On Thu, Feb 4, 2016 at 11:45 AM, Antonio Terceiro wrote:
> Yet another data point: Ruby makes stable releases every Christmas
Wine also plans their freeze in the fall now, which ended up in a
release near Christmas this year. If the same holds this year, that
will be too late for the Debian freez
package: release.debian.org
user: release.debian@packages.debian.org
usertags: transition
severity: normal
x-debbugs-cc: lam...@debian.org
Hi,
I would like to request a transition for bind9. Here is the status of the
reverse build dependencies:
bind-dyndb-ldap: a new version is staged in ex
package: release.debian.org
user: release.debian@packages.debian.org
usertags: unblock
Please consider unblocking chromium. This updates to the latest
stable upstream security release with no other changes.
Best wishes,
Mike
package: release.debian.org
user: release.debian@packages.debian.org
usertags: unblock
Please consider unblocking chromium. This updates to the latest
stable upstream security release again and also reenables remote
extensions by default (bug #856183).
Best wishes,
Mike
unblock chromium-bro
package: release.debian.org
user: release.debian@packages.debian.org
usertags: unblock
Please consider unblocking chromium ahead of the stretch window
closing. This updates corrects a single security issue that could
lead to remote code execution by visiting a malicious web page.
Best wishes
package: release.debian.org
user: release.debian@packages.debian.org
usertags: unblock
I apologize for this coming right after the previous unblock request.
Upstream released a new large security update yesterday that I had not
anticipated would be out before the stretch window closed, but now
package: release.debian.org
user: release.debian@packages.debian.org
usertags: unblock
Please consider unblocking chromium. This is a large upstream release
with a bunch of security fixes. As has been done for the past few
stable releases, the plan is to push ongoing upstream security update
On Wed, Oct 7, 2015 at 5:46 AM, Bastian Blank wrote:
> On Fri, Sep 25, 2015 at 08:19:53AM +, Martin Zobel-Helas wrote:
>> i wonder if #795227 warrants an upload to jessie-pu (and maybe also to
>> wheezy-pu) to be fixed with the next point release. We run into that
>> issue at work, when we want
On Sat, Oct 10, 2015 at 1:14 PM, Michael Gilbert wrote:
> On Wed, Oct 7, 2015 at 5:46 AM, Bastian Blank wrote:
>> On Fri, Sep 25, 2015 at 08:19:53AM +, Martin Zobel-Helas wrote:
>>> i wonder if #795227 warrants an upload to jessie-pu (and maybe also to
>>> wheezy-pu
On Tue, 12 Jan 2010 00:11:15 +0100, Javier Fernández-Sanguino Peña
wrote:
> severity 553584 minor
> retitle CVE-2009-3641: Possible DoS using specially-crafted IPv6 packets if
> package is recompiled with IPv6 support
> thanks
>
>
> On Fri, Jan 08, 2010 at 08:42:21PM +0100, Raphael Hertzog wrot
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: pu
Severity: normal
i have prepared updates that fix the expat denial-of-services in
lenny's python packages (python2.5, python2.4, and python-xml). see
attached debdiffs.
mike
python2.4.debdiff
Description: Bin
On Fri, 22 Jan 2010 15:20:32 +, Adam D. Barratt wrote:
> Hi,
>
> On Fri, 2010-01-22 at 09:13 -0500, Michael Gilbert wrote:
> > i have prepared updates that fix the expat denial-of-services in
> > lenny's python packages (python2.5, python2.4, and python-xml).
On Fri, 22 Jan 2010 17:41:11 +, Adam D. Barratt wrote:
> On Fri, 2010-01-22 at 15:20 +, Adam D. Barratt wrote:
> > Hi,
> >
> > On Fri, 2010-01-22 at 09:13 -0500, Michael Gilbert wrote:
> > > i have prepared updates that fix the expat denial-of-services in
On Fri, 22 Jan 2010 18:27:52 +, Adam D. Barratt wrote:
> On Fri, 2010-01-22 at 13:14 -0500, Michael Gilbert wrote:
> > On Fri, 22 Jan 2010 17:41:11 +, Adam D. Barratt wrote:
> > > Apologies for not spotting it earlier, but the python2.4 diff is broken
> > > (
On Fri, 22 Jan 2010 13:40:52 -0500 Michael Gilbert wrote:
> On Fri, 22 Jan 2010 18:27:52 +, Adam D. Barratt wrote:
> > On Fri, 2010-01-22 at 13:14 -0500, Michael Gilbert wrote:
> > > On Fri, 22 Jan 2010 17:41:11 +, Adam D. Barratt wrote:
> > > > Apologies fo
Sat, 23 Jan 2010 10:00:13 -0500, Michael Gilbert wrote:
> >> attached are the new debdiffs. please review.
> >
> > The two security patches for python2.5 also look fine now. I'd be happy
> > with an upload of that which included those patches and the one hunk of
>
On Tue, 23 Mar 2010 16:53:20 +, Robert Lemmen wrote:
> hi folks,
>
> i was going through bts.turmzimmer.net teh other day, looking for stuff
> to do. i wasn't very successfull, but found a couple of packages which i
> think should just be removed from testing. this is a list with a short
> rat
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: pu
Severity: normal
hi, i've built a proposed update that corrects two security
vulnerabilities in the alien-arena package. please review the
attached debdiff.
thanks,
mike
alien-arena.debdiff
Description: Binar
On Sun, 16 May 2010 20:31:25 +0200 Julien Cristau wrote:
> On Mon, Apr 19, 2010 at 13:07:35 +0100, Adam D. Barratt wrote:
>
> > On Sun, April 18, 2010 23:48, Michael Gilbert wrote:
> > > hi, i've built a proposed update that corrects two security
> > > vulnera
On Sat, 03 Jul 2010 11:10:12 +0200 Josselin Mouette wrote:
> Hi,
>
> poppler upstreams have released a new 0.14 version which features yet
> another transition, for both libpoppler and libpoppler-glib.
>
> Given that the versions of KDE and GNOME we intend to ship in squeeze
> have been better t
package: release.debian.org
severity: normal
usertags: rm
The following packages should be removed from unstable/testing:
xpdf-japanese
xpdf-korean
xpdf-chinese-simplified
xpdf-chinese-traditional
xpdf now makes use of the language files provided by poppler, so
these separate packages ar
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: freeze-exception
Severity: normal
Hi,
We (the new xpdf maintainers) were caught a bit off guard by the
freeze announcement. We had been waiting for the poppler maintainers to
fix a release-critical a bug [0] that h
On Sat, 7 Aug 2010 15:23:43 +0100 Neil McGovern wrote:
> On Sat, Aug 07, 2010 at 02:59:38AM -0400, Michael Gilbert wrote:
> > The plan is to get the poppler issue fixed via NMU as soon as possible,
> > which will let 3.02-9 enter testing (that should be automatic?), then
> >
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: freeze-exception
Severity: normal
Hi,
alien-arena (and alien-arena-data) upstream version 7.45 was just
released last weekend. I had originally planned to work on a package for
that this weekend (before I heard ab
On Wed, 11 Aug 2010 05:36:56 +0200, Mehdi Dogguy wrote:
> On 0, Michael Gilbert wrote:
> >
> > I don't foresee any need to change any packaging; just updating the
> > upstream sources. You can see the upstream change log here [0]. I
> > don't see
On Wed, Aug 11, 2010 at 8:10 AM, Gustavo Noronha Silva wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: binnmu
>
> Hey,
>
> I screwed up and built the latest webkit upload in the wrong chroot (I
> blame pbuilder not liking me recent
On Wed, 11 Aug 2010 14:23:11 -0300, Gustavo Noronha Silva wrote:
> On Wed, 2010-08-11 at 11:41 -0400, Michael Gilbert wrote:
> > To prevent issues such as this in the future, would it make sense to
> > force rebuilds on the buildds for the uploaded architecture? This
> > wou
On Wed, 11 Aug 2010 19:45:08 +0100, Neil McGovern wrote:
> Hi,
>
> As per bug 592071, it seems that deborphan shoudn't be in squeeze
> without a maintainer who'll take care of it. I'm ccing the maintainers
> of the depending packages to see if they'd be interested in taking it
> over. If I don't h
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: freeze-exception
Severity: normal
Hi,
I've pushed an update fixing an RC issue in poppler. Please unblock
its transition to testing. Thanks.
Mike
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debi
On Thu, 12 Aug 2010 20:44:11 -0400 Julien Cristau wrote:
> On Thu, Aug 12, 2010 at 20:30:30 -0400, Michael Gilbert wrote:
>
> > Package: release.debian.org
> > User: release.debian@packages.debian.org
> > Usertags: freeze-exception
> > Severity: normal
> &
Hi,
xpdf currently isn't in testing due to bug #586620 (poppler-utils
conflicts with all xpdf-utils making xpdf-utils uninstallable). I've
fixed that by uploading a poppler NMU that relaxes the conflict, and
I've asked for a freeze exception to get that into testing now (bug
#592812).
I think tha
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: rm
Severity: normal
Hi,
The lenny webkit package has an insurmountable number of security
vulnerabilities [0]. The version included there was of an experimental
nature, and the only front end available is the buil
On Fri, 27 Aug 2010 08:49:54 +0200, Philipp Kern wrote:
> On Fri, Aug 27, 2010 at 12:01:37AM -0400, Michael Gilbert wrote:
> > The lenny webkit package has an insurmountable number of security
> > vulnerabilities [0]. The version included there was of an experimental
> >
On Wed, Sep 1, 2010 at 4:24 AM, Giuseppe Iuculano wrote:
> Hi Release Team,
>
>
> In the next few days upstream will release chromium 6 in the stable
> channel. This means that v5 will not receive any further (security)
> update, and v6 will receive security and stability updates.
>
> I could start
On Fri, 03 Sep 2010 09:48:01 +0200, Giuseppe Iuculano wrote:
> On 09/03/2010 01:49 AM, Michael Gilbert wrote:
> > Is this a supportable approach? Once google discontinues version 6
> > after perhaps 2 months from now (5 was only stable for two months or
> > less), you'
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: freeze-exception
Severity: normal
Please unblock xpdf. It fixes a regression in 3.02-10 that a lot of
users are complaining about (bug #595547). It also fixes two other
non-intrusive minor issues. See attached de
On Wed, 8 Sep 2010 13:48:49 +0200, Stefano Zacchiroli wrote:
> I've been following the chromium-browser saga a bit, who has ended up
> with the removal of the package from testing [1,2]. While I'm a
> chromium-browser user myself, and hence I'm saddened of seeing it go,
> I'm not here to question t
On Wed, 08 Sep 2010 15:58:17 +0200, Giuseppe Iuculano wrote:
> On 09/08/2010 03:22 PM, Julien Cristau wrote:
> > I don't have any reason to
> > believe the new version won't have the same problem 2 months (or a year)
> > from now
>
> Note that this isn't a chromium specific issue, please see the o
On Wed, 08 Sep 2010 16:23:59 +0200, Giuseppe Iuculano wrote:
> On 09/08/2010 04:15 PM, Michael Gilbert wrote:
> > That isn't a very good list wrt to squeeze's webkit since that includes
> > the multitude of lenny issues.
>
> That was the point, the number of webki
On Wed, 08 Sep 2010 16:55:40 +0200, Sven Joachim wrote:
> On 2010-09-08 16:10 +0200, Michael Gilbert wrote:
>
> > On Wed, 8 Sep 2010 13:48:49 +0200, Stefano Zacchiroli wrote:
> >> I've been following the chromium-browser saga a bit, who has ended up
> >> w
On Wed, 08 Sep 2010 17:02:33 +0200, Giuseppe Iuculano wrote:
> On 09/08/2010 04:26 PM, Michael Gilbert wrote:
> > That isn't really a fair comparison. I campaigned (unsuccessfully) to
> > keep webkit out of lenny at the time since it was so
> > experimental/unsupportabl
On Wed, 08 Sep 2010 17:09:32 +0200, Giuseppe Iuculano wrote:
> On 09/08/2010 05:04 PM, Michael Gilbert wrote:
>
> > I think it is indeed supportable now for squeeze.
>
> What was changed from lenny to now?
The are now many very usable webkit frontends, which I can use on a
dai
On Wed, 8 Sep 2010 11:14:33 -0400, Joey Hess wrote:
> Michael Gilbert wrote:
> > I think that this need is justification to declare backports "officially
> > supported by the debian project". Thus when asked this question, you
> > can point to the fact that chromiu
On Wed, 08 Sep 2010 17:42:37 +0200, Giuseppe Iuculano wrote:
> On 09/08/2010 05:15 PM, Michael Gilbert wrote:
> > I now have interest in using webkit itself, and thus
> > have interest in closing security issues; whereas with lenny there is
> > no usable frontend, and thus no
On Wed, 8 Sep 2010 12:19:40 -0400, Joey Hess wrote:
> Michael Gilbert wrote:
> > A an option in the installer like volatile/security should address a
> > lot of this concern.
>
> Unless it installs the package from backports, the most the installer
> can do is eliminate on
On Wed, 8 Sep 2010 12:57:28 -0400, Michael Gilbert wrote:
> On Wed, 8 Sep 2010 12:19:40 -0400, Joey Hess wrote:
> > Michael Gilbert wrote:
> > > A an option in the installer like volatile/security should address a
> > > lot of this concern.
> >
> > Unless
On Wed, 8 Sep 2010 20:30:21 +0200, Julien Cristau wrote:
> On Wed, Sep 8, 2010 at 14:15:26 -0400, Michael Gilbert wrote:
>
> > As for the need for pinning, that can be solved by judiciously choosing
> > package names. The current instructions say to append '~bpo'
On Sun, 12 Sep 2010 12:21:59 +0100 Adam D. Barratt wrote:
> On Sat, 2010-08-28 at 21:49 +0200, Miriam Ruiz wrote:
> > I take it that no one has any problems with me uploading latest gnash
> > to sid. I'll probably do that tomorrow and ask for an exception to the
> > freeze.
>
> 0.8.8-2 was unbloc
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: rm
Severity: normal
Please remove fluxconf from unstable. It has a critical bug, and it
hasn't been updated in a year and a half. See bug #592804 for more
details.
Thanks,
Mike
--
To UNSUBSCRIBE, email to deb
Hi,
Please unblock the following packages that fix security issues:
unblock cacti/0.8.7g-1
unblock drupal6/6.18-1
unblock iceape/2.0.7-1
unblock iceweasel/3.5.12-2
unblock libgdiplus/2.6.7-3
unblock phpmyadmin/4:3.3.7-1
unblock python2.6/2.6.6-3
unblock python3.1/3.1.2+20100829-1
unblock ruby1.9.
On Mon, Sep 13, 2010 at 9:12 AM, Lucas Nussbaum wrote:
> On 13/09/10 at 13:19 +0100, Adam D. Barratt wrote:
>> On Sun, September 12, 2010 18:27, Lucas Nussbaum wrote:
>> > The rubygems1.9.1 package used to be built from the libgems-ruby source
>> > package. But Ruby 1.9.2 broke it, so we decided t
On Mon, 13 Sep 2010 16:23:58 +0200, Adrian von Bidder wrote:
> Heyho!
>
> (Ping - sent last Thursday, no answer so far.)
>
> Sune NMUd webkitkde (which I maintain) and got a freeze exception. Not
> being aware of this I uploaded a new upstream snapshot (fixing at least one
> quite annoying bug
On Tue, 14 Sep 2010 12:25:25 -0500, Gunnar Wolf wrote:
> Hi,
>
> We have carried a major.minor scheme as a release numbering scheme
> since the Early Days, but it has lost relevance basically since Sarge
> (3.1 - But by the time it was finally released, some discussion was
> made whether Sarge sho
On Tue, 14 Sep 2010 14:13:35 -0400, Noah Meyerhans wrote:
> On Tue, Sep 14, 2010 at 01:58:51PM -0400, Michael Gilbert wrote:
> > The .0 actually has quite a bit relevance since it signifies a new
> > major long-term release. It also demonstrates stability when used in
> >
On Tue, 11 Jan 2011 00:40:42 +0100, Moritz Muehlenhoff wrote:
> On Mon, Jan 10, 2011 at 11:12:39PM +0100, Josselin Mouette wrote:
> > Heya,
> >
> > Le lundi 10 janvier 2011 à 20:56 +0100, Moritz Muehlenhoff a écrit :
> > > As such, browsers built upon the webkit, qtwebkit
> > > and khtml engines
On Mon, 28 Mar 2011 22:21:14 +0100 Jonathan Wiltshire wrote:
> On Mon, Mar 28, 2011 at 10:41:23PM +0200, Matthijs Möhlmann wrote:
> > CVE-2011-1081:
> > modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers
> > to cause a denial of service (daemon crash) via a relative Disting
Scott Kitterman wrote:
> I noticed that this is still listed at http://wiki.debian.org/ReleaseGoals.
>
> Obviously that was a Squeeze goal. The equivalent goal for Wheezy should be
> python2.7 as default and python2.5 and python2.6 removed.
Is it out of the question to target python3.x as the
Gustavo Noronha Silva wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: transition
>
> I plan to upload webkit 1.3.x (soon to be 1.4.0) to unstable. What
> this involves:
I would prefer to stick with 1.2.x for the time being since
sean finney wrote:
> hi -release team,
>
> On Sat, Apr 09, 2011 at 10:13:19AM +0100, Neil McGovern wrote:
> > > Once again, we will use feedb...@release.debian.org and welcome all
> > > comments before 11th April.
> > >
> >
> > We've had a rather poor response to this request, so I'd encourage
Mehdi Dogguy wrote:
> On 04/13/2011 01:40 AM, Michael Gilbert wrote:
> > Gustavo Noronha Silva wrote:
> >
> >> Package: release.debian.org
> >> Severity: normal
> >> User: release.debian@packages.debian.org
> >> Usertags: transition
> &
Steve McIntyre wrote:
> On Wed, Apr 13, 2011 at 07:41:15AM -0400, Michael Gilbert wrote:
> >Mehdi Dogguy wrote:
> >
> >> On 04/13/2011 01:40 AM, Michael Gilbert wrote:
> >> > Gustavo Noronha Silva wrote:
> >> >
> >> >> Pa
Gustavo Noronha Silva wrote:
> > > On 04/13/2011 01:40 AM, Michael Gilbert wrote:
> > > >> I plan to upload webkit 1.3.x (soon to be 1.4.0) to unstable.
> > What
> > > >> this involves:
> > > >
> > > > I would
Kumar Appaiah wrote:
> Hi.
>
> On Wed, Apr 13, 2011 at 09:05:06AM -0400, Michael Gilbert wrote:
> > Steve McIntyre wrote:
> > > Right. Are you deliberately trying to stall all development, or does
> > > it just appear that way?
> >
> > I fail to
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: rm
Severity: normal
Hi,
t1lib has a significant set of security vulnerablities [0] and there
is no sign of them ever getting fixed with upstream missing in action
for over three years now. Because of these issues,
tag 637040 -moreinfo
thanks
On Wed, Aug 17, 2011 at 5:26 PM, Julien Cristau wrote:
> As said on irc, filing (non-RC for now) bugs against the reverse
> dependencies and providing patches as much as possible should happen
> prior to any removal. Tagging moreinfo for now.
Bugs are now submitted (w
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: pu
Severity: normal
I've prepared proposed updates for the stable xpdf packages fixing a
few security issues. See attached debdiffs.
Best wishes,
Mike
xpdf-lenny.debdiff
Description: Binary data
xpdf-squeeze.d
Adam D. Barratt wrote:
> Thanks for working on this. As a general comment, if you're submitting
> patches for both stable and oldstable please do so using two different
> bugs; otherwise we can't track the acceptance and release status in a
> sane way.
Ok, I'll do that in the future.
> I'd be
On Tue, 13 Sep 2011 15:38:29 -0700 Kees Cook wrote:
> Hi,
>
> I would like to propose a release goal of enabling hardening build flags[1]
> for all C/C++ packages in the archive[2].
I think "all C/C++ packages" is an impossibility in the wheezy
timeframe, and we should be honest about that. So
On Tue, 13 Sep 2011 15:38:29 -0700 Kees Cook wrote:
> [1] http://wiki.debian.org/Hardening
It looks like we're duplicating wiki work. The page I created
yesterday is much more comprehensive and detailed right now:
http://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
Best wishes,
Mike
I've decided that it's too risky to disable t1lib in lenny as the
version of freetype there has some known issues.
Attached is a new debdiff for this proposed-update.
Best wishes,
Mike
xpdf-lenny.debdiff
Description: Binary data
Adam D. Barratt wrote:
> [Apologies for the delay in getting back to you on this]
>
> On Sat, 2011-09-17 at 14:50 -0400, Michael Gilbert wrote:
> > I've decided that it's too risky to disable t1lib in lenny as the
> > version of freetype there has some known issu
Michael Gilbert wrote:
> > In any case, I'm not entirely convinced that a NEWS file is the
> > right location to be making a statement that seems in danger of
> > approaching "this package isn't getting security support in lenny".
>
> So, an EOL co
On Fri, Oct 21, 2011 at 3:12 PM, Julien Cristau wrote:
> +commit 03ff880e8bf20cdecaf27f03391ea31545ecc22c
> +Author: Matthieu Herrb
> +Date: Mon Oct 17 22:27:35 2011 +0200
> +
> + Fix CVE-2011-4029: File permission change vulnerability.
> +
> + Use fchmod() to change permissions of the loc
On Sat, Oct 29, 2011 at 7:10 AM, Stefano Zacchiroli wrote:
> What worries me is that there is multi-arch work in dpkg, work that has
> its origins in Debian. That work is ready enough to be deployed in
> popular Debian derivatives such as Ubuntu, but is not in Debian proper
> yet. That is bad for D
On Sat, Oct 29, 2011 at 2:58 PM, Julien Cristau wrote:
> On Sat, Oct 29, 2011 at 13:38:47 -0400, Michael Gilbert wrote:
>
>> On Fri, Oct 21, 2011 at 3:12 PM, Julien Cristau wrote:
>> > +commit 03ff880e8bf20cdecaf27f03391ea31545ecc22c
>> > +Author: Matthieu Herrb
>
On Sun, Oct 30, 2011 at 3:09 AM, Raphael Hertzog wrote:
> On Sat, 29 Oct 2011, Michael Gilbert wrote:
>> You could also make a case from a terminological perspective as well.
>> Unstable is where development in Debian is supposed to happen, so it's
>> perfectly accep
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: britney
Severity: wishlist
Hi,
Hi, wine is held back because of a lot of missing packages in testing,
but only on kfreebsd-amd64 [0]. It took me a while to realize this
was the underlying problem since the stateme
On Mon, Nov 21, 2011 at 2:44 AM, Adam D. Barratt wrote:
> In any case, you appear to have overlooked the fundamental issue. The
> reason that wine-unstable isn't migrating has nothing to do with
> kfreebsd-amd64. I assume you're deducing this from the "dependency
> analysis" section - the section
On Thu, Nov 24, 2011 at 1:18 AM, Adam D. Barratt wrote:
> On Wed, 2011-11-23 at 23:59 -0500, Michael Gilbert wrote:
>> On Mon, Nov 21, 2011 at 2:44 AM, Adam D. Barratt wrote:
>> > The reason that wine-unstable isn't migrating is listed at the top of
>> > the page:
&
Maybe the real issue here is that the build-depends dependency
analysis is only done on i386 (according to the wording "including
build-depends; i386 only"), and the ia32-libs-dev package of course
doesn't exist there?
Anyway, I think my original point remains. For the dependency
analysis to be u
retitle 649460 release.debian.org: arch-specific output in dependency analysis
thanks
On Thu, Nov 24, 2011 at 3:18 AM, Adam D. Barratt wrote:
> Dependency analysis only derives its output from Sources + i386, which is
> precisely _why_ it's showing ia32-libs-dev as unavailable. It's not being
> m
On Fri, 23 Oct 2009 19:46:24 +0200, Bálint Réczey wrote:
> Hi,
>
> Moritz proposed to upload fixes for DoS only security problems to
> stable and handle onnly more serious problems via stable-security:
> > On Monday 06 July 2009 20:42:21 Moritz Muehlenhoff wrote:
> >> On Wed, Jul 01, 2009 at 03:36
On Fri, 23 Oct 2009 20:05:39 +0100, Adam D. Barratt wrote:
> On Fri, 2009-10-23 at 14:20 -0400, Michael Gilbert wrote:
> > On Fri, 23 Oct 2009 19:46:24 +0200, Bálint Réczey wrote:
> > > According to that plan I would like to upload the package to "stable"
> > &g
On Wed, 11 Nov 2009 23:02:23 +0100 Julien BLACHE wrote:
> "Adam D. Barratt" wrote:
>
> Hi,
>
> > How big is the diff from prototype 1.4.0 (as used in the current
> > package) to 1.6.1? The bug report mentions that patches fixing the two
>
> Don't know, I haven't even looked. There were other is
On Sun, 6 Dec 2009 16:12:29 + Simon McVittie wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: rm
>
> I don't think alien-arena should be in testing in its current state:
>
> * has a security bug without maintainer response
> *
On Tue, 8 Dec 2009 10:34:19 +0800 Paul Wise wrote:
> On Tue, Dec 8, 2009 at 9:23 AM, Simon McVittie wrote:
> > On Sun, 06 Dec 2009 at 16:57:44 -0500, Michael Gilbert wrote:
> >> i've prepared a package for version 7.32, which solves the security
> >> problem
On Tue, 8 Dec 2009 21:56:47 -0500 Michael Gilbert wrote:
> On Tue, 8 Dec 2009 10:34:19 +0800 Paul Wise wrote:
>
> > On Tue, Dec 8, 2009 at 9:23 AM, Simon McVittie wrote:
> > > On Sun, 06 Dec 2009 at 16:57:44 -0500, Michael Gilbert wrote:
> > >> i've prep
Subject: pu: package alien-arena/7.0-1
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: pu
Severity: normal
this update fixes CVE-2009-3637, which is an arbitary remote code
execution vulnerablity. this is a fairly severe security issue, but
contrib is not securi
attached is the debdiff.
alien-arena.debdiff
Description: Binary data
> Yes, please upload a targeted fix to testing-proposed-updates.
>
> Thanks already.
thanks for fixing this so quickly. awesome turnaround time.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
severity 449497 serious
thank you
i don't see how this bug can be considered anything less than serious.
as i explained in my last message, there are two potential grave
problems: security and breakage. and even if neither of these
problems exist now, they certainly could arise during the lenny'
the paragraph for the technical committee seems like a very good
start. however, i request the following rewrite of the fourth
sentance:
The submitter sees the getweb script's dependencies on external
data/files as potentially dangerous. Once the package enters stable,
upstream changes (moving/m
the bug severity
command and control authority [5] on my part). Where do we go from
here to make sure the issue gets the appropriate level of thought and
consideration that it deserves (after lenny gets released of course)?
Best wishes,
Michael Gilbert
[1] http://lists.debian.org/debian-release
ourse)?
Best wishes,
Michael Gilbert
[1] http://lists.debian.org/debian-release/2008/11/msg00106.html
[2] http://bugs.debian.org/449497
[3] http://bugs.debian.org/503813
[4] http://bugs.debian.org/503814
[5] http://lists.debian.org/debian-ctte/2008/10/msg6.html
P.S. Please CC me on any responses
I appologize for the double post. Please disregard the first message,
which was send mid-thought due to an errant click.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: tpu
Severity: normal
I plan to upload a tpu for oss4 fixing two release critical issues.
Please review the proposed patch attached.
Thanks,
Mike
oss4.patch
Description: Binary data
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: binnmu
Severity: normal
nmu tsung_1.4.2-1 . ALL . -m "Rebuild with newer erlang (see: #695284)"
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contac
package: release.debian.org
severity: normal
Please consider tagging #599523 wheezy-ignore. Update-manager has
been unmaintained for a long time now, and the way to fix that is to
remove it in favor of something like packagekit, which looks like the
preferred future plan, but that won't happen ti
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: tpu
Severity: normal
I plan to upload a tpu for isc-dhcp fixing two important issues. One
fixes an unclean error situation, and the other sets up the default
dhclient configuration to work in ipv6-only configuratio
On Tue, Dec 25, 2012 at 4:01 PM, Julien Cristau wrote:
> On Tue, Dec 25, 2012 at 10:11:22 -0500, Michael Gilbert wrote:
>
>> Package: release.debian.org
>> User: release.debian@packages.debian.org
>> Usertags: tpu
>> Severity: normal
>>
>> I pl
1 - 100 of 277 matches
Mail list logo
