Hi Ola,
On Wed, September 14, 2016 23:39, Ola Lundqvist wrote:
> I have prepared a security update of phpmyadmin for wheezy.
Thank you for your work.
I plan to have all these issues reviewed on Saturday at the latest.
Cheers,
Thijs
Hi Thijs and LTS team
I have prepared a security update of phpmyadmin for wheezy.
The prepared packages are available here:
http://apt.inguza.net/wheezy-security/phpmyadmin
For more information see here:
https://security-tracker.debian.org/tracker/source-package/phpmyadmin
The debdiff is availa
> If you look at the type of changes that go into libav release branches,
> it is mostly leaf code, almost never changes to the core itself. Thus,
> if there was a regression, there would only be 1-2 relevant changes and
> very little source code change to investigate.
OK, I'll wait for your relea
On Wed, Sep 14, 2016 at 02:58:48PM +0200, Markus Koschany wrote:
>
> Maybe you should contact Dawid Golunski who published the advisory and
> ask him to clarify the issue. As I understand it CVE-2016-6662 is fixed
> in version 5.5.52 which is confirmed by the official changelog in my
> opinion. [1
On 14.09.2016 04:50, Roberto C. Sánchez wrote:
[...]
> Does anyone have any thoughts on the matter?
Maybe you should contact Dawid Golunski who published the advisory and
ask him to clarify the issue. As I understand it CVE-2016-6662 is fixed
in version 5.5.52 which is confirmed by the official ch
On 2016-09-13 22:50:29, Roberto C. Sánchez wrote:
> [ Unknown signature status ]
> On Tue, Sep 13, 2016 at 12:21:21PM +0200, Markus Koschany wrote:
>>
>> I suggest to package the latest Oracle release 5.5.52 that addresses the
>> vulnerability. I'm not sure if we should wait until more details abo
Hi Brian,
On Wed, Sep 14, 2016 at 08:26:06AM +1000, Brian May wrote:
> CVE-2015-7554 / http://bugzilla.maptools.org/show_bug.cgi?id=2564
>
> Duplicate:
>
> CVE-2016-5318 / http://bugzilla.maptools.org/show_bug.cgi?id=2561
Minor comment: if you are sure that those are duplicates you might try
to
On Wed, Sep 14, 2016 at 12:09:05PM +0200, Hugo Lefeuvre wrote:
> > This is not how libav security updates are handled in Debian; we've
> > always shipped the 0.8.x and 11.x bugfix releases in -security.
>
> So, should we wait for the new upstream release to make a Debian LTS/Security
> upload ?
>
Hi,
> This is not how libav security updates are handled in Debian; we've
> always shipped the 0.8.x and 11.x bugfix releases in -security.
So, should we wait for the new upstream release to make a Debian LTS/Security
upload ?
IMHO, directly packaging the new upstream release is a good idea but
Hi,
On Wed, 14 Sep 2016, Brian May wrote:
> CVE-2015-7554 / http://bugzilla.maptools.org/show_bug.cgi?id=2564
>
> Duplicate:
>
> CVE-2016-5318 / http://bugzilla.maptools.org/show_bug.cgi?id=2561
>
> What would be considered an acceptable fix here? It looks like a proper
> fix is not available w
10 matches
Mail list logo