-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: cakephp
Version: 1.3.15-1+deb7u1
Debian Bug : 832283
CakePHP, an open-source web application framework for PHP, was
vulnerable to SSRF (Server Side
Request Forgery) attacks. Remote attacker can utilize it for at least
On 07/28/2016 05:02 PM, Sebastian Harl wrote:
> Thanks. I updated dla-needed.
>
> The fixed packages are ready for upload now. Please find the full
> debdiff (source and binary) attached to this email. Note that the
> (seemingly) added dependency on libxtables7 is a no-op. It's a virtual
>
Hello dear maintainer(s),
the Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of libspring-java:
https://security-tracker.debian.org/tracker/CVE-2016-127
Would you like to take care of this yourself?
If yes, please follow the workflow we
Hello dear maintainer(s),
the Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of libapache2-mod-fcgid:
https://security-tracker.debian.org/tracker/CVE-2016-1000104
Would you like to take care of this yourself?
If yes, please follow the
Hello dear maintainer(s),
the Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of lighttpd:
https://security-tracker.debian.org/tracker/CVE-2016-1000212
Would you like to take care of this yourself?
If yes, please follow the workflow we have
Hello dear maintainer(s),
the Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of twisted:
https://security-tracker.debian.org/tracker/CVE-2016-1000111
Would you like to take care of this yourself?
If yes, please follow the workflow we have
Hello dear maintainer(s),
the Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of xmlrpc-epi:
https://security-tracker.debian.org/tracker/CVE-2016-6296
Would you like to take care of this yourself?
If yes, please follow the workflow we have
Hi,
I prepared an wheezy update for libidn, fixing CVE-2016-6263,
CVE-2016-6261 and CVE-2015-8948. I just applied the upstream's patches
and tested the upgrade of package in a clean wheezy chroot.
If someone could test/review my work I'll appreciate (debdiff is
attached). I am waiting some
Hi,
On Thu, Jul 28, 2016 at 11:08:46AM -0300, Lucas Kanashiro wrote:
> On 07/27/2016 11:16 AM, Sebastian Harl wrote:
> > On Wed, Jul 27, 2016 at 04:14:25PM +0200, Sebastian Harl wrote:
> >> On Wed, Jul 27, 2016 at 10:40:13AM -0300, Lucas Kanashiro wrote:
> >>> But we want your opinion. Would you
Hi,
This is a summary of the Debian LTS BoF, held during Debconf 16. Full
gobby text can be found at
https://gobby.debian.org/export/debconf16/bof/debian-lts
I have also added the TODO items to https://wiki.debian.org/LTS/TODO
1. Process to dispatch frontdesk duties
The last manual and
Hi,
On Thu, Jul 28, 2016 at 07:12:16PM +0200, Bálint Réczey wrote:
> Thank you for preparing the patch.
> I'm building it right now and would like to test it if you have not done so
> yet.
> After it is tested feel free to upload it.
Then it's best you mergechanges and upload after testing, I
Hi Rene,
2016-07-28 18:29 GMT+02:00 Rene Engelhard :
> Hi again,
>
> On Wed, Jul 27, 2016 at 10:03:13AM +0200, Balint Reczey wrote:
>> If that workflow is a burden to you, feel free to just prepare an
>> updated source package and send it to debian-lts@lists.debian.org
>> (via a
Hi again,
On Wed, Jul 27, 2016 at 10:03:13AM +0200, Balint Reczey wrote:
> If that workflow is a burden to you, feel free to just prepare an
> updated source package and send it to debian-lts@lists.debian.org
> (via a debdiff, or with an URL pointing to the source package,
> or even with a
Hi,
On Wed, Jul 27, 2016 at 10:03:13AM +0200, Balint Reczey wrote:
> the Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of libreoffice:
> https://security-tracker.debian.org/tracker/CVE-2016-4324
>
> Would you like to take care of this
On 07/27/2016 11:16 AM, Sebastian Harl wrote:
> On Wed, Jul 27, 2016 at 04:14:25PM +0200, Sebastian Harl wrote:
>> On Wed, Jul 27, 2016 at 10:40:13AM -0300, Lucas Kanashiro wrote:
>>> But we want your opinion. Would you like to take care of this yourself?
>> I'm happy to take care of this
On 28/07/16 13:35, Matus UHLAR - fantomas wrote:
i believe the fix for CVE-2016-2313 in
CVE-2016-2313-authentication-bypass.patch is invalid.
On 28.07.16 14:26, Emilio Pozuelo Monfort wrote:
Thanks for the report. I'll look at it later today.
I have posted cacti bug
Hello,
i believe the fix for CVE-2016-2313 in
CVE-2016-2313-authentication-bypass.patch is invalid.
Quoting the authorization settings:
Web Basic Authentication - Authentication is handled by the web server.
Users can be added or created automatically on first login if the Template
User is
hi there,
I try to apply https://security-tracker.debian.org/tracker/CVE-2016-2107 on
debian wheezy.
Despite having updated libssl1.0.0, openssl, apache2, libgnutls-openssl27
and even restarted the entire system. It still get reported of vulnerable
everywhere: https://www.ssllabs.com,
Hi Hyacinthe
On Wed, Jul 27, 2016 at 05:41:47PM +0200, Hyacinthe Cartiaux wrote:
> I've tested in PV mode under wheezy x86_64:
Thanks about the tests.
Regards,
Bastian
--
Each kiss is as the first.
-- Miramanee, Kirk's wife, "The Paradise Syndrome",
stardate
19 matches
Mail list logo