Hi,
On Sun, 11 Sep 2016, Brian May wrote:
> > I have put myself a note to review the internal documentation to ensure we
> > have something about this. It would be good to have something in the wiki
> > as well.
> >
> > Anyone should feel free to do it before I find the time to do it.
>
> I had a
Hi Jean,
> wheezy-pu: package libphp-adodb/5.15-1
I currently have the soft "lock" on this package in data/dla-needed.txt.
Would you like me to upload this to LTS? Surely wheezy-pu doesn't even
exist anymore…?
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.
> Summary (for quoting here): Unless there are disagreements I will mark
> inspircd as unsupported in LTS in a few days or so.
Done.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
On 2016-09-13 8:46, Chris Lamb wrote:
Hi Jean,
wheezy-pu: package libphp-adodb/5.15-1
I currently have the soft "lock" on this package in
data/dla-needed.txt.
Would you like me to upload this to LTS? Surely wheezy-pu doesn't even
exist anymore…?
In practical terms, indeed not.
fwiw, the
Adam D. Barratt wrote:
> > Surely wheezy-pu doesn't even exist anymore…?
>
> In practical terms, indeed not.
Then let's close this bug then (in bcc) and not distract the release team
any more :)
> fwiw, the original bug report doesn't appear to have made it to
> debian-release, so I assume th
On 13.09.2016 07:11, Roberto C. Sánchez wrote:
> I was looking over the dla-needed.txt entries and saw that mysql-5.5 was
> in need of a DLA, so I claimed it. However, before I begin preparing
> the update, I thought I would ask a couple of questions to ensure that I
> understand clearly what need
On Tue, Sep 13, 2016 at 12:21:21PM +0200, Markus Koschany wrote:
>
> Indeed we have always packaged new upstream releases of mysql for Wheezy
> because Oracle doesn't disclose the exact fix for a known CVE issue. We
> also can't assume that a MariaDB or Percona fix is identical for MySQL.
>
I had
Hopefully I collected all the right CCs, if just Debian LTS is enough
please tell me, sorry for duplicate emails..
On Mon, Sep 12, 2016 at 10:22:29AM +0200, Markus Koschany wrote:
> On 12.09.2016 00:46, Bálint Réczey wrote:
> > 2016-09-12 0:18 GMT+02:00 Hugo Lefeuvre :
> >> I'd like to prepare an
On Mon, Sep 12, 2016 at 12:52:32PM +0200, Hugo Lefeuvre wrote:
> > I'm counting 22 open CVEs for libav at the moment. Which of them do you
> > intend to address with your fixes? Do you mind working together with
> > Hugo Lefeuvre on some issues? I could imagine you both could pool your
> > resource
On 13.09.2016 15:00, Diego Biurrun wrote:
> On Mon, Sep 12, 2016 at 12:52:32PM +0200, Hugo Lefeuvre wrote:
>>> I'm counting 22 open CVEs for libav at the moment. Which of them do you
>>> intend to address with your fixes? Do you mind working together with
>>> Hugo Lefeuvre on some issues? I could i
On Tue, Sep 13, 2016 at 03:14:41PM +0200, Markus Koschany wrote:
> On 13.09.2016 15:00, Diego Biurrun wrote:
> > On Mon, Sep 12, 2016 at 12:52:32PM +0200, Hugo Lefeuvre wrote:
> >>> I'm counting 22 open CVEs for libav at the moment. Which of them do you
> >>> intend to address with your fixes? Do y
Estimados Srs.
Quisieramos entrar en contacto con la persona encarga de compras de
servicios de Transporte de Carga de su organización, nos gustaría ofrecerles
nuestros servicios, por lo que agradecemos cualquier información que nos pueda
facilitar de contacto de la misma.
Puede ver nuestra n
On Tuesday 13 September 2016 08:46:48 Chris Lamb wrote:
>> wheezy-pu: package libphp-adodb/5.15-1
> Would you like me to upload this to LTS?
Yes please.
I didn't realise oldstable-pu was dead.
Hi Diego,
> What's the problem with cooperating through the upstream repository?
No problem for me as long as I can easily determine which commit fixes
which CVE.
I'll start preparing an LTS upload integrating your first patches.
Cheers,
Hugo
--
Hugo Lefeuvre (hle)|www.o
> > Would you like me to upload this to LTS?
>
> Yes please.
Done.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
On 13.09.2016 16:48, Diego Biurrun wrote:
> On Tue, Sep 13, 2016 at 03:14:41PM +0200, Markus Koschany wrote:
[...]
>> In short we need:
>>
>> a) the single patches rebased against the current version in Wheezy or a
>> Git repository for the same purpose
>
> https://git.libav.org/?p=libav.git;a=sho
Markus Koschany wrote:
> Just to be clear a new upstream libav doesn't need to coincide with a
> Debian security update. It wouldn't do any harm though. Important is
> that we only fix security related issues and leave possible features out
> that are not strictly needed to fix the CVEs.
This is n
On 13.09.2016 19:16, Moritz Muehlenhoff wrote:
> Markus Koschany wrote:
>> Just to be clear a new upstream libav doesn't need to coincide with a
>> Debian security update. It wouldn't do any harm though. Important is
>> that we only fix security related issues and leave possible features out
>> tha
On Tue, Sep 13, 2016 at 05:47:12PM +0200, Markus Koschany wrote:
> On 13.09.2016 16:48, Diego Biurrun wrote:
> > On Tue, Sep 13, 2016 at 03:14:41PM +0200, Markus Koschany wrote:
> [...]
> >> In short we need:
> >>
> >> a) the single patches rebased against the current version in Wheezy or a
> >> Gi
On 13.09.2016 21:01, Diego Biurrun wrote:
> On Tue, Sep 13, 2016 at 05:47:12PM +0200, Markus Koschany wrote:
[...]
> I think there is a misunderstanding here, so let me explain:
>
> 1) I've been using Debian for 15+ years now and I understand the policy
> for package updates that go into stable: o
CVE-2015-7554 / http://bugzilla.maptools.org/show_bug.cgi?id=2564
Duplicate:
CVE-2016-5318 / http://bugzilla.maptools.org/show_bug.cgi?id=2561
What would be considered an acceptable fix here? It looks like a proper
fix is not available without changing the API due to limitations in the
stdarg.h
On Tue, Sep 13, 2016 at 12:21:21PM +0200, Markus Koschany wrote:
>
> I suggest to package the latest Oracle release 5.5.52 that addresses the
> vulnerability. I'm not sure if we should wait until more details about
> CVE-2016-6663 are known. Maybe it wouldn't be too bad to ask the
> security team
22 matches
Mail list logo
