Re: how to deal with widely used packages unsuitable for stable (was Re: [Git][security-tracker-team/security-tracker][master] Add radare2 to dla-needed.txt with comments.)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, On 29/08/19 6:47 pm, Paul Gevers wrote: > Hi > > On 29-08-2019 14:28, Raphael Hertzog wrote: >> (Note: pkg-security@tracker.d.o is not a valid email, dropped) >> >> Hi, >> >> On Thu, 29 Aug 2019, Holger Levsen wrote: In general, we (Deb

CVE-2018-13818

Hello. Instead of no-dsa, I think we can mark CVE-2018-13818 as not-affected in stretch. I was unable to reproduce POC mentioned in CVE reference[1] in stretch. Also please consider upstream devs' comments[1] --abhijith [1] - https://www.cvedetails.com/cve/CVE-2018-13818/ [2] - https://github.c

ansible in jessie

Hello. CVE-2016-8614 is marked as "no-dsa (can be fixed via point release)" for Jessie. But I think its *not affecting* Jessie as the vulnerable code present in separate module which only merged to ansible from version 2.3. I am going to mark it as *not-affected*. Let me know if my research is wro

Re: libprocps3 procps update this morning causing shorewall/iptables routing problems.

On Thursday 24 May 2018 06:01 PM, Jonathan Wiltshire wrote: > (CC because I'm not sure whether you're subscribed) > > On 23/05/18 11:36, Luke Hall wrote:>>> This morning a number of our > jessie firewall servers received these updates. 2018-05-23 06:53:20,879 INFO Allowed origins are:

Join debian-security

Hello. I would like to join debian-security team. I have already requested in https://salsa.debian.org/security-tracker-team. username: abhijithpa-guest. Thanks Abhijith PA https://abhijithpa.me