Re: [pkg-mono-group] squeeze update of mono?

Hi, On Wed, 30 Dec 2015, Jo Shields wrote: > My availability is crap right now due to new baby. Please, if nobody > else in the Mono team rushes to upload a fix, I'd really appreciate it > if the security or LTS team could help out as you might have noticed I took care of the squeeze-lts

Re: Usertags for debian-lts

Hi, On Wed, 30 Dec 2015, Guido Günther wrote: > In order to track the status of packaging improvements we make related > to debian-lts I'd like to propose the "ease-lts" usertag: > > > https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=ease-lts;users=debian-lts@lists.debian.org > > For

Re: squeeze update of tiff?

Hi Ben and Laszlo, I have a git mirror[1] (git cvsimport) of upstream CVS and right now it's a tad bit confusing which patches are relevant to those CVEs. I will have more time cherry-picking the patches next week, so if somebody starts the work (even for unstable), I really won't mind. In fact

Re: Using the same nss in all suites

Hi Moritz, On Mon, Dec 14, 2015 at 06:04:33PM +0100, Moritz Muehlenhoff wrote: > On Wed, Nov 25, 2015 at 11:58:19AM +0100, Florian Weimer wrote: > > * Guido Günther: > > > > > On Thu, Nov 05, 2015 at 09:00:51PM +0100, Florian Weimer wrote: > > >> * Mike Hommey: > > >> > The biggest issue with NSS

Re: Using the same nss in all suites

* Guido Günther: > One thing though is that we don't have a DSA for announcing the new > nss version in the point release but we don't have this for other > packages either. Did this turn out to be problematic for other packages > in the past that switch to new version in a point release? I

Re: Using the same nss in all suites

On Thu, Dec 31, 2015 at 11:55:53AM +0100, Guido Günther wrote: > One thing though is that we don't have a DSA for announcing the new > nss version in the point release but we don't have this for other > packages either. Did this turn out to be problematic for other packages > in the past that

Accepted ia32-libs 20151231 (source amd64) into squeeze-lts

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 31 Dec 2015 14:02:28 +0100 Source: ia32-libs Binary: ia32-libs ia32-libs-dev Architecture: source amd64 Version: 20151231 Distribution: squeeze-lts Urgency: low Maintainer: Debian ia32-libs Team <pkg-ia32-libs-maint

Re: squeeze update of tiff?

Hi Ondřej, Ben, On Thu, Dec 31, 2015 at 10:04 AM, Ondřej Surý wrote: > I have a git mirror[1] (git cvsimport) of upstream CVS and right now > it's a tad bit confusing which patches are relevant to those CVEs. I've packaged 4.0.6, fixed two CVEs and two other vulnerabilities

Re: squeeze/wheezy updates of Redmine (+ long term state of redmine packaging)

On 2015-12-30 04:23:33, Raphael Hertzog wrote: > Hello Antoine, > > On Tue, 29 Dec 2015, anarcat wrote: >> Hello dear maintainers of the Redmine packages! >> >> The Debian LTS team would like to fix the security issues which are >> currently open in the Squeeze or Wheezy versions of redmine: > >

Accepted mumble 1.2.2-6+squeeze2 (source all amd64) into squeeze-lts

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 25 Dec 2015 03:06:55 -0500 Source: mumble Binary: mumble mumble-11x mumble-server mumble-dbg mumble-server-web Architecture: source all amd64 Version: 1.2.2-6+squeeze2 Distribution: squeeze-lts Urgency: medium Maintainer:

security tracker end-of-life patch

hi right now, the security tracker shows CVEs marked as "end-of-life" as "vulnerable", and in the open issue list. a good example is the redmine package: https://security-tracker.debian.org/tracker/source-package/redmine CVE-2015-8477, CVE-2014-1985, CVE-2012-2054 and CVE-2012-0327 are all