For August I spent 13 hours on the following:
- [LTS] tomcat8: CVE-2018-1336, CVE-2018-8034, CVE-2018-8037
- [ELTS] ghostscript: started a small amount of work, which I aborted
following the announcement that it was end of life for wheezy
- [LTS] ant: Review TEMP-0904191-9063D5 update by
Source: dnsmasq
Version: 2.72-3+deb8u2
Severity: important
Tags: patch
Hi Simon,
The DNS Root Key Signing Key (KSK) Rollover is scheduled for 11 October
2018 [1]. After this date, DNS resolvers will need to have the new key
(KSK-2017) to perform DNSSEC validation.
[1]
On Wed, 20 Jan 2016 16:25:31 +0100 Salvatore Bonaccorso
wrote:
> Hi Michael,
>
> Thanks for your reply.
>
> On Wed, Jan 20, 2016 at 04:01:22PM +0100, Michael Biebl wrote:
> > On Sat, 25 Apr 2015 15:08:19 +0200 Salvatore Bonaccorso
> > wrote:
> > > Source: network-manager
> > > Version:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Mon, 03 Sep 2018 12:17:12 +0530
Source: dojo
Binary: libjs-dojo-core libjs-dojo-dijit libjs-dojo-dojox
Architecture: source all
Version: 1.10.2+dfsg-1+deb8u1
Distribution: jessie-security
Urgency: medium
Maintainer: Debian
Chris Lamb wrote:
> > I've prepared security update for dojo. Please review and
> > upload. Debdiff is attached. Its a trivial patch to escape quotes.
>
> Will review and upload. I have reserved DLA-1492-1 for this
> purpose.
Uploaded and announced.
Regards,
--
,''`.
: :' :
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: dojo
Version: 1.10.2+dfsg-1+deb8u1
CVE ID : CVE-2018-15494
Debian Bug : #906540
It was discovered that there was a string injection vulnerability in
the "dojo" Javascript library.
For Debian 8 "Jessie", this
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hello.
I've prepared security update for dojo. Please review and
upload. Debdiff is attached. Its a trivial patch to escape quotes.
Thanks
Abhijith PA
-BEGIN PGP SIGNATURE-
iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAluM38kACgkQhj1N8u2c