On Mon, 18 Mar 2024, Emilio Pozuelo Monfort wrote:
One solution which has been discussed in the past is to import a full copy
of stable towards stable-security at the beginning of each release cycle,
but that is currently not possible since security-master is a Ganeti VM
and the disk
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- ---
Debian LTS Advisory DLA-3766-1 debian-...@lists.debian.org
https://www.debian.org/lts/security/ Utkarsh Gupta
March 19, 2024
Emilio Pozuelo Monfort wrote:
> Small nitpick: a CVE 'ignored' for (old)stable can still be fixed via point
> release. The sec-team could be contacted to update that triaging, but that's
> only ignored for (old)stable-security, not for (old)stable, where other
> criteria applies. The reason
On Mon, Mar 18, 2024 at 01:13:15PM +0100, Emilio Pozuelo Monfort wrote:
> [ Adding debian-dak@ to Cc ]
> > One solution which has been discussed in the past is to import a full copy
> > of stable towards stable-security at the beginning of each release cycle,
> > but that is currently not possible
Hi Emilio
Yes, looks like it solves the problem as well.
// Ola
On Mon, 18 Mar 2024 at 13:14, Emilio Pozuelo Monfort
wrote:
> [ Adding debian-dak@ to Cc ]
>
> On 22/12/2023 09:54, Moritz Muehlenhoff wrote:
> > On Thu, Dec 21, 2023 at 07:30:51PM -0300, Santiago Ruano Rincón wrote:
> >> So let
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Mon, 18 Mar 2024 03:45:43 +0530
Source: zfs-linux
Binary: libnvpair1linux libuutil1linux libzfs2linux libzfslinux-dev
libzpool2linux zfs-dbg zfs-dkms zfs-dracut zfs-initramfs zfs-test zfs-zed
zfsutils-linux
Architecture: source
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-3765-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Sylvain Beucler
March 18, 2024
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Fri, 15 Mar 2024 10:18:20 +0100
Source: cacti
Architecture: source
Version: 1.2.2+ds1-2+deb10u6
Distribution: buster-security
Urgency: high
Maintainer: Cacti Maintainer
Changed-By: Sylvain Beucler
Closes: 1059254
Changes:
cacti
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-3764-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
March 18, 2024
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Mon, 18 Mar 2024 14:39:21 +0200
Source: postgresql-11
Architecture: source
Version: 11.22-0+deb10u2
Distribution: buster-security
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers
Changed-By: Adrian Bunk
Changes:
On Mon, Mar 18, 2024 at 01:01:28PM +0100, Emilio Pozuelo Monfort wrote:
> On 14/03/2024 21:36, Roberto C. Sánchez wrote:
> > - if a CVE is 'fixed' in LTS but 'ignored' in (old)stable, then the
> >security team should be contacted to see if they would be willing to
> >change to 'no-dsa' so
On 23/06/2023 10:21, Moritz Muehlenhoff wrote:
But in fact the view in the Debian security is a little misleading, given
that it displays "vulnerable" all over the place, e.g.
https://security-tracker.debian.org/tracker/CVE-2023-31147
It would be nice if that "unimportant" issues it would
[ Adding debian-dak@ to Cc ]
On 22/12/2023 09:54, Moritz Muehlenhoff wrote:
On Thu, Dec 21, 2023 at 07:30:51PM -0300, Santiago Ruano Rincón wrote:
So let me ask you: are you interested in addressing the infrastructure
limitations to handle those kind of packages? and having some help for
that?
On 14/03/2024 21:36, Roberto C. Sánchez wrote:
- if a CVE is 'fixed' in LTS but 'ignored' in (old)stable, then the
security team should be contacted to see if they would be willing to
change to 'no-dsa' so that a point release fix can be made
Small nitpick: a CVE 'ignored' for
Hi,
On 17/03/2024 06:54, Sean Whitton wrote:
On Thu 14 Mar 2024 at 04:47pm -04, Roberto C. Sánchez wrote:
- it is important update the notes on packages in dla-needed.txt to
indicate what work has been done and what remains
I think that we should be also reviewing old notes and deleting
15 matches
Mail list logo