[SECURITY] [DLA 1020-1] jetty security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: jetty Version: 6.1.26-1+deb7u1 CVE ID : CVE-2017-9735 Debian Bug : 864898 It was discovered that Jetty, a Java servlet engine and webserver, was vulnerable to a timing attack which might reveal cryptographic

Accepted jetty 6.1.26-1+deb7u1 (source all amd64) into oldoldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 09 Jul 2017 23:01:33 +0200 Source: jetty Binary: libjetty-java libjetty-java-doc libjetty-extra-java libjetty-extra jetty Architecture: source all amd64 Version: 6.1.26-1+deb7u1 Distribution: wheezy-security Urgency: high

Re: unattended upgrades don't work in wheezy

On 09.07.17 15:41, Chris Lamb wrote: >Is this https://bugs.debian.org/762965 ? I don't think so. That bug is caused by someone making changes to config file ("For extra security i have added the parameter n=wheezy.") Ah okay, thanks. Can you file a new bug against unattended-upgrades with a

Re: unattended upgrades don't work in wheezy

Hi Matus, > >Is this https://bugs.debian.org/762965 ? > > I don't think so. That bug is caused by someone making changes to config > file ("For extra security i have added the parameter n=wheezy.") Ah okay, thanks. Can you file a new bug against unattended-upgrades with a "Version:" field of

[SECURITY] [DLA 1019-1] phpldapadmin security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: phpldapadmin Version: 1.2.2-5+deb7u1 CVE ID : CVE-2017-11107 Debian Bug : #867719 It was discovered that there was a cross-site scripting (XSS) vulnerability in phpldapadmin, a web-based interface for

Wheezy update of ncurses?

Dear maintainer(s), The Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of ncurses: https://security-tracker.debian.org/tracker/source-package/ncurses Would you like to take care of this yourself? If yes, please follow the workflow we have

Accepted sqlite3 3.7.13-1+deb7u4 (source all amd64) into oldoldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 09 Jul 2017 08:44:06 +0100 Source: sqlite3 Binary: lemon sqlite3 sqlite3-doc libsqlite3-0-dbg libsqlite3-0 libsqlite3-dev libsqlite3-tcl Architecture: source all amd64 Version: 3.7.13-1+deb7u4 Distribution: wheezy-security

[SECURITY] [DLA 1018-1] sqlite3 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: sqlite3 Version: 3.7.13-1+deb7u4 CVE ID : CVE-2017-10989 Debian Bug : #867618 It was discovered that there was a heap-based buffer over-read vulnerability in SQLite, a lightweight database engine. The

Wheezy update of vim?

Dear maintainer(s), The Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of vim: https://security-tracker.debian.org/tracker/source-package/vim Would you like to take care of this yourself? If yes, please follow the workflow we have defined

Wheezy update of tcpdump?

Dear maintainer(s), The Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of tcpdump: https://security-tracker.debian.org/tracker/source-package/tcpdump Would you like to take care of this yourself? If yes, please follow the workflow we have

Re: [SE,,CURITY] [DLA 1017-1] mpg123 security update

R Dne 8. 7. 2017 10:58 dop. napsal uživatel "Chris Lamb" : > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Package: mpg123 > Version: 1.14.4-1+deb7u2 > CVE ID : CVE-2017-10683 > Debian Bug : #866860 > > It was discovered that there was a