[SECURITY] [DLA 566-1] cakephp security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: cakephp Version: 1.3.15-1+deb7u1 Debian Bug : 832283 CakePHP, an open-source web application framework for PHP, was vulnerable to SSRF (Server Side Request Forgery) attacks. Remote attacker can utilize it for at least

Re: Wheezy update of collectd?

On 07/28/2016 05:02 PM, Sebastian Harl wrote: > Thanks. I updated dla-needed. > > The fixed packages are ready for upload now. Please find the full > debdiff (source and binary) attached to this email. Note that the > (seemingly) added dependency on libxtables7 is a no-op. It's a virtual >

Wheezy update of libspring-java?

Hello dear maintainer(s), the Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of libspring-java: https://security-tracker.debian.org/tracker/CVE-2016-127 Would you like to take care of this yourself? If yes, please follow the workflow we

Wheezy update of libapache2-mod-fcgid?

Hello dear maintainer(s), the Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of libapache2-mod-fcgid: https://security-tracker.debian.org/tracker/CVE-2016-1000104 Would you like to take care of this yourself? If yes, please follow the

Wheezy update of lighttpd?

Hello dear maintainer(s), the Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of lighttpd: https://security-tracker.debian.org/tracker/CVE-2016-1000212 Would you like to take care of this yourself? If yes, please follow the workflow we have

Wheezy update of twisted?

Hello dear maintainer(s), the Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of twisted: https://security-tracker.debian.org/tracker/CVE-2016-1000111 Would you like to take care of this yourself? If yes, please follow the workflow we have

Wheezy update of xmlrpc-epi?

Hello dear maintainer(s), the Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of xmlrpc-epi: https://security-tracker.debian.org/tracker/CVE-2016-6296 Would you like to take care of this yourself? If yes, please follow the workflow we have

Wheezy update of libidn?

Hi, I prepared an wheezy update for libidn, fixing CVE-2016-6263, CVE-2016-6261 and CVE-2015-8948. I just applied the upstream's patches and tested the upgrade of package in a clean wheezy chroot. If someone could test/review my work I'll appreciate (debdiff is attached). I am waiting some

Re: Wheezy update of collectd?

Hi, On Thu, Jul 28, 2016 at 11:08:46AM -0300, Lucas Kanashiro wrote: > On 07/27/2016 11:16 AM, Sebastian Harl wrote: > > On Wed, Jul 27, 2016 at 04:14:25PM +0200, Sebastian Harl wrote: > >> On Wed, Jul 27, 2016 at 10:40:13AM -0300, Lucas Kanashiro wrote: > >>> But we want your opinion. Would you

Debconf16 LTS BoF - Summary

Hi, This is a summary of the Debian LTS BoF, held during Debconf 16. Full gobby text can be found at https://gobby.debian.org/export/debconf16/bof/debian-lts I have also added the TODO items to https://wiki.debian.org/LTS/TODO 1. Process to dispatch frontdesk duties The last manual and

Re: Wheezy update of libreoffice?

Hi, On Thu, Jul 28, 2016 at 07:12:16PM +0200, Bálint Réczey wrote: > Thank you for preparing the patch. > I'm building it right now and would like to test it if you have not done so > yet. > After it is tested feel free to upload it. Then it's best you mergechanges and upload after testing, I

Re: Wheezy update of libreoffice?

Hi Rene, 2016-07-28 18:29 GMT+02:00 Rene Engelhard : > Hi again, > > On Wed, Jul 27, 2016 at 10:03:13AM +0200, Balint Reczey wrote: >> If that workflow is a burden to you, feel free to just prepare an >> updated source package and send it to debian-lts@lists.debian.org >> (via a

Re: Wheezy update of libreoffice?

Hi again, On Wed, Jul 27, 2016 at 10:03:13AM +0200, Balint Reczey wrote: > If that workflow is a burden to you, feel free to just prepare an > updated source package and send it to debian-lts@lists.debian.org > (via a debdiff, or with an URL pointing to the source package, > or even with a

Re: Wheezy update of libreoffice?

Hi, On Wed, Jul 27, 2016 at 10:03:13AM +0200, Balint Reczey wrote: > the Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of libreoffice: > https://security-tracker.debian.org/tracker/CVE-2016-4324 > > Would you like to take care of this

Re: Wheezy update of collectd?

On 07/27/2016 11:16 AM, Sebastian Harl wrote: > On Wed, Jul 27, 2016 at 04:14:25PM +0200, Sebastian Harl wrote: >> On Wed, Jul 27, 2016 at 10:40:13AM -0300, Lucas Kanashiro wrote: >>> But we want your opinion. Would you like to take care of this yourself? >> I'm happy to take care of this

Re: CVE-2016-2313 fix wrong

On 28/07/16 13:35, Matus UHLAR - fantomas wrote: i believe the fix for CVE-2016-2313 in CVE-2016-2313-authentication-bypass.patch is invalid. On 28.07.16 14:26, Emilio Pozuelo Monfort wrote: Thanks for the report. I'll look at it later today. I have posted cacti bug

CVE-2016-2313 fix wrong

Hello, i believe the fix for CVE-2016-2313 in CVE-2016-2313-authentication-bypass.patch is invalid. Quoting the authorization settings: Web Basic Authentication - Authentication is handled by the web server. Users can be added or created automatically on first login if the Template User is

Wheezy and CVE-2016-2107

hi there, I try to apply https://security-tracker.debian.org/tracker/CVE-2016-2107 on debian wheezy. Despite having updated libssl1.0.0, openssl, apache2, libgnutls-openssl27 and even restarted the entire system. It still get reported of vulnerable everywhere: https://www.ssllabs.com,

Re: xen_4.1.6.1-1+deb7u2.dsc

Hi Hyacinthe On Wed, Jul 27, 2016 at 05:41:47PM +0200, Hyacinthe Cartiaux wrote: > I've tested in PV mode under wheezy x86_64: Thanks about the tests. Regards, Bastian -- Each kiss is as the first. -- Miramanee, Kirk's wife, "The Paradise Syndrome", stardate