Re: [Secure-testing-commits] r51756 - data/CVE

2017-05-19 Thread Moritz Muehlenhoff
On Fri, May 19, 2017 at 06:34:10PM +0200, Hugo Lefeuvre wrote: > Hi Moritz, > > On Fri, May 19, 2017 at 06:25:43PM +0200, Moritz Muehlenhoff wrote: > > On Fri, May 19, 2017 at 04:23:25PM +, Hugo Lefeuvre wrote: > > > Author: hle > > > Date: 2017-05-19 16:23:25 + (Fri, 19 May 2017) > > >

Re: [Secure-testing-commits] r51756 - data/CVE

2017-05-19 Thread Hugo Lefeuvre
Hi Moritz, On Fri, May 19, 2017 at 06:25:43PM +0200, Moritz Muehlenhoff wrote: > On Fri, May 19, 2017 at 04:23:25PM +, Hugo Lefeuvre wrote: > > Author: hle > > Date: 2017-05-19 16:23:25 + (Fri, 19 May 2017) > > New Revision: 51756 > > > > Modified: > >data/CVE/list > > Log: > > CVE

Re: [Secure-testing-commits] r51756 - data/CVE

2017-05-19 Thread Moritz Muehlenhoff
On Fri, May 19, 2017 at 04:23:25PM +, Hugo Lefeuvre wrote: > Author: hle > Date: 2017-05-19 16:23:25 + (Fri, 19 May 2017) > New Revision: 51756 > > Modified: >data/CVE/list > Log: > CVE triage for libav in wheezy by Diego Biurrun That's no okay. Why do you remove several entries?

Re: Swapping two

2017-05-19 Thread Chris Lamb
Ola Lundqvist wrote: > Sure. No problem. Please update the file. I have updated my calendar. Done; many thanks :) Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-

Re: Swapping two

2017-05-19 Thread Ola Lundqvist
Sure. No problem. Please update the file. I have updated my calendar. Sent from a phone Den 19 maj 2017 12:02 skrev "Chris Lamb" : > Dear Ola, > > I hope this finds you well. ``org/lts-frontdesk.2017.txt`` has: > > From 02-10 to 08-10:Ola Lundqvist > From

[SECURITY] [DLA 946-1] nss security update

2017-05-19 Thread Raphael Hertzog
Package: nss Version: 2:3.26-1+debu7u3 CVE ID : CVE-2017-5461 CVE-2017-5462 Debian Bug : 862958 The NSS library is vulnerable to two security issues: CVE-2017-5461 Out-of-bounds write in Base64 encoding. This can trigger a crash (denial of service) and might

Accepted nss 2:3.26-1+debu7u3 (source amd64) into oldstable

2017-05-19 Thread Raphaël Hertzog
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 19 May 2017 12:12:48 +0200 Source: nss Binary: libnss3 libnss3-1d libnss3-tools libnss3-dev libnss3-dbg Architecture: source amd64 Version: 2:3.26-1+debu7u3 Distribution: wheezy-security Urgency: medium Maintainer: Maintainers

CVE-2017-6960 in apng2gif

2017-05-19 Thread Hugo Lefeuvre
Hi, I've had a look at CVE-2017-6960 and tried to write a patch fixing it but I'm not 100% sure that my solution is the "right" one. ** Short summary of the issue A segmentation fault occurs at line 627, in LoadAPNG: memset(pOut1, 0, outimg1); memory allocation for pOut1 is realized at

Swapping two

2017-05-19 Thread Chris Lamb
Dear Ola, I hope this finds you well. ``org/lts-frontdesk.2017.txt`` has: From 02-10 to 08-10:Ola Lundqvist From 09-10 to 15-10:Chris Lamb I was wondering if we could swap these two weeks? No worries if not… Best wishes, -- ,''`. :