Stefan Fritsch wrote:
> Hi,
>
> please review apache_1.3.34-4.1+etch1 for inclusion in etch r3, as
> agreed with luk and jmm.
>
> Here is the changelog:
> apache (1.3.34-4.1+etch1) stable; urgency=low
>
> * Minor security fixes:
> - CVE-2007-1349: DoS in mod_perl
> - CVE-2007-3304: po
Petter Reinholdtsen <[EMAIL PROTECTED]> writes:
> [Lucas Nussbaum]
>> Wouldn't it be better to first try to report and solve all the
>> issues we can easily report and solve? That is:
> This is the kind of feedback I was interested in. :)
>
> Perhaps it would be better.
Yes, it would be. Please fi
On Sat, Jan 19, 2008 at 11:02:09AM +0100, Luk Claes wrote:
> Please upload a fix to stable. Thanks already.
Done.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Hi,
please review apache_1.3.34-4.1+etch1 for inclusion in etch r3, as
agreed with luk and jmm.
Here is the changelog:
apache (1.3.34-4.1+etch1) stable; urgency=low
* Minor security fixes:
- CVE-2007-1349: DoS in mod_perl
- CVE-2007-3304: potential DoS by sending SIGUSR1 to arbitrary
[Lucas Nussbaum]
> Wouldn't it be better to first try to report and solve all the
> issues we can easily report and solve? That is:
This is the kind of feedback I was interested in. :)
Perhaps it would be better. Or, perhaps those issues should be RC
now, half a year before the freeze, to draw m
On 19/01/08 at 10:42 +0100, Petter Reinholdtsen wrote:
> [Luk Claes]
> > Hmm, what do you mean? Do you want to degrade it to not being a
> > Release Goal anymore?
>
> I want to know if we should switch, and when. I assume the most
> sensible way to do it is to switch for all new installations, an
Alexander Zangerl <[EMAIL PROTECTED]> wrote:
>>You can see the status of this vulnerability on:
>>http://security-tracker.debian.net/tracker/CVE-2007-5201
>
> can you update that info to show that we're in the green?
Done.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
wi
On Fri, Jan 18, 2008 at 08:27:00PM +0100, Martin Zobel-Helas wrote:
> Hi,
>
> On Sat Jan 12, 2008 at 13:41:12 +0100, Aurelien Jarno wrote:
> > Hi release managers,
> >
> > On Fri, Jan 11, 2008 at 11:59:53AM +, Andre Cruz wrote:
> > > Package: libc6
> > > Version: 2.3.6.ds1-13etch2
> > > Seve
On Saturday 19 January 2008 04:53, Alexander Zangerl wrote:
> the version in etch is 0.4.2-10.1 and hence doesn't contain the
> problematic code.
>
> >You can see the status of this vulnerability on:
> >http://security-tracker.debian.net/tracker/CVE-2007-5201
>
> can you update that info to show th
Ian Jackson wrote:
> Luk Claes writes ("Re: Bug#453435: cpio cannot read its own tarfiles"):
>> Can you please include a diff so we can review it and have an idea about
>> the impact of the update?
>
> Well, as Clint says, I expect the diff would be something like that in
> #358990. But note that
Julien Goodwin wrote:
> They're blocking icedove from being updated. At this point the version
> in lenny is almost 9 months old (yes ok, barring testing-security) and a
> major release behind.
>
> Specifically:
> * thunderbird-traybiff - is a transition package that should no longer
> be needed (
[Luk Claes]
> Hmm, what do you mean? Do you want to degrade it to not being a
> Release Goal anymore?
I want to know if we should switch, and when. I assume the most
sensible way to do it is to switch for all new installations, and for
that to happen, someone need to decide that dash is to be ins
On 19/01/08 at 01:19 +0100, Petter Reinholdtsen wrote:
>
> [Petter Reinholdtsen 2007-07-04]
> > Please consider making such switch a release goal or release target
> > for Lenny.
>
> What is the Lenny release teams opinion on this now?
>
> Happy hacking,
Hi Petter,
It's listed as confirmed on
Jose Carlos Medeiros wrote:
> Hi,
Hi
> I have this bug filled against php-net-dime package that was in Etch
> release. This bug was solved in Testing, but to solve in Etch , I need
> to put a package that are in Testing to Etch.
> Is it possible?
>
> http://bugs.debian.org/cgi-bin/bugreport.cgi?
Marco Gaiarin wrote:
> Security team suggest to redirect this question here.
>
> Thanks.
>
> - Forwarded message from Marco Gaiarin <[EMAIL PROTECTED]> -
> From: Marco Gaiarin <[EMAIL PROTECTED]>
> Date: Thu, 10 Jan 2008 12:05:33 +0100
> To: [EMAIL PROTECTED]
> Subject: Bug 408440
> Organ
Francesco P. Lovergine wrote:
> On Fri, Jan 04, 2008 at 07:13:54PM +0100, Luk Claes wrote:
CVE-2007-2165[0]:
| The Auth API in ProFTPD before 20070417, when multiple simultaneous
| authentication modules are configured, does not require that the
| module that checks authenticati
Frederic Peters wrote:
> Hello,
>
> xpdf has a long history of security problems, and got its code
> duplicated in a lot of packages. All of this has to be tracked
> by the security team and this is a serious burden.
>
> As Moritz wrote:
>
>>> the whole xpdf mess is just insane: There's another
Petter Reinholdtsen wrote:
> [Petter Reinholdtsen 2007-07-04]
>> Please consider making such switch a release goal or release target
>> for Lenny.
>
> What is the Lenny release teams opinion on this now?
Hmm, what do you mean? Do you want to degrade it to not being a Release
Goal anymore?
Cheers
18 matches
Mail list logo
