Hi Ubuntu security team,
I would just like to put you in the loop about this git issue, and a
possible regression in Ubuntu related to its fix. Please, see below.
El 31/05/24 a las 10:41, Roberto C. Sánchez escribió:
> Hi Sean,
>
> On Fri, May 31, 2024 at 03:05:35PM +0100, Sean Whitton wrote:
>
-
Debian LTS Advisory DLA-3816-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Santiago Ruano Rincón
May 17, 2024 https://wiki.debian.org/LTS
Package: wnpp
Severity: wishlist
Owner: Emmanuel Arias , Santiago Ruano Rincón
X-Debbugs-Cc: debian-de...@lists.debian.org, t...@security.debian.org,
debian-ker...@lists.debian.org, debian-lts@lists.debian.org, eam...@debian.org
* Package name: linux-livepatching
Version
Dear Debian LTS users,
This is a gentle reminder that Debian 10 ("buster") will reach end of support
as the LTS release on June 30, 2024. Users are encouraged to upgrade to
Debian 11 ("bullseye").
Starting in July, Debian will not provide further security updates for
Debian 10. A subset of
e first time I
looked at these CVEs, when they just came out.
Thanks, and sorry for the noise,
-- S
>
> Cheers
>
> // Ola
>
> On Tue, 23 Apr 2024 at 22:55, Santiago Ruano Rincón
> wrote:
> >
> > Hi Ola,
> > El 19/04/24 a las 07:54, Ola Lundqvist escr
Hi Cyrille!
El 25/04/24 a las 15:00, Cyrille Bollu escribió:
> Hi Santiago,
>
> Here's some follow up :-)
>
> Best regards,
>
> Cyrille
>
> Le mardi 16 avril 2024 à 12:52 -0300, Santiago Ruano Rincón a écrit :
> > Hi Cyrille,
> >
> > El 16/04/24
Hi Ola,
El 19/04/24 a las 07:54, Ola Lundqvist escribió:
> Hi
>
> I have now made the package build.
Thank you for preparing the patch. I've built, tested basic
functionality and tested reversed dependencies.
However, I have a question: could you please point me where do you get
from the
Dear team,
TL;DR: if you have a local copy of the lts-team/packages/samba repo,
please consider resetting the debian/buster branch.
The lts-team's was originally created from scratch, then we moved over a
fork of the debian maintainers. To reconcile the differences in history
between the buster
-
Debian LTS Advisory DLA-3792-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Santiago Ruano Rincón
April 22, 2024https://wiki.debian.org/LTS
Hi Cyrille,
El 16/04/24 a las 16:09, Cyrille Bollu escribió:
> Hi Santiago,
>
> >It is not a question of trust. It is a problem of lack of strong
> >evidence that the issue is no longer there in freeimage or openjepg2.
> >We cannot rely only on CVE description to track the issues.
>
> I think
Hi,
El 15/04/24 a las 21:47, Ola Lundqvist escribió:
> Hi Santiago
>
> On Mon, 15 Apr 2024 at 21:10, Santiago Ruano Rincón
> wrote:
> >
> > Hi Ola,
> >
> > As being discussed with Salvatore, there is not enough evidence to
> > conclude there is n
NOTE: in libopenjpeg, not freeimage. Without reproducer or
> > stacktrace, this is
> > NOTE: nearly unfixable.
> > + NOTE: Turned out that the issue is not in freeimage at all,
> > but rather in openjpeg.
> > + NOTE: For more information see
> > https://
Hi,
Cyrille, thank you for checking this. However, I don't think the contact
address you had sent the email is correct.
CVE is maintained by MITRE (not NIST). And there exist several CNAs that
could issue CVE IDs for specific products/domains.
According to
Hello Cyrille,
El 11/04/24 a las 09:15, Cyrille Bollu escribió:
> Why not using CVSS as a base calculation for assigning severity levels?
>
> IIRC, something like:
>
> CVSS>=8 => High
> 4<=CVSS<8 => Medium
> CVSS<4 => Low
...
Thanks for the comment!
I cannot talk for the security team, but I
Hi Ola,
El 11/04/24 a las 08:25, Ola Lundqvist escribió:
> On Thu, 11 Apr 2024 at 02:34, Santiago Ruano Rincón
> > El 10/04/24 a las 22:08, Ola Lundqvist escribió:
> > > Hi all
> > >
> > > Sorry for late reply. It took me too long today to answer th
Hi Ola,
El 10/04/24 a las 22:08, Ola Lundqvist escribió:
> Hi all
>
> Sorry for late reply. It took me too long today to answer the CVE
> triaging discussion. Now to this issue.
>
> Regarding the fedora patches. The patches seem to help for those
> specific issues they solve.
>
> My intention
Hi (especially Ola),
El 08/04/24 a las 13:59, Sylvain Beucler escribió:
> Hi,
>
> I think this requires a bit of coordination:
> - the package is basically dead upstream, there hasn't been a fix in the
> official repos, neither Debian or other distros attempted to fix them
The only "exception"
El 15/03/24 a las 08:31, Roberto C. Sánchez escribió:
> On Fri, Mar 15, 2024 at 11:06:10AM +0100, Raphael Hertzog wrote:
> > Hello Roberto,
> >
> > On Thu, 14 Mar 2024, Roberto C. Sánchez wrote:
> > > Santiago and I are in agreement that at the moment the best available
> > > option is to use
El 08/03/24 a las 18:51, Ola Lundqvist escribió:
> Hi
>
> Ah, right. I was thinking i386, amd64 were only hardware architectures. If
> it includes freebsd as a separate then it is clearly not supported.
> Thank you
That is a good point. We tend to use the term architecture, but if you
want to be
Hello Ola,
El 08/03/24 a las 00:20, Ola Lundqvist escribió:
> Hi
>
> I'm triaging issues and I found one undetermined one for kfreebsd-10.
> There is very little information on the issue so I agree with the
> undetermined status.
>
> My question is whether we should even try to determine it...
El 29/02/24 a las 14:14, Sean Whitton escribió:
> Hello,
>
> Does anyone have working debvm runes for stretch & jessie?
>
> If you just use 'debvm-create -r stretch --
> http://deb.freexian.com/extended-lts'
> then there isn't working networking.
AFAIU, networking is set up while running
El 05/02/24 a las 15:30, Colin Watson escribió:
> On Mon, Feb 05, 2024 at 11:33:41AM -0300, Santiago Ruano Rincón wrote:
> > As part of the LTS workflow, we keep information about VCS of the
> > packages uploaded, including git tags for every upload.
> >
> > Woul
El 01/02/24 a las 13:34, Colin Watson escribió:
> On Thu, Feb 01, 2024 at 05:41:19PM +0530, Utkarsh Gupta wrote:
> > On Thu, Feb 1, 2024 at 1:44 AM Colin Watson wrote:
> > > I'm both the Debian and upstream maintainer of man-db. I'm considering
> > > uploading some variation of the attached diff
-
Debian LTS Advisory DLA-3694-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Santiago Ruano Rincón
December 25, 2023 https://wiki.debian.org/LTS
El 22/12/23 a las 14:21, Moritz Muehlenhoff escribió:
> On Fri, Dec 22, 2023 at 10:19:15AM -0300, Santiago Ruano Rincón wrote:
> > El 22/12/23 a las 09:54, Moritz Muehlenhoff escribió:
> > > On Thu, Dec 21, 2023 at 07:30:51PM -0300, Santiago Ruano Rincón wrote:
> > > &
El 22/12/23 a las 09:54, Moritz Muehlenhoff escribió:
> On Thu, Dec 21, 2023 at 07:30:51PM -0300, Santiago Ruano Rincón wrote:
> > So let me ask you: are you interested in addressing the infrastructure
> > limitations to handle those kind of packages? and h
Dear Security, Release and Wanna-build teams,
As some of you may be aware, we (the LTS Team) are reviewing the
packages with limitations in their support, and I would like to bring
some discussion regarding Go, Rust and the like. As the bookworm (and
older) release notes document:
The Debian
unce/2023/msg00258.html
and:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056606
I think we should follow that for buster. Any objections?
Cheers,
--
Santiago Ruano Rincón ◈ Freexian SARL
https://www.freexian.com
signature.asc
Description: PGP signature
El 19/10/23 a las 11:29, Yadd escribió:
> Hi,
>
> I think I did what is needed (mail + webml). Let me know if everything is
> OK.
It is perfect. Thank you!
Cheers,
-- Santiago
signature.asc
Description: PGP signature
Hey,
node-babel was accepted into buster-security. Yadd, will you do the
paperwork by yourself or do you want some help?
Cheers,
-- S
El 18/10/23 a las 21:20, Debian FTP Masters escribió:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Format: 1.8
> Date: Fri, 13 Oct 2023 20:56:38
Hi Yadd,
El 13/10/23 a las 20:59, Yadd escribió:
> and Buster ;-)
Thanks for preparing the fix!
Just to be on the safe side, have you been able to test it, and how?
Are you willing to upload it by yourself, or do you want some help?
Cheers,
-- Santiago
signature.asc
Description: PGP
-
Debian LTS Advisory DLA-3583-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Santiago Ruano Rincón
September 25, 2023https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3574-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Santiago Ruano Rincón
September 20, 2023https://wiki.debian.org/LTS
Hi Chris,
El 17/09/23 a las 21:56, Chris Frey escribió:
> On Sun, Sep 17, 2023 at 08:34:57PM +0300, Santiago Ruano Rincón wrote:
> > Chris, thanks for preparing the patches. Much appreciated. I have a
> > question though: Why are you placing those two patches in
>
hi!
El 16/09/23 a las 15:44, Utkarsh Gupta escribió:
> Hi Chris,
>
> On Fri, Sep 15, 2023 at 8:09 PM Chris Frey wrote:
> > Attached is a patch that applies to the unpackaged sources of Debian
> > Buster's
> > version of mutt 1.10.
> >
> > It includes 3 patches:
> >
> >
-
Debian LTS Advisory DLA-3547-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Santiago Ruano Rincón
August 29, 2023 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3533-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Santiago Ruano Rincón
August 17, 2023 https://wiki.debian.org/LTS
Dear all
I've prepared a glib2.0 update for buster (and I am working for older
releases). I think it should be ready, all the test pass. But since
there were some regressions with a first set of patches, it would be
great if someone could give it a try.
The packages are available following these
El 04/03/20 a las 21:09, Roberto C. Sánchez escribió:
> On Wed, Feb 26, 2020 at 10:33:22AM -0500, Roberto C. Sánchez wrote:
> > Hello all,
> >
> > I've been doing some work on CVE-2017-18641/lxc to understand the
> > precise nature of the vulnerability and potential approaches to fixing
> > it.
Hi,
First of all, thanks a lot for Debian Code Search. It is really useful!
I would like to give feedback about this from the FAQ:
> Q: Which Debian distributions are indexed (e.g. testing, sid,
> experimental)?
>
> Currently, DCS indexes sid only. If you have good arguments for
> extending or
-
Debian LTS Advisory DLA-3464-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Santiago Ruano Rincón
June 21, 2023 https://wiki.debian.org/LTS
El 14/06/23 a las 23:36, Ferenc Wágner escribió:
> Santiago Ruano Rincón writes:
>
> > El 14/06/23 a las 18:30, Ferenc Wágner escribió:
> >
> >> Santiago Ruano Rincón writes:
> >>
> >>> According to the security team's dsa-needed, you are pre
El 14/06/23 a las 18:30, Ferenc Wágner escribió:
> Santiago Ruano Rincón writes:
>
> > Dear xmltooling maintainers,
> >
> > According to the security team's dsa-needed, you are preparing an update
> > for the recent shibboleth/xmltooling security issue. Would
Dear xmltooling maintainers,
According to the security team's dsa-needed, you are preparing an update
for the recent shibboleth/xmltooling security issue. Would you be
willing to prepare an update for buster too, or would you like the
Debian LTS team handles it?
Cheers,
-- Santiago
Hi,
El 13/06/23 a las 08:59, Enrique Pérez Arnaud escribió:
> Hi,
>
> The people from Shibboleth released yesterday 12th of June a security
> advisory and update [1].
>
> Does anyone here know whether there will be a security update for Debian
> LTS (buster) regarding this?
>
> Thanks!
>
>
>
Source: debian-security-support
Version: 1:12+2023.05.04
Severity: normal
X-Debbugs-Cc: secur...@debian.org, debian-lts@lists.debian.org
Dear security and LTS teams,
ISC is not longer maintaing any of the components of isc-dhcp (client,
relay or server):
El 20/03/23 a las 09:08, Emilio Pozuelo Monfort escribió:
> Hi Otto,
>
> I do run lintian from the target release before upload (actually on every
> build). I don't think running lintian from sid for (old*)stable makes sense
> as I'm not interested in newly introduced warnings or errors that
Hi!
El 14/11/22 a las 09:52, Chris Lamb escribió:
> Hi Otto,
>
> > I was wondering how common is it for DDs to use Salsa-CI while doing
> > quality assurance prior to Bullseye and Buster uploads?
>
> Since Debian LTS and ELTS changed its policy to use Salsa a few months
> back, I have been
Hi Chris,
Thanks for handling this.
El 07/10/22 a las 18:10, Debian FTP Masters escribió:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Format: 1.8
> Date: Fri, 07 Oct 2022 10:17:02 -0700
> Source: knot-resolver
> Binary: knot-resolver knot-resolver-dbgsym knot-resolver-doc
>
El 14/09/22 a las 08:04, Chris Lamb escribió:
> Chris Lamb wrote:
>
> >> Did you forget to upload this? I don't see any sqlite3 update in
> >> buster-security (or maybe it was rejected or something).
> >
> > I didn't forget. Rather, it was REJECTED late last night and I re-
> > uploaded first
Hi!
El 04/05/22 a las 10:14, Enrico Zini escribió:
> On Wed, May 04, 2022 at 08:58:36AM +0100, Neil Williams wrote:
>
> > > I'm working at a LTS release of ffmpeg, and the CI is failing with
> > > Lintian errors that weren't present in the previous version:
> >
> > Is the version of lintian in
El 21/03/19 a las 00:03, Ondřej Surý escribió:
> Hi,
>
> I have a question - did you update the KSK2017 in bind9 package in Wheezy
> before it became EOL, and did you update the KSK2017 in Jessie?
>
> Would it be still possible to update the keys in bind9 package in Wheezy if
> that hasn’t
El 20/12/18 a las 12:57, Moritz Muehlenhoff escribió:
> On Thu, Dec 20, 2018 at 03:11:49PM +0530, Abhijith PA wrote:
> > Hi Santiago,
> >
> > On Thursday 20 December 2018 01:00 AM, Santiago Ruano Rincón wrote:
> > > Dear Maintainers,
> > >
> > &
Dear Maintainers,
(It seems my first attempt to send this mail failed. Sorry if you
received it twice)
As opposed to stretch, I have been unable to reproduce CVE-2018-19788 in
jessie. i.e. systemctl correctly doesn't allow me to stop services, and
pkexec blocks me from executing applications
Package: qemu
Version: 1:2.1+dfsg-12+deb8u8
CVE ID : CVE-2016-2391 CVE-2016-2392 CVE-2016-2538 CVE-2016-2841
CVE-2016-2857 CVE-2016-2858 CVE-2016-4001 CVE-2016-4002
CVE-2016-4020 CVE-2016-4037 CVE-2016-4439 CVE-2016-4441
-binfmt qemu-utils qemu-guest-agent qemu-kvm
Architecture: source amd64
Version: 1:2.1+dfsg-12+deb8u8
Distribution: jessie-security
Urgency: medium
Maintainer: Debian QEMU Team
Changed-By: Santiago Ruano Rincón
Description:
qemu - fast processor emulator
qemu-guest-agent - Guest-side qemu
El 07/11/18 a las 16:59, Brian May escribió:
> I see libdatetime-timezone-perl is in dla-needed.txt, but I can't see
> *any* security vulnerabilies in
> https://security-tracker.debian.org/tracker/source-package/libdatetime-timezone-perl
I included it to dla-needed. It doesn't have any known
Package: tzdata
Version: 2018g-0+deb8u1
tzdata upstream released version 2018g.
Notables changes since 2018e (previous version available in jessie)
include:
- Morocco switched to permanent +01 on 2018-10-27.
- Volgograd moved from +03 to +04 on 2018-10-28.
- Fiji ends DST
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 31 Oct 2018 09:05:21 +0100
Source: tzdata
Binary: tzdata tzdata-java
Architecture: source all
Version: 2018g-0+deb8u1
Distribution: jessie-security
Urgency: medium
Maintainer: GNU Libc Maintainers
Changed-By: Santiago Ruano
Package: clamav
Version: 0.100.2+dfsg-0+deb8u1
CVE ID : CVE-2018-15378
Debian Bug : 910430
ClamAV is an anti-virus utility for Unix, whose upstream developers have
released the version 0.100.2. Installing this new version is required to
make use of all current virus
Version: 0.100.2+dfsg-0+deb8u1
Distribution: jessie-security
Urgency: medium
Maintainer: ClamAV Team
Changed-By: Santiago Ruano Rincón
Description:
clamav - anti-virus utility for Unix - command-line interface
clamav-base - anti-virus utility for Unix - base package
clamav-daemon - anti-virus
El 09/10/18 a las 21:24, Sebastian Andrzej Siewior escribió:
> On 2018-08-20 10:07:43 [+0200], Kiko Piris wrote:
> > Package: clamav-daemon
> > Version: 0.100.1+dfsg-0+deb8u1
> > Severity: important
> >
> > The following packages have unmet dependencies:
> > clamav-daemon : Depends: clamav-base
-By: Santiago Ruano Rincón
Description:
dnsmasq- Small caching DNS proxy and DHCP/TFTP server
dnsmasq-base - Small caching DNS proxy and DHCP/TFTP server
dnsmasq-utils - Utilities for manipulating DHCP leases
Closes: 907887
Changes:
dnsmasq (2.72-3+deb8u4) jessie-security; urgency=medium
+deb8u7
Distribution: jessie-security
Urgency: medium
Maintainer: Debian OpenSSH Maintainers
Changed-By: Santiago Ruano Rincón
Description:
openssh-client - secure shell (SSH) client, for secure access to remote
machines
openssh-client-udeb - secure shell client for the Debian installer (udeb
+deb8u6
Distribution: jessie-security
Urgency: medium
Maintainer: Debian OpenSSH Maintainers
Changed-By: Santiago Ruano Rincón
Description:
openssh-client - secure shell (SSH) client, for secure access to remote
machines
openssh-client-udeb - secure shell client for the Debian installer (udeb
-binfmt qemu-utils qemu-guest-agent qemu-kvm
Architecture: source amd64
Version: 1:2.1+dfsg-12+deb8u7
Distribution: jessie-security
Urgency: medium
Maintainer: Debian QEMU Team
Changed-By: Santiago Ruano Rincón
Description:
qemu - fast processor emulator
qemu-guest-agent - Guest-side qemu
Version: 0.100.1+dfsg-0+deb8u1
Distribution: jessie-security
Urgency: medium
Maintainer: ClamAV Team
Changed-By: Santiago Ruano Rincón
Description:
clamav - anti-virus utility for Unix - command-line interface
clamav-base - anti-virus utility for Unix - base package
clamav-daemon - anti-virus
: Antonio Terceiro
Changed-By: Santiago Ruano Rincón
Description:
libruby2.1 - Libraries necessary to run Ruby 2.1
ruby2.1- Interpreter of object-oriented scripting language Ruby
ruby2.1-dev - Header files for compiling extension modules for the Ruby 2.1
ruby2.1-doc - Documentation for Ruby 2.1
Hi,
FYI, I've moved the debian-security-support repo to Salsa:
https://salsa.debian.org/debian/debian-security-support
Cheers,
Santiago
signature.asc
Description: PGP signature
Hi,
El 21/07/16 a las 22:37, Jan Ingvoldstad escribió:
> On 2016-07-21 21:13, Alastair Sherringham wrote:
> > Hello,
>
> Hi!
>
> > I saw that Apache2 had a Wheezy LTS update today and did the usual :
> >
> > apt-get update && apt-get dist-upgrade
> >
> > However, this gave me an error, and it
Hi,
For June 2016, I am afraid I have been unable to use all the hours that
Freexian had available for me, and catch up those remaining from May. This is
the most important work in 15.5 hours:
* samba: Sent the
[DLA-509-1](https://lists.debian.org/debian-lts-announce/2016/06/msg00010.html),
El 07/07/16 a las 15:15, Christoph Biedl escribió:
> Hello,
>
> just a heads-up, since I had prepared a wheezy update for the recent
> tcpreplay issue (CVE-2016-6160, #829350) beforehand, I will also do an
> upload for wheezy-lts. The maintainer has agreed to this approach. If
> you have
El 06/07/16 a las 18:43, Bálint Réczey escribió:
> Hi,
>
> 2016-07-06 18:22 GMT+02:00 Holger Levsen :
> > On Wed, Jul 06, 2016 at 05:57:43PM +0200, Markus Koschany wrote:
> >> In this specific case I wouldn't do it because of the reasons I have
> >> mentioned before but
El 04/07/16 a las 15:25, Antoine MILLET escribió:
> Hello,
>
> First of all I would thank all the LTS team for the great work you've done
> last years.
>
> One of my sysadmin had the issue with squid and dependancies exlained in :
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819523.
>
(Sorry if you finally receive this twice. I have had issues sending
mail)
Hi,
I have pushed in collab-maint a repo for a next squid2 release, that
includes the fix for CVE-2016-4554:
https://anonscm.debian.org/cgit/collab-maint/debian-lts/squid.git/
I would need help to address some bugs, that
; urgency=medium
+
+ * Non-maintainer upload by the Debian LTS Team.
+ * Fix CVE-2016-2150: Host memory access from guest using crafted primary
+surface parameters (Closes: #826584)
+
+ -- Santiago Ruano Rincón <santiag...@riseup.net> Wed, 08 Jun 2016 12:54:13
+0200
+
spice (0.11.0-1+
Package: samba
Version: 2:3.6.6-6+deb7u10
Debian Bug : 820982 821811
The Samba 2:3.6.6-6+deb7u9 release, issued by the DSA-3548-1, introduced
different regressions causing trust relationship with Win 7 domains to
fail. The fix for the CVE-2016-2115 has been reverted, so
Hi,
El 01/06/16 a las 16:43, Salvatore Bonaccorso escribió:
> Hi LTS team,
>
> On Sat, May 28, 2016 at 11:35:18AM +0200, Salvatore Bonaccorso wrote:
> [...]
> > While preparing the jessie-security update, The commits were
> > backported as well for libxml2 in wheezy. If you are using them please
uest: Assertion failure by duplicate IPs on
unconfig directives.
* Fix CVE-2016-2518: ntp_request: Out-of-bounds reference caused by crafted
addpeer.
.
[Santiago Ruano Rincón]
* Fix CVE-2016-1551: ntp_io.c: [Sec 3020] Refclock impersonation.
debian/rules: configure with
Package: eglibc
Version: 2.13-38+deb7u11
CVE ID : CVE-2016-1234 CVE-2016-3075 CVE-2016-3706
Several vulnerabilities have been fixed in the Debian GNU C Library,
eglibc:
CVE-2016-1234
Alexander Cherepanov discovered that the glibc's glob implementation
suffered
El 23/05/16 a las 22:28, Andrew Bartlett escribió:
> On Wed, 2016-05-18 at 15:47 -0400, Antoine Beaupré wrote:
> > On 2016-04-29 08:55:43, Santiago Ruano Rincón wrote:
> > > Dear Samba maintainers,
> > >
> > > Any updates about this bug?
> > >
Hi Chris,
El 15/05/16 a las 12:32, Chris Lamb escribió:
> Author: lamby
> Date: 2016-05-15 12:32:30 + (Sun, 15 May 2016)
> New Revision: 41743
>
> Modified:
>data/CVE/list
> Log:
> Triage mediawiki for Wheezy LTS
>
> Modified: data/CVE/list
>
Hi,
El 13/05/16 a las 09:51, Raphael Hertzog escribió:
> Hello,
>
> On Thu, 12 May 2016, Markus Koschany wrote:
> > I saw those commits too yesterday. I would suggest that we discuss EOLed
> > packages on debian-lts before we mark CVEs as unsupported in Wheezy LTS.
>
> Definitely, we should not
Hi,
squid3 test packages available at:
deb https://people.debian.org/~santiago/debian santiago-wheezy/
deb-src https://people.debian.org/~santiago/debian santiago-wheezy/
Tests are welcome and appreciated!
Cheers,
Santiago
signature.asc
Description: PGP signature
Hi,
Given the recent bug triaging, security-support-ended.deb7 needs more
updating. I'm taking Mortiz's mail as reference, and I hope I are not
missing other info:
El 11/11/15 a las 21:59, Sebastian Ramacher escribió:
> Hi
>
> On 2015-11-04 17:44:36, Raphael Hertzog wrote:
> > [ Many people are
El 10/05/16 a las 08:43, Holger Levsen escribió:
> Hi,
>
> first: thanks for taking care of the debian-security-package! Much
> appreciated!
>
> On Tue, May 10, 2016 at 10:01:28AM +0200, Santiago Ruano Rincón wrote:
> > I'll take that into account for future uploa
El 10/05/16 a las 09:17, Raphael Hertzog escribió:
> (Copying debian-lts as the information here is of general interest to
> LTS contributors IMO)
>
> On Mon, 09 May 2016, d...@security.debian.org wrote:
> > Version: 2016.05.09+nmu1
> > Distribution: wheezy-security
>
> How come you reused the
El 09/05/16 a las 11:43, Moritz Muehlenhoff escribió:
> On Mon, May 09, 2016 at 09:35:22AM +, Holger Levsen wrote:
> > On Mon, May 09, 2016 at 08:43:37AM +, Schulz, Reiner wrote:
> > > How often i have to update the "debian-security-support" package?
> >
> > "never" is valid answer I'd
Hi everybody,
The last month of April, I had available 15 hours in total paid by Freexian to
work on LTS, but I have only spent 7.5. This is mainly what I did:
* mysql-5.5: handle the new upstream version of the package prepared by Lars
Tangvald, test it, and upload the
[DLA
Hello dear maintainer(s),
the Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of quagga:
https://security-tracker.debian.org/tracker/source-package/quagga
Would you like to take care of this yourself?
If yes, please follow the workflow we
Package: mysql-5.5
Version: 5.5.49-0+deb7u1
CVE ID : CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643
CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648
CVE-2016-0649 CVE-2016-0650 CVE-2016-0666 CVE-2016-2047
Debian Bug :
Hello dear maintainer(s),
the Debian LTS team recently reviewed the security issue(s) affecting your
package in Squeeze:
https://security-tracker.debian.org/tracker/CVE-2015-8076
We decided that we would not prepare a wheezy security update (usually
because the security impact is low and that we
Hello dear maintainer(s),
the Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of squid3:
https://security-tracker.debian.org/tracker/source-package/squid3
Would you like to take care of this yourself?
If yes, please follow the workflow we
El 27/04/16 a las 15:48, VigneshDhanraj G escribió:
> https://www.debian.org/News/2016/20160425
>
> LTS will support only amd64 and i386, If i need deb for ARM architecture, Is
> there any steps to generate deb for arm architecture from the source?
>
> Regards,
> Vigneshdhanraj G
Maybe you
El 08/04/16 a las 20:08, Santiago Ruano Rincón escribió:
> El 08/04/16 a las 18:57, Guido Günther escribió:
> > Hi,
> > On Fri, Apr 08, 2016 at 10:01:10AM +0200, Raphael Hertzog wrote:
> > > Hello,
> > >
> > > I'm going to attend DebConf and
Hello everybody,
The last month of March, I spent 10 paid hours by Freexian on LTS, mainly on
this:
* squid3: After the problems found backporting the patch for
CVE-2016-2569 to squeeze, I have investigated further on this bug,
and I found a new DoS that has been fixed by upstream in 3.5.16.
El 21/03/16 a las 18:00, Markus Koschany escribió:
> Am 21.03.2016 um 00:38 schrieb Santiago Ruano Rincón:
...
> > Also, would it be better to have a separate list file for earlyend?
>
> Hi,
>
> I think one file (security-support-ended.deb7) where we store all the
21:16:12.0 +0100
+++ librsvg-2.36.1/debian/changelog 2016-03-24 10:53:07.0 +0100
@@ -1,3 +1,10 @@
+librsvg (2.36.1-2+deb7u1) wheezy; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix CVE-2015-7557: Out-of-bounds heap read when parsing SVG file.
+
+ -- Santiago Ruano Rincón
Gangitano <lu...@debian.org>
Changed-By: Santiago Ruano Rincón <santiag...@riseup.net>
Description:
squid-cgi - A full featured Web Proxy cache (HTTP proxy) - control CGI
squid3 - A full featured Web Proxy cache (HTTP proxy)
squid3-common - A full featured Web Proxy cache (HTTP pro
Gangitano <lu...@debian.org>
Changed-By: Santiago Ruano Rincón <santiag...@riseup.net>
Description:
squid-cgi - A full featured Web Proxy cache (HTTP proxy) - control CGI
squid3 - A full featured Web Proxy cache (HTTP proxy)
squid3-common - A full featured Web Proxy cache (HTTP pro
1 - 100 of 213 matches
Mail list logo