Re: isc-dhcp-server in squeeze-lst broken after update
(Resent) Hello, Mike Gabriel a écrit : > > I did not meet that issue on my test rig. I will check the recently > upload package and report back. FWIW, I just upgraded the isc-dhcp-server package on my i386 Squeeze server and did not meet that issue. It only has /etc/dhcp/dhcpd.conf, no /etc/dhcpd.conf.
Accepted prosody 0.7.0-1squeeze1+deb6u1 (source amd64) into squeeze-lts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 16 Jan 2016 10:29:40 +0100 Source: prosody Binary: prosody Architecture: source amd64 Version: 0.7.0-1squeeze1+deb6u1 Distribution: squeeze-lts Urgency: high Maintainer: Matthew James WildChanged-By: Chris Lamb Description: prosody- Lightweight Jabber/XMPP server written in Lua Changes: prosody (0.7.0-1squeeze1+deb6u1) squeeze-lts; urgency=high . * CVE-2016-1232: Fix weak PRNG for mod_dialback on S2S. Checksums-Sha1: b9fde98bdca716423a96c63806ff7588acbcefab 1836 prosody_0.7.0-1squeeze1+deb6u1.dsc 3f3a6c4f262a062a9c027cc843cd6827104fb8ba 177412 prosody_0.7.0.orig.tar.gz 626d69ae020481254a546804b974da7e79d231d5 10721 prosody_0.7.0-1squeeze1+deb6u1.diff.gz 99606c85a61babcfc02cfad2f26a08f735c797ba 167862 prosody_0.7.0-1squeeze1+deb6u1_amd64.deb Checksums-Sha256: 6c5223a148958176f1ce0abaae6bc84ba1d1a7828772b9397e31e12bd87c47f2 1836 prosody_0.7.0-1squeeze1+deb6u1.dsc a8b826805dd55282706c5683c2028899b3721eb0f84d3e35c0509a6c1bc32390 177412 prosody_0.7.0.orig.tar.gz 68cb616d3530bc7a02d539065a65b35f8c5a9534b5dc456390ecef4265138357 10721 prosody_0.7.0-1squeeze1+deb6u1.diff.gz e4aca8d01b7f6a95326361ba874ad649f88d889eba242c01e3493da7b723 167862 prosody_0.7.0-1squeeze1+deb6u1_amd64.deb Files: 4a6016ab6f720d4f3b5ee45bd9fc0f54 1836 net extra prosody_0.7.0-1squeeze1+deb6u1.dsc 69cd4f4e89dbef668a6240cde419dedf 177412 net extra prosody_0.7.0.orig.tar.gz 9b3fcabf801b2bd7f8f313e4527b4294 10721 net extra prosody_0.7.0-1squeeze1+deb6u1.diff.gz 259f2eddba81379099dbd2834ed30a3e 167862 net extra prosody_0.7.0-1squeeze1+deb6u1_amd64.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJWmg34AAoJEB6VPifUMR5YNcEP/jVLBR4ZUQIH1octE+g9a4Wz X2W0rBLUtwjHc+srtvBW/ZKlcvCQazh3FWXb0lqx8ZzzJxKkdOL0GLuzrK++lc2L QpJohCiP0l/NgcmCIWLyJjSrIwY6fRnksPNhiEXjsi4AeOi6AoTVzcveXkhd1M38 1f+1FoZpiTA058EZ+kvAnjlgXR8ce9x83R0ZUjmFKSGyDg/OFtxohTXFlrYONCZm sLTds/q8yLIHQLCdYUcR+H4bjF2l9Urkpo45PAdTu+txKb9MUuXkRAgao+6rrVOY GcbbedmJB23hQ6C7hW/z8GjYjPWyPNn3G/kUN49O0htCSkiGR5AONB5uvffT5Gc7 ecUIxqlNJq4BRRB/L/xKWVtiaaJXvLmYn8/9FatwJ1nBoeafqFyNvACqeeaItvoK p7QlG7I7d7VFNVx6Mzv6z+ySN7uq3EXeU1fKmJ7KliHHsB7jbrYcH8iwq+7sBWa5 FF3vtQLpRWPnH3xqFd8va5G6kOunmw91o+7OYgrL9LxRuYfA0NkiE8kTWs34BSnv Jri92HGP1w+I9Grv9iGZ1HhclHf8nFtUDhoNvI69GPXZ2+KzuIiiIcv/gkusleyX MXPuyDYFlkQU9tTFUfMLufdVknPzw43qzP9TvF6/fahaj+Np0iN/6xHkaWu3LPoj J/siwdlPDNQA4N9wpRlf =my0Q -END PGP SIGNATURE-
Security issues for jasper
jasper has a number of unfixed CVEs: CVE-2016-1867 CVE-2015-5221 CVE-2015-5203 all of which were marked for wheezy and jessie. I understand this for CVE-2016-1867 as that's only an out-of-bounds read, but the other two are double-frees that I would expect to be usable for code execution. Am I missing something? Ben. -- Ben Hutchings Theory and practice are closer in theory than in practice. - John Levine, moderator of comp.compilers signature.asc Description: This is a digitally signed message part