Hi,
On Wed, 30 Dec 2015, Jo Shields wrote:
> My availability is crap right now due to new baby. Please, if nobody
> else in the Mono team rushes to upload a fix, I'd really appreciate it
> if the security or LTS team could help out
as you might have noticed I took care of the squeeze-lts
Hi,
On Wed, 30 Dec 2015, Guido Günther wrote:
> In order to track the status of packaging improvements we make related
> to debian-lts I'd like to propose the "ease-lts" usertag:
>
>
> https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=ease-lts;users=debian-lts@lists.debian.org
>
> For
Hi Ben and Laszlo,
I have a git mirror[1] (git cvsimport) of upstream CVS and right now
it's a tad bit confusing which patches are relevant to those CVEs.
I will have more time cherry-picking the patches next week, so if
somebody starts the work (even for unstable), I really won't mind. In
fact
Hi Moritz,
On Mon, Dec 14, 2015 at 06:04:33PM +0100, Moritz Muehlenhoff wrote:
> On Wed, Nov 25, 2015 at 11:58:19AM +0100, Florian Weimer wrote:
> > * Guido Günther:
> >
> > > On Thu, Nov 05, 2015 at 09:00:51PM +0100, Florian Weimer wrote:
> > >> * Mike Hommey:
> > >> > The biggest issue with NSS
* Guido Günther:
> One thing though is that we don't have a DSA for announcing the new
> nss version in the point release but we don't have this for other
> packages either. Did this turn out to be problematic for other packages
> in the past that switch to new version in a point release?
I
On Thu, Dec 31, 2015 at 11:55:53AM +0100, Guido Günther wrote:
> One thing though is that we don't have a DSA for announcing the new
> nss version in the point release but we don't have this for other
> packages either. Did this turn out to be problematic for other packages
> in the past that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Thu, 31 Dec 2015 14:02:28 +0100
Source: ia32-libs
Binary: ia32-libs ia32-libs-dev
Architecture: source amd64
Version: 20151231
Distribution: squeeze-lts
Urgency: low
Maintainer: Debian ia32-libs Team
<pkg-ia32-libs-maint
Hi Ondřej, Ben,
On Thu, Dec 31, 2015 at 10:04 AM, Ondřej Surý wrote:
> I have a git mirror[1] (git cvsimport) of upstream CVS and right now
> it's a tad bit confusing which patches are relevant to those CVEs.
I've packaged 4.0.6, fixed two CVEs and two other vulnerabilities
On 2015-12-30 04:23:33, Raphael Hertzog wrote:
> Hello Antoine,
>
> On Tue, 29 Dec 2015, anarcat wrote:
>> Hello dear maintainers of the Redmine packages!
>>
>> The Debian LTS team would like to fix the security issues which are
>> currently open in the Squeeze or Wheezy versions of redmine:
>
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Fri, 25 Dec 2015 03:06:55 -0500
Source: mumble
Binary: mumble mumble-11x mumble-server mumble-dbg mumble-server-web
Architecture: source all amd64
Version: 1.2.2-6+squeeze2
Distribution: squeeze-lts
Urgency: medium
Maintainer:
hi
right now, the security tracker shows CVEs marked as "end-of-life" as
"vulnerable", and in the open issue list. a good example is the redmine
package:
https://security-tracker.debian.org/tracker/source-package/redmine
CVE-2015-8477, CVE-2014-1985, CVE-2012-2054 and CVE-2012-0327 are all
11 matches
Mail list logo