Override component to main
http-parser 2.7.1-2 in bionic: universe/misc -> main
libhttp-parser-dev 2.7.1-2 in bionic amd64: universe/libdevel/extra/100% -> main
libhttp-parser-dev 2.7.1-2 in bionic arm64: universe/libdevel/extra/100% -> main
libhttp-parser-dev 2.7.1-2 in bionic armhf:
Given the security team ack, and the package generally, fine to MIR
I believe the only package that needs promotion (other than the source):
libhttp-parser2.7.1
** Changed in: http-parser (Ubuntu)
Status: Confirmed => Fix Committed
--
You received this bug notification because you are
Given the security team ack, and the package generally, fine to MIR
I believe the only package that needs promotion (other than the source):
libhttp-parser2.7.1
** Changed in: http-parser (Ubuntu)
Status: Confirmed => Fix Committed
--
You received this bug notification because you are
** Changed in: http-parser (Ubuntu)
Assignee: (unassigned) => Nish Aravamudan (nacc)
--
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1638957
Title:
[MIR] http-parser, dependency of
** Changed in: http-parser (Ubuntu)
Assignee: (unassigned) => Nish Aravamudan (nacc)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1638957
Title:
[MIR] http-parser, dependency of sssd
To
** Description changed:
[Availability]
Package is in universe since trusty:
$ rmadison http-parser
http-parser | 2.1-2 | trusty/universe | source
http-parser | 2.1-2 | xenial/universe | source
http-parser | 2.1-2 | artful/universe | source
http-parser | 2.7.1-2 |
** Description changed:
[Availability]
Package is in universe since trusty:
$ rmadison http-parser
http-parser | 2.1-2 | trusty/universe | source
http-parser | 2.1-2 | xenial/universe | source
http-parser | 2.1-2 | artful/universe | source
http-parser | 2.7.1-2 |
** Tags removed: zesty
** Tags added: bionic
--
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1638957
Title:
[MIR] http-parser, dependency of sssd
To manage notifications about this bug go
** Tags removed: zesty
** Tags added: bionic
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1638957
Title:
[MIR] http-parser, dependency of sssd
To manage notifications about this bug go to:
** Description changed:
[Availability]
Package is in universe since trusty:
$ rmadison http-parser
http-parser | 2.1-2 | trusty/universe | source
http-parser | 2.1-2 | xenial/universe | source
http-parser | 2.1-2 | artful/universe | source
http-parser | 2.7.1-2 |
** Description changed:
[Availability]
Package is in universe since trusty:
$ rmadison http-parser
http-parser | 2.1-2 | trusty/universe | source
http-parser | 2.1-2 | xenial/universe | source
http-parser | 2.1-2 | artful/universe | source
http-parser | 2.7.1-2 |
** Description changed:
[Availability]
Package is in universe since trusty:
$ rmadison http-parser
http-parser | 2.1-2 | trusty/universe | source
http-parser | 2.1-2 | xenial/universe | source
http-parser | 2.1-2 | artful/universe | source
http-parser | 2.7.1-2 |
** Description changed:
[Availability]
Package is in universe since trusty:
$ rmadison http-parser
http-parser | 2.1-2 | trusty/universe | source
http-parser | 2.1-2 | xenial/universe | source
http-parser | 2.1-2 | artful/universe | source
http-parser | 2.7.1-2 |
** Description changed:
[Availability]
Package is in universe since trusty:
$ rmadison http-parser
http-parser | 2.1-2 | trusty/universe | source
http-parser | 2.1-2 | xenial/universe | source
http-parser | 2.1-2 | artful/universe | source
http-parser | 2.7.1-2 |
** Description changed:
[Availability]
Package is in universe since trusty:
$ rmadison http-parser
http-parser | 2.1-2 | trusty/universe | source
http-parser | 2.1-2 | xenial/universe | source
http-parser | 2.1-2 | artful/universe | source
http-parser | 2.7.1-2 |
** Description changed:
[Availability]
Package is in universe since trusty:
$ rmadison http-parser
http-parser | 2.1-2 | trusty/universe | source
http-parser | 2.1-2 | xenial/universe | source
http-parser | 2.1-2 | artful/universe | source
http-parser | 2.7.1-2 |
** Description changed:
[Availability]
Package is in universe since trusty:
$ rmadison http-parser
http-parser | 2.1-2 | trusty/universe | source
http-parser | 2.1-2 | xenial/universe | source
http-parser | 2.1-2 | artful/universe | source
http-parser | 2.7.1-2 |
** Description changed:
[Availability]
Package is in universe since trusty:
$ rmadison http-parser
- http-parser | 2.1-2 | trusty/universe | source
- http-parser | 2.1-2 | xenial/universe | source
- http-parser | 2.1-2 | artful/universe | source
- http-parser | 2.7.1-2 |
** Description changed:
[Availability]
Package is in universe since trusty:
$ rmadison http-parser
- http-parser | 2.1-2 | trusty/universe | source
- http-parser | 2.1-2 | xenial/universe | source
- http-parser | 2.1-2 | artful/universe | source
- http-parser | 2.7.1-2 |
** Description changed:
- [MIR] http-parser, dependency of sssd
+ [Availability]
+
+ [Rationale]
+
+ [Security]
+
+ [Quality assurance]
+
+ [Dependencies]
+
+ [Standards compliance]
+
+ [Maintenance]
+
+ [Background information]
** Description changed:
[Availability]
+ Package is in
** Description changed:
- [MIR] http-parser, dependency of sssd
+ [Availability]
+
+ [Rationale]
+
+ [Security]
+
+ [Quality assurance]
+
+ [Dependencies]
+
+ [Standards compliance]
+
+ [Maintenance]
+
+ [Background information]
** Description changed:
[Availability]
+ Package is in
This is acked quite a while now.
Is this coming to 18.04 still?
I subscribed Andreas and Timo who were the last people I heard talking
about sssd - maybe you know about the current plans.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
I reviewed http-parser version 2.1-2 as checked into zesty. This shouldn't
be considered a full security audit but rather a quick gauge of
maintainability.
No CVEs in our database
- http-parser provides an API with callbacks to handle HTTP parsing. It
doesn't do any networking itself, strictly
Bumping the milestone to ubuntu-17.10 so it remains on people's radar.
** Changed in: http-parser (Ubuntu)
Milestone: ubuntu-17.04 => ubuntu-17.10
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Just waiting on a security check.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1638957
Title:
[MIR] http-parser, dependency of sssd
To manage notifications about this bug go to:
two months passed, what's next?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1638957
Title:
[MIR] http-parser, dependency of sssd
To manage notifications about this bug go to:
** Changed in: http-parser (Ubuntu)
Status: Incomplete => Confirmed
** Changed in: http-parser (Ubuntu)
Milestone: ubuntu-16.11 => None
** Changed in: http-parser (Ubuntu)
Milestone: None => ubuntu-17.04
--
You received this bug notification because you are a member of Ubuntu
Subscription by server team added. Thanks.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1638957
Title:
[MIR] http-parser, dependency of sssd
To manage notifications about this bug go to:
A server team admin should add the bug subscription..
Tests are already run during build. There is no other parser to use that
I know of, and if there werer that would need changing sssd too.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
- I'd suggest subscribing ~ubuntu-server as well.
- The tests should be run as part of build and/or as an autopkgtest.
"make test" should do the trick.
- Is there not another http parser in main that we could use instead?
- I'll pass to security team for a quick opinion -- parsing untrusted
web
I've added sssd team as bug subscriber. Apart from the new upstream
release there doesn't seem to be too much to do.
Debian is frozen now, so no transitions are possible until stretch is
released. That's too late for sssd though, since 1.14.x is a dependency
of freeipa 4.4 which I have prepared
I had some time so I took a quick look at this. But the server team
should still flesh this out when they can and we'll do a fuller review.
- Needs a team bug subscriber.
- Seems unmaintained in Debian. No updates in 3 years and upstream has new
releases (and repeated requests to update the
32 matches
Mail list logo
