For April I had 21 hours available. I spent 16.5 as follows:
- samba: CVE-2017-2619: final package preparation, review, and upload
- ghostscript: CVE-2017-8291: prepare, test, and upload package
- imagemagick: begin review of latest batch of CVEs
- icu: CVE-2017-7867, CVE-2017-7868: Assist Th
On Tue, May 09, 2017 at 09:57:25PM +0100, Chris Lamb wrote:
> Hey Thorsten,
>
> You currently have the following packages claimed in data/dla-needed.txt,
> some of them for over 3 weeks:
>
> bind9
> icu
> jasper
>
> Could you spare a few moments to update data/dla-needed.txt with "NOTE"s
>
On 09.05.2017 22:53, Chris Lamb wrote:
> Dear maintainer(s),
>
> The Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of binutils:
> https://security-tracker.debian.org/tracker/source-package/binutils
>
> Would you like to take care of this yo
Hey Thorsten,
You currently have the following packages claimed in data/dla-needed.txt,
some of them for over 3 weeks:
bind9
icu
jasper
Could you spare a few moments to update data/dla-needed.txt with "NOTE"s
as to their current status? Many thanks in advance. :)
Regards,
--
,''`
Dear maintainer(s),
The Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of binutils:
https://security-tracker.debian.org/tracker/source-package/binutils
Would you like to take care of this yourself?
If yes, please follow the workflow we have d
Dear maintainer(s),
The Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of rzip:
https://security-tracker.debian.org/tracker/source-package/rzip
Would you like to take care of this yourself?
If yes, please follow the workflow we have defined h
Hugo Lefeuvre writes:
> I think this is a crafted file.
>
> By the way, where did you find the reproducer ? I can't find it
> anywhere.
It was sent on the oss-security list as an attachment, but the HTML
archive strips attachments.
http://www.openwall.com/lists/oss-security/2016/10/10/1
So I h
Hi Brian,
> It looks like the bm_new() function, referenced by CVE-2016-8686 has
> been refactored. In particular the size calculation has been moved to a
> getsize function.
>
> Unfortunately the description of CVE-2016-8686 is vague - "A crafted
> image, through a fuzz testing, causes the memor
Dear maintainer(s),
The Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of eglibc:
https://security-tracker.debian.org/tracker/source-package/eglibc
Would you like to take care of this yourself?
If yes, please follow the workflow we have defin
Hugo Lefeuvre writes:
>> This is the potrace 0.14 diff, which supposedly resolves CVE-2016-8685
>> and CVE-2016-8686 (which was previously described as not a bug in
>> #843861).
>>
>> Unfortunately, it is somewhat large...
>>
>> https://github.com/skyrpex/potrace/commit/b3fce824046abcc0465deb55
10 matches
Mail list logo