by the security team
+ * Fix cross-site scripting via the fm parameters (Closes: #598584)
+Fixes: CVE-2010-3695
+
+ -- Steffen Joeris wh...@debian.org Sun, 27 Mar 2011 20:42:56 +1100
+
imp4 (4.2-4lenny2) stable; urgency=low
* Backport patches from Horde CVS (http://bugs.horde.org/ticket/8836
Hi,
On Wed, Dec 08, 2010 at 09:03:17PM +, Adam D. Barratt wrote:
On Wed, 2010-12-08 at 21:10 +0100, Moritz Muehlenhoff wrote:
Please unblock package collectd. Judging by the changelog
4.10.1-1+squeeze1 and 4.10.1-2 look alike, but for some reason Steffen
NMUd the unstable version.
Hi Sebastian
I'd like to ask, on behalf of the security team, for the removal of
destar from the archive: it's got a critical security bug (#522123,
corresponding RT ticket is 1267), and I've confirmed with its upstream
that it's not maintained anymore.
I've initially asked the destar
Package: release.debian.org
Severity: normal
Hi
destar is security buggy and we have assessed the situation and decided
that it is best to remove the package from (old)stable. Please schedule
its removal with the next point release.
Cheers
Steffen
--
To UNSUBSCRIBE, email to
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
On Wed, 16 Sep 2009 02:47:38 am Steffen Joeris wrote:
Debian Security Advisory DSA-1887-1 secur
On Wed, 16 Sep 2009 02:47:38 am Steffen Joeris wrote:
Debian Security Advisory DSA-1887-1 secur...@debian.org
http://www.debian.org/security/ Steffen Joeris
September 15, 2009
On Wed, 26 Aug 2009 04:58:24 pm Andreas Barth wrote:
* Steffen Joeris (steffen.joe...@skolelinux.de) [090826 08:53]:
For kernel-security support, we have Dann Frazier in the security team,
who is also working in the kernel team (and of course other kernel team
members might help on security
Hi Marc
On Wed, 26 Aug 2009 04:23:09 pm Marc 'HE' Brockschmidt wrote:
Steffen Joeris steffen.joe...@skolelinux.de writes:
On Wed, 26 Aug 2009 06:51:48 am Marc 'HE' Brockschmidt wrote:
Release Goals
=
[...]
- kFreeBSD:
Debian 6.0 Squeeze should be the first Debian
On Thu, 27 Aug 2009 01:38:18 pm Michael S Gilbert wrote:
Hi,
A new lenny release is coming soon and there are some open security
issues in poppler that I have fixed. Attached is the debdiff of the
changes.
The package can be found on mentors.debian.net:
- URL:
On Thu, 27 Aug 2009 01:38:18 pm Michael S Gilbert wrote:
Hi,
A new lenny release is coming soon and there are some open security
issues in poppler that I have fixed. Attached is the debdiff of the
changes.
The package can be found on mentors.debian.net:
- URL:
Hi Francesco
Thanks for informing us.
I just uploaded a new version of proftpd-dfsg on sid fixing a recently
discovered security issue. After some discussion with TJ (proftpd PM)
The problem is not of interest for 1.3.0 (etch version) because it lacks
relevant code present in successive
Package: release.debian.org
Severity: important
Tags: security
Hi
I was working on a security update for tmsnc, a textbased msn client. When I
tried to test the update, I found out that the program is not able to connect
to MSN servers anymore due to a protocol missmatch. I assume that the
Hi
I was working on a security update for tmsnc, a textbased msn client. When I
tried to test the update, I found out that the program is not able to connect
to MSN servers anymore due to a protocol missmatch. I assume that the program
needs a newer MSN protocol to work again. There are
Hi
Please unblock the following packages:
cups 1.3.8-1lenny4
clamav 0.94.dfsg.2-1
flamethrower 0.1.8-2
quassel 0.2~rc1-1.1
tkman 2.2-4
valgrind 1:3.3.1-3
wordpress 2.5.1-11
p3nfs 5.19-1.2
iceape 1.1.13-1
More information are available here[0].
Cheers
Steffen
[0]:
Hi
On Tue, 4 Nov 2008 04:24:57 am Jamin W. Collins wrote:
It was brought to my attention that the Snoopy library shipped in the
Media Mate packages for etch and lenny has a potential security
vulnerability[0]
CVE-2008-4796[1]:
| The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy
Hi Francois
I am wondering, why you didn't contact the testing-security team and prepared
uploads for testing-security?
If I am not mistaken, the issue is easily exploitable. If you think it is not
really important, then informing us would also be a nice move, since we can
add urgencies to our
On Tue, 4 Nov 2008 03:40:22 pm Michael Gilbert wrote:
Dear release team,
Thank you for making a decision on the direction for bug #449497 in
foo2zjs [1]. I believe that this is a reasonable choice for now due
to the impending release. However, I would really like to see an
honest and
Hi
I've uploaded an NMU yesterday to fix a heap overflow. Could you please
unblock version 2.6.1-3.1 and let it migrate to lenny after 2 days?
Cheers
Steffen
signature.asc
Description: This is a digitally signed message part.
Hi
The new mon version (0.99.2-13) fixes an unsafe handling of temp files[0].
Could you please unblock it and let it migrate after 5 days?
Cheers
Steffen
[0]: http://security-tracker.debian.net/tracker/TEMP-0496398-000597
signature.asc
Description: This is a digitally signed message part.
Hi
The new bitlbee version 1.2.3-1 fixes an incomplete fix for the last security
issue. More information can be found in the new CVE id[0].
Please let bitlbee into lenny.
Cheers
Steffen
[0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3969
signature.asc
Description: This is a
Hi
The new nfdump version (1.5.7-5) fixes an insecure handling of tempfiles[0].
Could it please get a freeze exception?
grep-excuses mentioned this line:
nfdump/i386 unsatisfiable Depends: librrd2 (= 1.2.15)
Not sure about this, but I will leave it in your capable hands :)
Cheers
Steffen
[0]:
Hi
The 1:3.0-13 version of wordnet fixes a regression introduced by the security
fixes. Please unblock wordnet and let it migrate after 5 days.
This also spares us to prepare another DTSA :)
Cheers
Steffen
signature.asc
Description: This is a digitally signed message part.
Hi
The new opensc package (0.11.4-5) in unstable adds one correction to the last
security patch. The changes are minimal and the changelog entry is below,
could you please unblock it?
Cheers
Steffen
opensc (0.11.4-5) unstable; urgency=high
* src/tools/pkcs15-tool.c: Small fix to the
Hi
A -5 version was uploaded so the security fix did not make it into lenny.
Could we please get the -5 version of neon27 into lenny now to get the
security fix in?
Cheers
Steffen
signature.asc
Description: This is a digitally signed message part.
Hi
* Fix version information
* Mark by etch-ignore bus that are not affected in stable
for reason independent from their version (e.g. GCC 4.3
FTBFS)
* Compile a list for the maintainers and the SRM for packages
that could need a stable upload.
The security team keeps a file[0]
Hi
owl-dms has only a few users according to popcon[0] and is vulnerable to a few
security issues[1]. The question is whether it would be better to remove it
from lenny and maybe give it one more release cycle to improve and age a bit.
It would also shift some workload away from the security
Hi
Could you please let the fix for CVE-2008-3329[0] enter testing?
The patch is minimal.
Cheers
Steffen
[0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3329
signature.asc
Description: This is a digitally signed message part.
Hi
Could you please unblock this package, it fixes a security issue[0].
The unstable version is a new upstream version, but the changes are trivial.
It includes the security patch and some changes to .desktop file and so on.
I think it should migrate now, instead of going through
Hi
The opensc package in sid fixes CVE-2008-2235[0] and the changes are trivial
(security fix, typo fix, standards version change).
Please unblock it so it can go straight into lenny.
Cheers
Steffen
[0]: http://security-tracker.debian.net/tracker/CVE-2008-2235
signature.asc
Description: This
Hi
Please unblock the newsx package and check its migration to testing in two
days.
It fixes a buffer overflow (CVE-2008-3252) and the patch is minimal.
There shouldn't be anything holding it back, so I'd rather let it migrate in
two days straight away, than prepare a DTSA.
Cheers
Steffen
On Mon, 16 Jun 2008 02:06:40 pm Mark Purcell wrote:
found 486328 0.16-1
fixed 486328 0.17-1
forwarded 486328 http://dev.robotbattle.com/bugs/view.php?id=546
thanks
On Sun, 15 Jun 2008, Steffen Joeris wrote:
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published
Hi
Could the release team please bump the urgency of wordpress and let it migrate
to testing after 2 days?
The package fixes this bug[0] and the changes only include the fix for that.
Cheers
Steffen
[0]: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=485807
(CVE-2008-2392)
signature.asc
Hi
Does the release team want to have an update of cecilia for stable addressing
this CVE issue(0)?
(0): http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1832
Debian Bug: #476321
signature.asc
Description: This is a digitally signed message part.
Hi
Could I please get a bump for the phpgedview package so that it reaches
testing sooner?
It fixes this CVE(0) and is already 6 days old.
Cheers
Steffen
(0): http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2064
signature.asc
Description: This is a digitally signed message part.
Hi
There has been a CVE[0] issued against nufw. I would like to request a bump
of the urgency to get it migrated to testing.
Cheers
Steffen
[0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5723
signature.asc
Description: This is a digitally signed message part.
Hi All
From the testing-security point of view, I would not see any problem with
bumping the urgency and letting it migrate to lenny. The ppc buildd still
needs to pick it up and I guess that S390 is a matter of time.
Thanks for your efforts.
Cheers
Steffen
signature.asc
Description: This is
Hi
The last polipo upload fixes CVE-2007-4626 and CVE-2007-4625 .
Do you know how stable the new upstream version is? I would like to get the
security fixes into testing as soon as possible and I was wondering on your
maintainer's opinion about bumping the priority to medium.
Cheers
Steffen
package
Date: Wed, 4 Jul 2007
From: Steffen Joeris [EMAIL PROTECTED]
To: Debian Bug Tracking System [EMAIL PROTECTED]
Package: debian-edu-artwork
Severity: serious
Justification: Policy 3.9
# This is not policy compilant, as $kdmrc is a conffile in
# the kdm package, and we are editing
Hi
Thanks Marc for the nice summary, helps me a bit :)
So, it looks like juice, maildir-bulletin, qe, qmc, shaperd and
tigr-glimmer are easy removals. Anyone interested to mail the respective
maintainers?
Yes I am on it and pinging appropriate candidates.
Cheers
Steffen
pgpITwUMD0CzY.pgp
Hi Release Managers
Please consider unblocking kolab-resource-handlers.
Today's upload fixed an RC bug[0] and an important bug[1].
Cheers
Steffen
[0]: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=400627
[1]: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=401116
pgpTdyrPDqgef.pgp
Dear Release Managers
Currently the sitesummary-client version in etch has an RC bug[0] which was
just discovered due to some reviews. We would like to fix that bug for etch,
but want to ask now whether you can unblock the package in sid[1] (where this
bug is fixed and some other small things
Hi
I know that this is an old and long discussed bug, but please allow me to
raise the discussion again right now as I think that the issue is not
completely clear.
First of all the bug is called: debian-edu-config: Messes programmatically
with conffiles of other packages
The word
42 matches
Mail list logo