Hi Samuel,
On Wed, Nov 27, 2024 at 11:28:50PM +, Samuel Henrique wrote:
> Hello Salvatore,
>
> On Sat, 2 Nov 2024 at 20:02, Samuel Henrique wrote:
> > On Tue, 29 Oct 2024 at 19:43, Salvatore Bonaccorso
> > wrote:
> > > As mentioned in an earlier message:
Hi Samuel,
On Tue, Oct 29, 2024 at 07:06:23PM +, Samuel Henrique wrote:
> Hello everyone,
>
> On Wed, 4 Sept 2024 at 12:47, Emilio Pozuelo Monfort wrote:
> > One issue I see with using not-affected for this is that not-affected
> > effectively marks all older versions as that. However, in th
Hi Ondrej,
On Mon, Jul 29, 2024 at 12:14:01PM +0200, Ondřej Surý wrote:
> I've now also ported all the changes to the system tests, so I can
> confirm the changes are correct and I've now uploaded the version
> with configuration options to security-master.
>
> This means that information in:
>
Hi,
[looping in explicitly Ondrej, maintainer of bind9]
On Fri, Jul 26, 2024 at 03:40:30PM -0400, Lee wrote:
> On Fri, Jul 26, 2024 at 11:24 AM Guillaume Bienkowski wrote:
> >
> > Hello,
>
> Hi
>
> > We are using bind9 with many SRV entries to allow for dynamic discovery of
> > hosts to monito
Hi,
On Wed, Jun 19, 2024 at 12:04:45AM +0530, Arul Anand MM wrote:
> Hello Debian Security Team,
>
> This is regarding Debian advisory
> https://security-tracker.debian.org/tracker/CVE-2023-3390.
>
> I would like to confirm whether version 5.10.191-1 is impacted by the UAF
> and LPE.
>
> Adviso
Hi,
On Fri, Mar 01, 2024 at 09:11:34AM +0100, Richard van den Berg wrote:
> Dear security team,
>
> May I ask why CVE-2023-41105 was marked as " (Minor issue)"[1] ?
>
> As the CVE description says there are plausible cases where this can lead to
> security issues.
>
> There is a backport availa
Hi Thomas,
On Fri, Jan 05, 2024 at 12:06:58AM +0100, Thomas Lange wrote:
> Hi all,
>
> we now redirect all DSA/DLA URLs under security and lts/security with
> or without having the year in the path and with or without a version
> to their announcement mail:
> Examples:
> /security/dsa-5576
> /sec
Hi,
On Wed, Dec 13, 2023 at 10:45:01PM +0100, Bastian Blank wrote:
> Hi
>
> Over six years ago, support for VFIO without IOMMU was enabled for
> arm64. This is a breach of the integrity lockdown requirement of secure
> boot.
>
> VFIO is a framework for handle devices in userspace. To make
> th
Hi,
On Tue, Aug 29, 2023 at 02:52:55PM +0200, Adi Kriegisch wrote:
> Dear maintainers,
>
> I hope this is the correct mailing list for my issue:
>
> Apparently all older kernel versions have been removed from Debian
> Security's Packages list some time on August 26th before 19:07[1].
>
> As I c
Hi Paul,
On Mon, May 29, 2023 at 02:36:22PM +0200, Paul Gevers wrote:
> Dear security team,
>
> I know it's a bit late, but are you aware of issues that are worth
> mentioning in the release notes from your point of view?
>
> We have updated the text about golang and rustc in this cycle, chromiu
Hi Andreas,
[Note if you want direct input from the Debian security team it's
usually better to loop in the team email address directly rather the
general discussion list debian-security, adding team@s.d.o to
recipients]
On Mon, Jan 09, 2023 at 02:28:22PM +0100, Andreas Tille wrote:
> Hi,
>
> it
On Tue, Jul 05, 2022 at 12:01:31AM +0200, Ben Hutchings wrote:
> On Mon, 2022-07-04 at 22:17 +0200, Kurt Roeckx wrote:
> > On Sun, Jul 03, 2022 at 03:49:12PM +, Ben Hutchings wrote:
> > >
> > > For the oldstable distribution (buster), these problems have been
> > > fixed in version 4.19.249-2.
Hi
On Tue, Jun 07, 2022 at 03:11:12PM +0530, Sujeet Roy wrote:
> Hello Team ,
> Could you please provide us the deadline when we can can get the fixed
> packages for below packages :
>
> CVE-2021-31879
> CVE-2021-38371
> CVE-2016-2781
>
> I searched on your portal
> https://security-tracker.deb
Hi
On Wed, Mar 30, 2022 at 09:31:32AM +, Holger Levsen wrote:
> On Wed, Mar 30, 2022 at 09:36:58AM +0200, Sylvestre Ledru wrote:
> > Le 30/03/2022 à 07:07, Salvatore Bonaccorso a écrit :
> > > Sylvestre and Holger, would you have time to include the bugfix as
> > >
Hi all,
On Fri, Mar 25, 2022 at 02:57:12PM -0300, Leandro Cunha wrote:
> Hi,
>
> On Fri, Mar 25, 2022 at 2:38 PM Georgi Naplatanov wrote:
> >
> > On 3/25/22 19:19, Leandro Cunha wrote:
> > > Hi,
> > >
> > > On Fri, Mar 25, 2022 at 4:19 AM Georgi Naplatanov wrote:
> > >>
> > >> On 3/25/22 03:24,
Hi,
On Wed, Mar 23, 2022 at 11:17:41PM +0200, Georgi Naplatanov wrote:
> On 3/23/22 22:43, Leandro Cunha wrote:
> > Hi,
> >
> > On Wed, Mar 23, 2022 at 2:33 PM Georgi Naplatanov wrote:
> >>
> >> On 3/23/22 18:35, piorunz wrote:
> >>> On 23/03/2022 15:41, Leandro Cunha wrote:
> >>>
> Please,
Hi,
On Wed, Jan 05, 2022 at 02:20:46PM +0800, Paul Wise wrote:
> > (Side note: It seems that NVD tends to assign "medium" severity to
> > vulnerabilities initially, but upgrades them to "high" or "critical"
> > later. However, Debian keeps showing the initial severity rating)
>
> Please send a pa
Hi Alexandre,
On Sat, Sep 11, 2021 at 10:57:44AM +0200, Alexandre wrote:
> Hi Debian security list,
>
> I have something I can't really figure out. Is ther eany reason I'm
> missing why https://security-tracker.debian.org/tracker/CVE-2021-33574
> shows all versions of Debian vulnerable , while it
Hi Paul,
On Sun, Jul 04, 2021 at 05:27:56AM +, Paul Wise wrote:
> On Sat, Jul 3, 2021 at 9:31 PM Salvatore Bonaccorso wrote:
>
> > I have pushed
> > https://salsa.debian.org/webmaster-team/webwml/-/commit/4ca2253325130f7e96bf2644d31cf5a95fdf7bcc
>
> Note that upda
Hi,
On Sun, Jun 27, 2021 at 04:52:26PM -0400, Boyuan Yang wrote:
> Hi,
>
> (This email originally appears on
> https://lists.debian.org/debian-www/2021/05/msg00017.html )
>
> 在 2021-05-15星期六的 12:47 +0200,Harald Dunkel写道:
> > Hi folks,
> >
> > Obviously
> >
> > https://wiki.debian.org/N
On Tue, May 18, 2021 at 09:38:30AM +1200, Andrew Bartlett wrote:
> On Mon, 2021-05-17 at 22:17 +0200, Sylvain Beucler wrote:
> > Hello Andrew,
> >
> > I read your message as well as
> > https://alioth-lists.debian.net/pipermail/pkg-samba-maint/2021-May/022771.html
> > and I believe I can add a few
Hi,
On Mon, Nov 25, 2019 at 11:50:00AM +0100, Sylvain Beucler wrote:
> Hi,
>
> On 22/11/2019 21:23, Sylvain Beucler wrote:
> > I see in 'embedded-code-copies':
> >
> > libonig
> > - php5 5.3.2-1 (embed)
> >
> > (i.e. from 2010)
> >
> > Jessie seems to properly link to libonig (dependen
Hi Ted,
[FTR, this is on the security public discussion list, if you need to
contact the security team directly, you might use team@s.d.o or
security@d..o]
On Mon, Sep 23, 2019 at 07:42:02PM -0400, Theodore Y. Ts'o wrote:
> Hi, I just released e2fsprogs v1.45.4 (upstream and for Debian
> unstable
Hi,
On Thu, Jul 11, 2019 at 05:21:38PM +0200, Vladyslav Cherednychenko wrote:
> Dear Debian Security Team,
> I noticed that the latest available cron package in the stable
> distribution of Debian Stretch is vulnerable to CVE-2017-9525:
> https://security-tracker.debian.org/tracker/CVE-2017-9525
>
Hi Roberto,
On Sat, Dec 29, 2018 at 10:24:40AM -0500, Roberto C. Sánchez wrote:
> On Sat, Dec 22, 2018 at 10:27:18PM -0500, Roberto C. Sánchez wrote:
> > [note: I am not subscribed to debian-security; please keep me or
> > debian-lts addressed on replies]
> >
> > If this seems like a sensible app
Hi Ferenc,
On Tue, Nov 06, 2018 at 05:12:12PM +0100, Ferenc Wágner wrote:
> "Adam D. Barratt" writes:
>
> > On 2018-11-06 14:43, wf...@niif.hu wrote:
> >
> >> Dear Security Team, please consider yourselves notified and please
> >
> > debian-security@lists.debian.org is *not* a contact point for
Hi
We plan to rebase ghostscript via stretch-security to 9.25 plus cherry
picked security fixes which happened after that release.
Tests so far were limited, and thus we need a certain amount of further
external testing before we can release an update.
Packages are at
https://people.debian.
Hi,
On Sat, Sep 22, 2018 at 05:19:00PM +, TNT BOM BOM wrote:
> running sudo apt update with debian security repo + ssl will never
> work:
See https://lists.debian.org/debian-security/2017/10/msg00012.html
(and the thread for some background) and https://deb.debian.org/ which
is providing as w
Hi,
On Wed, Aug 15, 2018 at 04:02:59PM +0200, Matus UHLAR - fantomas wrote:
> Hello,
>
> On 14.08.18 21:52, Salvatore Bonaccorso wrote:
> > CVE-2018-5391 (FragmentSmack)
> >
> >Juha-Matti Tilli discovered a flaw in the way the Linux kernel
> >handled
Hi Kevin,
On Thu, May 10, 2018 at 02:26:28AM -0400, Kevin Easton wrote:
> Would it be possible to get a debian-debug archive added to security.d.o
> where the accompanying -dbgsym packages for packages in the debian-security
> archive get uploaded?
>
> Eg. currently libssl1.1 version 1.1.0f-3+deb
Hi
On Mon, Jan 15, 2018 at 11:17:25AM +0900, ultract wrote:
> Hi, Debian Gurus.
>
>
>
> I often receive emails of debian security update.
>
> Because I enrolled my email address on debian-security-announce.
>
>
>
> If I'd like to check changes of some packages about source codes,
>
> Do
Hi
On Mon, Nov 13, 2017 at 09:19:45PM +0100, Bastian Blank wrote:
> On Mon, Nov 13, 2017 at 12:57:48PM +, Adam Weremczuk wrote:
> > Our quarterly PCI compliance scan has just challenged us on the following:
> > https://vulners.com/nessus/OPENSSH_76.NASL
> > Also referred to as OSVDB-166706.
>
Hi!
On Wed, Sep 13, 2017 at 09:10:52AM +0200, Bjørn Mork wrote:
> Moritz Muehlenhoff writes:
>
> > Package: emacs24
> > CVE ID : not yet available
> >
> > Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code
> > execution when rendering text/enriched MIME data
Hi
On Wed, Aug 09, 2017 at 09:21:42AM +0100, Adam Weremczuk wrote:
> Hello,
>
> Could somebody confirm the status of the following:
>
> CVE-2014-1692
> CVE-2014-2532
> CVE-2015-5352
> CVE-2015-5600
> CVE-2015-6563
> CVE-2015-6564
> CVE-2015-6565
> CVE-2016-10009
> CVE-2016-10010
> CVE-2016-10011
Hi Stephan,
On Mon, Jun 26, 2017 at 02:32:59PM +0200, Stephan Seitz wrote:
> Hi!
>
> The kernel fix for CVE-2017-1000364 (mm: enlarge stack guard gap) breaks
> java application (or at least some), see
> https://stackoverflow.com/questions/44719488/segmentation-fault-when-starting-jvm-using-jpype
Hi
On Thu, Apr 20, 2017 at 03:42:13PM +0300, Adrian Minta wrote:
> Hi,
> one of my servers crashed twice in the last 24 hours:
>
> Apr 20 14:51:22 SRV named[37412]: resolver.c:4350: INSIST(fctx->type ==
> ((dns_rdatatype_t)dns_rdatatype_any) || fctx->type == ((dns_rda
> tatype_t)dns_rdatatype_rrs
Hi
On Tue, Apr 18, 2017 at 10:50:19AM +0900, Hideki Yamane wrote:
> I'm just curious, Ubuntu developer said that there was no embargo for
> eject package vulnerability with Debian, is it true and if so, why?
>
> https://bugs.launchpad.net/ubuntu/+source/eject/+bug/1673627/comments/3
Yes this is
Hi
On Tue, Apr 04, 2017 at 12:52:41AM +0200, Jan Lühr wrote:
> Hei folks,
>
> android recently patched CVE-2016-10229: Remote code execution
> vulnerability in kernel networking subsystem.
>
> Since https://security-tracker.debian.org/tracker/CVE-2016-10229 is
> rather blank ... does this proble
Hi
We would like to expose the packages for the upcoming squid3 update a
bit for additional testing. Please find them at:
https://people.debian.org/~carnil/tmp/squid3 (amd64 builds + source)
and report any problem *introduced* by updating to these packages
directly to t...@security.debian.org .
Hi
(Some people potentially able to test those changes Bcc'ed)
We would like to expose the packages for the upcoming xen update a bit
for additional testing. Please find them at:
https://people.debian.org/~carnil/tmp/xen (amd64 builds + source)
and report any problem *introduced* by updating to
Hi Aser,
On Wed, Nov 23, 2016 at 08:46:00AM +0100, Aser Casas wrote:
> Hi all!
>
> I installed security update DSA-3721-1 tomcat7 and the following error
> occurs when starting the server:
>
> 23-11-2016 08:06:08,149 [main] ERROR
> org.apache.jasper.security.SecurityClassLoad- SecurityCl
Hi Richard,
On Wed, Nov 16, 2016 at 09:25:11PM +0100, Richard Waterbeek wrote:
> Hi,
>
> I wrote that I searched for a '686' image but that was meant for this
> VirtualBox I have, my 64Bit processor only can emulate 32Bit.
>
> uname -ar gave; Linux 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1
> +deb8
Hi,
On Mon, Nov 07, 2016 at 06:54:55PM +0300, Ozgur wrote:
> Hi all,
>
> I have been reading security articles and I seen a test with Debian Linux
> vulnerability of kernel. I tested and given a successful exploit.
>
> List a vuln:
>
> https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs
>
Hi Tmoasz,
On Thu, Oct 06, 2016 at 07:48:52AM +1100, tmc wrote:
> On Wed, Oct 05, 2016 at 10:02:50PM +0200, Salvatore Bonaccorso wrote:
> > No timeline yet, but we have asked the php5 maintainer if he can
> > prepare the usual update for jessie-security based on 5.6.26.
&
Hi Tomasz,
On Wed, Oct 05, 2016 at 09:06:02PM +1100, tmc wrote:
> Hi there
>
> is there any news as to when the PHP 5.6 packages in Jessie will be updated
> to provide fixes for the recent batch of issues -
>
> CVE-2016-7124 CVE-2016-7125 CVE-2016-7128 CVE-2016-7129 CVE-2016-7130
> CVE-2016-7
Hi Jan,
On Wed, Oct 05, 2016 at 09:49:28AM +0200, Jan Lühr wrote:
> Hello,
>
>
> Am 10/05/2016 um 06:52 AM schrieb Salvatore Bonaccorso:
> > On Tue, Oct 04, 2016 at 11:54:12PM +0200, Jan Lühr wrote:
> >> Hello,
> >> Am 10/04/2016 um 07:57 PM schrieb Nichola
Hi,
On Tue, Oct 04, 2016 at 11:54:12PM +0200, Jan Lühr wrote:
> Hello,
> Am 10/04/2016 um 07:57 PM schrieb Nicholas Luedtke:
> > On 10/04/2016 11:40 AM, Felix Knecht wrote:
> >
> >> On 10/04/2016 06:38 PM, Jan Lühr wrote:
> >>> CVE-2016-7117 was patched in Android today.I don't see much informati
Hi,
On Mon, Oct 03, 2016 at 12:48:15PM +0200, Florian Weimer wrote:
> * Michael Biebl:
>
> > Dear security team, I'd appreciate your input on bug #839607
>
> It's a bug, and it should be fixed in stable, probably in a point
> update.
Agreed, and fixing via point release seems okay.
> Does this
Hi Martin,
On Wed, Sep 21, 2016 at 10:45:14PM +0200, martin f krafft wrote:
> also sprach Moritz Muehlenhoff [2016-09-21 22:40 +0200]:
> > No, the mailing announcements and the Debian Security Tracker are the
> > canonical
> > source of information. The entries on the website are added subsequen
Hi,
On Fri, Sep 16, 2016 at 10:27:56AM +0200, Salvatore Bonaccorso wrote:
> See above, yes I noticed but nevertheless released the DSA for the
> other suites.
Architectures, ...
I filled #837994 in case of interest. But it might be retested as well
on a porterbox.
Regards,
Salvatore
Hi!
On Fri, Sep 16, 2016 at 05:13:57PM +0900, Hideki Yamane wrote:
> Hi,
>
> Just some question.
>
> https://packages.debian.org/jessie/mysql-server-core-5.5 says
> armhf 5.5.50-0+deb8u1 it's only arch that have old version.
>
> mysql-5.5 in armhf, there is no jessie-security log.
> https://bui
Hi Francisco,
On Mon, Aug 15, 2016 at 03:36:42PM +0200, francisco dominguez wrote:
> Hello,
>
> there is already a patch for the security flaw found recently in the
> kernel that affects the TCP protocol?
I can confirm that an update is beeing worked on, cf [1].
[1]
https://anonscm.debian.org
Hi Richard,
On Thu, Aug 11, 2016 at 02:41:29PM +0200, Richard van den Berg wrote:
> Dear Debian security team,
>
> Will there be a DSA written for CVE-2016-5696 [1]? It looks pretty serious
> and I'd like to fix this on my systems ASAP.
Yes there will be a Linux DSA including the fix for CVE-201
Hi
We would like to expose the packages for the upcoming wordpress update
a bit for additional testing. Please find them at
https://people.debian.org/~carnil/tmp/wordpress
and report any problem *introduced* by updating to these packages
directly to t...@security.debian.org and including Craig S
Hi
The last Samba security update issued as DSA-3548-1 introduced several
upstream regressions, which are addressed in this update.
Before we release the packages we would like to call for additional
testing. The packages can be found on
https://people.debian.org/~carnil/tmp/samba/jessie
(amd
Hi
The upcoming libxml2 security update is little more bigger than usual,
thus we want to expose the package a bit for additional testing. If
you find a problem introduced by updating to these packages, please
report the problem directly to t...@security.debian.org .
The packages can be found at:
Hi
The upcoming Samba update is bigger than usual since for Jessie an
update is needed to 4.2. We want to expose the package a bit more for
additional testing. Please test the packages found on
https://people.debian.org/~carnil/tmp/samba/
(no apt repository available for these test packa
Hi Brian, hi Paul,
On Sun, Mar 06, 2016 at 04:59:43PM +0100, Salvatore Bonaccorso wrote:
> Hi,
>
> On Sun, Mar 06, 2016 at 03:33:16PM +1100, Brian May wrote:
> > Just wondering if there is some other way we can track security issues
> > for when CVEs are not available.
Hi,
On Sun, Mar 06, 2016 at 03:33:16PM +1100, Brian May wrote:
> Just wondering if there is some other way we can track security issues
> for when CVEs are not available.
>
> Thinking of imagemagick here, it has a lot of security issues, and
> requests for CVEs are not getting any responses.
Cre
Hi Rene,
On Wed, Feb 17, 2016 at 11:40:17PM +0100, Rene Engelhard wrote:
> On Wed, Feb 17, 2016 at 07:29:59PM +, Sebastien Delafond wrote:
> > For the testing (stretch) and unstable (sid) distributions, these
> > problems have been fixed in version 1:5.1.1~rc1-1.
>
> Actually, as I said (and
Hi Rob,
On Wed, Jan 20, 2016 at 05:41:56AM -0600, Rob Browning wrote:
> Rob Browning writes:
>
> > I believe the package is scheduled to be removed next week, and I'm
> > still waiting on a discussion with upstream about a (non-trivial) patch
> > I wrote to attempt to address the problem.
> >
>
Hi,
On Wed, Jan 20, 2016 at 10:42:04AM +0800, Bjoern Nyjorden wrote:
> Thanks Holger & Ben,
>
> Most appreciated. So, just to confirm; my take away on this is:
>
> * 1. "Wheezy" Linux kernels are NOT AFFECTED.
>
> * 2. "Wheezy" & "Jessie" BACKPORTS Linux kernels are VUNERABLE.
>
> If I have
Hi,
On Tue, Jan 12, 2016 at 01:38:51PM +, Dominic Hargreaves wrote:
> Control: tags -1 - security
> Control: found -1 4.46-1
>
> On Tue, Jan 12, 2016 at 12:54:19PM +, Chris Boot wrote:
> > Control: tag -1 security
> >
> > On 12/01/16 12:28, Chris Boot wrote:
> > [snip]
> > > Forwarded: h
Hi
The upcoming libxml2 security update is little more bigger than usual,
thus we want to expose the package a bit for additional testing. If
you find a problem introduced by updating to these packages, please
report the problem directly to t...@security.debian.org .
The packages can be found at
Hi,
On Thu, Dec 17, 2015 at 11:40:47PM +0200, Pavlos K. Ponos wrote:
> Hello everyone,
>
> First of all, apologies in advance if this mailing list is not the correct
> one :)
>
> While I was trying to do my usual updates in my Jessie installation, I took
> the following message:
>
> Err http://
Hi Dave,
On Tue, Nov 10, 2015 at 09:54:19PM +, David McDonald wrote:
> Thank you Salvatore & Thijs for your responses.
>
> I appreciate and understand your advice.
>
> My specific interest in the matter arose after receiving the alert.
> I prepared to install the update that was listed in th
Hi David,
On Tue, Nov 10, 2015 at 08:59:04AM +0100, Thijs Kinkhorst wrote:
> Hi David,
>
> On Mon, November 9, 2015 23:25, David McDonald wrote:
> > Hi Salvatore,
> >
> > Your e-mail below states:
> >
> > "For the stable distribution (jessie), this problem has been fixed in
> > version 6.0-16
Hi Ansgar,
On Tue, Nov 03, 2015 at 08:30:56AM +0100, Ansgar Burchardt wrote:
> Hi,
>
> Salvatore Bonaccorso writes:
> > On Tue, Nov 03, 2015 at 01:08:36AM +0100, Cyril Brulebois wrote:
> >> Daniel Reichelt (2015-11-03):
> >> > the amd64 build for 0.8-
Hi,
Adding FTP masters to the loop, since they might help best in this
case.
On Tue, Nov 03, 2015 at 01:08:36AM +0100, Cyril Brulebois wrote:
> Hi,
>
> Daniel Reichelt (2015-11-03):
> > Hi *
> >
> > the amd64 build for 0.8-3+deb8u2 seems to be missing from [1].
> >
> > Is this an error or am
Hi,
On Thu, May 28, 2015 at 12:50:43PM +0200, ma...@wk3.org wrote:
> Hi,
>
> it seems this upgrade introduced some issues regarding symlinks.
>
> It's very easy to mitigate, but I guess less stressful if you know about it
> in advance:
>
> https://wiki.postgresql.org/wiki/May_2015_Fsync_Permis
Hi
Markus Koschany prepared updated package for libapache-mod-jk for
wheezy-security and jessie-security. If you run libapache-mod-jk in
production testing of the prepared packages would be very welcome. If
you find a problem introduced by updating to these packages, please
report the problem dire
Hi,
On Wed, May 13, 2015 at 07:43:47PM +0800, Paul Wise wrote:
> On Wed, May 13, 2015 at 5:26 PM, Dominic Hargreaves wrote:
>
> > As far as I can tell from
> >
> > https://security-tracker.debian.org/tracker/CVE-2013-4422
> >
> > wheezy wasn't affected by the original CVE since the version of QT
Hi
There is an upcoming update for c-icap for wheezy-security. If you run
a c-icap setup, testing of the prepared packages would be very
welcome. If you find a problem introduced by updating to these
packages, please report the problem directly to
t...@security.debian.org . The packages can be fou
Hi Jens,
On Thu, Sep 25, 2014 at 10:05:28AM +0200, Rabe, Jens wrote:
> is there a chance to get the bash-update for squeeze (6.0)?
Note that regular security support for squeeze has endet. You will
need to use squeeze-lts for recieving still updates, more details are
in [1].
[1] https://wiki.de
Hi,
The upcoming gnupg update introduces import functions that apply a
constraining filter to imported keys, allowing to ensure that the keys
fetched from the keyserver are in fact those selected by the user
beforehand. The initial patch introduced regressions which were fixed
upstream.
Please t
Hi,
On Mon, Aug 04, 2014 at 06:58:34PM +0200, Cyril Brulebois wrote:
> Hi,
>
> Mike Gabriel (2014-08-04):
> > Dear security team,
> >
> > Please note that not package version of mate-settings-daemon in
> > Debian is affected by CVE-2012-5560. See [1] for the fix applied
> > upstream over a year
Hello Romain,
On Tue, Jul 29, 2014 at 10:00:25AM +0200, Romain Francoise wrote:
> The advisory text should perhaps mention that 3.2.60-1+deb7u3 includes
> 3.2.60-1+deb7u2, which reverts two commits from previous updates that
> caused networking regressions.
Yes indeed, I should have mentioned tha
Hi,
On Wed, Jun 04, 2014 at 01:08:44AM +0200, Luigi Bianca wrote:
> what's about oldstable ? Mi system says 0.49-4 but apt-get doesn't find
> anything to update. Thanks in advance.
Security support for oldstable has ended at the end of the month, but
there is squeeze-lts available.
See
https://
Hi,
On Thu, Apr 24, 2014 at 11:36:49AM -0400, charlie derr wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 04/24/2014 11:21 AM, Salvatore Bonaccorso wrote:
> > This is indeed seem a typo in the DSA-2911-1. The fixed version
> > for the unstable distrib
Hi,
On Thu, Apr 24, 2014 at 10:05:08AM -0400, charlie derr wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 04/22/2014 11:25 AM, Moritz Muehlenhoff wrote:
> > -
> >
> >
> Debian Security Advisory DSA-2911-1
Hi Frederik,
On Tue, Apr 08, 2014 at 04:01:37PM +, Fredrik Jonson wrote:
> Hi,
>
> After upgrading the packages in DSA 2896-2 (openssl security update),
> the second version, 1.0.1e-2+deb7u6, that detects services to restart, I
> noted that the postist script didn't suggest that I should rest
Hi,
On Sun, Feb 23, 2014 at 08:42:01PM +, Salvatore Bonaccorso wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> - -
> Debian Security Advisory DSA-2867-1 secur...@de
Hi Christoph,
On Wed, Feb 12, 2014 at 10:07:47PM +0100, Christoph Biedl wrote:
> Hello Debian security,
>
> Moritz Muehlenhoff wrote...
>
> > Package: iceweasel
> (...)
> > This update updates Iceweasel to the ESR24 series of Firefox.
>
> Unfortunately, this upgrade broke the xul-ext-ce
Hi
Christian Welzel, maintainer of typo3-src prepared backports for
security issues in typo3-src. Some testing of the squeeze packages in
particular would be welcome before releasing these packages.
Packages are uploaded at [1].
If you find a regression/problem explicitly caused by an update of
Hi Yanosz,
On Sat, Nov 16, 2013 at 10:32:27AM +0100, Jan Lühr wrote:
> Hello folks,
>
> short one: Is Debian GNU/Linux affected by
> http://www.openssh.com/txt/gcmrekey.adv ?
See: https://security-tracker.debian.org/tracker/CVE-2013-4548 . In
short, oldstable and stable where not affected, for
Hi
On Sat, Dec 29, 2012 at 09:31:42PM +0100, Moritz Muehlenhoff wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> - -
> Debian Security Advisory DSA-2593-1 secur...@debian.org
> http://www.debian.
Ciao Stefano
[ I'm first saying him in italian that this is a english spoken list
and that I'm trying to translate ]
Questa e una lista in inglese. Se hai domande in italiano potresti
contattare la lista debian-italian[1].
[1]: https://lists.debian.org/debian-italian/
Cerco di tradurre adesso
87 matches
Mail list logo
