-
Debian LTS Advisory DLA-3758-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
March 11, 2024https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3733-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
February 03, 2024 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3712-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
January 17, 2024 https://wiki.debian.org/LTS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-3582-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
September 25, 2023
Hello Anton,
>From 5b2bcfaa20e12d0c90eb3999fba8b6e942e201ab Mon Sep 17 00:00:00 2001
From: Anton Gladky
Date: Tue, 16 May 2023 22:39:34 +0200
Subject: [PATCH] LTS: add libpcap to dla-needed.txt
---
data/dla-needed.txt | 4
1 file changed, 4 insertions(+)
diff --git
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-3279-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
January 23, 2023
Hey,
On 14/11/22 01:56 PM, Sylvain Beucler wrote:
> Hi!
>
> On 12/11/2022 22:31, Otto Kekäläinen wrote:
> > I was wondering how common is it for DDs to use Salsa-CI while doing
> > quality assurance prior to Bullseye and Buster uploads?
>
> I personally tend to run initial builds and dep-8
Hello,
On 18/10/22 11:05 PM, Markus Koschany wrote:
> Hi,
..
> I would appreciate it if actual users of Asterisk tested the update
> and left some feedback on this list. You can find prebuilt amd64
> binary packages and the sources at
Earlier my Jessie Asterisk builds were tested by Bastian
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-3151-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
October 13, 2022
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-3093-2debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
September 15, 2022
Hey,
On 12/09/22 04:08 PM, Utkarsh Gupta wrote:
> Hi Abhijith,
>
> On Sat, Sep 10, 2022 at 11:31 PM Abhijith PA wrote:
> > > Please don't upload yet. We either upload what I have or just rollback
> > > the fix for CVE-2022-32224. Wait for the further deci
Hello Raphael,
On 07/09/22 11:10 AM, Raphael Hertzog wrote:
> Hello Abhijith and the LTS team,
>
> in Kali we have applied the last ruby-active* security updates and this
> broke the web API part of autopkgtest.kali.org.
Can you share how autopkgtest.kali.org service setup and how
is it
Hello.
On 07/09/22 11:10 AM, Raphael Hertzog wrote:
> Hello Abhijith and the LTS team,
>
> in Kali we have applied the last ruby-active* security updates and this
> broke the web API part of autopkgtest.kali.org.
Ok, I am on it.
[[resending with different mail address due couple of MTA rejections]]
On 05/09/22 06:28 PM, Abhijith PA wrote:
> Hey,
>
> On 05/09/22 06:09 PM, Utkarsh Gupta wrote:
> > Hi Abhijith,
> >
> > On Sat, Sep 3, 2022 at 5:04 PM Abhijith PA wrote:
> > >
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-3099-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
September 05, 2022
On 03/09/22 03:41 PM, Ansgar wrote:
> Abhijith PA writes:
> > My recent upload to security-master for the buster security got
> > rejected, because glib2.0 (= 2.58.3-2+deb10u3) package is not
> > available in the security archive. Can you please manually copy this
&g
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-3093-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
September 03, 2022
Hello FTP masters,
My recent upload to security-master for the buster security got
rejected, because glib2.0 (= 2.58.3-2+deb10u3) package is not
available in the security archive. Can you please manually copy this
package to security archive.
refs:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-3091-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
September 02, 2022
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-3083-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
August 28, 2022
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-3081-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
August 25, 2022
- Backported 13 CVEs from the work of Sébastien Villemot in
buster to stretch[2]. Unfortunely couldn't able to fix 6
failing tests before stretch's EOL.
Regards
Abhijith PA
[1] -
https://people.debian.org/~abhijith/upload/mruby/qemu_3.1+dfsg-8+deb10u9.dsc
[2] - https
On 03/06/22 04:45 PM, Utkarsh Gupta wrote:
> Hi Ahijith,
...
> So ideally since the package is in the -backports pocket, I don't
> think it'd be a problem but do make sure that you at least test the
> package so it doesn't introduce any regressions or anything. Hope that
> helps.
Thank you.
- DLA-3036-1
* icingaweb2
- Continued work from last month
- v2.6[1]
* libmatio
- Total of 28 CVEs
- Working on CVE-2019-9026 to CVE-2019-9038
Misc:
* Ring
- No updates from upstream regarding [2]
Regards
Abhijith PA
[1] -
https://people.debian.org/~abhijith/upload
Hello,
Package icingaweb2 (2.4) in stretch have around 9 open CVEs. Most of
them fixed in upstream v2.6. There isn't isolated patches available
for CVE-2018-18246 to CVE-2018-18250.
The changes from 2.4 .. 2.6 is pretty large and not much descriptive
to comb through and cherry pick. I have
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-3036-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
May 31, 2022
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2996-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
May 06, 2022
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hello.
During the month of April I worked on following packages for LTS:
* mitmproxy
- Total of 3 CVEs
- Due to lot of code refactoring, marked 2 CVEs as ignored.
* mruby
- Total of 18 CVEs
- Fixed 5 CVEs. Marked 5 as not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hello.
During the month of March I worked on following packages for LTS:
* asterisk
- Total of 22 CVEs
- Fixed 6 CVEs, 5 CVEs as no-DSA (intrusive to backport)
- Rest CVEs are of pjproject not affecting stretch
- [DLA-2969-1]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2969-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
April 03, 2022
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2962-2debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
March 31, 2022
On 30/03/22 12:05 PM, Bastian Triller wrote:
> Hello,
>
> we upgraded to 2.5.5~dfsg-6+deb9u3 and we're seeing crashes in
> Asterisk. It seems the patch for CVE-2022-23608 is faulty. In your
> patch, the hash table key is assigned twice in hunk #2 but not in hunk
> #4.
> Please see attached patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2962-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
March 28, 2022
.
Regards
Abhijith PA
[1] -
https://people.debian.org/~abhijith/upload/vda/pjproject_2.5.5~dfsg-6+deb9u3.dsc
[2] -
https://people.debian.org/~abhijith/upload/vda/ring_20161221.2.7bd7d91~dfsg1-1+deb9u2.dsc
signature.asc
Description: PGP signature
Hello,
For January I had 5 hours remaining from last month. I spent all of them for :
* libraw: There were 28 open CVEs. Marked 6 among those as not-affected.
Fixed 22 CVEs, tested and uploaded [DLA 2903-1]
Regards
Abhijith
[DLA 2903-1] -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2903-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
January 29, 2022
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hello,
In December I was assigned 08 hours to work on Debian LTS by Freexian
SARL. I spent only 3 hour on package libraw's[1] open CVEs. I will
carry rest of the hours to next month.
- -
to
unittest related to this CVE. Released DLA 2754-1[1]
* smarty3: Prepared an update for reported regression #989141[2].
ELTS
* ckeditor: 5 CVEs including postponed ones. Available patches have
backported.
Regards
Abhijith PA
[1] - https://lists.debian.org/debian-lts-announce/2021
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2754-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
September 04, 2021
: Investigated on CVE-2021-30465. Marked as no-dsa
* pjproject: Backporting fix for CVE-2021-32686.
Regards
Abhijith PA
-BEGIN PGP SIGNATURE-
iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAmESwxwACgkQhj1N8u2c
KO8H4g//TAtPZdBS7v9z/zQpyukflYA1xIDT2L2DQcIrr0t/wXMaXfOa1t+/6SvD
Tu/JJS6q6W
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2710-2debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
July 25, 2021
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2710-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
July 19, 2021
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
June was my 40th month as a Debian LTS paid contributor. I was
assigned 14 hours plus 7h from last month. I have spent 18h and will
carry rest to next month;
* 1 week of frontdesk: From 14-06 to 20-06.[1]
* python-urllib3: There were 4 CVEs.
Hi,
On 06/06/21 07:59 PM, Utkarsh Gupta wrote:
> Hi Samuel,
>
> On Sun, Jun 6, 2021 at 6:39 PM Samuel Henrique wrote:
> > I wasn't very clear in the pu request; the ieee-data package ships 2
> > things; the data from ieee and a script to update that data. This
> > issue fully breaks the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2686-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
June 15, 2021
. Added couple of
autopkgtest from unstable. Tested and uploaded[1].
* squid3: Investigated and tested on ubuntu[2] and Beuc patches[3].
Will upload soon.
Misc:
* mqtt-client: Uploaded 1.14-1+deb10u1[4] to proposed-updates.
Regards
Abhijith PA
[1] - https://lists.debian.org/debian
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2668-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
May 29, 2021
Hi Ola,
On 26/05/21 01:45 PM, Ola Lundqvist wrote:
>Hi fellow LTS contributors
>
>I have checked this CVE and my conclusions are as follows.
>The CVE actually cover five different problems. I guess CVEs should not
>do that, but it did anyway.
>
>Quote from upstream:
>
>
On 17/05/21 04:54 PM, Utkarsh Gupta wrote:
> Hello,
>
> On Mon, May 17, 2021 at 3:08 PM Ola Lundqvist wrote:
> > mqtt-client: 1.14-1+deb9u1 newer than 1.14-1
>
> Abhijith, can you please take care of this? You need a -pu update
> prepared for this.
Okay, I will take care of this. Issue is no
On 10/05/21 12:34 AM, Abhijith PA wrote:
> March was my 38th month as a Debian LTS paid contributor.
^
Oops, April.
for finding it.
* samba: There were 9 CVEs including the no-dsa tagged ones.
So far backported CVE-2019-10218 CVE-2019-14833 CVE-2019-14847
CVE-2019-14861 CVE-2019-14870. Continuing work on remaining fixes.
Build available[4] for testing.
Regards
Abhijith PA
[1] - https://lists.debian.org
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2648-2debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
May 07, 2021
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2648-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
May 05, 2021
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2618-2debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
April 16, 2021
: Marked CVE-2019-25025 as ignored[3]
Regards
Abhijith PA
[1] - https://lists.debian.org/debian-lts-announce/2021/04/msg4.html
[2] - https://lists.debian.org/debian-lts-announce/2021/03/msg9.html
[3] -
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2618-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
April 05, 2021
On 09/03/21 10:47 AM, Roland Rosenfeld wrote:
> Hi Abhijith!
>
> On Di, 09 Mär 2021, Abhijith PA wrote:
>
> > Roland, thanks again for the patch. I can see that last LTS update
> > (3.0.26-3+deb9u1) done by you. Hope you can upload this time as
> > well. If not, l
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2587-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
March 09, 2021
Hello
On 08/03/21 05:16 PM, Sylvain Beucler wrote:
> Hi!
>
> Thanks for preparing a LTS fix for privoxy.
>
> For reference, our full procedure is documented at:
> https://wiki.debian.org/LTS/Development
>
> To answer your points:
>
> - The debdiff looks good to me
>
> - Salvatore updated the
and tests are adjusted. Patch[9]
* 01/03 - 07/03, 1 week of front desk duty.
Regards
Abhijith PA
[1] - https://security-tracker.debian.org/tracker/CVE-2021-21238
[2] - https://lists.debian.org/debian-lts-announce/2021/02/msg00038.html
[3] - https://security-tracker.debian.org/tracker/TEMP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2584-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
March 07, 2021
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2583-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
March 05, 2021
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2582-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
March 05, 2021
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2579-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
March 02, 2021
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2577-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
February 26, 2021
backported the patches for the first
two CVEs.
Regards
Abhijith PA
[1] - https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html
signature.asc
Description: PGP signature
-
Debian LTS Advisory DLA-2524-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
January 13, 2021 https://wiki.debian.org/LTS
-35678 as ignored [2]
* spice-vdagent: Preparing fix. Corresponding with old maintainer.
Regards
Abhijith PA
[1] - https://lists.debian.org/debian-lts-announce/2020/12/msg00036.html
[2] -
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit
: Working on open CVEs. Only CVE-2020-25650 partially
backported. Asked maintainer for help, also agreed.
* salt: Fixed CVE-2020-16846 CVE-2020-17490 CVE-2020-25592, tested and
uploaded[2].
- Created new page LTS/TestSuites/salt[3] and documented running tests.
Regards
Abhijith PA
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2480-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
December 04, 2020
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2467-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
November 26, 2020
Hello Brian,
On 17/11/20 2:14 am, Brian May wrote:
> Abhijith PA writes:
>
>> I generated DLA for jupyter-notebook just before upload. But upload was
>> rejected due to `Built-Using refers to non-existing source package`. I have
>> pinged ftp masters couple of times
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2432-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
November 19, 2020
Hi,
On 16/11/20 5:06 pm, Emilio Pozuelo Monfort wrote:
> Hi,
...
> fwiw the jupyter-notebook DLA is not in -announce either, so it's not just
> missing in the website.
I generated DLA for jupyter-notebook just before upload. But upload was
rejected due to `Built-Using refers to non-existing
Hey,
On 06/11/20 11:03 am, Utkarsh Gupta wrote:
> Hi Abhijith,
>
> If I am parsing your note for cacti in dla-needed correctly, does it
> make sense to remove the package from dla-needed file altogether
> (since all remaining issues are no-dsa and can be fixed with the next
> upload)?
Yes, it
as not-
affected[3]. Marked CVE-2019-10255, CVE-2019-9644 as no-dsa[4]. Fixed
CVE-2018-19351 CVE-2018-21030 CVE-2018-8768. Upload stuck due to
#823820[5]
Regards
Abhijith PA
[1] - https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html
[2] - https://lists.debian.org/debian-lts
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2426-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
November 01, 2020
Hi,
On 23/10/20 9:24 pm, Abhijith PA wrote:
> Hi,
>
> On 23/10/20 8:20 pm, Utkarsh Gupta wrote:
>> Hi Abhijith,
>>
>> William, both upstream and downstream maintainer, CCed here, has
>> prepared an upload for stretch.
>> cf:
>> https://men
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2413-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
October 25, 2020
Hi,
On 23/10/20 8:20 pm, Utkarsh Gupta wrote:
> Hi Abhijith,
>
> William, both upstream and downstream maintainer, CCed here, has
> prepared an upload for stretch.
> cf:
> https://mentors.debian.net/debian/pool/main/p/phpmyadmin/phpmyadmin_4.6.6-4+deb9u2.dsc
>
> I generally sponsor all his
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Antoine,
On 19/10/20 6:50 pm, Antoine Cervoise wrote:
> Hi,
>
>
> I'm not familiar with how to report security issues regarding
> packages under LTS/Extended LTS support. I've reported this issue on
> poppler-utils (included in poppler package,
tested and
uploaded[4].
* Attended #debian-lts irc meeting.
Regards
Abhijith PA
[1] - https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html
[2] - https://lists.debian.org/debian-lts-announce/2020/09/msg00015.html
[3] - https://lists.debian.org/debian-lts-announce/2020/10
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2398-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
October 07, 2020
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2393-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
October 01, 2020
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2375-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
September 19, 2020
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2373-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
September 13, 2020
). Reported to upstream
developer.
* qemu: Fixed CVE-2020-13253, CVE-2020-14364, CVE-2020-16092,
CVE-2020-1711. After couple more smoke tests, package will be
uploaded[1]. Marked CVE-2020-15859, CVE-2020-17380 as postponed.
Regards
Abhijith PA
[1] - https://people.debian.org/~abhijith
]
* 2 weeks of frontdesk duty (From 27-07 to 09-08). Most of my triage work
can be seen in salsa activity[5]
Regards
Abhijith PA
[1] - https://lists.debian.org/debian-lts-announce/2020/08/msg4.html
[2] - https://lists.debian.org/debian-lts-announce/2020/08/msg00014.html
[3] - https
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2319-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
August 09, 2020
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2316-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
August 08, 2020
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2306-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
August 01, 2020
Hi,
On 07/07/20 4:52 pm, Chris Lamb wrote:
> Hi Emilio,
>
>> The header. It looks like a bit too much for the DLA to me,
>
> Not quite sure what you mean by this. I am assuming you mean something
> along the lines of it being "too intense for a DLA" but if so I don't
> understand what the
: Initially worked on CVE-2020-13231 for jessie. Will be
updating on stretch.
Regards
Abhijith PA
[1] - https://lists.debian.org/debian-lts-announce/2020/06/msg6.html
-BEGIN PGP SIGNATURE-
iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAl8ArJYACgkQhj1N8u2c
KO+YWhAAk9UdO3q
-2020-11078. Uploaded and issued
dla[3]
* 2 weeks of lts-frontdesk from 25-05 to 07-06. Most of my triage work
can be seen in salsa activity[4]
Regards
Abhijith PA
[1] - https://lists.debian.org/debian-lts-announce/2020/05/msg00027.html
[2] - https://lists.debian.org/debian-lts-announce/2020
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: libupnp
Version: 1.6.19+git20141001-1+deb8u2
CVE ID : CVE-2020-13848
Debian Bug : 962282
libupnp, the portable SDK for UPnP Devices allows remote attackers to
cause a denial of service (crash) via a crafted
On 05/06/20 6:39 pm, Sylvain Beucler wrote:
> Hi,
>
> On 05/06/2020 15:03, Abhijith PA wrote:
>> On 20/02/20 11:14 pm, Holger Levsen wrote:
>>> On Thu, Feb 20, 2020 at 06:08:52PM +0100, Emilio Pozuelo Monfort wrote:
>>>> So we should add it to secur
Hi,
On 20/02/20 11:14 pm, Holger Levsen wrote:
> On Thu, Feb 20, 2020 at 06:08:52PM +0100, Emilio Pozuelo Monfort wrote:
>> So we should add it to security-support-ended for those releases, and
>> let it be supported in buster.
>
> done in
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: python-httplib2
Version: 0.9+dfsg-2+deb8u1
CVE ID : CVE-2020-11078
In httplib2, an attacker controlling unescaped part of uri for
`httplib2.Http.request()` could change request headers and body, send
additional
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: salt
Version: 2014.1.13+ds-3+deb8u1
CVE ID : CVE-2020-11651 CVE-2020-11652
Debian Bug : 959684
Several vulnerabilities were discovered in package salt, a
configuration management and infrastructure automation
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: sqlite3
Version: 3.8.7.1-1+deb8u6
CVE ID : CVE-2020-13434
An integer overflow vulnerability was found in the
sqlite3_str_vappendf function of the src/printf.c file of sqlite3 from
version 3.8.3.
For Debian 8
1 - 100 of 296 matches
Mail list logo