Hi Thorsten,
On Mon, Dec 28, 2015 at 11:13:32PM +0100, Thorsten Alteholz wrote:
> Hi everybody,
>
> can someone please have a look at the diff for passenger=2.2.11debian-2 in
> Squeeze that should solve CVE-2015-7519[1] and nod?
>
> Thanks!
> Thorsten
>
>
> [1] https://security-tracker.debian.
Hi,
In order to track the status of packaging improvements we make related
to debian-lts I'd like to propose the "ease-lts" usertag:
https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=ease-lts;users=debian-lts@lists.debian.org
For issues related to prepare wheezy LTS the "prep-wheezy-lts":
Hi Moritz,
On Mon, Dec 14, 2015 at 06:04:33PM +0100, Moritz Muehlenhoff wrote:
> On Wed, Nov 25, 2015 at 11:58:19AM +0100, Florian Weimer wrote:
> > * Guido Günther:
> >
> > > On Thu, Nov 05, 2015 at 09:00:51PM +0100, Florian Weimer wrote:
> > >> * Mike Hommey:
Hi Antoine,
On Thu, Dec 31, 2015 at 05:33:30PM -0500, Antoine Beaupré wrote:
> hi
>
> right now, the security tracker shows CVEs marked as "end-of-life" as
> "vulnerable", and in the open issue list. a good example is the redmine
> package:
>
> https://security-tracker.debian.org/tracker/source-p
Hi,
On Thu, Dec 31, 2015 at 10:12:04AM +0100, Raphael Hertzog wrote:
> Hi,
>
> On Wed, 30 Dec 2015, Guido Günther wrote:
> > In order to track the status of packaging improvements we make related
> > to debian-lts I'd like to propose the "ease-lts&qu
Hi,
On Fri, Jan 15, 2016 at 01:35:37PM +, Ben Hutchings wrote:
> On Fri, 2016-01-15 at 11:46 +0100, Mike Gabriel wrote:
> > Hello dear maintainer(s),
> >
> > the Debian LTS team would like to fix the security issues which are
> > currently open in the Squeeze version of openssh:
> > https://se
Hi Colin,
On Fri, Jan 15, 2016 at 02:01:44PM +, Colin Watson wrote:
> On Fri, Jan 15, 2016 at 02:50:33PM +0100, Yves-Alexis Perez wrote:
> > On ven., 2016-01-15 at 14:47 +0100, Guido Günther wrote:
> > > > I believe Yves-Alexis Perez is handing this.
> > >
Hi,
now that Wheezy LTS is approaching I wondered what would be the best
places to help out fixing issues in Wheezy so that upgrading from
Squeeze to Wheezy would not introduce new security issues.
Therefore I added bin/lts-needs-forward-port.py (based on
lts-cve-triage.py) that lists issues fixe
Hi Luciano,
On Thu, Dec 10, 2015 at 06:27:54PM +0100, Luciano Bello wrote:
> On Saturday 28 November 2015 14.16.33 Guido Günther wrote:
> > I've attached the patches for review. These also add some minimal
> > autopkgtest to exercise the ASN1 parser (affected by the above CVEs)
44
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+polarssl (1.2.9-1~deb7u6) wheezy-security; urgency=high
+
+ * Non-maintainer upload by the LTS Security Team.
+ * CVE-2015-5291: Remote attack on clients using session tickets or SNI
+
+ -- Guido Günther Sat, 23 Jan 2016
fixes for
+CVE-2014-9673 since they overlap. Closes: #777656
+
+ -- Guido Günther Sun, 24 Jan 2016 19:41:13 +0100
+
freetype (2.4.9-1.1+deb7u2) wheezy-security; urgency=high
* Non-maintainer upload.
diff --git a/debian/patches-freetype/CVE-2014-9673.patch b/debian/patches-freetype/CVE
On Mon, Jan 25, 2016 at 09:14:21PM +1100, Brian May wrote:
[..snip..]
> > Did you check that the new upstream version is backwards compatible in
> > terms of usage?
>
> Yes. It is mostly bug fixes and several new features, such as SNI
> support. I did a diff, and compared.
That matches what I dif
Hi,
looking at the above CVEs concerning dhcpcd, you wrote
# Remove not-affected tags for squeeze. By simple code inspection we
# cannot say that the issue is not present in squeeze's / wheezy's version
# of dhcpcd. Further actions: try exploit, ask upstream, second opinion.
did you contact upstr
27;s not a problem, we
will do our best with your package. Just let us know whether you would
like to review and/or test the updated package before it gets released.
Thank you very much.
Guido Günther,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this upd
Hi,
I see many packages marked:
[squeeze] - foo (not supported in Squeeze LTS)
shouldn't that be
[squeeze] - foo (not supported in Squeeze LTS)
since no-dsa implies that the bug migh be fixed eventually in a later
update?
Cheers,
-- Guido
On Tue, Jan 26, 2016 at 10:08:24PM +0100, Guido Günther wrote:
> Hi,
> I see many packages marked:
>
> [squeeze] - foo (not supported in Squeeze LTS)
>
> shouldn't that be
>
> [squeeze] - foo (not supported in Squeeze LTS)
>
> since
r test the updated package before it gets released.
Thank you very much.
Guido Günther,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this file:
https://anonscm.
r test the updated package before it gets released.
Thank you very much.
Guido Günther,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this file:
https://anonscm.
Hi Sergei,
On Fri, Jan 29, 2016 at 10:53:40AM +0300, Sergei Golovan wrote:
> Hi Guido,
>
> On Thu, Jan 28, 2016 at 11:04 PM, Guido Günther wrote:
> > Hello dear maintainer,
> >
> > the Debian LTS team would like to fix the security issues which are
> > current
Hi,
On Thu, Jan 28, 2016 at 07:27:20PM +0100, Moritz Mühlenhoff wrote:
> On Sat, Jan 23, 2016 at 02:22:22PM +0100, Guido Günther wrote:
> > Hi,
> >
> > now that Wheezy LTS is approaching I wondered what would be the best
> > places to help out fixing issues in Wh
kage. Just let us know whether you would
like to review and/or test the updated package before it gets released.
Note that I marked several issues as no-dsa (basically what you marked
as low impact upstream since this all made sense to me).
Thank you very much.
Guido Günther,
on behalf of the
Hi,
On Fri, Jan 29, 2016 at 06:50:59PM +0100, Sébastien Delafond wrote:
> Hi Guido,
>
> thanks for the debdiff. It looks good, except for the urgency which
> you'll want to set to "high" before uploading. Once that's done, I'll
> release the DSA.
urgency set to high and uploaded. Thanks a lot!
Ch
Hi,
On Fri, Jan 29, 2016 at 07:52:17PM +0100, Sébastien Delafond wrote:
> On Jan/29, Guido Günther wrote:
> > urgency set to high and uploaded. Thanks a lot!
>
> the upload was rejected because it "Refers to non-existing file
> 'freetype_2.4.9.orig.tar.gz'"
Hi,
On Tue, Jan 26, 2016 at 07:55:02AM +, Mike Gabriel wrote:
> HI Guido,
>
> On Mo 25 Jan 2016 20:44:34 CET, Guido Günther wrote:
>
> >Hi,
> >looking at the above CVEs concerning dhcpcd, you wrote
> >
> ># Remove not-affected tags for squeeze. By simpl
On Fri, Jan 29, 2016 at 02:28:02PM +0100, Guido Günther wrote:
> Hi,
> On Thu, Jan 28, 2016 at 07:27:20PM +0100, Moritz Mühlenhoff wrote:
> > On Sat, Jan 23, 2016 at 02:22:22PM +0100, Guido Günther wrote:
> > > Hi,
> > >
> > > now that Wheezy LTS is approa
On Sun, Jan 31, 2016 at 09:12:38AM +0100, Sébastien Delafond wrote:
> On Jan/29, Sébastien Delafond wrote:
> > thanks for the debdiff. It looks OK, so feel free to upload it. Once
> > that's done, I'll release the DSA.
>
> Hi Guido,
>
> are you still willing to upload polarssl to security-master
Hi,
On Mon, Feb 01, 2016 at 09:51:54AM +0100, Sébastien Delafond wrote:
> On Jan/31, Guido Günther wrote:
> > Uploaded now. Thanks!
>
> Hi Guido,
>
> have you looked into fixing the jessie version (1.3.9-2.1) as well ? If
> not, I'll need to look into it later this
Hi,
On Fri, Feb 05, 2016 at 08:44:37PM +, James Cowgill wrote:
> Hi!
>
> On Fri, 2016-02-05 at 14:24 +0100, Guido Günther wrote:
> > Hi,
> > On Mon, Feb 01, 2016 at 09:51:54AM +0100, Sébastien Delafond wrote:
> > > On Jan/31, Guido Günther wrote:
> > >
Hi,
On Mon, Feb 08, 2016 at 11:02:41PM +0100, Santiago Ruano Rincón wrote:
> Hi,
>
> I've committed to https://anonscm.debian.org/cgit/publicity/announcements.git/
> the first draft for the announcement about the Squeeze LTS EOF. Please,
> take a look on it.
Reads great!
>
> I haven't proposed
Hi,
On Fri, Feb 12, 2016 at 03:51:45PM -0500, Antoine Beaupré wrote:
> On 2016-02-11 15:37:27, Vincent Blut wrote:
> > On Thu, Feb 11, 2016 at 02:02:52PM -0500, Antoine Beaupré wrote:
> >>On 2016-02-10 17:33:37, Vincent Blut wrote:
> >>> Ok, it’s done. Please could you review and eventually upload
Hi Santiago,
On Wed, Feb 17, 2016 at 11:21:04AM +0100, santiag...@riseup.net wrote:
> Package: gtk+2.0
> Version: 2.20.1-2+deb6u1
> CVE ID : CVE-2013-7447
> Debian Bug : 799275
This doesn't seem to be reflected in data/CVE/list. Did you forget to
commit your changes?
Ch
1 file changed, 79 insertions(+)
create mode 100755 bin/support-ended.py
diff --git a/bin/support-ended.py b/bin/support-ended.py
new file mode 100755
index 000..3cfb331
--- /dev/null
+++ b/bin/support-ended.py
@@ -0,0 +1,79 @@
+#!/usr/bin/python
+# vim: set fileencoding=utf-8 :
+#
+# Copy
Hi,
On Wed, Feb 17, 2016 at 01:39:41PM -0500, Antoine Beaupré wrote:
> On 2016-02-17 12:13:35, Guido Günther wrote:
> > When triaging LTS issues I always have to look up what we still support
> > and what not. Attached script simplifies this a bit:
> >
> > $ bin/sup
Hi Santiago,
On Wed, Feb 17, 2016 at 07:16:20PM +0100, Santiago Ruano Rincón wrote:
> Hi Guido,
>
> El 17/02/16 a las 17:13, Guido Günther escribió:
> > Hi Santiago,
> > On Wed, Feb 17, 2016 at 11:21:04AM +0100, santiag...@riseup.net wrote:
> > > Package
On Thu, Feb 18, 2016 at 09:35:14AM -0500, Antoine Beaupré wrote:
> On 2016-02-18 02:26:28, Guido Günther wrote:
> > Hi,
> > On Wed, Feb 17, 2016 at 01:39:41PM -0500, Antoine Beaupré wrote:
> >> On 2016-02-17 12:13:35, Guido Günther wrote:
> >> > When triaging
Hi Adam,
On Sat, Feb 20, 2016 at 02:27:27PM +, Adam D. Barratt wrote:
> [apologies to anyone who's ended up with three copies of this; the
> original got eaten due to a misconfiguration on my side - please only
> reply to this copy]
>
> Hi,
>
> As I understand it, the plan is for wheezy-lts t
Hi Mortiz,
On Mon, Feb 22, 2016 at 11:28:48PM +0100, Moritz Mühlenhoff wrote:
> On Mon, Feb 22, 2016 at 06:42:20PM +0100, Guido Günther wrote:
> > Hi Adam,
> > On Sat, Feb 20, 2016 at 02:27:27PM +, Adam D. Barratt wrote:
> > > [apologies to anyone who's ended up w
015-1323.patch to address CVE-2015-1323 - taken from
+0.43+bzr805-0ubuntu10 (Closes: #789162)
+
+ -- Guido Günther Mon, 29 Feb 2016 08:33:47 +0100
+
aptdaemon (0.45-2) unstable; urgency=medium
* Check downloaded key id; merged from Ubuntu (CVE-2012-0962)
diff --git a/debian/patches/CVE-
Hi,
On Mon, Feb 29, 2016 at 03:25:46PM +, Mike Gabriel wrote:
> For this, we can run bin/lts-needs-forward-port.py from the secure-testing
> repo and see what issues we fixed in squeeze and port those fixes to the
> package version in wheezy-security. Package updates must be coordinated with
>
On Tue, Mar 01, 2016 at 07:15:28AM +, Mike Gabriel wrote:
[..snip..]
> >>Issues that are unfixed in wheezy but fixed in squeeze:
> >>* aptdaemon-> CVE-2015-1323
> >>* cakephp -> TEMP-000-698CF7
> >>* dhcpcd -> CVE-2012-6698 CVE-2012-6699 CVE-2012-6700
Hi Brian,
On Sun, Mar 13, 2016 at 11:13:31AM +1100, Brian May wrote:
> Moritz Mühlenhoff writes:
>
> > 1. We're already one wheezy update behind for xen (since some of
> > the changes were invasive and complex). It would be great if
> > someone from the Freexian sponsor pool would work on a wheez
On Wed, Mar 16, 2016 at 02:27:15PM +1100, Brian May wrote:
> Guido Günther writes:>
>
> > Sid has Xen 4.6 and looking at the CVEs that affect sid the patches
> > don't seem to be applied so the tracker looks correct, there's plenty of
> > work left.
> &
On Fri, Mar 25, 2016 at 01:13:57PM -0400, Antoine Beaupré wrote:
> On 2016-01-23 09:04:53, Guido Günther wrote:
> > Hi Luciano,
> > On Thu, Dec 10, 2015 at 06:27:54PM +0100, Luciano Bello wrote:
> >> On Saturday 28 November 2015 14.16.33 Guido Günther wrote:
> >>
Hi,
On Tue, Mar 01, 2016 at 08:01:20PM +0100, Moritz Muehlenhoff wrote:
> On Tue, Mar 01, 2016 at 02:08:56PM +, Sébastien Delafond wrote:
> > On 2016-03-01, Mike Gabriel wrote:
> > > @Security Team: Shall we (LTS contributors) handle wheezy-security
> > > updates like described below until D
Hi Salvatore,
On Mon, Mar 28, 2016 at 07:32:38AM +0200, Salvatore Bonaccorso wrote:
> Hi Guido,
>
> On Sun, Mar 27, 2016 at 04:15:10PM +0200, Guido Günther wrote:
[..snip..]
> > O.k. to grab lxc fixing CVE-2015-1335 to dsa-needed ?
>
> Honestly I tend to actually mark this a
Hi,
On Thu, Feb 18, 2016 at 06:02:12PM +0100, Holger Levsen wrote:
> Hi Guido,
>
> On Mittwoch, 17. Februar 2016, Guido Günther wrote:
> > When triaging LTS issues I always have to look up what we still support
> > and what not. Attached script simplifies this a bit:
>
On Tue, Mar 29, 2016 at 04:28:36PM -0400, Antoine Beaupré wrote:
> On 2016-03-26 04:33:29, Guido Günther wrote:
> > Thanks for reviewing this! I was about to look into more recent nss
> > issues after handling dhcpcd but since you're at it, go ahead!
> >
> > Note
Hi Markus,
On Mon, Mar 28, 2016 at 08:36:08PM +0200, Markus Koschany wrote:
> Hi all,
>
> here is a summary about the current status of making OpenJDK 7 the
> default Java JRE / JDK in Wheezy-LTS.
>
> Intended changes
> ===
>
> 1. Making OpenJDK 7 the default by updating src:java
Hi,
(no April's 1st joke):
For QEMU/KVM the codebase between the Wheezy version and current
upstream diverged that heavily that I did not find any help to support
the Wheezy versions any longer. The Wheezy version lacks support for
some modern OSes (e.g. newer Windows versions) as well. RedHat is
On Thu, Mar 31, 2016 at 04:12:04PM +0200, Guido Günther wrote:
> On Tue, Mar 29, 2016 at 04:28:36PM -0400, Antoine Beaupré wrote:
> > On 2016-03-26 04:33:29, Guido Günther wrote:
> > > Thanks for reviewing this! I was about to look into more recent nss
> > > issues afte
Hi,
On Thu, Apr 07, 2016 at 04:44:07PM -0400, Antoine Beaupré wrote:
> On 2016-03-31 10:12:04, Guido Günther wrote:
> > On Tue, Mar 29, 2016 at 04:28:36PM -0400, Antoine Beaupré wrote:
> >> On 2016-03-26 04:33:29, Guido Günther wrote:
> >> > Until t
Hi,
On Fri, Apr 08, 2016 at 10:01:10AM +0200, Raphael Hertzog wrote:
> Hello,
>
> I'm going to attend DebConf and I was wondering who else from the LTS team
> will attend this year. We should also consider whether we request
> talks/workshops/bof...
>
> Does someone want to present Debian LTS? I
On Mon, Mar 28, 2016 at 07:28:34PM +0200, Guido Günther wrote:
> Hi,
> On Thu, Feb 18, 2016 at 06:02:12PM +0100, Holger Levsen wrote:
> > Hi Guido,
> >
> > On Mittwoch, 17. Februar 2016, Guido Günther wrote:
> > > When triaging LTS issues I always have to look u
HandleECDHServerKeyExchange function
+ * Add CVE-2016-1979.patch: Use-after-free vulnerability in the
+PK11_ImportDERPrivateKeyInfoAndReturnKey
+ * Add CVE-2016-1950: Heap-based buffer allows to execute arbitrary code via
+crafted ASN.1 data in an X.509 certificate
+
+ -- Guido Günther
(trimming the cc list a bit since this is mostly a +1)
On Fri, Apr 15, 2016 at 10:03:45AM +0200, Raphael Hertzog wrote:
> Hello,
>
> I know that we decided to not support arm* for wheezy-lts during last
> Debconf but it turns out that Freexian has been contacted by a potential LTS
> sponsor selli
On Mon, Apr 18, 2016 at 09:44:43AM +0200, Raphael Hertzog wrote:
> Hi,
>
> On Mon, 18 Apr 2016, Guido Günther wrote:
> > I assume the level of sponsorship offered is reasonable to support an
> > arm port?
>
> Yes, I believe so. They will join as gold sponsor.
>
&
Hi Santiago,
On Thu, May 12, 2016 at 03:16:15PM +0200, Santiago Ruano Rincón wrote:
> Hi,
>
> Given the recent bug triaging, security-support-ended.deb7 needs more
> updating. I'm taking Mortiz's mail as reference, and I hope I are not
> missing other info:
>
> El 11/11/15 a las 21:59, Sebastian
On Thu, May 12, 2016 at 10:07:17AM -0400, Antoine Beaupré wrote:
> On 2016-05-12 10:00:24, Guido Günther wrote:
> >> qemu and qemu-kvm were triaged as unsupported for CVE-2016-3712, but I
> >> think Guido is studying how to support virtualisation related packages,
> >>
On Fri, May 13, 2016 at 09:40:42AM +0200, Raphael Hertzog wrote:
> On Thu, 12 May 2016, Guido Günther wrote:
> > > I would rather see qemu supported, in other words. But the version in
> > > wheezy is really old, and in xen/wheezy even more so.
> >
> > AFAIK X
Hi,
On Fri, May 13, 2016 at 12:30:35PM +0200, Moritz Muehlenhoff wrote:
> On Fri, May 13, 2016 at 12:21:13PM +0200, Raphael Hertzog wrote:
> > On Fri, 13 May 2016, Moritz Muehlenhoff wrote:
> > > > I'm not convinced that
> > > > supporting the current Wheezy versions of QEMU for two more years is o
On Sat, May 14, 2016 at 09:11:17PM +0200, Moritz Mühlenhoff wrote:
> On Fri, May 13, 2016 at 02:10:48PM +0200, Guido Günther wrote:
> > > No, I recommend to EOL src:qemu/qemu-kvm in wheezy (the bits relevant to
> > > src:xen are
> > > somewhat isolated and can be ba
Hi Antoine,
On Thu, Apr 07, 2016 at 05:18:21PM -0400, Antoine Beaupré wrote:
> On 2016-04-07 16:44:07, Antoine Beaupré wrote:
> >> The patches by itself look good to me.
> >
> > Alright, I'll rebuild with the tests/ directory, we'll see how that
> > goes. :)
>
> I rebuild the packages with the tes
#823430)
+ * Let mozconfig figure out the number of parallel builds to get the proper
+build ordering when building the internal nspr to unbreak the armhf build.
+
+ -- Guido Günther Sun, 15 May 2016 17:48:23 +0200
+
icedove (38.8.0-1~deb7u1) oldstable-security; urgency=medium
* [
Hi Antoine,
On Tue, May 17, 2016 at 10:57:49AM -0400, Antoine Beaupré wrote:
> On 2016-05-16 12:39:44, Guido Günther wrote:
> > Hi Antoine,
> > On Thu, Apr 07, 2016 at 05:18:21PM -0400, Antoine Beaupré wrote:
> >> On 2016-04-07 16:44:07, Antoine Beaupré wrote:
> >&
On Tue, May 17, 2016 at 12:13:29PM -0400, Antoine Beaupré wrote:
> On 2016-05-13 09:00:59, Antoine Beaupré wrote:
> > So if we're going to do this painful work, might as well maintain some
> > qemu interface in wheezy as well. I am not sure I see what additional
> > cost this would bring: although
On Wed, May 18, 2016 at 03:12:23PM -0400, Antoine Beaupré wrote:
> On 2016-03-29 16:28:36, Antoine Beaupré wrote:
> > On 2016-03-26 04:33:29, Guido Günther wrote:
> >> Thanks for reviewing this! I was about to look into more recent nss
> >> issues after handling dhcpcd
On Thu, May 19, 2016 at 08:28:15AM +0200, Salvatore Bonaccorso wrote:
> Hi Guido,
>
> On Thu, May 19, 2016 at 08:11:37AM +0200, Guido Günther wrote:
> > On Wed, May 18, 2016 at 03:12:23PM -0400, Antoine Beaupré wrote:
> > > On 2016-03-29 16:28:36, Antoine Beaupré wrote:
Hi Mike,
I'm currently looking into building icedove 45 for Wheezy-LTS. I wonder
if I should do the same for Iceweasel or if you intend to keep
maintaining Iceweasel in LTS yourself?
Cheers,
-- Guido
Hi,
On Fri, May 13, 2016 at 09:54:21AM +0200, Raphael Hertzog wrote:
> Hi,
>
> On Thu, 12 May 2016, Guido Günther wrote:
> > I have maintained icedove a while ago and know the codebase a bit. I'm
> > also sure we might get support from the current maintainers as long
Hi Mike,
On Thu, May 26, 2016 at 10:29:22PM +0900, Mike Hommey wrote:
> On Sun, May 22, 2016 at 07:34:29PM +0200, Guido Günther wrote:
> > Hi Mike,
> > I'm currently looking into building icedove 45 for Wheezy-LTS. I wonder
> > if I should do the same for Icewease
Hi Ola,
On Thu, May 26, 2016 at 11:27:42PM +0200, Ola Lundqvist wrote:
> Hi ruby-activerecord-3.2 maintainer(s) and Debian LTS team
>
> This is my third package contribution to Debian LTS. I'm doing this as a
> training exercise and this is why the maintainer have not been asked to
> this for me.
Dear enigmail maintainers,
I'm currently looking into updating Icedove in Wheezy-LTS to the esr
version 45[1]. Since Enigmail is a often used extension I wanted to
update this to a compatible version as well (as was done with prior ESR
releases).
Looking at 1.9 in sid it requires gnupg2. I justed
Hi,
On Sat, May 21, 2016 at 12:16:07AM +0200, Santiago Ruano Rincón wrote:
> Hi,
>
> I've prepared a eglibc package for wheezy, available at
>
> deb https://people.debian.org/~santiago/debian santiago-wheezy/
> deb-src https://people.debian.org/~santiago/debian santiago-wheezy/
>
> Debd
Hi,
Based on the work of the icedove and iceweasel maintainers I've uploaded
a first backport of icedove for wheezy-lts for amd64 here:
https://people.debian.org/~agx/icedove-lts/
The armhf build is still churning. If you're using icedove on wheezy
please give it a try.
This includes a enigm
Hi Ola,
On Thu, May 26, 2016 at 11:27:42PM +0200, Ola Lundqvist wrote:
> Hi ruby-activerecord-3.2 maintainer(s) and Debian LTS team
>
> This is my third package contribution to Debian LTS. I'm doing this as a
> training exercise and this is why the maintainer have not been asked to
> this for me.
On Mon, May 30, 2016 at 08:11:23PM +0200, Ola Lundqvist wrote:
> Hi Guido
>
> Yes that is true. I have not solved that problem. I focused on only one of
> the issues as I had to look into two packages to solve the one you refer
> to. Great that you will have a look at that one.
>
> I'll upload ru
Hi,
On Sat, May 28, 2016 at 11:35:18AM +0200, Salvatore Bonaccorso wrote:
> Hi
>
> The upcoming libxml2 security update is little more bigger than usual,
> thus we want to expose the package a bit for additional testing. If
> you find a problem introduced by updating to these packages, please
> re
Hi,
On Mon, Jun 06, 2016 at 11:19:52PM +0100, Ben Hutchings wrote:
> On Mon, 2016-06-06 at 22:33 +0200, Ola Lundqvist wrote:
> > Hi Ben
> >
> > I can see the following note:
> > [wheezy] - qemu (Not supported in Wheezy LTS)
> > [wheezy] - qemu-kvm (Not supported in Wheezy LTS)
> >
> > Don't thi
Hi Raphael,
On Tue, Jun 07, 2016 at 10:16:38AM +0200, Raphael Hertzog wrote:
> On Tue, 07 Jun 2016, Guido Günther wrote:
> > I do agree it should not have been EOLed yet but given the feedback to
> >
> > https://lists.debian.org/debian-lts/2016/04/msg2.html
> >
On Wed, Jun 08, 2016 at 02:32:55PM +0200, Raphael Hertzog wrote:
> Hi,
>
> On Tue, 07 Jun 2016, Guido Günther wrote:
> > I'm not happy with this either. We could try to support it on a best
> > effor basis if this helps anything. I assume most people are running not
>
Hi Ola,
On Sat, Jun 18, 2016 at 12:15:15AM +0200, Ola Lundqvist wrote:
[..snip..]
> So I have now gone through the ~7 MB diff between nss and found changes
> regarding the following:
> - ASN1 parsing issue. See also CVE-2016-1950
> - A lot of changes from getenv to some secure variant.
> - A change
On Thu, May 26, 2016 at 10:29:22PM +0900, Mike Hommey wrote:
> On Sun, May 22, 2016 at 07:34:29PM +0200, Guido Günther wrote:
> > Hi Mike,
> > I'm currently looking into building icedove 45 for Wheezy-LTS. I wonder
> > if I should do the same for Iceweasel or if you inte
Hi,
On Sun, Jun 19, 2016 at 03:36:15PM +0200, Salvatore Bonaccorso wrote:
> Hi Guido,
>
> On Sun, Jun 19, 2016 at 02:40:01PM +0200, Guido Günther wrote:
> > On Thu, May 26, 2016 at 10:29:22PM +0900, Mike Hommey wrote:
> > > On Sun, May 22, 2016 at 07:34:29PM +0200, Guido G
Hi dkg,
On Fri, May 27, 2016 at 10:30:00AM -0400, Daniel Kahn Gillmor wrote:
> Hi Guido--
>
> On Fri 2016-05-27 07:16:40 -0400, Guido Günther wrote:
> > I'm currently looking into updating Icedove in Wheezy-LTS to the esr
> > version 45[1].
>
> thanks for your wor
On Tue, Jun 28, 2016 at 08:41:08AM +0200, Raphael Hertzog wrote:
> On Mon, 27 Jun 2016, Chris Lamb wrote:
> > Package: movabletype-opensource
>
> $ grep movabletype-opensource security-support-ended.deb7
> movabletype-opensource 5.1.4+dfsg-4+deb7u3 2016-02-06 Not supported in
> Debi
Hi,
On Tue, Jun 28, 2016 at 08:55:32AM +0100, Chris Lamb wrote:
> > so that you stop doing the same mistake over and over.
>
> I think it might be unfair to characterise this as "over and over" when it
> has occured twice AFAIK, especially when the file is not even in the same
> repository..
>
Hi,
On Fri, Jul 08, 2016 at 11:39:22PM -0400, Roberto C. Sánchez wrote:
> I was looking over some of the packages which are still in need of DLAs.
> I saw that bind9 is listed as being vulnerable to CVE-2016-6170, but
> that is been marked as no-dsa for jessie [0].
>
> Should it be marked as no-dl
Hi Mortiz,
On Wed, Jul 13, 2016 at 09:34:45AM +0200, Moritz Mühlenhoff wrote:
> Hi,
> could you move lts-needed.txt and the LTS front desk file out of
> the security tracker repo? This makes the -changes list less
> spammy since those files are only relevant to LTS.
Would moving to a separate dire
Hi Salvatore,
On Wed, Jul 20, 2016 at 09:30:16AM +0200, Salvatore Bonaccorso wrote:
> Hi LTS team,
>
> I have prepared an update for the mitigation of "httpoxy" in apache2
> (CVE-2016-5387).
>
> Unless someone of the team want's to actually do the upload I could do
> it, since already prepared. B
Hi Bastian,
On Mon, Jul 25, 2016 at 01:04:52PM +0200, Bastian Blank wrote:
> On Fri, Jul 22, 2016 at 10:24:27AM +0200, Raphael Hertzog wrote:
> > Why does
> > https://github.com/credativ/xen-lts/blob/lts-status/security-status.md
> > still have lots of question marks?
> > What are we waiting to ge
Hi Bastian,
On Thu, Jul 28, 2016 at 10:26:23AM +0200, Bastian Blank wrote:
> After receiving some testing, I made a release.
>
> https://korte.credativ.com/~bbl/xen/xen_4.1.6.lts1-1.dsc
Thanks but I get a 403 on these. Could you adjust the permission so I
can grab the CVE nubmers from the Changel
On Fri, Jul 29, 2016 at 12:15:49PM +0200, Bastian Blank wrote:
> Hi Guido
>
> On Fri, Jul 29, 2016 at 11:48:16AM +0200, Guido Günther wrote:
> > On Thu, Jul 28, 2016 at 10:26:23AM +0200, Bastian Blank wrote:
> > > https://korte.credativ.com/~bbl/xen/xen_4.1.6.lts1-1.dsc
&g
On Fri, Jul 29, 2016 at 01:26:22PM +0200, Bastian Blank wrote:
> Hi Guido
>
> On Fri, Jul 29, 2016 at 01:13:33PM +0200, Guido Günther wrote:
> > * the complete removal of tools/ioemu-qemu-xen - guess this was unused
> > anyway since quiet some time, right?
>
> I hav
Hi,
Just a random comment:
On Sat, Jul 30, 2016 at 09:45:51PM +0200, Balint Reczey wrote:
> Priority: optional
> Maintainer: Debian LibreOffice Maintainers
>
> Uploaders: Rene Engelhard
> -Build-Depends: dpkg-dev (>= 1.16.1), lsb-release, bzip2, bison, flex |
> flex-old, libxaw7-dev, unzip
Hi,
On Thu, Aug 04, 2016 at 06:32:14PM +0900, Mike Hommey wrote:
> On Thu, Aug 04, 2016 at 11:04:47AM +0200, Markus Koschany wrote:
> > Hello Mike,
> >
> > Thank you for preparing the security update of firefox-esr. I have just
> > sent a security announcement for your update in Wheezy to the
> >
Hi,
On Fri, Aug 05, 2016 at 11:49:33PM +0200, Emilio Pozuelo Monfort wrote:
> On 02/08/16 19:48, Emilio Pozuelo Monfort wrote:
> > On 01/08/16 23:26, Markus Koschany wrote:
> >> On 01.08.2016 23:01, Emilio Pozuelo Monfort wrote:
> >>> On 31/07/16 19:41, Roberto C. Sánchez wrote:
> On Sun, Jul
On Fri, Aug 05, 2016 at 11:52:29PM +0200, Emilio Pozuelo Monfort wrote:
> On 04/08/16 23:02, Mike Hommey wrote:
> > On Thu, Aug 04, 2016 at 07:50:28PM +0200, Guido Günther wrote:
> >> Hi,
> >> On Thu, Aug 04, 2016 at 06:32:14PM +0900, Mike Hommey wrote:
> >>
r test the updated package before it gets released.
Thank you very much.
Guido Günther,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this f
301 - 398 of 398 matches
Mail list logo
