On Sun, Oct 08, 2023 at 12:59:21PM +0100, Jonathan Wiltshire wrote:
> Hi,
>
> On Mon, Jun 26, 2023 at 06:42:18PM +0100, Jonathan Wiltshire wrote:
> > On Tue, Mar 21, 2023 at 12:58:31PM +0100, Alberto Gonzalez Iniesta wrote:
> > > Hi, all. We're looking forward to uploadin
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: modsecur...@packages.debian.org, car...@debian.org,
airw...@gmail.com
Control: affects -1 + src:modsecurity
[ Reason ]
Fix for CVE-2023-38285, not DSA for it.
[
fo
> >
> > Hi,
> >
> > On Mon, 08 May 2023 18:16:51 +0200 Alberto Gonzalez Iniesta
> > wrote:
> > > A new upstream version of modsecurity fixes a security bug
> > > (CVE-2023-28882, #1035083).
> > > We also fixed a FTBFS in the meant
Hi, all. We're looking forward to uploading the latest CRS package to
bullseye-backports, but this will require this pending update to
bullseye. Any news on this front?
Regards,
Alberto
--
Alberto Gonzalez Iniesta| Formación, consultoría y soporte técnico
mailto/sip: a...@inittab.org | en
On Mon, Dec 12, 2022 at 01:37:02PM +0100, Alberto Gonzalez Iniesta wrote:
> On Wed, Dec 07, 2022 at 08:14:50PM +, Adam D. Barratt wrote:
> > On Mon, 2022-09-19 at 19:25 +0200, Alberto Gonzalez Iniesta wrote:
> > > modsecurity-crs has been released today [1]. It fixes a se
On Wed, Dec 07, 2022 at 08:14:50PM +, Adam D. Barratt wrote:
> On Mon, 2022-09-19 at 19:25 +0200, Alberto Gonzalez Iniesta wrote:
> > modsecurity-crs has been released today [1]. It fixes a security
> > issue,
> > here is the announcement:
> >
> &
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu
nmu tripwire_2.4.3.7-4+b3 . ANY . unstable . -m "Rebuild with new libc (Closes
#1022791)"
Tripwire is statically build and libc updates break it.
Thanks.
--
Alberto Gonzal
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: airw...@gmail.com, christian.fol...@netnea.com
[ Reason ]
modsecurity-crs has been released today [1]. It fixes a security issue,
here is the announcement:
the release in order to allow you to run the latest CRS without a fix to
CVE-2022-39956, however we advise against this workaround.
--
I'll quote that same announcement in the bug report for the upload to
release.debia
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu
nmu tripwire_2.4.3.7-3+b3 . ANY . unstable . -m "Rebuild with new libc (Closes
#994910)"
Thanks.
On Sat, Sep 04, 2021 at 03:17:25PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Wed, 2021-08-25 at 16:55 +0200, Alberto Gonzalez Iniesta wrote:
> > This [1] security bug was found in modsecurity-crs.
> > As stated in #992863 by the security team,
patch to fix request body bypass
+CVE-2021-35368 (Closes: #992000)
+
+ -- Alberto Gonzalez Iniesta Tue, 24 Aug 2021 17:40:57
+0200
+
modsecurity-crs (3.3.0-1) unstable; urgency=medium
* New upstream version 3.3.0
diff -Nru modsecurity-crs-3.3.0/debian/patches/CVE-2021-35368.patch
Hi Salvatore!!
On Tue, Aug 24, 2021 at 03:17:36PM +0200, Salvatore Bonaccorso wrote:
> Hi Alberto,
>
> On Tue, Aug 24, 2021 at 01:57:26PM +0200, Alberto Gonzalez Iniesta wrote:
> > Package: release.debian.org
> > Severity: normal
> > Tags: buster
> > User: relea
--
Alberto Gonzalez Iniesta| Formación, consultoría y soporte técnico
mailto/sip: a...@inittab.org | en GNU/Linux y software libre
Encrypted mail preferred| http://inittab.com
Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D 4BF2 009B 3375 6B9A AA55
diff -Nru modsecurity-crs-3.1.0/debian/changelog
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
Hi,
A security issue (CVE-2019-19886) was found in Modsecurity 3.0.3. [1]
A fixed package is already in unstable. This upload only applies
upstream patch to fix that. Please
=medium
-
- * Add upstream patch to fix php script upload rules.
-CVE-2019-13464 (Closes: #943773)
-
- -- Alberto Gonzalez Iniesta Sun, 03 Nov 2019 14:34:05
+0100
-
modsecurity-crs (3.1.0-1) unstable; urgency=medium
* New upstream release.
diff -Nru modsecurity-crs-3.1.0/debian/patches/CVE
On Sat, Oct 12, 2019 at 05:01:38PM +0200, Alberto Gonzalez Iniesta wrote:
> On Sat, Oct 12, 2019 at 03:57:14PM +0100, Adam D. Barratt wrote:
> > Control: tags -1 + moreinfo
> >
> > On Sat, 2019-10-12 at 15:16 +0200, Alberto Gonzalez Iniesta wrote:
> > > nmu li
On Sat, Oct 12, 2019 at 03:57:14PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + moreinfo
>
> On Sat, 2019-10-12 at 15:16 +0200, Alberto Gonzalez Iniesta wrote:
> > nmu libapache2-mod-security2_2.9.3-1 . amd64 . buster . -m "Build
> > with libapr-1.6.5&quo
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu
nmu libapache2-mod-security2_2.9.3-1 . amd64 . buster . -m "Build with
libapr-1.6.5"
Looks like my build environment wasn't up to date when I built this.
The amd64 package is linked with
ects causing not
+usable VPN tunnels.
+
+ -- Alberto Gonzalez Iniesta <a...@inittab.org> Mon, 22 May 2017 14:59:49
+0200
+
openvpn (2.4.0-5) unstable; urgency=high
* Change typo fix in command line help.
diff -Nru openvpn-2.4.0/debian/patches/series
openvpn-2.4.0/debian/patches/series
-
c me on replys, since I'm not subscribed to the list
--
Alberto Gonzalez Iniesta| Formación, consultoría y soporte técnico
mailto/sip: a...@inittab.org | en GNU/Linux y software libre
Encrypted mail preferred| http://inittab.com
Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D 4BF2 009B 3375 6B9A AA55
:42.0 +0100
@@ -1,3 +1,10 @@
+openvpn (2.4.0-4) unstable; urgency=medium
+
+ * Add NEWS entries on possible 2.4 migration issues.
+(Closes: #852381, #849909)
+
+ -- Alberto Gonzalez Iniesta <a...@inittab.org> Thu, 02 Feb 2017 14:15:42
+0100
+
openvpn (2.4.0-3) unstable; urgency=
> > > Am 13.12.2016 um 18:02 schrieb Michael Biebl:
> > >> Am 13.12.2016 um 16:53 schrieb Alberto Gonzalez Iniesta:
> > >>> Hi there,
> > >>>
> > >>> The --tls-remote was removed in OpenVPN 2.4, and was already marked as
> > >
On Thu, Nov 24, 2016 at 07:39:01PM +0100, Julien Cristau wrote:
> On Thu, Nov 10, 2016 at 16:54:41 +0100, Alberto Gonzalez Iniesta wrote:
>
> > On Thu, Nov 10, 2016 at 03:38:12PM +, Adam D. Barratt wrote:
> > >
> > > On Wed, 2016-11-02 at 12:51 +0100,
On Thu, Nov 10, 2016 at 03:38:12PM +, Adam D. Barratt wrote:
> Control: tags -1 + moreinfo
>
> On Wed, 2016-11-02 at 12:51 +0100, Alberto Gonzalez Iniesta wrote:
> > I was asked to update modsecurity-crs in Jessie in order to fix #838009.
> > The fix is trivial
On Thu, Nov 10, 2016 at 03:38:12PM +, Adam D. Barratt wrote:
>
> On Wed, 2016-11-02 at 12:51 +0100, Alberto Gonzalez Iniesta wrote:
> > I was asked to update modsecurity-crs in Jessie in order to fix #838009.
> > The fix is trivial [1] and was uploaded to unsta
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu
Hi there,
I was asked to update modsecurity-crs in Jessie in order to fix #838009.
The fix is trivial [1] and was uploaded to unstable a while ago [2], but
I'm not sure if it
On Thu, Nov 12, 2015 at 06:15:42PM +, Adam D. Barratt wrote:
> Control: tags -1 + moreinfo
>
> On 2015-11-12 16:48, Alberto Gonzalez Iniesta wrote:
> >I'd like to upload openvpn for the next point release. The reason is a
> >serious bug (#785200 and #787090) hitting
--no-block to if-up.d script to avoid hanging boot on
+interfaces with openvpn instances. (Closes: #787090, #785200)
+
+ -- Alberto Gonzalez Iniesta <a...@inittab.org> Thu, 12 Nov 2015 17:16:28
+0100
+
openvpn (2.3.4-5) unstable; urgency=high
* Apply upstream patch that fixes possib
+
+ * Apply upstream patch that fixes possible DoS by authenticated
+clients. CVE-2014-8104
+ * Patch sample certs since they were expired and made the package
+build fail. (Closes: #770835)
+
+ -- Alberto Gonzalez Iniesta a...@inittab.org Mon, 01 Dec 2014 16:10:37
+0100
+
openvpn (2.3.4-4
On Thu, Jun 20, 2013 at 01:10:13PM +0100, Adam D. Barratt wrote:
On 2013-06-19 9:06, Adam D. Barratt wrote:
On 2013-06-19 8:23, Alberto Gonzalez Iniesta wrote:
On Wed, Jun 19, 2013 at 08:10:00AM +0100, Adam D. Barratt wrote:
Did you get any feedback on the new packages? fwiw
http
On Wed, Jun 19, 2013 at 08:10:00AM +0100, Adam D. Barratt wrote:
On 2013-06-17 17:46, Adam D. Barratt wrote:
On 2013-06-17 17:22, Alberto Gonzalez Iniesta wrote:
The problem was a bug in the code that was triggered when GCC was
updated after the first build of openvpn-2.2.1-8.
[...]
Please
On Sat, Jun 15, 2013 at 08:34:12PM +0100, Adam D. Barratt wrote:
[Mail-Followup-To overridden, as iirc you're not reading -release]
On 2013-06-15 20:11, Alberto Gonzalez Iniesta wrote:
Dear SRM, I have just received this [1] bug report. I'm AFK this
weekend, don't know if I would be able
On Mon, Jun 17, 2013 at 10:26:10AM +0200, Alberto Gonzalez Iniesta wrote:
On Sat, Jun 15, 2013 at 08:34:12PM +0100, Adam D. Barratt wrote:
[Mail-Followup-To overridden, as iirc you're not reading -release]
On 2013-06-15 20:11, Alberto Gonzalez Iniesta wrote:
Dear SRM, I have just
and sorry,
Alberto
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712414
--
Alberto Gonzalez Iniesta| Formación, consultoría y soporte técnico
agi@(inittab.org|debian.org)| en GNU/Linux y software libre
Encrypted mail preferred| http://inittab.com
Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D
On Sat, Jun 15, 2013 at 09:11:11PM +0200, Alberto Gonzalez Iniesta wrote:
Dear SRM, I have just received this [1] bug report. I'm AFK this
weekend, don't know if I would be able to test tomorrow (hope so),
please consider holding (if possible) this upgrade to (old)stable just
in case
Hi (again) SRM,
I also have an update for OpenVPN, fixing CVE-2013-2061 (#707329) in Squeeze.
Please find attached the corresponding debdiff.
Thanks,
Alberto
--
Alberto Gonzalez Iniesta| Formación, consultoría y soporte técnico
agi@(inittab.org|debian.org)| en GNU/Linux y software libre
Hi once more, hopefully the last time in a while.
An update for libapache-mod-security in Squeeze is also needed to fix
CVE-2013-2765.
Also attached the corresponding debdiff.
Thanks,
Alberto
--
Alberto Gonzalez Iniesta| Formación, consultoría y soporte técnico
agi@(inittab.org|debian.org
for Squeeze.
Please let me know how should I proceed.
Thanks,
Alberto
--
Alberto Gonzalez Iniesta| Formación, consultoría y soporte técnico
agi@(inittab.org|debian.org)| en GNU/Linux y software libre
Encrypted mail preferred| http://inittab.com
Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D
Hi (again) SRM,
I also have an update for OpenVPN, fixing CVE-2013-2061 (#707329).
Please find attached the corresponding debdiff.
Thanks,
Alberto
--
Alberto Gonzalez Iniesta| Formación, consultoría y soporte técnico
agi@(inittab.org|debian.org)| en GNU/Linux y software libre
Encrypted
modsecurity-apache/2.6.6-4
--
Alberto Gonzalez Iniesta| Formación, consultoría y soporte técnico
agi@(inittab.org|debian.org)| en GNU/Linux y software libre
Encrypted mail preferred| http://inittab.com
Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3
diff -Nru modsecurity
debian/copyright with right license.
+
+ -- Alberto Gonzalez Iniesta a...@inittab.org Mon, 02 Jul 2012 17:18:35
+0200
+
modsecurity-crs (2.2.5-1) unstable; urgency=low
* New upstream release
diff -Nru modsecurity-crs-2.2.5/debian/copyright
modsecurity-crs-2.2.5/debian/copyright
--- modsecurity
+
+ * Updated debian/copyright with right license.
+
+ -- Alberto Gonzalez Iniesta a...@inittab.org Mon, 02 Jul 2012 17:23:08
+0200
+
modsecurity-apache (2.6.6-1) unstable; urgency=low
* New upstream release.
diff -Nru modsecurity-apache-2.6.6/debian/copyright
modsecurity-apache-2.6.6/debian
On Thu, Jul 12, 2012 at 12:48:04PM +0200, Niels Thykier wrote:
On 2012-07-12 12:21, Alberto Gonzalez Iniesta wrote:
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package modsecurity-apache
A change
.
Thanks,
Alberto
--
Alberto Gonzalez Iniesta| Formación, consultoría y soporte técnico
agi@(inittab.org|debian.org)| en GNU/Linux y software libre
Encrypted mail preferred| http://inittab.com
Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3
--
To UNSUBSCRIBE, email
On Mon, Feb 20, 2012 at 02:59:07PM +0100, Cyril Brulebois wrote:
Hi!
Alberto Gonzalez Iniesta a...@inittab.org (20/02/2012):
I'd like to upload openvpn to stable in order to fix #646221. This bug
makes the package almost nonfunctional in kfreebsd archs. The patch (in
the bug report
On Mon, Feb 20, 2012 at 04:23:15PM +0100, Cyril Brulebois wrote:
Alberto Gonzalez Iniesta a...@inittab.org (20/02/2012):
Sure, find it attached.
Looks good to me. One remark though: 2.1.3-2+squeeze1 would be more
customary, so please use that instead. You might want to wait
--multihome option. (Closes: #562099)
-- Alberto Gonzalez Iniesta a...@inittab.org Wed, 29 Sep 2010 13:07:37 +0200
--
Alberto Gonzalez Iniesta| Formación, consultoría y soporte técnico
agi@(inittab.org|debian.org)| en GNU/Linux y software libre
Encrypted mail preferred| http://inittab.com
Key
Iniesta a...@inittab.org Fri, 24 Sep 2010 18:05:54 +0200
--
Alberto Gonzalez Iniesta| Formación, consultoría y soporte técnico
agi@(inittab.org|debian.org)| en GNU/Linux y software libre
Encrypted mail preferred| http://inittab.com
Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E
On Sun, Oct 05, 2008 at 01:33:54AM +0200, Marc 'HE' Brockschmidt wrote:
Alberto Gonzalez Iniesta [EMAIL PROTECTED] writes:
- netkit-tftp: Fixed security bug that made tftpd serve files from
the filesystem root directory when the tftpd root directory
was wrongly specified.
Unblocked
.
- openvpn: Fixes several bugs (in rc10 and rc11) introduced in rc9.
(#495964, #496314, #497411, #496141, #496649)
Thanks,
Alberto
Ps. Not subscribed, please Cc, etc...
--
Alberto Gonzalez Iniesta| Formación, consultoría y soporte técnico
agi@(inittab.org|debian.org)| en GNU/Linux y
or etch envs.
Regards,
Alberto
p.s. Please Cc: me, not subscribed to the list.
--
Alberto Gonzalez Iniesta| Formación, consultoría y soporte técnico
agi@(inittab.org|debian.org)| en GNU/Linux y software libre
Encrypted mail preferred| http://inittab.com
Key fingerprint = 9782 04E7 2B75 405C
On Tue, Jan 01, 2008 at 07:08:59PM +0100, Nico Golde wrote:
Hi Alberto,
* Alberto Gonzalez Iniesta [EMAIL PROTECTED] [2008-01-01 19:00]:
On Sun, Dec 30, 2007 at 04:22:52PM +0100, Nico Golde wrote:
[...]
I prepared packages for both Etch and Sarge (stable and oldstable) and
I'm ready
-dev.
Regards,
Alberto
ps. Please Cc: me on replies since I'm not subscribed.
--
Alberto Gonzalez Iniesta| Formación, consultoría y soporte técnico
agi@(inittab.org|debian.org)| en GNU/Linux y software libre
Encrypted mail preferred| http://inittab.com
Key fingerprint = 9782 04E7 2B75
On Thu, Mar 31, 2005 at 09:11:46AM +0200, Alberto Gonzalez Iniesta wrote:
On Wed, Mar 30, 2005 at 09:06:39PM -1000, Joey Hess wrote:
Packages that are frozen:
netkit-telnet 0.17-28 needed, have 0.17-26 for DSA-697-1
0.17-27 consisted of misc other changes, but
0.17-28 only
Gonzalez Iniesta | BOFH excuse #238:
agi@(agi.as|debian.org)| You did wha... oh _dear_
Encrypted mail preferred |
Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3
signature.asc
Description: Digital signature
Hi,
Could any one help xmbmon enter testing? I changed its Architecture: to
build only on relevant archs (i386 hurd-i386 ia64 amd64). But now it's
waiting to build on one that should and will not build on (arm).
Thanks,
Alberto
--
Alberto Gonzalez Iniesta | BOFH excuse #186:
agi@(agi.as
57 matches
Mail list logo
