Package: qt4-x11
Version: 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2
CVE ID : CVE-2018-15518 CVE-2018-19869 CVE-2018-19870 CVE-2018-19871
CVE-2018-19873
Debian Bug : #923003
Multiple issues have been addressed in Qt4.
CVE-2018-15518
A double-free or
Great!
Sent from a phone
Den mån 13 maj 2019 22:52Emilio Pozuelo Monfort skrev:
> On 13/05/2019 12:09, Emilio Pozuelo Monfort wrote:
> > It was not clear to me at the time of upload if it was addressed in
> 7u221. It
> > was not mentioned in the upstream announcement. I asked upstream for
> >
On 13/05/2019 12:09, Emilio Pozuelo Monfort wrote:
> It was not clear to me at the time of upload if it was addressed in 7u221. It
> was not mentioned in the upstream announcement. I asked upstream for
> clarification on its status, it may be that that CVE is Oracle specific and
> doesn't affect
Hi,
AFAICS dns-root-data has no reverse-dependency in Jessie (I ran the
script in a more recent box and got confused).
Does it make sense to update it after all?
bind9 ships 3 keys in /etc/bind/bind.keys with the comment "Servers
which were already using the old key (19036) should roll
Hi Sylvain,
I am actually not sure whether BIND 9 in Jessie already uses dns-root-data,
so maybe same procedure will be needed for bind9 package.
Could you perhaps also check unbound?
This is the most probable cause of the weird traffic with old key that DNS Root
Operators
see at root servers.
Hi,
On 13/05/2019 05:43, Ondřej Surý wrote:
> could you please update dns-root-data package in Jessie LTS to latest version
> from Unstable/Stretch?
I'll backport it following dkg's stretch update.
Besides setting up a bind9, anything we should test?
Cheers!
Sylvain
On 13/05/2019 10:55, Sylvain wrote:
> Thanks Ola.
>
> Emilio, can you confirm your latest upload also addresses CVE-2019-2697?
>
> It's MITRE page points to:
> https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
> "Mateusz Jurczyk of Google Project Zero: CVE-2019-2697,
Thanks Ola.
Emilio, can you confirm your latest upload also addresses CVE-2019-2697?
It's MITRE page points to:
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
"Mateusz Jurczyk of Google Project Zero: CVE-2019-2697, CVE-2019-2698"
which also references
Hi Sylvain
It was meant to consider CVE-2019-2697.
I do not know anything about re-consider this CVE as nothing has been noted
to that CVE that it has been ignored or should be treated in some other way.
// Ola
On Mon, 13 May 2019 at 10:57, Sylvain Beucler wrote:
> Hi,
>
> openjdk-7 is back
Package: postgresql-9.4
Version: 9.4.22-0+deb8u1
The PostgreSQL project has release a new minor release of the 9.4
branch.
For Debian 8 "Jessie", this has been uploaded as version
9.4.22-0+deb8u1.
We recommend that you upgrade your postgresql-9.4 packages.
Note that the end of
Hi,
openjdk-7 is back in dla-needed.txt with the commit message "Sounds
serious enough".
However it was re-added the day after DLA-1782-1 and there's no new CVE
since.
Was it an oversight, or was it meant to reconsider
https://security-tracker.debian.org/tracker/CVE-2019-2697 which wasn't
hi,
I've done this again, today I unclaimed:
- no packages for LTS.
- apache2 for eLTS (from Markus Koschany).
--
tschau,
Holger
---
holger@(debian|reproducible-builds|layer-acht).org
Am 12.05.19 um 23:58 schrieb Ben Hutchings:
> On Sun, 2019-05-12 at 22:35 +0200, Ola Lundqvist wrote:
>> Hi fellow LTS contributors
>>
>> How do we normally handle this. Do we add the package to dla-
>> needed.txt or?
>
> See my answer to the bug report. The "missing" binary package is
>
13 matches
Mail list logo
