LTS report for March 2018 - Abhijith PA

This is my second month as a Debian LTS paid contributor. I was assigned 8hours and I spend all of it for the following. * golang: Continued my work on Backporting CVE-2018-7187. Thanks to Chris Lamb for uploading and releasing DLA[1] * zsh: Backport CVE-2014-10070, CVE-2014-10071,

[SECURITY] [DLA 1335-1] zsh security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: zsh Version: 4.3.17-1+deb7u2 CVE ID : CVE-2018-1071 CVE-2018-1083 Debian Bug : 894044 894043 Two security vulnerabilities were discovered in the Z shell. CVE-2018-1071 Stack-based buffer overflow in the

march report

I had 9.75 hours allocated in march and used all hours on the following. * frontdesk work: minor catchup at the beginning of the month * mercurial upload (DLA-1331-1), also fixed regression in the test suite, spotted by Chris Lamb (thanks!) * dovecot: tested the package provided by

Accepted zsh 4.3.17-1+deb7u2 (source all amd64) into oldoldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 31 Mar 2018 22:56:22 +0200 Source: zsh Binary: zsh zsh-doc zsh-static zsh-dev zsh-dbg Architecture: source all amd64 Version: 4.3.17-1+deb7u2 Distribution: wheezy-security Urgency: high Maintainer: Debian Zsh Maintainers

Accepted rubygems 1.8.24-1+deb7u2 (source all) into oldoldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 25 Mar 2018 18:09:13 +0200 Source: rubygems Binary: rubygems rubygems1.8 rubygems-doc Architecture: source all Version: 1.8.24-1+deb7u2 Distribution: wheezy-security Urgency: medium Maintainer: Daigo Moriwaki

testing wireshark for Wheezy LTS

Hi everybody, I uploaded version 1.12.1+g01b65bf-4+deb8u6~deb7u10 of wireshark to: https://people.debian.org/~alteholz/packages/wheezy-lts/wireshark/ It contains patches for: CVE-2018-7322, CVE-2018-7323, CVE-2018-7324, CVE-2018-7332, CVE-2018-7334, CVE-2018-7335, CVE-2018-7336,

Re: upload libvncserver

Thank you On 30 March 2018 at 21:00, Abhijith PA wrote: > > > On Friday 30 March 2018 11:28 PM, Ola Lundqvist wrote: > > Hi > > > > I have re-built the package and uploaded now. Will you send the DLA or > > do you want me to do that too? > > > > // Ola > > > > Thanks. > I

[SECURITY] [DLA 1334-1] mosquitto security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: mosquitto Version: 0.15-2+deb7u3 CVE ID : CVE-2017-7651 CVE-2017-7652 CVE-2017-7651 A crafted CONNECT packet from an unauthenticated client could result in extraordinary memory consumption.

[SECURITY] [DLA 1333-1] dovecot security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: dovecot Version: 1:2.1.7-7+deb7u2 CVE ID : CVE-2017-14461 CVE-2017-15130 CVE-2017-15132 Several vulnerabilities have been discovered in the Dovecot email server. The Common Vulnerabilities and Exposures project

Re: Fwd: [Ticket#2018033089000104] Ticket Created: [SECURITY] [DLA 1332-1] libvncserver security update

On 2018-03-31 14:11:13, Alexander Wirt wrote: > On Sat, 31 Mar 2018, Abhijith PA wrote: > >> Hello. >> I received this mail after sending DLA. Is it something set up by our >> sponsors ? Or spam. > Such autoresponders are not allowed on l.d.o. I unsubscribed the user from > all lists. I've

Re: Fwd: [Ticket#2018033089000104] Ticket Created: [SECURITY] [DLA 1332-1] libvncserver security update

On Sat, 31 Mar 2018, Abhijith PA wrote: > Hello. > I received this mail after sending DLA. Is it something set up by our > sponsors ? Or spam. Such autoresponders are not allowed on l.d.o. I unsubscribed the user from all lists. Alex - Debian Listmaster

Fwd: [Ticket#2018033089000104] Ticket Created: [SECURITY] [DLA 1332-1] libvncserver security update

Hello. I received this mail after sending DLA. Is it something set up by our sponsors ? Or spam. --abhijith Original Message From: Helpdesk EDV Sent: 31 March 2018 1:00:04 AM IST To: Abhijith PA Subject:

Accepted dovecot 1:2.1.7-7+deb7u2 (source all amd64) into oldoldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 24 Mar 2018 16:03:02 +0100 Source: dovecot Binary: dovecot-common dovecot-core dovecot-dev dovecot-imapd dovecot-pop3d dovecot-lmtpd dovecot-managesieved dovecot-pgsql dovecot-mysql dovecot-sqlite dovecot-ldap dovecot-gssapi