Re: Wheezy update of leptonlib?
There a multiple email threads about leptonlib. I'll be as responsive as I can to them, but LTS team should take the lead.
Re: upload leptonlib
These binaries were removed in #830660. >$ strings /usr/bin/printsplitimage | grep ^/tmp/ >/tmp/split >$ strings /usr/bin/splitimage2pdf | grep ^/tmp/ >/tmp/junk_split_image.ps prune_unsafe_binaries.diff.gz Description: GNU Zip compressed data
Re: upload leptonlib
The remaining hardcoded /tmp filenames are believed to be in test and debug code paths.
Re: Wheezy update of irssi?
Hey Rhonda, I've gone ahead and uploaded 0.8.15-5+deb7u5 and announced DLA 1289-1. > It still would be nice to get some git patchsets for your uploads so I > can apply them to the repository Of course! Attached, including the "missing" changes for 0.8.15-5+deb7u2, 0.8.15-5+deb7u3 & 0.8.15-5+deb7u4. They should apply cleanly to the 'wheezy' branch of git://git.deb.at/pkg/irssi.git. Best wishes, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- From cd3e047c59d3fe8c679efc4f648f0b85d09d7744 Mon Sep 17 00:00:00 2001 From: Chris LambDate: Thu, 22 Feb 2018 20:45:43 + Subject: [PATCH 6/6] CVE-2018-7052: When the number of windows exceeds the available space, a crash could occur due to a NULL pointer dereference. (Closes: #890676) --- debian/changelog | 2 ++ debian/patches/CVE-2018-7052.patch | 13 + debian/patches/series | 1 + 3 files changed, 16 insertions(+) create mode 100644 debian/patches/CVE-2018-7052.patch diff --git a/debian/changelog b/debian/changelog index 77baea4..12cc7a8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -4,6 +4,8 @@ irssi (0.8.15-5+deb7u5) wheezy-security; urgency=high (Closes: #890678) * CVE-2018-7051: Prevent an issue where certain nick names could result in out-of-bounds access when printing theme strings. (Closes: #890677) + * CVE-2018-7052: When the number of windows exceeds the available space, a +crash could occur due to a NULL pointer dereference. (Closes: #890676) -- Chris Lamb Thu, 22 Feb 2018 20:34:59 + diff --git a/debian/patches/CVE-2018-7052.patch b/debian/patches/CVE-2018-7052.patch new file mode 100644 index 000..d7b8a79 --- /dev/null +++ b/debian/patches/CVE-2018-7052.patch @@ -0,0 +1,13 @@ +--- irssi.orig/src/fe-text/mainwindows.c irssi/src/fe-text/mainwindows.c +@@ -807,6 +807,10 @@ static void cmd_window_show(const char * + } + + parent = mainwindow_create(); ++ if (parent == NULL) { ++ printformat_window(active_win, MSGLEVEL_CLIENTERROR, TXT_WINDOW_TOO_SMALL); ++ return; ++ } + parent->active = window; + gui_window_reparent(window, parent); + diff --git a/debian/patches/series b/debian/patches/series index dfb6479..57279e7 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -16,3 +16,4 @@ 28IRSSI-SA-2017-10.patch CVE-2018-7050.patch CVE-2018-7051.patch +CVE-2018-7052.patch -- 2.16.1 From 62b7a4d1783ab99a6e32ae3f955fd60d22dcb4e7 Mon Sep 17 00:00:00 2001 From: Chris Lamb Date: Thu, 22 Feb 2018 20:42:17 + Subject: [PATCH 5/6] CVE-2018-7051: Prevent an issue where certain nick names could result in out-of-bounds access when printing theme strings. (Closes: #890677) --- debian/changelog | 2 ++ debian/patches/CVE-2018-7051.patch | 0 debian/patches/series | 1 + 3 files changed, 3 insertions(+) create mode 100644 debian/patches/CVE-2018-7051.patch diff --git a/debian/changelog b/debian/changelog index a258df4..77baea4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,6 +2,8 @@ irssi (0.8.15-5+deb7u5) wheezy-security; urgency=high * CVE-2018-7050: Prevent a null pointer dereference for an "empty" nick. (Closes: #890678) + * CVE-2018-7051: Prevent an issue where certain nick names could result in +out-of-bounds access when printing theme strings. (Closes: #890677) -- Chris Lamb Thu, 22 Feb 2018 20:34:59 + diff --git a/debian/patches/CVE-2018-7051.patch b/debian/patches/CVE-2018-7051.patch new file mode 100644 index 000..e69de29 diff --git a/debian/patches/series b/debian/patches/series index a2c5330..dfb6479 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -15,3 +15,4 @@ 24security-fixes 28IRSSI-SA-2017-10.patch CVE-2018-7050.patch +CVE-2018-7051.patch -- 2.16.1 From 669ff89c84f7725c2f3f35cd429a3d56f09f13e7 Mon Sep 17 00:00:00 2001 From: Chris Lamb Date: Thu, 22 Feb 2018 20:37:50 + Subject: [PATCH 4/6] CVE-2018-7050: Prevent a null pointer dereference for an "empty" nick. (Closes: #890678) --- debian/changelog | 7 +++ debian/patches/CVE-2018-7050.patch | 18 ++ debian/patches/series | 1 + 3 files changed, 26 insertions(+) create mode 100644 debian/patches/CVE-2018-7050.patch diff --git a/debian/changelog b/debian/changelog index b9b49a2..a258df4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +irssi (0.8.15-5+deb7u5) wheezy-security; urgency=high + + * CVE-2018-7050: Prevent a null pointer dereference for an "empty" nick. +(Closes: #890678) + + -- Chris Lamb Thu, 22 Feb 2018 20:34:59 + + irssi (0.8.15-5+deb7u4) wheezy-security; urgency=medium * Non-maintainer upload by the Debian LTS team. diff --git a/debian/patches/CVE-2018-7050.patch
[SECURITY] [DLA 1289-1] irssi security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: irssi Version: 0.8.15-5+deb7u5 CVE IDs: CVE-2018-7050 CVE-2018-7051 CVE-2018-7052 Debian Bugs: #890676, #890677, #890678 It was discovered that there where a number of vulnerabilities in irssi, the terminal based IRC client: - CVE-2018-7050: Null pointer dereference for an "empty" nick. - CVE-2018-7051: Certain nick names could result in out-of-bounds access when printing theme strings. - CVE-2018-7052: When the number of windows exceeds the available space, a crash could occur due to another NULL pointer dereference. For Debian 7 "Wheezy", these issues have been fixed in irssi version 0.8.15-5+deb7u5. We recommend that you upgrade your irssi packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlqPPisACgkQHpU+J9Qx HlhM4hAAq/ZKahiIFCzymVmjZn/Ht91BQv5hMgrH+9FkRzB440U9L5Y7Pqgev13f jr7tMsbYn0hT0FXKvBLVEtFaANcVkcYmK3aDQv1RpteAfrFxtRkIGq6J5xef4Jkc FaWHzWdR/BjTKz98vuNgoZr4HOQFRsjgp23D0mxMduJedAx6zxsIUDKaIA2qkr+o B/KwcNABEHR40E/WWD1sqn7lQG+kZa5SGb0Ns+/018gNXqX2xN+S0Ysl02xpA3Ko P9LgM9Ya8hxeid3Hwzd0Vms4stw5cQz2eQ0CRF0rQuRvEFHrGyecIPAOYHlxa+Fv 9aE9TAi5hQqLJCHIUPnoh6qNyIrw34LN6OlP68lEM1eFXlgWJ8xHWSDEfLB1QewS 6IbXGWd5xZLdE7+y6M8gYPtBJdhhY2CR93cLyV5NjGFxU2PSRlmEn3xgZkKCmGR4 91RB9y31T4sq5hjNedLnibG+Ys3G0bnvmU1kmfstjwEzoD5Y6MKuyyX2tc46FJUY yBOkDWnDajFJOxLxa2An0cPsD6hual8XrFVcAHBjHaJVof4t0E9LBQJG/iLouE0H jNVlBuFyL5fHZNdrr2S9ahkn6ymxpr4e8YbwzuWFv/3r4tUig2he9+0FA15wlnxu /yeAKKVlci9tKrewq/MdgFw2yNHXdFQ5aTIfL7SYDmZmogBXxvE= =AMvX -END PGP SIGNATURE-
Re: upload leptonlib
Hi Ben, On Thu, Feb 22, 2018 at 05:38:16PM +0100, Ben Hutchings wrote: > On Thu, 2018-02-22 at 07:26 +0100, Salvatore Bonaccorso wrote: > > Hi Ben, > > > > On Sat, Feb 17, 2018 at 09:28:19PM +, Ben Hutchings wrote: > > > On Fri, 2018-02-16 at 14:36 -0500, Antoine Beaupré wrote: > > > > On 2018-02-15 21:34:48, Ben Hutchings wrote: > > > > > On Wed, 2018-02-14 at 22:23 -0500, Roberto C. Sánchez wrote: > > > > > > On Wed, Feb 14, 2018 at 02:56:24PM +0530, Abhijith PA wrote: > > > > > > > Hello. > > > > > > > > > > > > > > I prepared LTS security update for leptonlib. Please review and > > > > > > > upload. > > > > > > > You can find debdiff along with the mail. > > > > > > > link: > > > > > > > https://mentors.debian.net/debian/pool/main/l/leptonlib/leptonlib_1.69-3.1+deb7u1.dsc > > > > > > > > > > > > > > > > > > > Abhijith, > > > > > > > > > > > > I have reviewed and uploaded the package. While you backported the > > > > > > upstream fix, I feel like their approach falls under item #2 of > > > > > > "The Six > > > > > > Dumbest Ideas in Computer Security [0]": Enumerating Badness. I > > > > > > cannot > > > > > > help but wonder if another vulnerability will be uncovered later > > > > > > that > > > > > > uses different characters that are not being checked. > > > > > > > > > > I found one already: it filters out `command` but not $(command). > > > > > > > > > > I'm afraid this library appears to have been written without any > > > > > regard > > > > > for security, or even the existence of multiuser systems. > > > > > > > > > > Bug #890548 (stack buffer overflows) is probably exploitable in > > > > > wheezy, > > > > > and I think there are more instances. > > > > > > > > > > Bug #885704 (hardcoded paths in /tmp) has been closed in unstable but > > > > > I > > > > > can still see: > > > > > > > > [...] > > > > > > > > I've re-added the package to dla-needed.txt for #889759 / > > > > CVE-2018-3836. Should a new CVE be issued for #885704? > > > > > > I think additional CVEs are needed for: > > > > > > 1. #890548 > > > > This one has CVE-2018-7186. > > > > > 2. Incomplete fix for #889759 / CVE-2018-3836 > > > 3. Similar issue to #889759 / CVE-2018-3836, "/" is not filtered so > > > there is a possibility of path traversal and arbitrary file overwrite > > > 4. #885704 > > > 5. The remaining hardcoded paths in /tmp > > > > Have you already requested CVEs for the other issues? > > No I haven't. Alright, I will try to request the pending ones tonight. Regards, Salvatore
Re: upload leptonlib
On Thu, 2018-02-22 at 07:26 +0100, Salvatore Bonaccorso wrote: > Hi Ben, > > On Sat, Feb 17, 2018 at 09:28:19PM +, Ben Hutchings wrote: > > On Fri, 2018-02-16 at 14:36 -0500, Antoine Beaupré wrote: > > > On 2018-02-15 21:34:48, Ben Hutchings wrote: > > > > On Wed, 2018-02-14 at 22:23 -0500, Roberto C. Sánchez wrote: > > > > > On Wed, Feb 14, 2018 at 02:56:24PM +0530, Abhijith PA wrote: > > > > > > Hello. > > > > > > > > > > > > I prepared LTS security update for leptonlib. Please review and > > > > > > upload. > > > > > > You can find debdiff along with the mail. > > > > > > link: > > > > > > https://mentors.debian.net/debian/pool/main/l/leptonlib/leptonlib_1.69-3.1+deb7u1.dsc > > > > > > > > > > > > > > > > Abhijith, > > > > > > > > > > I have reviewed and uploaded the package. While you backported the > > > > > upstream fix, I feel like their approach falls under item #2 of "The > > > > > Six > > > > > Dumbest Ideas in Computer Security [0]": Enumerating Badness. I cannot > > > > > help but wonder if another vulnerability will be uncovered later that > > > > > uses different characters that are not being checked. > > > > > > > > I found one already: it filters out `command` but not $(command). > > > > > > > > I'm afraid this library appears to have been written without any regard > > > > for security, or even the existence of multiuser systems. > > > > > > > > Bug #890548 (stack buffer overflows) is probably exploitable in wheezy, > > > > and I think there are more instances. > > > > > > > > Bug #885704 (hardcoded paths in /tmp) has been closed in unstable but I > > > > can still see: > > > > > > [...] > > > > > > I've re-added the package to dla-needed.txt for #889759 / > > > CVE-2018-3836. Should a new CVE be issued for #885704? > > > > I think additional CVEs are needed for: > > > > 1. #890548 > > This one has CVE-2018-7186. > > > 2. Incomplete fix for #889759 / CVE-2018-3836 > > 3. Similar issue to #889759 / CVE-2018-3836, "/" is not filtered so > > there is a possibility of path traversal and arbitrary file overwrite > > 4. #885704 > > 5. The remaining hardcoded paths in /tmp > > Have you already requested CVEs for the other issues? No I haven't. Ben. -- Ben Hutchings [W]e found...that it wasn't as easy to get programs right as we had thought. ... I realized that a large part of my life from then on was going to be spent in finding mistakes in my own programs. - Maurice Wilkes, 1949 signature.asc Description: This is a digitally signed message part
[SECURITY] [DLA 1288-1] cups security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: cups Version: 1.5.3-5+deb7u7 CVE ID : CVE-2017-18190 It was discovered that there was an issue in the CUPS printer framework where remote attackers could execute arbitrary commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. This was caused by a whitelisted "localhost.localdomain" entry. For Debian 7 "Wheezy", this issue has been fixed in cups version 1.5.3-5+deb7u7. We recommend that you upgrade your cups packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlqO0sEACgkQHpU+J9Qx HljWZw//S+y2KQeB9XTnAzRmjCT+dednm7l0FMMtQcg4vQeblf2jcopfvQd+kE5u qTuU3CfI3YF63mJV+VrBijd+eGkX/VwEUMqZG8uLB36FU6ndNk8XpZp74655/mip YHy5uXJl4NTRzG19PJOEXHYCrA75yFnKCzYlO8KdfkQSlwKU4RNsvM7yeqoOYpDe PS+oRTLJjaElUCwC/ufBdvE56hqKmdVPYRC3iQ8FcEmYQ2ZlJtMKD2RcutSXXDls cgTEvlpwCUA7aQvuSgOqOtDwyorHSoBT9fNvYuK6pRGLOaLakJrrlU4EiBP7dI9b 1FMPGDYfuEaVhNju5tlquFYcv8O36NMXIwUv+VXgoRRdmNywUnQwZOj4TvYRvNbv yEwxaEjwTT6VLKPRgM3MbFi4+hklhIcMySl5L47G0YHk9x5oEgbvMJzxBcrYeZ8z rnIulFnSB10V0fX+iA0wX5Kld1WxHOCdXEePNpLsYaoXIuLdAxnaEyLjH9yMI+mE zngs8SxaS6SgKtksHDwe7KwLadfB0TGOBV9G1Bw+JYO6Xkiz3/y928OEZHMQ3isD lZozN+riRVJ79StgV+VOMj03OTkLYnXRMM9CvrkuYXV7qNO8oSZeTuuhh+eejtdO /yxTu0XtcsI7MRWk8CGktPgtiF8DvsmMemzKSNtWwniQsg4TPp0= =UnM2 -END PGP SIGNATURE-
Accepted cups 1.5.3-5+deb7u7 (source all amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 22 Feb 2018 14:17:48 + Source: cups Binary: libcups2 libcupsimage2 libcupscgi1 libcupsdriver1 libcupsmime1 libcupsppdc1 cups cups-client libcups2-dev libcupsimage2-dev libcupscgi1-dev libcupsdriver1-dev libcupsmime1-dev libcupsppdc1-dev cups-bsd cups-common cups-ppdc cups-dbg cupsddk Architecture: source all amd64 Version: 1.5.3-5+deb7u7 Distribution: wheezy-security Urgency: high Maintainer: Debian Printing TeamChanged-By: Chris Lamb Description: cups - Common UNIX Printing System(tm) - server cups-bsd - Common UNIX Printing System(tm) - BSD commands cups-client - Common UNIX Printing System(tm) - client programs (SysV) cups-common - Common UNIX Printing System(tm) - common files cups-dbg - Common UNIX Printing System(tm) - debugging symbols cups-ppdc - Common UNIX Printing System(tm) - PPD manipulation utilities cupsddk- Common UNIX Printing System (transitional package) libcups2 - Common UNIX Printing System(tm) - Core library libcups2-dev - Common UNIX Printing System(tm) - Development files CUPS library libcupscgi1 - Common UNIX Printing System(tm) - CGI library libcupscgi1-dev - Common UNIX Printing System(tm) - Development files for CGI libra libcupsdriver1 - Common UNIX Printing System(tm) - Driver library libcupsdriver1-dev - Common UNIX Printing System(tm) - Development files driver librar libcupsimage2 - Common UNIX Printing System(tm) - Raster image library libcupsimage2-dev - Common UNIX Printing System(tm) - Development files CUPS image li libcupsmime1 - Common UNIX Printing System(tm) - MIME library libcupsmime1-dev - Common UNIX Printing System(tm) - Development files MIME library libcupsppdc1 - Common UNIX Printing System(tm) - PPD manipulation library libcupsppdc1-dev - Common UNIX Printing System(tm) - Development files PPD library Changes: cups (1.5.3-5+deb7u7) wheezy-security; urgency=high . * CVE-2017-18190: Prevent an issue where remote attackers could execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. This was caused by a whitelisted "localhost.localdomain" entry. Checksums-Sha1: 929c704cd7172ab043d7725f130208587e2673d2 3445 cups_1.5.3-5+deb7u7.dsc f7c4fc7d115da20dbbb6a3a568259df6702a7caa 9580485 cups_1.5.3.orig.tar.bz2 facd664b42fd7f17cb0f47ce79b3e5eb076442ca 379357 cups_1.5.3-5+deb7u7.debian.tar.gz 81f16cb3958fb64a2f1a82d7fbcfa33f54a9 904348 cups-common_1.5.3-5+deb7u7_all.deb a2a2a8d2a6bd5979f172a6e840e355d44e02e692 87546 cupsddk_1.5.3-5+deb7u7_all.deb 86caad6149e6675797382f77c78b535ef4d27f6b 256458 libcups2_1.5.3-5+deb7u7_amd64.deb ab8e7009fed1fed97772956fa0a2882c1f6090b6 138130 libcupsimage2_1.5.3-5+deb7u7_amd64.deb dfb95a5b92e5fe4cc94771e7e6f52565d1c23c8b 116338 libcupscgi1_1.5.3-5+deb7u7_amd64.deb d70f431646ffcbcb4e918097194b030451521eae 104776 libcupsdriver1_1.5.3-5+deb7u7_amd64.deb ec27c4b8128de3fc569bb28204651108ce231d2f 99506 libcupsmime1_1.5.3-5+deb7u7_amd64.deb a88625c00d75859dc71c043fb898ec661059 139636 libcupsppdc1_1.5.3-5+deb7u7_amd64.deb 50f493b0f748a8e72e7a1dc8cd33013309b108b6 1405898 cups_1.5.3-5+deb7u7_amd64.deb 464645a3cba85343c6aacb7b36826393ceb61bcd 181112 cups-client_1.5.3-5+deb7u7_amd64.deb 27eeeb93e5f0b3f04dcf169eb2f6dc9e8e392c35 328458 libcups2-dev_1.5.3-5+deb7u7_amd64.deb 475a373eddbb86b957b7373d578facb4a0b33a8d 65378 libcupsimage2-dev_1.5.3-5+deb7u7_amd64.deb 95103651002df016f777a066f9b3c08bb1906818 121876 libcupscgi1-dev_1.5.3-5+deb7u7_amd64.deb be4bf6f35fcea53ce9e7884a41fc0636ea9ab1d3 107800 libcupsdriver1-dev_1.5.3-5+deb7u7_amd64.deb 6f24ade0280cc842cd2bebb5764a2744a21278f3 100204 libcupsmime1-dev_1.5.3-5+deb7u7_amd64.deb 13d54e8754e4ef5bf55a662a222f6df790b3b7f2 157088 libcupsppdc1-dev_1.5.3-5+deb7u7_amd64.deb 3c8b6c1525d95ae5957c48b87e4b54620feeef02 45544 cups-bsd_1.5.3-5+deb7u7_amd64.deb 8ded57107e3c5255f5b529202eb0a2efbdedfe6d 117488 cups-ppdc_1.5.3-5+deb7u7_amd64.deb 0f4aaf74b0962ac036964ce0d784d9844fcdc147 2220588 cups-dbg_1.5.3-5+deb7u7_amd64.deb Checksums-Sha256: 51ba9797cfcf9d9845cb46b7f638501ce09b1247b25e0f5c943030d19bbe0d38 3445 cups_1.5.3-5+deb7u7.dsc 9d716a8ffcefdaff1c37f4a4b590f1d74ff9ff72383a18f3c883c9235907f93d 9580485 cups_1.5.3.orig.tar.bz2 b49afcba5b5d74aed04f96610b9d4e2784206b3b065456c2ebd6744b672bb24f 379357 cups_1.5.3-5+deb7u7.debian.tar.gz 7b1585ce6c994d3faf14fe9cbc28d59472367f6dee3498e110bd769a0a922d54 904348 cups-common_1.5.3-5+deb7u7_all.deb c73629d1b854de8c47131aecf040ec3f94edaa8f261313711eea925d34e03dd6 87546 cupsddk_1.5.3-5+deb7u7_all.deb 2638636ebdf245e4c91e918be4f508ba8d6cd84feb070f064b914494e3005a44 256458 libcups2_1.5.3-5+deb7u7_amd64.deb e09cb494ca152005a4e9f6908ade3fc158275904f594c956d7a904bda252f139 138130 libcupsimage2_1.5.3-5+deb7u7_amd64.deb
Re: Wheezy update of irssi?
* Antoine Beaupré[2018-02-16 21:01:48 CET]: > On 2017-12-22 13:53:46, Rhonda D'Vine wrote: > > * Emilio Pozuelo Monfort [2017-12-19 20:04:57 CET]: > > Given that you would be paid to do the update and me not there is > > little sense for me to do it, right? Don't want to step in the way of > > payrolls. > > Hi Rhonda, > > I am not sure how you want us to proceed from here on... There has been > yet another set of security issues discovered in irssi, as documented > here: > > https://irssi.org/security/html/irssi_sa_2018_02/ I am aware. > It's your call, really. If you see another option, I'd be happy to hear > it as well. I thought my above statement should have been clear enough? Again, I don't want to step in the way of your payrolls, and I am still a bit disturbed by the fact that oldoldstable gets more attention than oldstable or stable for the matter, still believe that the priorities with respect to that are the wrong way around, but you are free to do what you can and should do, this is still a voluntary project. I plan to work on 1.0.7 for unstable, haven't yet made up my mind if I want to switch to the 1.1 branch (1.0 is said to be supported by upstream specificly for long time, 1.2 will be the next maintenance branch), and after that would go so-to-say "top down" from newest release to oldest release, not the other way around. So I won't get in your way there unless I have enough time to get there earlier than you. It still would be nice to get some git patchsets for your uploads so I can apply them to the repository, but my priorities are definitely rather on fixing-more-current-releases-first than oldoldstable as highest priority. > I hope you are well! I'll probably be available to discuss this in > person at DebConf Taiwan if you'd rather avoid an another email > discussion, although that is rather far in the future... Also looking forward to be there. :) Rhonda -- Fühlst du dich mutlos, fass endlich Mut, los | Fühlst du dich hilflos, geh raus und hilf, los| Wir sind Helden Fühlst du dich machtlos, geh raus und mach, los | 23.55: Alles auf Anfang Fühlst du dich haltlos, such Halt und lass los|
Re: Wheezy update of irssi?
Hey Rhonda, I trust this finds you well? :) > I think people in the LTS team would be happy either way Unless you have Strong Opinions, I'm going go ahead and upload to LTS tomorrow to fix CVE-2018-7050, CVE-2018-7051 & CVE-2018-7052. Naturally do let me know if I should hold off for whateverreason. :) Best wishes, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Re: Extended Long Term Support for Wheezy
Hello, On Tue, 20 Feb 2018, Vincent Bernat wrote: > My bad. I suggest replacing "it would not be possible to get extended > wheezy support" by "it would not be possible to sponsor extended wheezy > support". Done. Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: https://www.freexian.com/services/debian-lts.html Learn to master Debian: https://debian-handbook.info/get/