálint Réczey :
> Hi Emilio,
>
> 2017-01-31 22:14 GMT+01:00 Emilio Pozuelo Monfort :
>> Hi Balint,
>>
>> On 31/01/17 21:46, Balint Reczey wrote:
>>> Log:
>>> wavpack's issues don't affect wheezy
>>&
(CC-ing Leo, who is uploader, too)
Hi,
I was about to offer stepping up as a co-maintainer for libevent because
my forked-daapd package would profit from having a newer version
in Buster and it seems the packaging team could use some help.
I have uploaded an alpha version to experimental long ti
Hi Roberto,
2017-02-10 13:14 GMT+01:00 Roberto C. Sánchez :
> On Fri, Feb 10, 2017 at 12:03:34PM +0100, Bálint Réczey wrote:
>>
>> I see Roberto you already claimed the package in dla-needed.txt, but if
>> you don't want to finish it I can make the Wheezy update, too.
Hi All,
Thank you for the upload, but I would have happily handled the CVE
since I have already prepared
other CVE-s for the next batch in the packaging repository.
I saw the email on my phone but I expected longer timeout for waiting
for my response.
There is also debian/README.Debian.security i
Hi René,
2017-02-24 7:39 GMT+01:00 Rene Engelhard :
> Hi,
>
> On Thu, Feb 23, 2017 at 11:13:34PM +0100, Moritz Muehlenhoff wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> - -
>> Debian Security Advisory DSA-
Dear Team,
I will take care of CVE-2017-2616 in wheezy.
Cheers,
Balint
Hi Dominik,
2017-02-07 19:23 GMT+01:00 Dominik George :
> Hi,
>
>> >> the Debian LTS team would like to fix the security issues which are
>> >> currently open in the Wheezy version of xrdp:
>> >> https://security-tracker.debian.org/tracker/source-package/xrdp
>> >>
>> >> Would you like to take car
Hi,
I'll take care of that wearing both my Multimedia Team and LTS hats.
Cheers,
Balint
2017-02-25 16:29 GMT+01:00 Thorsten Alteholz :
> Hello dear maintainer(s),
>
> the Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of libquicktime:
> htt
Hi,
Since I made mistakes in setting the package version in DLA texts (and
I'm not alone ;-)) I came up with the attached patch which makes
gen-DLA and guess the proper one.
If both teams like it I'll push it to the repo.
Cheers,
Balint
From 4cae74f5c825aa17e3e847689eab5ea37454db60 Mon Sep 17 00
Hi Rene,
2017-02-25 17:01 GMT+01:00 Rene Engelhard :
> Hi,
>
> On Fri, Feb 24, 2017 at 12:38:29PM +0100, Rene Engelhard wrote:
...
>> make[1]: Leaving directory
>> `/home/rene/Debian/Pakete/LibreOffice/libreoffice/libreoffice-3.5.4+dfsg2/tail_build'
>> make: *** [source-env-and-recurse] Error 2
>
Hi,
2017-03-01 21:48 GMT+01:00 Rene Engelhard :
> Hi,
>
> On Tue, Feb 28, 2017 at 01:51:08AM +0100, Bálint Réczey wrote:
>> Do you have a PoC for testing?
>> I tried triggering the issue on Wheezy without any luck so far.
>
> Forwarded you the original mail from Septemb
Hi,
Thanks for all the input!
2017-02-28 9:12 GMT+01:00 Sébastien Delafond :
> On Feb/28, Peter Palfrader wrote:
>> Maybe we should be able to pass the name of the .changes file to
>> gen-DSA, and then the script can go and use all the information from
>> there?
>
> Implementation-wise, this soun
Hi All,
For the record there is something which we need to check, but the fix
is in progress.
Cheers,
Balint
2017-03-01 22:34 GMT+01:00 Bálint Réczey :
> Hi,
>
> 2017-03-01 21:48 GMT+01:00 Rene Engelhard :
>> Hi,
>>
>> On Tue, Feb 28, 2017 at 01:51:08AM +0100, Báli
Hi Guido,
2017-08-28 10:07 GMT+02:00 Guido Günther :
> Hi Balint,
> looking at
>
> https://security-tracker.debian.org/tracker/source-package/wireshark
>
> we have some CVEs open in Wheezy. Since Jessie ships the same version I
> wanted to check that you're not already working (or planning to
Hi Holger,
2014-08-20 13:22 GMT+02:00 Holger Levsen :
> Hi Balint,
>
> On Mittwoch, 20. August 2014, Balint Reczey wrote:
>> I have prepared a security update for the wireshark source package.
>
> great.
>
>> Please see the diffs attached.
>
> and then, what do you want us to do? Review the patch?
Hi Raphael,
2015-04-10 23:59 GMT+02:00 Raphael Hertzog :
> Hello Balint,
>
> I would like to clarify the situation of wireshark in squeeze.
> In https://bugs.debian.org/774312 you requested to mark the
> package as "not-supported" and this has now been done.
>
> So in theory I should tag all CVE a
Hi,
2015-03-30 10:40 GMT+02:00 Holger Levsen :
> Hi,
>
> On Montag, 30. März 2015, Michael Banck wrote:
>> Please keep in mind that wheezy will get regular maintenance for one
>> year after the jessie release, so the question whether there will be a
>> wheezy-lts or not is not imminent.
>
> while
Hi Ben,
2015-04-12 1:38 GMT+02:00 Ben Hutchings :
> On Sun, 2015-04-12 at 01:05 +0200, Bálint Réczey wrote:
> [...]
>> I assume this situation is not unique to Wireshark. What do you think,
>> what would be the best for the LTS project in Wireshark's case and
>> wha
Hi,
2015-04-12 9:14 GMT+02:00 Raphael Hertzog :
> Hi,
>
> On Sun, 12 Apr 2015, Ben Hutchings wrote:
>> On Sun, 2015-04-12 at 01:05 +0200, Bálint Réczey wrote:
>> [...]
>> > I assume this situation is not unique to Wireshark. What do you think,
>> > what w
Hi,
2015-04-12 20:36 GMT+02:00 Raphael Hertzog :
> On Sun, 12 Apr 2015, Bálint Réczey wrote:
>> I have prepared the attached patch implementing b.). If no one opposes
>> I will upload it on Tuesday.
>> The change is not backwards-compatible in a sense that custom software
&g
2015-04-14 14:47 GMT+02:00 Holger Levsen :
> Hi Balint,
>
> On Dienstag, 14. April 2015, Bálint Réczey wrote:
>> I have prepared the DLA and uploaded the fixed package but it ended up in
>> NEW. Dear FTP Masters, please accept it.
>
> what distribution did you use in de
Hi Raphael,
2015-04-21 15:58 GMT+02:00 Raphael Hertzog :
> Hi Balint,
>
> On Tue, 14 Apr 2015, Bálint Réczey wrote:
>> I have prepared the DLA and uploaded the fixed package but it ended up in
>> NEW.
>> Dear FTP Masters, please accept it.
>
> FTR the package
2015-06-09 17:55 GMT+02:00 Raphael Hertzog :
> Hello Balint,
>
> the Debian LTS team would like to fix the security issues which are
> currently open in the Squeeze version of wireshark:
> https://security-tracker.debian.org/tracker/CVE-2015-3811
>
> I see it's already fixed in wheezy in 1.8.2-5whe
Hi,
I have prepared the backport of wireshark from jessie-security for
wheezy-security:
https://people.debian.org/~rbalint/ppa/wheezy-lts/wheezy-security/
Changes from jessie-security's latest:
wireshark (1.12.1+g01b65bf-4+deb8u6~deb7u1) wheezy-security; urgency=high
.
* Backport to wheezy-s
Hi Bjoern,
2016-05-31 13:27 GMT+02:00 Bjoern Nyjorden :
> Hi there;
>
> Unfortunately, as at 11:17 (+); This UPDATE IS NOT AVAILABLE at the
> AUSTRALIAN REGION MIRROR (IP: 150.203.164.61) of:
>
> http://security.debian.org/debian-security/pool/updates/main/w/wireshark/
>
> If the update is alr
Dear LTS Team,
2016-05-31 14:19 GMT+02:00 Bálint Réczey :
> Hi Bjoern,
>
> 2016-05-31 13:27 GMT+02:00 Bjoern Nyjorden :
>> Hi there;
>>
>> Unfortunately, as at 11:17 (+); This UPDATE IS NOT AVAILABLE at the
>> AUSTRALIAN REGION MIRROR (IP: 150.203.164.61) of:
2016-05-31 14:31 GMT+02:00 Bálint Réczey :
> Dear LTS Team,
>
> 2016-05-31 14:19 GMT+02:00 Bálint Réczey :
>> Hi Bjoern,
>>
>> 2016-05-31 13:27 GMT+02:00 Bjoern Nyjorden :
>>> Hi there;
>>>
>>> Unfortunately, as at 11:17 (+); This UPDATE IS
Hi,
There are newly discovered vulnerabilities in tiff [1].
I no one objects I plan looking into them and working with the
maintainer(s) to get them fixed in Wheezy LTS and in newer
releases.
Damyan, who prepared the latest DLA is marked as inactive
for the month and I'm also CC-ing Santiago and
Hi Emilio,
2016-06-26 9:58 GMT+02:00 Emilio Pozuelo Monfort :
> On 26/06/16 02:19, Bálint Réczey wrote:
>> Hi,
>>
>> There are newly discovered vulnerabilities in tiff [1].
>>
>> I no one objects I plan looking into them and working with the
>> maintainer(s)
Hi,
I have prepared an update for wireshark in Wheezy.
Please see the diff to previous version attached. I have submitted
a practically identical changeset to the Security Team for accepting
it as an update to Jessie's version.
Changes:
wireshark (1.12.1+g01b65bf-4+deb8u6~deb7u2) wheezy-securit
Dear Ruby and LTS Maintainers,
I plan updating the ruby-eventmachine package in Wheezy LTS to
fix the following security issue:
https://security-tracker.debian.org/tracker/TEMP-0678512-2E167C
Please see the diff to previous version attached.
Changes:
ruby-eventmachine (0.12.10-3+deb7u1) wheezy-
Hi Christian,
2016-06-28 7:27 GMT+02:00 Christian Hofstaedtler :
> Hi,
>
> * Bálint Réczey [160628 00:28]:
>> Dear Ruby and LTS Maintainers,
>>
>> I plan updating the ruby-eventmachine package in Wheezy LTS to
>> fix the following security issue:
>> http
Hi Christian,
2016-07-01 10:03 GMT+02:00 Christian Hofstaedtler :
> * Balint Reczey [160630 00:20]:
> [..]
>> >>> I plan updating Jessie's version through jessie-proposed-updates, since
>> >>> the issue is marked as no-DSA.
>> >>
>> >> This can probably still go through debian-security?
>> >
>> >
Hi,
2016-07-06 18:22 GMT+02:00 Holger Levsen :
> On Wed, Jul 06, 2016 at 05:57:43PM +0200, Markus Koschany wrote:
>> In this specific case I wouldn't do it because of the reasons I have
>> mentioned before but more input from others is welcome. If we decide to
>> fix these issues we also need to t
Hi Dmitry,
2016-01-25 0:24 GMT+01:00 Dmitry Smirnov :
> On Sat, 23 Jan 2016 07:37:02 PM Thorsten Alteholz wrote:
>> the Debian LTS team would like to fix the security issues which are
>> currently open in the Squeeze version of cakephp:
>> https://security-tracker.debian.org/tracker/CVE-2015-8379
Hi Serge & All,
2016-07-21 16:16 GMT+02:00 Serge E. Hallyn :
> Quoting Christian PERRIER (bubu...@debian.org):
>> Quoting Chris Lamb (la...@debian.org):
>> > Hello dear maintainer(s),
>> >
>> > the Debian LTS team would like to fix the security issues which are
>> > currently open in the Wheezy ve
Hi,
2016-07-23 21:24 GMT+02:00 Bálint Réczey :
...
> I have prepared an update for Wheezy's cakephp package fixing
> TEMP-000-698CF7, please see the diff attached.
> The fix could also be applied to Jessie's version.
I have updated the changelog to list #832283 instead
Hi,
2016-07-19 23:12 GMT+02:00 Brian May :
> Maximiliano Curia writes:
>
>> I just did the upload to unstable, with the karchive fix from upstream and an
>> modified version of that one for kde4libs. The second one needs some test,
>> sadly adding the (binary) test file used in karchive is a bit
Hi Maximiliano,
2016-07-25 15:41 GMT+02:00 Bálint Réczey :
> Hi,
>
> 2016-07-19 23:12 GMT+02:00 Brian May :
>> Maximiliano Curia writes:
>>
>>> I just did the upload to unstable, with the karchive fix from upstream and
>>> an
>>> modified versio
Hi Nick,
2016-07-19 15:35 GMT+02:00 Nick Leverton :
> On Tue, Jul 19, 2016 at 08:54:18AM +0200, Chris Lamb wrote:
>> Hello dear maintainer(s),
>>
>> the Debian LTS team would like to fix the security issues which are
>> currently open in the Wheezy version of libupnp:
>> https://security-tracker.d
Hi Rene,
2016-07-28 18:29 GMT+02:00 Rene Engelhard :
> Hi again,
>
> On Wed, Jul 27, 2016 at 10:03:13AM +0200, Balint Reczey wrote:
>> If that workflow is a burden to you, feel free to just prepare an
>> updated source package and send it to debian-lts@lists.debian.org
>> (via a debdiff, or with a
Hi Markus,
2016-08-01 10:35 GMT+02:00 Markus Koschany :
> Hi all,
>
> DLA-577-1 has been issued two days ago but redis hasn't been uploaded
> yet. Chris could you investigate please?
>
> I also noticed that sometimes the delay between the upload and actual
> security announcement takes too long. F
Hi Rene,
2016-08-04 19:34 GMT+02:00 Rene Engelhard :
> Hi,
>
> On Thu, Aug 04, 2016 at 09:12:04AM +0200, Rene Engelhard wrote:
>> I noticed Balint did some additional changes to deb7u7 (build-depends
>> on fixed graphite2 - thanks for that), so this needs
>> either be merged into my deb7u8 or I ca
96 matches
Mail list logo
