Apache2 => slow progress

Hi, In order to avoid a semi automatic unclaim, I work on apache2 trying to reproduce the CVE or at least creating autopkgtest avoiding regression. Bastien

Re: Wheezy update of imagemagick?

Take care for this time. I lack tome now (babies) Le 23 décembre 2016 23:32:17 GMT+01:00, Ola Lundqvist a écrit : >Hello dear maintainer(s), > >the Debian LTS team would like to fix the security issues which are >currently open in the Wheezy version of imagemagick: >https://security-tracker.debi

Re: Wheezy update of imagemagick?

On Sat, Dec 31, 2016 at 11:07 AM, Emilio Pozuelo Monfort wrote: > On 28/12/16 23:08, Roberto C. Sánchez wrote: >> Hi Ola, >> >> The issues CVE-2016-8677 and CVE-2016-9559 were fixed by Antione when he >> uploaded that latest imagemagick update to LTS. However, the >> announcement (DLA-756-1) did

Re: Bug#773834: Preparing a release for stable and lts

On Tue, Feb 24, 2015 at 5:52 PM, Raphael Hertzog wrote: > On Wed, 24 Dec 2014, Bastien ROUCARIES wrote: >> Hi, >> >> I am now doing my home work for stable and lts > > Hello Bastien, > > thanks for caring about stable and lts! But it looks like this fell > thr

Re: [Pkg-gmagick-im-team] squeeze update of imagemagick?

Le 14 octobre 2015 00:56:36 GMT+02:00, b...@decadent.org.uk a écrit : >Hello dear maintainer(s), > >the Debian LTS team would like to fix the security issues which are >currently open in the Squeeze version of imagemagick: >https://security-tracker.debian.org/tracker/source-package/imagemagick >

Re: What pain points exist in the current security-tracker structure?

Le dimanche 6 avril 2025, 09:25:58 heure d’été d’Europe centrale Roberto C. Sánchez a écrit : > Hello everyone, > > I am in the early stages of putting together a sprint to take place at > DebCamp25, with the objective of making improvements to the security > tracker. With that in mind, I would l

E?LTS report

I've worked during April on the below listed packages, for Freexian LTS/ELTS [1] Many thanks to Freexian and our sponsors [2] for providing this opportunity! LTS === ruby3.1 --- I Fix bookworm opened CVE by uploading a new version I Investigated why gems are not build, and fixed the prob

Re: [SECURITY] [DLA 4124-1] twitter-bootstrap3 security update

Le lundi 14 avril 2025, 09:06:47 heure d’été d’Europe centrale Bastien Roucaries a écrit : > Le lundi 14 avril 2025, 02:44:02 heure d’été d’Europe centrale Santiago > Ruano > Rincón a écrit : > > Hi Bastien, > > > > El 13/04/25 a las 16:15, ro...@debian.org escribió:

Re: [SECURITY] [DLA 4124-1] twitter-bootstrap3 security update

Le lundi 14 avril 2025, 02:44:02 heure d’été d’Europe centrale Santiago Ruano Rincón a écrit : > Hi Bastien, > > El 13/04/25 a las 16:15, ro...@debian.org escribió: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA512 > > > > - > > -

Re: angular.js: EOL?

Le mardi 6 mai 2025, 16:41:17 heure d’été d’Europe centrale Sylvain Beucler a écrit : > Hi, > > I just noticed that angular.js is EOL'd by Google since 2022. > > AFAICS none of the 9 CVEs reported since had a fix: > https://security-tracker.debian.org/tracker/source-package/angular.js > https://

Re: Debian LTS BoF at DebConf 25?

Le lundi 14 avril 2025, 02:49:35 heure d’été d’Europe centrale Santiago Ruano Rincón a écrit : > Hi there! > > Who is interested in having an LTS BoF during DC 25? > > Part of the topics that we could discuss is the security-tracker-related > work that we plan to tackle during DebCamp (BTW, dead

Re: angular.js: EOL?

Le mardi 6 mai 2025, 16:41:17 heure d’été d’Europe centrale Sylvain Beucler a écrit : Hi sylvain, > Hi, > > I just noticed that angular.js is EOL'd by Google since 2022. > > AFAICS none of the 9 CVEs reported since had a fix: > https://security-tracker.debian.org/tracker/source-package/angular.j

krb5 review

Hi, Can someone test and review krb5. I have done some test but idea are welcome. rouca signature.asc Description: This is a digitally signed message part.

Re: krb5 review

Le vendredi 23 mai 2025, 21:34:26 heure d’été d’Europe centrale Roberto C. Sánchez a écrit : > On Fri, May 23, 2025 at 02:20:15PM +0200, Bastien Roucaries wrote: > > Hi, > > > > Can someone test and review krb5. > > > > I have done some test but idea are welc

Re: krb5 review

Le vendredi 23 mai 2025, 23:11:37 heure d’été d’Europe centrale Roberto C. Sánchez a écrit : > On Fri, May 23, 2025 at 10:42:56PM +0200, Bastien Roucaries wrote: > > Le vendredi 23 mai 2025, 21:34:26 heure d’été d’Europe centrale Roberto C. > > > > Sánchez a écri

E?LTS report

I've worked during may on the below listed packages, for Freexian LTS/ELTS [1] Many thanks to Freexian and our sponsors [2] for providing this opportunity! LTS === nodejs -- Found CVE-2025-47153 and patch it. Certain build processes for libuv and Node.js for 32-bit systems, such as fo

Re: krb5 review

Le vendredi 23 mai 2025, 22:42:56 heure d’été d’Europe centrale Bastien Roucaries a écrit : > Le vendredi 23 mai 2025, 21:34:26 heure d’été d’Europe centrale Roberto C. > > Sánchez a écrit : > > On Fri, May 23, 2025 at 02:20:15PM +0200, Bastien Roucaries wrote: > > > Hi,

Drop support of IE8 and browser before 2015 in order to close CVEs ?

Hi, The simpler stuff to close CVE-2025-1647 is to drop IE8 support (that do not support CreateHTMLDocument) and use directly and incontionnaly CreateHTMLDocument ANother possibility is to test if class if DOMImplementation type Injection is here: https://sources.debian.org/src/twitter-bootstr

Re: krb5 review

Le jeudi 29 mai 2025, 22:25:21 heure d’été d’Europe centrale Roberto C. Sánchez a écrit : > On Thu, May 29, 2025 at 04:09:00PM +0200, Bastien Roucaries wrote: > > I have changed the default to no and updated changelog and NEWS > > > > Could you check the language ?

E?LTS report

I've worked during June on the below listed packages, for Freexian LTS/ELTS [1] Many thanks to Freexian and our sponsors [2] for providing this opportunity! ELTS krb5 --- I released ELA-1450-1 fixing CVE-2025-3576 twitter-bootstrap3 --- I released ELA-1454-1 f

Review of pam for bookworm

Hi, Could you review my work for pam/bookworm https://salsa.debian.org/rouca/pam/-/tree/bookworm/debian?ref_type=heads Can someone have an idea why autopkg fail ? I am trying to fix first bookworm then bullseye rouca signature.asc Description: This is a digitally signed message part.

Re: ca-certificates and backport to bullseye => ca-certificates-java problem

Le jeudi 31 juillet 2025, 22:43:35 heure d’été d’Europe centrale Bastien Roucaries a écrit : Hi I have just pushed a version here: https://salsa.debian.org/java-team/ca-certificates-java/-/tree/bullseye?ref_type=heads Can you review ? rouca > Le jeudi 31 juillet 2025, 22:30:11 heure d’

Re: Review of pam for bookworm

Le dimanche 27 juillet 2025, 15:30:25 heure d’été d’Europe centrale Bastien Roucaries a écrit : > Le vendredi 25 juillet 2025, 20:13:13 heure d’été d’Europe centrale Bastien > > Roucaries a écrit : > > Hi, > > > > Could you review my work for pam/bookworm > > h

Piuparts problem with ca-certificates

Hi, For bullseye I get this: https://salsa.debian.org/lts-team/packages/ca-certificates/-/jobs/7897505 Any idea ? Bastien signature.asc Description: This is a digitally signed message part.

Re: Review of pam for bookworm

Le vendredi 25 juillet 2025, 20:13:13 heure d’été d’Europe centrale Bastien Roucaries a écrit : > Hi, > > Could you review my work for pam/bookworm > https://salsa.debian.org/rouca/pam/-/tree/bookworm/debian?ref_type=heads > > Can someone have an idea why autopkg fail ? >

ca-certificates and backport to bullseye => ca-certificates-java problem

Hi, I plan to upload ca-certificates to bullseye. If I remember well they are a mess with circular deps and this breaks java Can someone refresh my memory ? Does backporting 20230710~deb12u1 to bullseye will help here ? rouca signature.asc Description: This is a digitally signed message part

Re: ca-certificates and backport to bullseye => ca-certificates-java problem

Le jeudi 31 juillet 2025, 22:30:11 heure d’été d’Europe centrale Vladimir Petko a écrit : > Hi, > > As far as I remember, 20230707 removes the circular dependency that > caused upgrade issues[1][2][3]. It also requires openjdk to trigger > ca-certificates-java: > JB-jre-headless.postinst.in--

Re: ca-certificates and backport to bullseye => ca-certificates-java problem

Le jeudi 31 juillet 2025, 23:39:22 heure d’été d’Europe centrale Utkarsh Gupta a écrit : > Hi Bastien, > > On Fri, Aug 1, 2025 at 2:13 AM Bastien Roucaries wrote: > > 1. first upload a openjdk that trigger update-ca-certificates-java > > 2. upload a backport of ca-ce

E?LTS report

I've worked during July on the below listed packages, for Freexian LTS/ELTS [1] Many thanks to Freexian and our sponsors [2] for providing this opportunity! ELTS angular.js/stretch - I begin to kackport to stretch, triaged CVEs and during the course of action found

help with autopkgtest for buster

Hi It seems that we have a resolution problem here: https://salsa.debian.org/lts-team/packages/nginx/-/jobs/7900889 Can you have an idea how to fix the salsa CI ? bastien signature.asc Description: This is a digitally signed message part.

Re: ca-certificates and backport to bullseye => ca-certificates-java problem

Le jeudi 31 juillet 2025, 22:30:11 heure d’été d’Europe centrale Vladimir Petko a écrit : Hi, > Hi, > > As far as I remember, 20230707 removes the circular dependency that > caused upgrade issues[1][2][3]. It also requires openjdk to trigger > ca-certificates-java: > JB-jre-headless.postinst