then; I needed to hack the "sid|unstable" bit in
the code but didn't want to yak-shave that at the time!)
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
import "crypto/elliptic".
However, it could be using it transitively so it might be worth
uploading just in case.
Sound sensible?
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
dovecot-solr dovecot-lucene dovecot-dbg
Architecture: source amd64
Version: 1:2.2.13-12~deb8u5
Distribution: jessie-security
Urgency: high
Maintainer: Dovecot Maintainers
Changed-By: Chris Lamb
Description:
dovecot-core - secure POP3/IMAP server - core files
dovecot-dbg - secure POP3/IMAP server
in as anyone else in the system if both
auth_ssl_{require_client,username_from}_cert were enabled.
For Debian 8 "Jessie", this issue has been fixed in dovecot version
1:2.2.13-12~deb8u5.
We recommend that you upgrade your dovecot packages.
Regards,
- --
,''`.
: :' :
first need to figure out which packages actually use that specific lib.
Shall we loop the golang maintainers in here? They might even have
such a script or otherwise have some insight here...
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
Hi Antoine,
> all golang Debian packages are (as elsewhere) statically compiled
> and linked so we'd need to rebuild all the rdeps
Hm. Can we avoid /all/ the rdeps? I mean, grep the rdeps for ones
that use this library?
Best wishes,
--
,''`.
: :' : Chri
attacks within in the elliptic curve cryptography handling in the
Go programming language libraries.
For Debian 8 "Jessie", this issue has been fixed in golang version
2:1.3.3-1+deb8u1.
We recommend that you upgrade your golang packages.
Regards,
- --
,''`.
: :' :
Ben Hutchings wrote:
> This presumably needs to be fixed for jessie LTS as well, and I see
> Chris Lamb has claimed it.
I took the "claim" here so that there was definitely someone in the
LTS team who would ensure everything was followed-through, which
seems like it has happ
s.
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
symfony_2.3.21+dfsg-4+deb8u3_amd64.build.xz
Description: application/xz
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlwyVjMACgkQHpU+J9Qx
Hlii2RAArou3FE/tuZDRzJq34JmyRg8VToxpSWIqSEyIFlqnzHwzPEHLb19LoRBe
hgSDjf9+Hzr72jjZhRbMyILJcLhjq
omeone can jump in, please do so.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Maintainer: Matthias Klose
Changed-By: Chris Lamb
Description:
python-lxml - pythonic binding for the libxml2 and libxslt libraries
python-lxml-dbg - pythonic binding for the libxml2 and libxslt libraries
(debug ext
python-lxml-doc - pythonic binding for the libxml2 and libxslt libraries
quot; URLs that used escaping such as
"j a v a s c r i p t". This is a similar issue to CVE-2014-3146.
For Debian 8 "Jessie", this issue has been fixed in lxml version
3.4.0-1+deb8u1.
We recommend that you upgrade your lxml packages.
Regards,
- --
,''`.
: :' :
Chris Lamb wrote:
> I will take libphp-phpmailer
I have uploaded this and announced it as DLA 1591-1.
Thank you Abhijith for your debdiff. I completely (and
embarrassingly...) failed to credit you in the DLA announcement,
I'm afraid. :(
Regards,
--
,''`.
: :' : Chris L
r packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlv3y1IACgkQHpU+J9Qx
HliU8BAAtr8bEDPNoCYMmRIa39i/IWQp7cRW3NjF0iP6Kp6mR1/ZLICG
nerate and send the DLA announcement, and
additionally take over the claim in dla-needed.txt to avoid any
possible duplication:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a505bc0a18ed24f13643ce581065fc132cb2f88d
Regards,
--
,''`.
: :' : Chri
Changed-By: Chris Lamb
Description:
ruby-rack - Modular Ruby webserver interface
Closes: 913005
Changes:
ruby-rack (1.5.2-3+deb8u2) jessie-security; urgency=high
.
* CVE-2018-16471: Prevent a possible XSS vulnerability where a malicious
request could impact the HTTP/HTTPS scheme
the HTTP/HTTPS scheme being returned
to the underlying application.
For Debian 8 "Jessie", this issue has been fixed in ruby-rack version
1.5.2-3+deb8u2.
We recommend that you upgrade your ruby-rack packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 21 Nov 2018 10:20:34 +0100
Source: ruby-i18n
Binary: ruby-i18n
Architecture: source all
Version: 0.6.9-2+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Ruby Extras Maintainers
Changed-By: Chris Lamb
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlv1JIIACgkQHpU+J9Qx
HlgpiQ/+J7IlWMZcUr00qRKpShdJviGrhcYow4a7chQ5wKGIn4x/KnOfy/B9f3Zh
JAYtfFpMmPZIfv
hat you upgrade your ansible packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlvpYiQACgkQHpU+J9Qx
HlhDWg/9Hz82c1ALOa5RRkaZbAOV0057vaxTQdpH3VjV
Distribution: jessie-security
Urgency: high
Maintainer: Kartik Mistry
Changed-By: Chris Lamb
Description:
nginx - small, powerful, scalable web/proxy server
nginx-common - small, powerful, scalable web/proxy server - common files
nginx-doc - small, powerful, scalable web/proxy server
e has been fixed in nginx version
1.6.2-5+deb8u6.
We recommend that you upgrade your nginx packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
iQIzBAEBCAAdFiEEwv5L0nHBO
cker-team/security-tracker/commit/dcf1955fa11984475d68b0a10205337d6d88969f
If it helps, it was last updated as part of DLA-1372-1.
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Fri, 19 Oct 2018 10:51:00 -0400
Source: drupal7
Binary: drupal7
Architecture: source all
Version: 7.32-1+deb8u13
Distribution: jessie-security
Urgency: high
Maintainer: Luigi Gangitano
Changed-By: Chris Lamb
Description:
drupal7
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers
Changed-By: Chris Lamb
Description:
libfontbox-java - Java font library
libfontbox-java-doc - Java font library (Documentation)
libjempbox-java - XMP Compatible Java Library
libjempbox-java-doc - XMP Compatible Java
the updated package before it gets released.
You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of libssh updates
for the LTS releases.
Thank you very much.
Chris Lamb,
on behalf of the Debian LTS team.
PS: A member of the LTS team might
Changed-By: Chris Lamb
Description:
adplug-utils - free AdLib sound library (utils)
libadplug-2.2.1-0 - free AdLib sound library
libadplug-dev - free AdLib sound library (development)
Changes:
adplug (2.2.1+dfsg3-0.1+deb8u1) jessie-security; urgency=high
.
* CVE-2018-17825: Fix a potential
strongswan-charon strongswan-ike
strongswan-nm strongswan-ikev1 strongswan-ikev2 charon-cmd
Built-For-Profiles: nocheck
Architecture: source all amd64
Version: 5.2.1-6+deb8u8
Distribution: jessie-security
Urgency: high
Maintainer: strongSwan Maintainers
Changed-By: Chris Lamb
Description:
charon-cmd
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAluzRa4ACgkQHpU+J9Qx
Hlj3Lw//elj08ME+zL/RCQyXhiYpQPl1PHyyhWEkm89NVfSBmPV2fY1UNy
kamailio-extra-modules
Architecture: source amd64
Version: 4.2.0-2+deb8u5
Distribution: jessie-security
Urgency: high
Maintainer: Debian VoIP Team
Changed-By: Chris Lamb
Description:
kamailio - very fast and configurable SIP proxy
kamailio-autheph-modules - authentication using ephemeral credentials
packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAluY7XsACgkQHpU+J9Qx
Hlio4hAAp1aSCGFey+nsDuyxF5ai68qQfCGpQJnqlEFO
: Bertrand Marc
Changed-By: Chris Lamb
Description:
extract- displays meta-data from files of arbitrary type
libextractor-dbg - extracts meta-data from files of arbitrary type (debug)
libextractor-dev - extracts meta-data from files of arbitrary type
(development)
libextractor3 - extracts meta
of arbitrary type.
For Debian 8 "Jessie", this issue has been fixed in libextractor version
1:1.3-2+deb8u3.
We recommend that you upgrade your libextractor packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
+deb8u12
Distribution: jessie-security
Urgency: high
Maintainer: Alessandro Ghedini
Changed-By: Chris Lamb
Description:
curl - command line tool for transferring data with URL syntax
libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour)
libcurl3-dbg - debugging symbols
information, please see:
<https://curl.haxx.se/docs/CVE-2018-14618.html>
For Debian 8 "Jessie", this issue has been fixed in curl version
7.38.0-4+deb8u12.
We recommend that you upgrade your curl packages.
Regards,
- --
,''`.
: :' : Chris Lamb
ly-crafted
input file could lead to a heap-based buffer overflow.
For Debian 8 "Jessie", this issue has been fixed in lcms2 version
2.6-3+deb8u2.
We recommend that you upgrade your lcms2 packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.or
and/or test the updated package before it gets released.
You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of glusterfs updates
for the LTS releases.
Thank you very much.
Chris Lamb,
on behalf of the Debian LTS team.
PS: A member of the LTS
Chris Lamb wrote:
> > I've prepared security update for dojo. Please review and
> > upload. Debdiff is attached. Its a trivial patch to escape quotes.
>
> Will review and upload. I have reserved DLA-1492-1 for this
> purpose.
Uploaded and
8 "Jessie", this issue has been fixed in dojo version
1.10.2+dfsg-1+deb8u1 by Abhijith PA.
We recommend that you upgrade your dojo packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAluIET4ACgkQHpU+J9Qx
HlgweA/8CQFKxZreVcFWefRLu+dsifiXhTl8FL5CPTxFGWW4synrffXBwHBziZzv
lLtq9D2sTZMKFzj1R3
f it was already there I believe we should let it be.)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Chris Lamb wrote:
> > I've just prepared an update for jessie-security (see [1]). Please tell
> > me how if you want the full source package and how I should send it.
> […]
> > [1] https://salsa.debian.org/debian/libextractor/tree/jessie
>
> Ooh, nice work. I've ma
grade your libextractor packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAluCpsMACgkQHpU+J9Qx
HlhwQQ/7BJ/MbTr9F4zWumr0slSv7Cy6jb4SUt7DoksTfyERdQwqVv
is branch so
i can take it from here.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
the updated package before it gets released.
You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of dojo updates
for the LTS releases.
Thank you very much.
Chris Lamb,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start
exists
on a target server.
For Debian 8 "Jessie", this issue has been fixed in openssh version
1:6.7p1-5+deb8u5.
We recommend that you upgrade your openssh packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Hi Markus & Bertrand,
> > I'll prepare source package this week-end, but if it's fine with you
> > I'll let you take care of the LTS workflow as I am a bit busy these days.
>
> Thanks for your reply. It seems Chris Lamb is interested in fixing those
> issues. I will le
Dear Raphael,
> > Maybe gen-DLA could check and warn if there is no dla-needed.txt entry?
>
> +1
Implemented in:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d55d75ec0d37712970b3559edaaad50a8e8851e6
Regards,
--
,''`.
: :' :
: Debian X Strike Force
Changed-By: Chris Lamb
Description:
libxcursor-dev - X cursor management library (development files)
libxcursor1 - X cursor management library
libxcursor1-dbg - X cursor management library (unstripped)
libxcursor1-udeb - X cursor management library (udeb)
Closes: 906012
designed to help locate
and load cursors for the X Window System.
For Debian 8 "Jessie", this issue has been fixed in libxcursor version
1:1.1.14-1+deb8u2.
We recommend that you upgrade your libxcursor packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `
iscussion at-hand.
If you believe the documentation is lacking the above, please could you
update the wiki? The mailing list is, for hopefully obvious reasons, a
sub-optimal place to document this in a canonical fashion.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@d
here was ensuring that it was
added and assigned in dla-needed.txt so that nobody else would start
work on it in the interim (ie. doing the first two steps outlined above
yourself).
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
ing DLA number
Whilst there may be problems with the workflow or tooling, could you
please use this opportunity to update the documentation?
I suffer from a "curse of knowledge" in that the process is almost
second-nature to me now so I don't know what a newcomer doesn't know.
Regard
egards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
LA to check for eventual regressions. We're doing
> the same for DSAs.
Do you have any systematic process (or even tooling) for this out of
interest?
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Mon, 06 Aug 2018 14:43:24 +0800
Source: cgit
Binary: cgit
Architecture: source amd64
Version: 0.10.2.git2.0.1-3+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Alexander Wirt
Changed-By: Chris Lamb
Description
her or
otherwise push the adoption of the fix outside of LTS given my patch/
efforts were applied upstream without attribution.)
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Chris Lamb wrote:
> > I've prepared security update for policykit. Debdiff is attached.
> […]
> > Please review and upload.
>
> Will do so. Have reserved DLA-1448-1 for this purpose.
Uploaded:
https://lists.debian.org/debian-lts-announce/2018/07/msg00042.html
I added
policies and
privileges.
For Debian 8 "Jessie", this issue has been fixed in policykit-1 version
0.105-15~deb8u3.
We recommend that you upgrade your policykit-1 packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Hi Abhijith,
> I've prepared security update for policykit. Debdiff is attached.
[…]
> Please review and upload.
Will do so. Have reserved DLA-1448-1 for this purpose.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
volution-data-server packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAltYC6MACgkQHpU+J9Qx
HliOqA/+NcP9dzBck3aynMmcZK3gvNrIzcr55oHICzd7
-By: Chris Lamb
Description:
znc- advanced modular IRC bouncer
znc-dbg- advanced modular IRC bouncer (debugging symbols)
znc-dev- advanced modular IRC bouncer (development headers)
znc-perl - advanced modular IRC bouncer (Perl extension)
znc-python - advanced modular IRC
(CVE-2018-14056)
For Debian 8 "Jessie", these issues have been fixed in znc version
1.4-2+deb8u1.
We recommend that you upgrade your znc packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Changed-By: Chris Lamb
Description:
cinnamon - Innovative and comfortable desktop
cinnamon-common - Innovative and comfortable desktop (Common data files)
cinnamon-dbg - Innovative and comfortable desktop (Debugging symbols)
Closes: 903201
Changes:
cinnamon (2.2.16-5+deb8u1) jessie-security
file on the filesystem via
a $HOME/.face icon file (as the cinnamon-settings-users.py GUI runs
as root).
For Debian 8 "Jessie", this issue has been fixed in cinnamon version
2.2.16-5+deb8u1.
We recommend that you upgrade your cinnamon packages.
Regards,
- --
,''`.
: :' :
-By: Chris Lamb
Description:
ruby-sprockets - Rack-based asset packaging system
Closes: 901913
Changes:
ruby-sprockets (2.12.3-1+deb8u1) jessie-security; urgency=high
.
* CVE-2018-3760: Do not respond to http requests asking for a `file://`.
(Closes: #901913)
Checksums-Sha1
y-sprockets packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAltHH8cACgkQHpU+J9Qx
HlgwoRAAsUimgKPa3g0/nHuYyX+T/J/qnmbtNTHb2fuO
; upload that to jessie [..]
>
> I'm a bit reluctant to do this, as I've never done this before
You have misread what I wrote. I am not asking you to do that locally
or otherwise. I am asking why we (LTS) don't apply that commit and
upload it to jessie.
> Hm, I don't think so. Should
d 1.0.4.
(Does this issue have a bug in the Debian BTS?)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
sting that we upgrade src:glib-json
from 1.0.2 → 1.0.4? Why don't we just cherry-pick the aforementioned
patch and apply it to 1.0.2? :)
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
otherwise should be
trusted.
For Debian 8 "Jessie", these issues have been fixed in ca-certificates
version 20141019+deb8u4.
We recommend that you upgrade your ca-certificates packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.or
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Fri, 22 Jun 2018 10:42:40 +0100
Source: php-horde-image
Binary: php-horde-image
Architecture: source all
Version: 2.1.0-4+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Horde Maintainers
Changed-By: Chris Lamb
ome non-determinism
filesystem ordering, rather than a diagnosis that needs knocking down..)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
ttps://sources.debian.org/src/disorderfs/0.5.3-2/disorderfs.1.txt/#L86-L114
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
ich is very strange to me.
(My gut tells me that this is non-deterministic filesystem ordering..)
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
ileges via a crafted command line. (#902410)
For Debian 8 "Jessie", these issues have been fixed in redis version
2:2.8.17-1+deb8u6.
We recommend that you upgrade your redis packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.or
e backend.
For Debian 8 "Jessie", these issues have been fixed in php-horde-image
version 2.1.0-4+deb8u1.
We recommend that you upgrade your php-horde-image packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb
quot;.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
have your
permission to take your assignment over? I will naturally be more
diligent in this regard in the future.
(Note that the testsuite also requires an update which is not evident in
upstream's patch.)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org
can avoid it in the future? :(
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
ngs. :)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
early" and will switch to that if you think that would be more useful
for these larger packages; I am on smaller ones right now so not
exposed in a true practical sense to the issue. :)
Best wishes
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
'claim' them by
writing to the aforementioned bug numbers". :)
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
example.
IIRC I believe the subject to search for is "Improvement needed to our
triaging scripts".
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
d.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
ow bandwidth.
Thank you, we will definitely keep you in the loop as things
progress.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
quired first.
I won't be able to tackle that tonight, unfortunately.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
ould say that could easily be punted to ELTS as well. Revocation
> seems more critical than new CAs...
Oh, I typo'd or at least was not clear enough — my glance suggested we
we missing a handful of newer, although somewhat less serious, CA
*removals*.
Regards,
--
,''`.
: :
e, and I don't know what happened with that.
I remember uploading (or helping to upload?) a version that removed
the StartCom certs, but a quick glance a couple of days ago suggested
that we were missing a handful of newer, although somewhat less
serious, CAs.
Best wishes,
--
,''`.
Hi Antoine,
> So wheezy is EOL starting from tomorrow, as will probably be announced
> then.
(Hm, would it make sense to update/sync ca-certificates just before we
EOL wheezy?)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
the updated package before it gets released.
You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of procps updates
for the LTS releases.
Thank you very much.
Chris Lamb,
on behalf of the Debian LTS team.
PS: A member of the LTS team might
and/or test the updated package before it gets released.
You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of enigmail updates
for the LTS releases.
Thank you very much.
Chris Lamb,
on behalf of the Debian LTS team.
PS: A member of the LTS team
Distribution: wheezy-security
Urgency: high
Maintainer: Alessandro Ghedini <gh...@debian.org>
Changed-By: Chris Lamb <la...@debian.org>
Description:
curl - command line tool for transferring data with URL syntax
libcurl3 - easy-to-use client-side URL transfer library (Ope
1+wheezy25+deb7u1.
We recommend that you upgrade your curl packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlr8crsACgkQHpU+J9Qx
Distribution: wheezy-security
Urgency: high
Maintainer: Debian Java Maintainers
<pkg-java-maintain...@lists.alioth.debian.org>
Changed-By: Chris Lamb <la...@debian.org>
Description:
liblucene3-contrib-java - Full-text search engine library for Java(TM)
liblucene3-java - Full-text search en
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sun, 22 Apr 2018 10:49:38 +0200
Source: gunicorn
Binary: gunicorn
Architecture: source all
Version: 0.14.5-3+deb7u2
Distribution: wheezy-security
Urgency: high
Maintainer: Chris Lamb <la...@debian.org>
Changed-By: Chris La
recommend that you upgrade your gunicorn packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlrcTnUACg
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Mon, 16 Apr 2018 08:33:40 +0100
Source: patch
Binary: patch
Architecture: source amd64
Version: 2.6.1-3+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Christoph Berg <m...@debian.org>
Changed-By: Chris La
401 - 500 of 925 matches
Mail list logo