On Thursday, 26 January 2017 21:05:46 EST Ola Lundqvist wrote:
> > I started to work on fixing jbig2dec/wheezy for
> > https://security-tracker.debian.org/tracker/CVE-2016-9601 but
> > the patch that allegedly fixes the current issue is rather invasive
> > and while looking at the git history you w
On 2017-01-24 08:37:05, Guido Günther wrote:
> I'm using a qemu VM bootstrapped via
>
>
> http://honk.sigxcpu.org/con/Preseeding_Debian_virtual_machines_with_virt_install.html
>
> Note that there's also autopkgtest-virt-qemu but since it doesn't use
> libvirt I'd have to handle it differently
Hi Emilio,
2017-01-31 22:23 GMT+01:00 Bálint Réczey :
> Hi Emilio,
>
> 2017-01-31 22:14 GMT+01:00 Emilio Pozuelo Monfort :
>> Hi Balint,
>>
>> On 31/01/17 21:46, Balint Reczey wrote:
>>> Log:
>>> wavpack's issues don't affect wheezy
>>>
>>> The first part of the upstream patch is not needed since
Hi,
I have prepared a patch for the issue, I'm just waiting for the CVE
assignment till tomorrow (2 Feb) with the upload.
Cheers,
Balint
2017-01-28 22:03 GMT+01:00 Ola Lundqvist :
> Hello dear maintainer(s),
>
> the Debian LTS team would like to fix the security issues which are
> currently open
On Tue, Jan 31, 2017 at 11:13:55PM +0100, Emilio Pozuelo Monfort wrote:
> Hi Kurt,
>
> I have prepared an update of openssl for wheezy based on 1.0.1t-1+deb8u6. I
> have
> done some smoke testing on it and it seems fine, but I haven't been able to
> verify the three fixes as I can't find exploits
Hi Dominik,
2016-12-23 12:08 GMT+01:00 Dominik George :
> Hi Chris,
>
>> the Debian LTS team would like to fix the security issues which are
>> currently open in the Wheezy version of xrdp:
>> https://security-tracker.debian.org/tracker/source-package/xrdp
>>
>> Would you like to take care of this
Hi,
This month I was allocated 12.75h (plus 2.5h carried from last month). I spent
this time doing the following:
- DLA 684-2: libx11 regression update
- DLA 784-1: gcc-mozilla new package
- DLA 800-1: firefox-esr security update
- DLA 801-1: libxpm security update
- DLA 802-1: openjdk-7 security
Hi Kurt,
I have prepared an update of openssl for wheezy based on 1.0.1t-1+deb8u6. I have
done some smoke testing on it and it seems fine, but I haven't been able to
verify the three fixes as I can't find exploits for them (there is mention of
one for CVE-2016-8610 in [1] but I can't find the actu
On Tue, Jan 31, 2017 at 04:07:19PM -0500, Antoine Beaupré wrote:
> On 2017-01-31 21:42:41, Emilio Pozuelo Monfort wrote:
> > I'd say it makes sense to release a regression update.
> >
> > BTW I'm not sure about this change, which is not mentioned in your
> > changelog entry:
> >
> > --- graphicsma
Hi Emilio,
2017-01-31 22:14 GMT+01:00 Emilio Pozuelo Monfort :
> Hi Balint,
>
> On 31/01/17 21:46, Balint Reczey wrote:
>> Log:
>> wavpack's issues don't affect wheezy
>>
>> The first part of the upstream patch is not needed since the
>> code is very different and not vulnerable.
>> The second par
Hi Balint,
On 31/01/17 21:46, Balint Reczey wrote:
> Log:
> wavpack's issues don't affect wheezy
>
> The first part of the upstream patch is not needed since the
> code is very different and not vulnerable.
> The second part applies, but does not make any difference when
> trying the exploits. Te
On 2017-01-31 21:42:41, Emilio Pozuelo Monfort wrote:
> I'd say it makes sense to release a regression update.
>
> BTW I'm not sure about this change, which is not mentioned in your changelog
> entry:
>
> --- graphicsmagick-1.3.16/debian/rules 2016-09-20 23:52:26.0 +0200
> +++ graphicsmag
On 16/01/17 20:48, Antoine Beaupré wrote:
> Hi,
>
> I've looked at updating the graphicsmagick (GM) update to fix the issues
> outlined in a [recent discussion][1]. The fix to CVE-2016-5240.patch is
> trivial. I can also confirm the current GM version in wheezy-security
> segfaults with the POC.
>
Hi Simon,
On 12/01/17 01:09, Simon McVittie wrote:
> On Wed, 11 Jan 2017 at 01:46:32 +, Simon McVittie wrote:
>> Subsequent manual testing of the fixes for all those revealed some tricky
>> issues in error recovery code paths which I fixed in 3.20170110. We'll
>> see whether that's the final v
Ok, thanks.
// Ola
On 31 January 2017 at 00:35, Emilio Pozuelo Monfort wrote:
> On 27/01/17 22:18, Ola Lundqvist wrote:
>> Hi Emilio
>>
>> I saw that you have uploaded a new openjdk-7 package. Were that
>> package supposed to fix the current issues reported for openjdk-7 or
>> was that correctio
15 matches
Mail list logo