On Tue, Mar 01, 2016 at 07:15:28AM +, Mike Gabriel wrote:
[..snip..]
> >>Issues that are unfixed in wheezy but fixed in squeeze:
> >>* aptdaemon-> CVE-2015-1323
> >>* cakephp -> TEMP-000-698CF7
> >>* dhcpcd -> CVE-2012-6698 CVE-2012-6699 CVE-2012-6700
Hi Guido,
On Mo 29 Feb 2016 21:54:11 CET, Guido Günther wrote:
* prepare a fixed package
* test the package
* send a .debdiff to t...@security.debian.org
* wait for feedback and ideally permission to upload to wheezy-security
That's what I'm doing at the moment (sending the debdiff
Hi all,
I have just looked at what it needs to fix CVE-2014-8350 for smarty3
[1]. Unfortunately, the fix [2] from between 3.1.20 and 3.1.21 is not
trivial to backport to wheezy's 3.1.10 version.
The packages that depend on smarty3 in Debian wheezy are these:
o gosa + its plugins
o
Package: squid3
Version: 3.1.6-1.2+squeeze6
CVE ID : CVE-2016-2569 CVE-2016-2571
Debian Bug : 816011
Several security issues have been discovered in the Squid caching proxy.
CVE-2016-2569
Squid wrongly checked boundaries of String data, making it possible
for
Hi Markus,
On 29-02-16 21:56, Markus Koschany wrote:
> If it helps I could remove the "Debian 7 Wheezy" part and write
> "we recommend that you upgrade your systems".
That fully resolves the issue I was having with the text.
Paul
signature.asc
Description: OpenPGP digital signature
Am 29.02.2016 um 20:27 schrieb Paul Gevers:
> Hi Markus,
>
> On 29-02-16 20:25, Matus UHLAR - fantomas wrote:
>> you only can upgrade to wheezy directly. upgrade accross versions is not
>> supported.
>
> I know, but that is not what I meant. I meant (and wrote), upgrade via
> wheezy.
Hi Paul,
Hi,
On Mon, Feb 29, 2016 at 03:25:46PM +, Mike Gabriel wrote:
> For this, we can run bin/lts-needs-forward-port.py from the secure-testing
> repo and see what issues we fixed in squeeze and port those fixes to the
> package version in wheezy-security. Package updates must be coordinated with
>
Hi Markus,
On 29-02-16 20:25, Matus UHLAR - fantomas wrote:
> you only can upgrade to wheezy directly. upgrade accross versions is not
> supported.
I know, but that is not what I meant. I meant (and wrote), upgrade via
wheezy.
Paul
signature.asc
Description: OpenPGP digital signature
On 29-02-16 12:35, Markus Koschany wrote:
We recommend that you upgrade your systems to Debian 7 "Wheezy".
On 29.02.16 19:59, Paul Gevers wrote:
/me wonders, do we really recommend that? I would say we recommend our
users to upgrade to the current stable (via Wheezy), no? And wheezy-lts
is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Mon, 29 Feb 2016 20:02:20 +0100
Source: squid3
Binary: squid3 squid3-dbg squid3-common squidclient squid-cgi
Architecture: source all amd64
Version: 3.1.6-1.2+squeeze6
Distribution: squeeze-lts
Urgency: medium
Maintainer: Luigi
Hi Markus,
On 29-02-16 12:35, Markus Koschany wrote:
> We recommend that you upgrade your systems to Debian 7 "Wheezy".
/me wonders, do we really recommend that? I would say we recommend our
users to upgrade to the current stable (via Wheezy), no? And wheezy-lts
is there for those that can't or
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: php5
Version: 5.3.3.1-7+squeeze29
CVE ID : CVE-2015-2305 CVE-2015-2348
CVE-2015-2305
Integer overflow in the regcomp implementation in the Henry
Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on
Hi all,
as of today, the Debian squeeze LTS support will cease and squeeze
will finally enter the archived archives of Debian.
.oO( /me gets out his handkerchief ...)
As (paid) LTS contributor you may wonder what to do next, esp. until
the official Debian wheezy LTS support period starts
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: bsh
Version: 2.0b4-12+deb6u1
CVE ID : CVE-2016-2510
A remote code execution vulnerability was found in BeanShell, an
embeddable Java source interpreter with object scripting language
features.
CVE-2016-2510:
Am 29.02.2016 um 15:17 schrieb Raphael Hertzog:
> On Thu, 19 Nov 2015, Moritz Mühlenhoff wrote:
>> Another package which needs to be sorted out is the support for
>> Java. wheezy has both openjdk-6 and openjdk-7 (jessie has only
>> -7 and stretch will also only have one version).
>
> I asked our
Package: lxc
Version: 0.7.2-1+deb6u1
CVE ID : CVE-2013-6441 CVE-2015-1335
Debian Bug : #800471
Brief introduction
CVE-2013-6441
The template script lxc-sshd used to mount itself as /sbin/init in the
container using a writable bind-mount.
This update
On Thu, 19 Nov 2015, Moritz Mühlenhoff wrote:
> Another package which needs to be sorted out is the support for
> Java. wheezy has both openjdk-6 and openjdk-7 (jessie has only
> -7 and stretch will also only have one version).
I asked our current sponsors about OpenJDK 6 and none asked
us to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: pcre3
Version: 8.02-1.1+deb6u1
Debian Bug : 815921
HP's Zero Day Initiative has identified a vulnerability affecting the
pcre3 package. It was assigned ZDI id ZDI-CAN-3542. A CVE identifier has
not been assigned yet.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Mon, 29 Feb 2016 12:59:05 +0100
Source: bsh
Binary: bsh bsh-gcj bsh-doc bsh-src
Architecture: source all i386
Version: 2.0b4-12+deb6u1
Distribution: squeeze-lts
Urgency: high
Maintainer: Debian Java Maintainers
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Fri, 04 Dec 2015 16:17:06 +0100
Source: lxc
Binary: lxc
Architecture: source amd64
Version: 0.7.2-1+deb6u1
Distribution: squeeze-lts
Urgency: medium
Maintainer: Guido Trotter
Changed-By: Mike Gabriel
Am 28.02.2016 um 18:12 schrieb Holger Levsen:
> Hi Markus,
>
> On Sonntag, 28. Februar 2016, Markus Koschany wrote:
>> I have updated https://wiki.debian.org/LTS/Using to prepare for the
>> switch to Wheezy LTS. What do you think about sending an EOL
>> announcement to debian-lts-announce on
21 matches
Mail list logo