Address the bts already and put the CVEs in the subject.
---
This can be further improved regards temp id handling, providing a
better subject in case of only a single CVE, etc. but already makes like
simpler. O.k. to apply?
bin/report-vuln | 22 +++---
1 file changed, 15 insert
Hi,
On Wed, Nov 29, 2017 at 04:10:17PM +0100, Salvatore Bonaccorso wrote:
> Hi Guido,
>
> On Wed, Nov 29, 2017 at 01:45:47PM +0100, Guido Günther wrote:
> > ---
> > Hi,
> > report-vuln has a mixture of tabs and spaces which made changing it hard
> > so I changed e
Hi,
On Wed, Nov 29, 2017 at 04:24:54PM +0100, Salvatore Bonaccorso wrote:
> Hi Guido,
>
> On Wed, Nov 29, 2017 at 01:48:02PM +0100, Guido Günther wrote:
> > Address the bts already and put the CVEs in the subject.
> >
> > ---
> > This can be further improved rega
> On Wed, Aug 09, 2017 at 12:17:36AM -0300, Guido Günther wrote:
> >
> > * BTS is the canonical place for communication about the bug so the idea
> > is to change bin/contact-maintainer to use the BTS this would avoid
> > double communication from security and lts team
Hi security team,
looking at the above CVE I wonder if this shouldn't be no-dsa
(postponed). The memory is allocated during new which can fail and
there's basically no sane default to cap the reservation at a sane
value. Running with 'ASAN_OPTIONS=allocator_may_return_null=1' gives a
convert:
Hi,
On Wed, Nov 29, 2017 at 08:25:49PM +0100, Salvatore Bonaccorso wrote:
> Hi Guido,
>
> On Wed, Nov 29, 2017 at 04:49:41PM +0100, Guido Günther wrote:
> > Hi,
> > On Wed, Nov 29, 2017 at 04:24:54PM +0100, Salvatore Bonaccorso wrote:
> > > Hi Guido,
> > &g
This allows to invoke the mailer directly like
bin/report-vuln -M ...
the default behaviour is unchanged.
---
Helps at least me to get out bug mails quicker.
bin/report-vuln | 95 -
1 file changed, 54 insertions(+), 41 deletions(-)
d
Hi,
On Tue, Nov 28, 2017 at 10:27:13PM +0100, Thorsten Alteholz wrote:
> Hi everybody,
>
> I uploaded version 2.8.0+dfsg1-7+wheezy11 of libxml2 to:
>
> https://people.debian.org/~alteholz/packages/wheezy-lts/libxml2/
>
> Please give it a try and tell me about any problems you met.
I've tested t
Hi,
please test the new thunderbird packages:
https://people.debian.org/~agx/icedove-lts/
This is based on what will end up in sid soonish but it might be good to
know that everything looks good for wheezy already since there were some
packaging changes.
Cheers,
-- Guido
Hi,
On Thu, Nov 30, 2017 at 10:36:13AM +0100, Guido Günther wrote:
> This allows to invoke the mailer directly like
>
> bin/report-vuln -M ...
>
> the default behaviour is unchanged.
> ---
> Helps at least me to get out bug mails quicker.
I went ahead and committed t
Hi,
On Sun, Dec 10, 2017 at 12:51:38PM +0100, Salvatore Bonaccorso wrote:
> Hi
>
> On Sun, Dec 10, 2017 at 10:00:55AM +0100, Salvatore Bonaccorso wrote:
> > Hi
> >
> > Cc'ing explicitly Guido and Raphael, who commented before.
> >
> > On Sat, Dec 09, 2017 at 03:25:14PM +0100, Markus Koschany wro
Hi,
during November I worked 14 of the allocated 16.5 hours (11h + 5.5h from
previous months) on LTS. During this time I did the following:
* libvorbis: Developed patches for CVE-2017-14632, CVE-2017-11333 (the
later one needs a fix in sox (and other packages) too). I did not
release a DLA yet
Hi,
On Sun, Dec 10, 2017 at 01:35:43PM +0100, Salvatore Bonaccorso wrote:
> Hi Guido,
>
> On Sun, Dec 10, 2017 at 12:59:05PM +0100, Guido Günther wrote:
> > Hi,
> > On Sun, Dec 10, 2017 at 12:51:38PM +0100, Salvatore Bonaccorso wrote:
> > > Hi
> > >
> &g
Hi,
credativ prepared a new Xen update to fix several CVEs including
Hypvervisor DoS. It would be great if you could give it some more
testing:
https://korte.credativ.com/~fge/xen/
The
Cheers,
-- Guido
Hi Markus,
On Fri, Dec 15, 2017 at 08:02:25PM +0100, Markus Koschany wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Package: reportbug
> Version: 6.4.4+deb7u2
> Debian Bug : 878088
>
> Reportbug, a tool designed to make the reporting of bugs in Debian
> easier,
Hi,
On Wed, Nov 29, 2017 at 08:26:52PM +0100, Guido Günther wrote:
> Hi,
> On Wed, Aug 09, 2017 at 07:11:16AM -0400, Roberto C. Sánchez wrote:
> > Hi Guido & LTS/Security folks,
> >
> > Thanks very much for publishing this summary. Since I was not able to
> >
Hi,
please test the new thunderbird packages:
https://people.debian.org/~agx/thunderbird-lts/
This time around there are thunderbird specific security issues:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/
Cheers,
-- Guido
signature.asc
Description: PGP signature
Hi Emilio,
On Tue, Dec 26, 2017 at 10:28:36AM +0100, Emilio Pozuelo Monfort wrote:
> Hi Guido,
>
> On 24/12/17 19:22, Guido Günther wrote:
> > Hi,
> > please test the new thunderbird packages:
> >
> > https://people.debian.org/~agx/thunderbird-lts/
&g
Hi,
since I'm not sure who's on the security-tracker list: Salvatore posted
some patches for the git migration:
https://lists.debian.org/debian-security-tracker/2017/12/msg00030.html
Cheers,
-- Guido
Hi,
during December I worked 13.5 of the allocated 13.5 hours (11h + 2.5h
from previous months) on LTS. During this time I did the following:
* libvorbis: The plan was to get this resolved in December but although
the fixes for CVE-2017-14632 and CVE-2017-14633 were applied upstream
now my pat
re it gets released.
You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of isc-dhcp updates
for the LTS releases.
Thank you very much.
Guido Günther,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this
Hi Abhijith,
On Thu, Jan 18, 2018 at 01:53:08AM +0530, Abhijith PA wrote:
> Hello.
>
> I prepared LTS security updates for transmission. Please review and upload.
> debdiff -http://188.226.198.239/transmission_2.52_wheezy.debdiff
> package:
> https://mentors.debian.net/debian/pool/main/t/transmis
Hi,
during January I worked 6 of the allocated 8 hours. During this time I
did the following:
* One week of LTS frontdesk
* Triaged some XEN CVEs and handled the communication with Credativ.
* Prepared thunderbird 52.6.0 for wheezy resulting in DLA-1262-1
* After discussion with Moritz added s
Hi Holger,
On Thu, Mar 08, 2018 at 02:42:47PM +, Holger Levsen wrote:
[..snip..]
> > So, for my own packages: You are free to LTS upload them anytime you
> > want to, but ONLY if you are also willing to check that the things get
> > fixed in our main supported releases, too.
>
> While I total
Hi Antoine,
On Thu, Apr 19, 2018 at 12:32:35PM -0400, Antoine Beaupré wrote:
> Hi,
>
> I have taken a look at the libvorbis issues pending in wheezy (and
> accidentally in jessie) and backported a few patches. The result is
> here, as usual, for testing:
>
> https://people.debian.org/~anarcat/deb
On Sat, Jun 30, 2018 at 05:42:37PM +0200, Santiago R.R. wrote:
> Dear security team,
>
> I am working on the jessie package of qemu (the first time I work on
> it), and I notice it hasn't been updated in jessie since May 2017.
> There were various stretch updates since then, and I wonder if the
>
Hi,
On Sun, Sep 16, 2018 at 09:43:34PM +0200, Ola Lundqvist wrote:
> Hi Markus, Chris, Guido and Thorsten
>
> Today I realized that I have planned for LTS CVE triaging exactly the
> week that I'm going to move to a new house. Not the best planning
> maybe. Well I did not know that I had to move wh
Hi,
On Mon, Sep 17, 2018 at 12:51:38PM +0200, Ola Lundqvist wrote:
> Hi Guido and Markus
>
> Markus: I saw that you had added yourself this week. That is fine with
> me. I have assigned myself to next week that Guido left instead. Let
> me know if you want me to take both weeks instead.
>
> Guido
Hi,
On Mon, Apr 08, 2019 at 05:50:46PM +1000, Brian May wrote:
> Patch for Jessie version attached. Patch is applied by hand from
> https://www.redhat.com/archives/libvir-list/2019-April/msg00339.html
I don't think this is needed for jessie since the corresponding function
in qemu was implemented
On Thu, May 22, 2014 at 01:33:26PM +0200, Moritz Muehlenhoff wrote:
> qemu-kvm / libvirt / xen
> -> unless there's a dedicated volunteer, I'll mark it as unsupported
> soonm
>
>
> icedove
> -> Guido, what are the plans? Maybe reconsider for wheezy-lts?
> Alternatively we could also limit the supp
On Fri, May 23, 2014 at 11:54:06AM +0200, Moritz Muehlenhoff wrote:
> If debian-security-support detects an unsupported package which is critical
> to you, please get in touch with debian-lts@lists.debian.org (seee below).
s/seee/see/
Otherwise awesome!
Cheers,
-- Guido
--
To UNSUBSCRIBE, ema
On Mon, May 26, 2014 at 09:09:17PM +0200, Raphael Hertzog wrote:
[..snip..]
> That said, the number of DSA is interesting but maybe there are DSA that
> have been skipped that we should have done. And if we get more workforce,
> maybe we can further improve the level of security support? I know tha
On Fri, Jun 13, 2014 at 03:15:31PM +0200, Holger Levsen wrote:
> Hi,
>
> On Freitag, 13. Juni 2014, Raphael Hertzog wrote:
> > Please review the attached draft, share your comments and let me know if I
> > missed your company.
>
> I don't like the focus / expressed view that LTS is made possible
On 15.07.2014 22:47, Thorsten Alteholz wrote:
> Hi,
>
> the packages for libxml2 can be found at [1].
>
> Can you please test them and give some feedback whether they are ready
> for upload?
Tested on a squeeze system with noch ill effects.
-- Guido
>
> Thanks!
> Thorsten
>
>
> [1] http://
Hi,
I'm still running some squeeze based armel systems so to prevent
ShellShock I've rebuilt the bash's debian-lts version and put it here:
http://honk.sigxcpu.org/projects/squeeze-lts/b/bash/
I'll drop other armel squeeze-lts packges there on a 'as needed'
basis.
Cheers,
-- Guido
--
To U
00644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+dulwich (0.6.1-1+deb6u1) squeeze-lts; urgency=high
+
+ * CVE-2015-0838: Fix buffer overflow in C version of apply_delta()
+
+ -- Guido Günther Tue, 26 May 2015 21:46:59 +0200
+
dulwich (0.6.1-1) unstable; urgency=low
Hi Javi,
On Wed, May 27, 2015 at 12:16:38PM +0100, Javi Merino wrote:
> [Dropping python-apps-team]
>
> Hi debian-lts,
>
> On Tue, May 12, 2015 at 10:15:38PM +0900, Javi Merino wrote:
> > Hi Raphael,
> >
> > On Mon, May 11, 2015 at 08:42:23PM +0200, Raphael Hertzog wrote:
> > > Hello dear mainta
peer_more_thorough_shell_quoting.patch
* Fix "CVE-2014-9390: Errors in handling case-sensitive directories
@@ -8,6 +9,12 @@ mercurial (1.6.4-1+deb6u1) squeeze-lts; urgency=medium
from_upstream__pathauditor_check_for_codepoints_ignored_on_OS_X.patch,
and
from_upstream__path
Hi,
from what I can see the squeeze version of mongodb is not affected by
the above CVE since
void BSONElement::validate() const {
switch( type() ) {
case DBRef:
case Code:
case Symbol:
case String: {
int x = valuestrsize();
if ( x >
Hi Javi,
On Tue, Jun 02, 2015 at 09:20:57PM +0100, Javi Merino wrote:
> Hi Guido,
>
> On Fri, May 29, 2015 at 04:01:24PM +0200, Guido Günther wrote:
> > On Wed, May 27, 2015 at 12:16:38PM +0100, Javi Merino wrote:
> > > On Tue, May 12, 2015 at 10:15:38PM +0900, Javi Meri
Hi,
On Wed, Jun 03, 2015 at 04:12:55PM +0200, Holger Levsen wrote:
> Hi Javi,
>
> On Mittwoch, 3. Juni 2015, Javi Merino wrote:
> > Source: mercurial
> > Version: 1.6.4-1+deb6u1
>
> there was no DLA for this upload, could you please prepare one and send it to
> the list?! Thanks already.
See th
d the members
of the LTS team will take care of the rest. However please make sure to
submit a tested package.
Thank you very much.
Guido Günther,
on behalf of the Debian LTS team.
--
To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org
with a subject of "unsubscribe". T
with your package. Just let us know whether you would
like to review and/or test the updated package before it gets released.
Thank you very much.
Guido Günther,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can veri
ested the updated package or not.
If you don't want to take care of this update, it's not a problem, we
will do our best with your package. Just let us know whether you would
like to review and/or test the updated package before it gets released.
Thank you very much.
Guido Günther,
o
Hi,
On Mon, Jun 15, 2015 at 04:53:00PM +0200, Michael Banck wrote:
> Hello,
>
> The VENOM vulnerability is unfixed in squeeze (except for
> squeeze-backports):
>
> https://security-tracker.debian.org/tracker/CVE-2015-3456
>
> Even though qemu is not supported in squeeze-lts, I propose to fix thi
https://bugzilla.redhat.com/show_bug.cgi?id=1227243
+ * CVE-2015-0848: Only DecodeImage if pixel is one byte
+Fix taken from Redhat BZ
+https://bugzilla.redhat.com/show_bug.cgi?id=1227243
+
+ -- Guido Günther Fri, 19 Jun 2015 13:48:03 +0200
+
libwmf (0.2.8.4-6.1) unstable; urgency=high
*
infinite depth param normalization
+Patch based on
+http://seclists.org/oss-sec/2015/q2/729
+
+ -- Guido Günther Fri, 19 Jun 2015 17:52:46 +0200
+
librack-ruby (1.1.0-4+squeeze2) oldstable-security; urgency=high
* Team upload.
diff --git a/lib/rack/utils.rb b/lib/rack/utils.r
Hi Santiago,
On Wed, Jun 24, 2015 at 10:16:08PM +0200, Santiago Ruano Rincón wrote:
> Hi there,
>
> I've prepared a ruby 1.9.1 package to fix the two open CVEs
> CVE-2012-5371 and CVE-2013-0269. As usual, test are more than welcome.
> The package is available at the repository:
>
> deb https:
d the members
of the LTS team will take care of the rest. However please make sure to
submit a tested package.
Thank you very much.
Guido Günther,
on behalf of the Debian LTS team.
--
To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org
with a subject of "unsubscribe". T
d the members
of the LTS team will take care of the rest. However please make sure to
submit a tested package.
Thank you very much.
Guido Günther,
on behalf of the Debian LTS team.
--
To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org
with a subject of "unsubscribe". T
With lots of packages in dla-needed.txt it's easier to focus on CVEs of
packages that are not being worked on at all.
---
I'd be happy about any comments before applying this.
bin/lts-cve-triage.py | 10 ++
1 file changed, 10 insertions(+)
diff --git a/bin/lts-cve-triage.py b/bin/lts-cve
On Sun, Jun 28, 2015 at 02:12:48PM +0200, Santiago Ruano Rincón wrote:
[..snip..]
> > Apart from that I noticed this behaviour change due to the fix for
> > CVE-2013-0269 (based on [1]):
> >
> > Squeeze version:
> > # cat < >
> > require 'json'
> > p JSON.p
On Tue, Jun 30, 2015 at 09:14:14PM +, Mike Gabriel wrote:
> Hi Guido,
>
> I just saw that you are co-maintainer of pykerberos. I realized after I had
> already put my name behind the package name in dla-needed.txt.
>
> As you are also on the LTS team, do you want to continue with uploading th
On Mon, Jun 29, 2015 at 10:53:41PM +0200, Raphael Hertzog wrote:
> Hi,
>
> On Fri, 26 Jun 2015, Guido Günther wrote:
> > With lots of packages in dla-needed.txt it's easier to focus on CVEs of
> > packages that are not being worked on at all.
>
> Look
Hi Mike,
On Thu, Jul 02, 2015 at 09:05:52AM +, Mike Gabriel wrote:
> Hi Guido,
>
> On Mi 01 Jul 2015 09:05:36 CEST, Guido Günther wrote:
>
> >On Tue, Jun 30, 2015 at 09:14:14PM +, Mike Gabriel wrote:
> >>Hi Guido,
> >>
> >>I just saw that yo
best with your package. Just let us know whether you would
like to review and/or test the updated package before it gets released.
Thank you very much.
Guido Günther,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You
best with your package. Just let us know whether you would
like to review and/or test the updated package before it gets released.
Thank you very much.
Guido Günther,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You
with your package. Just let us know whether you would
like to review and/or test the updated package before it gets released.
Thank you very much.
Guido Günther,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can veri
Hi Jan,
On Wed, Aug 12, 2015 at 03:24:46PM +0200, Jan Ingvoldstad wrote:
> On 08/12/2015 03:00 PM, Guido Günther wrote:
> >Hello dear maintainers,
> >
> >the Debian LTS team would like to fix the security issues which are
> >currently open in the Squeeze version of wor
Hi,
I wanted some color in debian/CVE/list so I hacked up some very simple
highlighting
for emacs:
https://git.sigxcpu.org/cgit/emacs-tools/commit/?id=200d437c93536d911da85e080188fc68a5221122
I do wonder if there is something else around already and I just did not
spot it? If not, should we
Hi Craig,
On Fri, Aug 14, 2015 at 06:28:55PM +1000, Craig Small wrote:
> On Wed, Aug 12, 2015 at 03:00:32PM +0200, Guido Günther wrote:
> > the Debian LTS team would like to fix the security issues which are
> > currently open in the Squeeze version of wordpress:
>
Hi Craig,
On Sat, Aug 15, 2015 at 02:10:56PM +1000, Craig Small wrote:
> On Fri, Aug 14, 2015 at 10:11:19PM +0200, Guido Günther wrote:
> > Are you planning to introduce a new upstream version or to backport the
> > fixes? Squeeze is currently in sync with Wheezy, we could try to k
Hi,
On Sun, Aug 16, 2015 at 02:37:28PM +1000, Craig Small wrote:
> Awesome. So you're happy to build of the git branch then?
I hope I can manage. If not I'll call again ;)
Cheers,
-- Guido
Hi,
On Sat, Aug 15, 2015 at 12:17:44PM +0200, Moritz Mühlenhoff wrote:
> On Wed, Aug 12, 2015 at 06:23:25PM +0200, Guido Günther wrote:
> > Hi,
> > I wanted some color in debian/CVE/list so I hacked up some very simple
> > highlighting
> > for emacs:
> >
> >
Hi,
On Sat, Aug 15, 2015 at 02:10:56PM +1000, Craig Small wrote:
> On Fri, Aug 14, 2015 at 10:11:19PM +0200, Guido Günther wrote:
> > Are you planning to introduce a new upstream version or to backport the
> > fixes? Squeeze is currently in sync with Wheezy, we could try to keep i
On Sat, Aug 15, 2015 at 02:10:56PM +1000, Craig Small wrote:
> On Fri, Aug 14, 2015 at 10:11:19PM +0200, Guido Günther wrote:
> > Are you planning to introduce a new upstream version or to backport the
> > fixes? Squeeze is currently in sync with Wheezy, we could try to keep it
&g
On Thu, Aug 20, 2015 at 10:04:56AM +0200, Ben Hutchings wrote:
> On Thu, 2015-08-20 at 10:09 +0300, Sebastian Dröge wrote:
> > Hi,
> >
> > On Mi, 2015-08-19 at 23:29 +0200, b...@decadent.org.uk wrote:
> > > Hello dear maintainer(s),
> > >
> > > the Debian LTS team would like to fix the security i
with your package. Just let us know whether you would
like to review and/or test the updated package before it gets released.
Thank you very much.
Guido Günther,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can veri
best with your package. Just let us know whether you would
like to review and/or test the updated package before it gets released.
Thank you very much.
Guido Günther,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You
Hi,
On Fri, Sep 11, 2015 at 11:00:19AM +0200, Guido Günther wrote:
> Hello dear maintainers,
>
> the Debian LTS team would like to fix the security issues which are
> currently open in the Squeeze version of network-manager:
> https://security-tracker.debian.org/tracker/CVE-201
pdate, it's not a problem, we
will do our best with your package. Just let us know whether you would
like to review and/or test the updated package before it gets released.
Thank you very much.
Guido Günther,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start worki
of ServerKeyExchange.
+
+ -- Guido Günther Sat, 26 Sep 2015 14:29:48 +0200
+
nss (3.12.8-1+squeeze7) squeeze-security; urgency=high
* Non-maintainer upload by the Security Team.
diff --git a/debian/patches/CVE-2015-2721.patch
b/debian/patches/CVE-2015-2721.patch
new file mode 100644
index 0
Hi,
for the glibc update I'm preparing three issues that don't have a CVE
assigned yet so they can't be marked as resolved via the entry in
data/DLA/list. Is the correct way to tag these by just adding:
[squeeze] - eglibc 2.11.3-4+deb6u7
to the entries in data/CVE/list after the upload?
Che
Hi,
On Sun, Sep 27, 2015 at 10:42:20AM +0200, Salvatore Bonaccorso wrote:
> Hi Gudio,
>
> On Sun, Sep 27, 2015 at 10:17:14AM +0200, Guido Günther wrote:
> > Hi,
> >
> > for the glibc update I'm preparing three issues that don't have a CVE
> > assigned
Hi,
On Mon, Sep 28, 2015 at 07:43:33PM +0200, Peter Spiess-Knafl wrote:
> Hi LTS team!
>
> I am trying to support one of my packages in squeeze-lts. I am having
> difficulties in creating a chroot environment for that. Is there a
> tutorial for doing that?
With recent git-pbuilder (as in from git
Hi,
On Fri, Oct 30, 2015 at 03:01:47PM +0100, Raphael Hertzog wrote:
> Hello everybody,
>
> with the current LTS funding level and the somewhat limited scope of squeeze,
> and until the LTS team takes care of wheezy, we are likely to have some
> spare hours to invest into improving the long-term s
e,
or even with a pointer to your packaging repository), and the members
of the LTS team will take care of the rest. However please make sure to
submit a tested package.
Thank you very much.
Guido Günther,
on behalf of the Debian LTS team.
Hi,
On Sat, Aug 15, 2015 at 12:17:44PM +0200, Moritz Mühlenhoff wrote:
> On Wed, Aug 12, 2015 at 06:23:25PM +0200, Guido Günther wrote:
> > Hi,
> > I wanted some color in debian/CVE/list so I hacked up some very simple
> > highlighting
> > for emacs:
> >
> >
r test the updated package before it gets released.
Thank you very much.
Guido Günther,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this file:
https://anonscm.
r test the updated package before it gets released.
Thank you very much.
Guido Günther,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this f
Hi,
On Sun, Nov 01, 2015 at 03:42:31PM -0500, Sam Hartman wrote:
> I'll admit that squeeze isn't something I use or have infrastructure
> for.
> My recommendation though is that you hold off on a krb5 update for a
> week or two regardless unless you want to do two in quick succession.
Thanks for t
Hi,
Backporting fixes for nss can become a challenge over time due to:
* Bugs related to MFAs (often containing test cases) being restricted so
one can only look at hg and try to find all the relevant commits.
* The library has rather frequent security updates
* The code diverges over the yea
Hi,
On Wed, Nov 04, 2015 at 05:44:36PM +0100, Raphael Hertzog wrote:
> [ Many people are on copy, please trim the list as appropriate when you reply
> ]
>
> On Wed, 19 Aug 2015, Moritz Muehlenhoff wrote:
> > These need to be discussed, since they will be a significant
> > time drain (e.g. are th
reexian.com/services/debian-lts-details.html#join for
> details about requirement for paid contributors).
>
> Thus putting the respective maintainers/maintainance team in copy (Mike
> Hommey for iceweasel, Guido Günther for multiple package, Christop Göhre for
> Icedove,
> Au
Hi,
On Thu, Nov 05, 2015 at 09:10:26AM +0100, David Ayers wrote:
> Yet we could in theory live with backports of newer versions, as I
> assume the problem is that these are packages that are not supported
> upstream. But I'm not sure how much that would buy, since the versions
> of libvirt in sid
On Sun, Nov 01, 2015 at 08:21:39PM +0100, Moritz Mühlenhoff wrote:
> On Sat, Oct 31, 2015 at 03:27:43PM +0100, Guido Günther wrote:
> > I'm not much of a emacs hacker so improvements are certainly
> > welcome.
>
> I'm neither, but looks good to me.
>
> >
Hi,
On Thu, Nov 05, 2015 at 09:00:51PM +0100, Florian Weimer wrote:
> * Mike Hommey:
>
> > On ABI stability, both NSPR and NSS have a very strict policy. NSPR
> > receives very few ABI changes, and it's only adding new functions. NSS
> > has much more ABI changes, but also only adding new function
On Fri, Nov 06, 2015 at 05:22:15PM +0100, Guido Günther wrote:
> Hi,
> On Thu, Nov 05, 2015 at 09:00:51PM +0100, Florian Weimer wrote:
> > * Mike Hommey:
> >
> > > On ABI stability, both NSPR and NSS have a very strict policy. NSPR
> > > receives very few A
Hi,
I'm currently preparing fixes for nss and wonder if the security team
already has a plan forward for CVE-2015-4000? Using the upstream patch
would change defaults in a stable release. I think I'd be good to do the
same for all currently supported releases.
Cheers
-- Guido
Previous mail was without subject, sorry!
Hi,
I'm currently preparing fixes for nss and wonder if the security team
already has a plan forward for CVE-2015-4000? Using the upstream patch
would change defaults in a stable release. I think I'd be good to do the
same for all currently supported relea
Hi,
On Wed, Nov 25, 2015 at 12:24:44PM +0100, Guido Günther wrote:
> Hi,
> I'm currently preparing fixes for nss and wonder if the security team
> already has a plan forward for CVE-2015-4000? Using the upstream patch
> would change defaults in a stable release. I think I&#x
SED; urgency=medium
+ [ Salvatore Bonaccorso ]
* Mark typo3-src as unsupported in Wheezy.
Thanks to Holger Levsen (Closes: #793454)
- -- Salvatore Bonaccorso Thu, 13 Aug 2015 21:45:20 +0200
+ [ Guido Günther ]
+ * End support for src:quassel in squeeze-lts.
+
+ -- Guido Günther Sat, 2
Hallo Martin,
On Sat, Nov 28, 2015 at 09:54:46PM +0100, Martin Pitt wrote:
> Hello Guido,
>
> Guido Günther [2015-11-23 18:03 +0100]:
> > Traceback (most recent call last):
> > File "", line 6, in
> > ImportError: No module named GDebi.Cache
> > bl
Hi,
On Sat, Nov 28, 2015 at 02:16:33PM +0100, Guido Günther wrote:
> Hi,
> On Wed, Nov 25, 2015 at 12:24:44PM +0100, Guido Günther wrote:
> > Hi,
> > I'm currently preparing fixes for nss and wonder if the security team
> > already has a plan forward for CVE-2015-4
r test the updated package before it gets released.
Thank you very much.
Guido Günther,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this file:
https://anonscm.
r test the updated package before it gets released.
Thank you very much.
Guido Günther,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this file:
https://anonscm.
nd/or test the updated package before it gets released.
Thank you very much.
Guido Günther,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this f
Hi Paul,
On Fri, Dec 11, 2015 at 01:08:58PM +0100, Paul Gevers wrote:
> Hi
>
> On 11-12-15 10:50, Guido Günther wrote:
> > the Debian LTS team would like to fix the security issues which are
> > currently open in the Squeeze version of cacti:
> > https://security-tra
Hi Troy,
On Tue, Dec 15, 2015 at 12:18:28PM -0700, Troy Heber wrote:
> On 12/11/15 11:21, Guido Günther wrote:
>
> > the Debian LTS team would like to fix the security issues which are
> > currently open in the Squeeze version of dwarfutils:
> > https://security-tracke
Hi,
On Wed, Dec 16, 2015 at 02:58:08PM -0700, Troy Heber wrote:
> On 12/16/15 18:44, Guido Günther wrote:
> >
> > It doesn't segfault but I added this note to dla-needed (so I remember
> > why I think it's affected):
> >
> > dwarfutils
> &
201 - 300 of 398 matches
Mail list logo
