Re: testing php5 for Wheezy LTS
Hi Thorsten, Op Sat, May 28, 2016 at 10:50:14PM +0200 schreef Thorsten Alteholz: > Hi, > > this seems to be the month of testing requests. I uploaded version > 5.4.45-0+deb7u3 of php5 to: > https://people.debian.org/~alteholz/packages/wheezy-lts/php5/amd64/ https://people.debian.org/~alteholz/packages/wheezy-lts/php5/am64/ works, the one with "amd64" currently doesn't... > https://people.debian.org/~alteholz/packages/wheezy-lts/php5/i386/ > > Please give it a try and tell me about any problems you met. There are still > some CVEs open, they will be fixed in a later upload. Bye, Joost - now gonna test signature.asc Description: Digital signature
Re: Wheezy update of vlc?
Hi, On Sun, May 29, 2016 at 10:10:20PM -0400, Reinhard Tartler wrote: > Also note that https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5108 > doesn't provide and useful information about this issue. Is that issue also > known by a different identifier? MITRE has just not yet updated their description for the issue. CVE-2016-5108 was assigned here: https://marc.info/?l=oss-security&m=146436956931554&w=2 Cf. https://security-tracker.debian.org/tracker/CVE-2016-5108 HTH, Regards, Salvatore
Re: Debian LTS Security update of ruby-activerecord-3.2
Hi Ola, On Thu, May 26, 2016 at 11:27:42PM +0200, Ola Lundqvist wrote: > Hi ruby-activerecord-3.2 maintainer(s) and Debian LTS team > > This is my third package contribution to Debian LTS. I'm doing this as a > training exercise and this is why the maintainer have not been asked to > this for me. > > I have prepared an update of the ruby-activerecord-3.2 package with a fix > for > https://security-tracker.debian.org/tracker/CVE-2015-7577 While looking into CVE-2016-0753 of ruby-activemodel-3.2 I noticed that ruby-activerecord-3.2 is affected as well and not fixed with your proposed debdiff. I'm just looking into this atm and don't want to duplicate efforts. Cheers, -- Guido
Re: Debian LTS Security update of ruby-activerecord-3.2
Hi Guido Yes that is true. I have not solved that problem. I focused on only one of the issues as I had to look into two packages to solve the one you refer to. Great that you will have a look at that one. I'll upload ruby-activerecord-3.2 shortly (read today) and it will look like the one I had in the directory above. But I guess it is better to base it on the one I upload just in case. Cheers // Ola On Mon, May 30, 2016 at 8:08 PM, Guido Günther wrote: > Hi Ola, > On Thu, May 26, 2016 at 11:27:42PM +0200, Ola Lundqvist wrote: > > Hi ruby-activerecord-3.2 maintainer(s) and Debian LTS team > > > > This is my third package contribution to Debian LTS. I'm doing this as a > > training exercise and this is why the maintainer have not been asked to > > this for me. > > > > I have prepared an update of the ruby-activerecord-3.2 package with a fix > > for > > https://security-tracker.debian.org/tracker/CVE-2015-7577 > > While looking into CVE-2016-0753 of ruby-activemodel-3.2 I noticed that > ruby-activerecord-3.2 is affected as well and not fixed with your > proposed debdiff. I'm just looking into this atm and don't want to > duplicate efforts. > > Cheers, > -- Guido > -- - Ola Lundqvist --- / o...@debian.org Folkebogatan 26 \ | o...@inguza.com 654 68 KARLSTAD | | http://inguza.com/ +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---
Re: Debian LTS Security update of ruby-activerecord-3.2
On Mon, May 30, 2016 at 08:11:23PM +0200, Ola Lundqvist wrote: > Hi Guido > > Yes that is true. I have not solved that problem. I focused on only one of > the issues as I had to look into two packages to solve the one you refer > to. Great that you will have a look at that one. > > I'll upload ruby-activerecord-3.2 shortly (read today) and it will look > like the one I had in the directory above. But I guess it is better to base > it on the one I upload just in case. Okay. Please make sure that ruby-activerecord-3.2 stays in dla-needed.txt needed then since it still needs CVEs fixed. Although I know a bit of ruby I don't know much ActiveRecord, ActiveModel yet so in case somebody in the LTS team knows this stuff in and out I'm glad to pass this over. Cheers, -- Guido
Re: Debian LTS Security update of ruby-activerecord-3.2
Hi I'll make sure it is kept in dla-needed.txt. I must admit that I'm quite new on both ruby and other things. I seem to manage enough to write some tests as least though. // Ola On Mon, May 30, 2016 at 8:20 PM, Guido Günther wrote: > On Mon, May 30, 2016 at 08:11:23PM +0200, Ola Lundqvist wrote: > > Hi Guido > > > > Yes that is true. I have not solved that problem. I focused on only one > of > > the issues as I had to look into two packages to solve the one you refer > > to. Great that you will have a look at that one. > > > > I'll upload ruby-activerecord-3.2 shortly (read today) and it will look > > like the one I had in the directory above. But I guess it is better to > base > > it on the one I upload just in case. > > Okay. Please make sure that ruby-activerecord-3.2 stays in > dla-needed.txt needed then since it still needs CVEs fixed. > > Although I know a bit of ruby I don't know much ActiveRecord, > ActiveModel yet so in case somebody in the LTS team knows this stuff in > and out I'm glad to pass this over. > > Cheers, > -- Guido > -- - Ola Lundqvist --- / o...@debian.org Folkebogatan 26 \ | o...@inguza.com 654 68 KARLSTAD | | http://inguza.com/ +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---
Re: Debian LTS Security update of ruby-activerecord-3.2
Hi As yiu may have noticed the package is updated now. / Ola Sent from a phone Den 30 maj 2016 22:14 skrev "Ola Lundqvist" : > Hi > > I'll make sure it is kept in dla-needed.txt. > > I must admit that I'm quite new on both ruby and other things. I seem to > manage enough to write some tests as least though. > > // Ola > > On Mon, May 30, 2016 at 8:20 PM, Guido Günther wrote: > >> On Mon, May 30, 2016 at 08:11:23PM +0200, Ola Lundqvist wrote: >> > Hi Guido >> > >> > Yes that is true. I have not solved that problem. I focused on only one >> of >> > the issues as I had to look into two packages to solve the one you refer >> > to. Great that you will have a look at that one. >> > >> > I'll upload ruby-activerecord-3.2 shortly (read today) and it will look >> > like the one I had in the directory above. But I guess it is better to >> base >> > it on the one I upload just in case. >> >> Okay. Please make sure that ruby-activerecord-3.2 stays in >> dla-needed.txt needed then since it still needs CVEs fixed. >> >> Although I know a bit of ruby I don't know much ActiveRecord, >> ActiveModel yet so in case somebody in the LTS team knows this stuff in >> and out I'm glad to pass this over. >> >> Cheers, >> -- Guido >> > > > > -- > - Ola Lundqvist --- > / o...@debian.org Folkebogatan 26 \ > | o...@inguza.com 654 68 KARLSTAD | > | http://inguza.com/ +46 (0)70-332 1551 | > \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / > --- > >
