On Wed, Sep 14, 2022 at 10:55:29PM +0200, Sylvain Beucler wrote:
> You can certainly give it a try if you have the time.
> The description adapted from the DSA sounds good.
>
> Feel free to ask here or at #debian-lts if you have further questions.
Ok, mail sent to debian-lts-announce, will check
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-3108-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Valentin Vidic
September 14, 2022
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Mon, 18 Nov 2019 13:30:25 +0100
Source: nova
Architecture: source
Version: 2:18.1.0-6+deb10u1
Distribution: buster-security
Urgency: medium
Maintainer: Debian OpenStack
Changed-By: Thomas Goirand
Closes: 934114
Changes:
nova
On Wed, Sep 14, 2022 at 06:46:47PM +0200, Sylvain Beucler wrote:
> Hello Valentin,
>
> Thank you for claiming 'pcs' in dla-needed.txt and uploading a fixed
> version.
>
> LTS uploads follow a procedure which notably involves reserving a DLA in the
> security tracker and sending announcements to
Hello,
On 14/09/2022 22:43, Valentin Vidic wrote:
On Wed, Sep 14, 2022 at 06:46:47PM +0200, Sylvain Beucler wrote:
Thank you for claiming 'pcs' in dla-needed.txt and uploading a fixed
version.
LTS uploads follow a procedure which notably involves reserving a DLA in the
security tracker and
On 9/14/22 13:37, Emilio Pozuelo Monfort wrote:
Hi Thomas,
On 11/09/2022 12:50, Thomas Goirand wrote:
Hi,
In the OpenStack team git, there are updates for nova
2:18.1.0-6+deb10u1 (CVE-2019-14433/ OSSA-2019-003). Can someone pick
it up and upload it to Buster? It was never accepted in Buster
Hello Valentin,
Thank you for claiming 'pcs' in dla-needed.txt and uploading a fixed
version.
LTS uploads follow a procedure which notably involves reserving a DLA in
the security tracker and sending announcements to the mailing list and
website, see:
Hi Moritz,
> In the case of DLA uploads you should rather even wait a little longer;
> since there's no queue and if you've made a source upload for a large
> package it might take some time until it's built.
Ah, that makes sense. Because of that, I'll actually block
announcements until the
El 14/09/22 a las 13:58, Emilio Pozuelo Monfort escribió:
> On 13/09/2022 16:46, Sylvain Beucler wrote:
> > Hi,
> >
> > IIUC this is about fixing 2 non-security bugs, that were introduced
> > prior to buster's initial release.
> >
> > I personally don't think this fits the LTS project scope.
> >
On Wed, Sep 14, 2022 at 01:54:40PM +0200, Emilio Pozuelo Monfort wrote:
> Your top-commit looks very similar to the one from Santiago on [1]. I'd
> rather use that to give him credit as he proposed the fix first (plus using
> CPPFLAGS seems more correct for this flag). In addition to that, the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Tue, 13 Sep 2022 13:57:41 +
Source: rails
Binary: rails ruby-actioncable ruby-actionmailer ruby-actionpack
ruby-actionview ruby-activejob ruby-activemodel ruby-activerecord
ruby-activestorage ruby-activesupport ruby-rails
On 13/09/2022 16:46, Sylvain Beucler wrote:
Hi,
IIUC this is about fixing 2 non-security bugs, that were introduced prior to
buster's initial release.
I personally don't think this fits the LTS project scope.
Maybe other LTS members will have a different opinion.
We've had bugfix updates
Hi Chris,
On 14/09/2022 05:48, Chris Frey wrote:
On the other hand, the fix has been known since 2019 and looks like a
prime problem for an LTS newbie volunteer like me.
I have created the fix based on the Debian/bzip2 repo, the fix is in
the debian/buster branch.
git clone
Hi Thomas,
On 11/09/2022 12:50, Thomas Goirand wrote:
Hi,
In the OpenStack team git, there are updates for nova 2:18.1.0-6+deb10u1
(CVE-2019-14433/ OSSA-2019-003). Can someone pick it up and upload it to Buster?
It was never accepted in Buster due to the difficulties communicating with the
On Wed, Sep 14, 2022 at 11:34:57AM +0200, Santiago Ruano Rincón wrote:
> If I am not wrong, DLAs should be claimed/announced once the upload has
> been completed and accepted. I think this is documented here:
>
> https://wiki.debian.org/LTS/Development#Announce_the_update
>
> "Only when you have
On Tue, Sep 13, 2022 at 04:46:14PM +0200, Sylvain Beucler wrote:
> IIUC this is about fixing 2 non-security bugs, that were introduced prior to
> buster's initial release.
>
> I personally don't think this fits the LTS project scope.
> Maybe other LTS members will have a different opinion.
I do
El 14/09/22 a las 08:04, Chris Lamb escribió:
> Chris Lamb wrote:
>
> >> Did you forget to upload this? I don't see any sqlite3 update in
> >> buster-security (or maybe it was rejected or something).
> >
> > I didn't forget. Rather, it was REJECTED late last night and I re-
> > uploaded first
Chris Lamb wrote:
>> Did you forget to upload this? I don't see any sqlite3 update in
>> buster-security (or maybe it was rejected or something).
>
> I didn't forget. Rather, it was REJECTED late last night and I re-
> uploaded first thing this morning.
... and I just got the ACCEPTED. :)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Tue, 13 Sep 2022 15:15:07 +0100
Source: sqlite3
Architecture: source
Version: 3.27.2-3+deb10u2
Distribution: buster-security
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS)
Changed-By: Chris Lamb
Changes:
sqlite3
Emilio Pozuelo Monfort wrote:
> Did you forget to upload this? I don't see any sqlite3 update in
> buster-security (or maybe it was rejected or something).
Didn't forget. Rather, it was REJECTED late last night and I re-
uploaded first thing this morning.
The reason is that I mistook the "2"
Hi,
On 13/09/2022 16:25, Chris Lamb wrote:
-
Debian LTS Advisory DLA-3107-1debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Chris Lamb
September 13, 2022
Hi,
On Tue, 13 Sep 2022, Abhijith PA wrote:
> > Yes, that'd make sense. I'll start a separate thread for
> > CVE-2022-32224. Roll back for now so there's no regression at least.
>
> I've disabled patch for CVE-2022-32224. Also tested against redmine.
> Looks good for me. Can you give a smoke
22 matches
Mail list logo
