Re: Security update of phpmyadmin for wheezy

Hi Ola, On Wed, September 14, 2016 23:39, Ola Lundqvist wrote: > I have prepared a security update of phpmyadmin for wheezy. Thank you for your work. I plan to have all these issues reviewed on Saturday at the latest. Cheers, Thijs

Security update of phpmyadmin for wheezy

Hi Thijs and LTS team I have prepared a security update of phpmyadmin for wheezy. The prepared packages are available here: http://apt.inguza.net/wheezy-security/phpmyadmin For more information see here: https://security-tracker.debian.org/tracker/source-package/phpmyadmin The debdiff is availa

Re: wheezy update for libav

> If you look at the type of changes that go into libav release branches, > it is mostly leaf code, almost never changes to the core itself. Thus, > if there was a regression, there would only be 1-2 relevant changes and > very little source code change to investigate. OK, I'll wait for your relea

Re: Questions regarding MySQL update

On Wed, Sep 14, 2016 at 02:58:48PM +0200, Markus Koschany wrote: > > Maybe you should contact Dawid Golunski who published the advisory and > ask him to clarify the issue. As I understand it CVE-2016-6662 is fixed > in version 5.5.52 which is confirmed by the official changelog in my > opinion. [1

Re: Questions regarding MySQL update

On 14.09.2016 04:50, Roberto C. Sánchez wrote: [...] > Does anyone have any thoughts on the matter? Maybe you should contact Dawid Golunski who published the advisory and ask him to clarify the issue. As I understand it CVE-2016-6662 is fixed in version 5.5.52 which is confirmed by the official ch

Re: Questions regarding MySQL update

On 2016-09-13 22:50:29, Roberto C. Sánchez wrote: > [ Unknown signature status ] > On Tue, Sep 13, 2016 at 12:21:21PM +0200, Markus Koschany wrote: >> >> I suggest to package the latest Oracle release 5.5.52 that addresses the >> vulnerability. I'm not sure if we should wait until more details abo

Re: tiff / tiff3 / CVE-2015-7554 / CVE-2016-5318

Hi Brian, On Wed, Sep 14, 2016 at 08:26:06AM +1000, Brian May wrote: > CVE-2015-7554 / http://bugzilla.maptools.org/show_bug.cgi?id=2564 > > Duplicate: > > CVE-2016-5318 / http://bugzilla.maptools.org/show_bug.cgi?id=2561 Minor comment: if you are sure that those are duplicates you might try to

Re: wheezy update for libav

On Wed, Sep 14, 2016 at 12:09:05PM +0200, Hugo Lefeuvre wrote: > > This is not how libav security updates are handled in Debian; we've > > always shipped the 0.8.x and 11.x bugfix releases in -security. > > So, should we wait for the new upstream release to make a Debian LTS/Security > upload ? >

Re: wheezy update for libav

Hi, > This is not how libav security updates are handled in Debian; we've > always shipped the 0.8.x and 11.x bugfix releases in -security. So, should we wait for the new upstream release to make a Debian LTS/Security upload ? IMHO, directly packaging the new upstream release is a good idea but

Re: tiff / tiff3 / CVE-2015-7554 / CVE-2016-5318

Hi, On Wed, 14 Sep 2016, Brian May wrote: > CVE-2015-7554 / http://bugzilla.maptools.org/show_bug.cgi?id=2564 > > Duplicate: > > CVE-2016-5318 / http://bugzilla.maptools.org/show_bug.cgi?id=2561 > > What would be considered an acceptable fix here? It looks like a proper > fix is not available w