Re: phpmyadmin / CVE-2018-19968

Sorry, somehow stuffed up the subject line. Meant to reference CVE-2018-19968. -- Brian May

phpmyadmin / CVE-2016-5739.patch

Ok, so as far as I can tell, looking at the version in wheezy, the problem is that we load source files like so (there are two occurances in the code that I can see, both very similar): include_once $include_file; Where include_file comes from: $file = $mime_map[$meta->name]['transformation'];

[SECURITY] [DLA 1610-1] sleuthkit security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: sleuthkit Version: 4.1.3-4+deb8u1 CVE ID : CVE-2018-19497 Debian Bug : 914796 It was discovered that the Sleuth Kit (TSK) through version 4.6.4 is affected by a buffer over-read vulnerability. The tsk_getu16

[SECURITY] [DLA 1609-1] libapache-mod-jk security update

Package: libapache-mod-jk Version: 1.2.46-0+deb8u1 CVE ID : CVE-2018-11759 A vulnerability has been discovered in libapache-mod-jk, the Apache 2 connector for the Tomcat Java servlet engine. The libapache-mod-jk connector is susceptible to information disclosure and

Accepted libapache-mod-jk 1:1.2.46-0+deb8u1 (source amd64 all) into oldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 20 Nov 2018 01:39:48 -0500 Source: libapache-mod-jk Binary: libapache2-mod-jk libapache-mod-jk-doc Architecture: source amd64 all Version: 1:1.2.46-0+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian Java

Re: MySQL 5.5 EOL before Debian 8 LTS ends

On Mon, 17 Dec 2018 10:49:57 +0100 Emilio Pozuelo Monfort wrote: > MySQL 5.5 should be EOL this month if nothing has changed, although I > don't see an announcement on [1] yet. Maybe it will be published next > month when the next CPU (critical patch update) is released. Norvald, > do you know

Accepted sleuthkit 4.1.3-4+deb8u1 (source amd64) into oldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 17 Dec 2018 15:50:45 +0100 Source: sleuthkit Binary: sleuthkit libtsk10 libtsk-dev Architecture: source amd64 Version: 4.1.3-4+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian Forensics Changed-By: Hugo

Re: Possible patch-backport problem for libphp-phpmailer (DLA-1591-1)

On 12/12/2018 04:56, Abhijith PA wrote: > Hi. > > On Tuesday 11 December 2018 12:59 PM, Chris Lamb wrote: >> Hi Salvatore. >> >>> While preparing an update for libphp-phpmailer I noticed in the >>> patch/diff for DLA-1591-1 for libphp-phpmailer the following: >> >> Thanks for flagging. I will try

Re: MySQL 5.5 EOL before Debian 8 LTS ends

Hi, On 22/05/2018 07:10, Lars Tangvald wrote: > > > On 05/21/2018 03:22 PM, Matus UHLAR - fantomas wrote: Am 22.01.2018 um 13:42 schrieb Lars Tangvald: > First off, thanks for handling the 5.5.59 update for Wheezy. I had the > security announcement date mixed up so picked it up too