Hi,
On Tue, 09 Aug 2016, Holger Levsen wrote:
> so I need to read the upstream changelog between 1.4.5 and 1.4.22 to
> find out why?
This update does fix bugs but not security bugs that would have warranted
a DLA on their own... it's just easier for us to work on the latest 1.4.x
release and make
Re: Guido Günther 2016-08-10 <20160810170325.ga5...@bogon.m.sigxcpu.org>
> Hello dear maintainer(s),
>
> the Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of postgresql-9.1:
That's actually already done, I'll post the LTS announcement tomor
Hello dear maintainer(s),
the Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of postgresql-9.1:
https://security-tracker.debian.org/tracker/CVE-2016-5423
https://security-tracker.debian.org/tracker/CVE-2016-5424
Would you like to take care of
Em Terça-feira, 9 de Agosto de 2016 16:18, Ola Lundqvist
escreveu:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package : mongodb
Version : 2.0.6-1+deb7u1
CVE ID : CVE-2016-6494
Debian Bug : 832908, 833087
This is an update of DLA-558-1. The previous build
Hi Brian
After some investigation I found the fix here:
https://github.com/matrixssl/matrixssl/commit/57d20a6e85a9cd570884aba686368dd77511d866
This is a very large commit but from
https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html
it looks like it is the followi
Brian May writes:
> Had a quick look at the matrixssl security vulnerability.
>
> Unfortunately, finding it difficult to work out which of the upstream
> changes fixes this.
Was meaning to be more informative here, unfortunately the train I was
travelling on unexpectedly terminated prematurely.
Guido Günther writes:
> Thanks for having a look! I've added twisted-web to dla-needed.txt as
> well (Salvatore already updated data/CVE/list).
My conclusions (for wheezy-security) are that:
* Neither twisted or twisted-web actually have a vulnerability.
* It is possible applications that depe
