Hello Brian,
On 25 Sep 2019 16:42:39, Brian May wrote:
> Hello All,
>
> I just noticed I can't build ruby-mini-magick in Jessie,
> required for a security update.
>
> expected no Exception, got # -quiet -ping /tmp/mini_magick20190925-3686-3v99mo.psd") failed:
> {:status_code=>1, :output=>""}>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: jackson-databind
Version: 2.4.2-2+deb8u9
CVE ID : CVE-2019-14540 CVE-2019-16335 CVE-2019-16942
CVE-2019-16943
Debian Bug : 940498 941530
More deserialization flaws were discovered in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 02 Oct 2019 21:36:21 +0200
Source: jackson-databind
Binary: libjackson2-databind-java libjackson2-databind-java-doc
Architecture: source all
Version: 2.4.2-2+deb8u9
Distribution: jessie-security
Urgency: high
Maintainer:
Hi Holger,
> > This work has already been done for stretch, so we should be able to
> > backport it to jessie. Still, I'm going to spend quite some time on it...
>
> what does 'some time' mean? in general, this seems reasonable to me.
The debdiffs are fairly simple, and the versions are close.
On Wed, Oct 02, 2019 at 07:16:10PM +0200, Hugo Lefeuvre wrote:
> This work has already been done for stretch, so we should be able to
> backport it to jessie. Still, I'm going to spend quite some time on it...
what does 'some time' mean? in general, this seems reasonable to me.
--
cheers,
Hi,
I've spent a couple of hours working on ClamAV since yesterday. I have
backported Sebastian Andrzej Siewior's work to jessie, and tested it. Fine
so far, this fixes a couple of issues including the Zip bomb ones.
Problem: we're backporting 0.101.4 to jessie. This implies an ABI bump and
Hi Mike,
On Wed, Oct 02, 2019 at 02:01:25PM +, Mike Gabriel wrote:
> On Di 01 Okt 2019 13:32:25 CEST, Sylvain Beucler wrote:
> > I see you reverted affectation for CVE-2019-13376.
> >
> > CVE-2019-13376 is an follow-up fix to CVE-2019-16993 (2016) which I
> > registered just yesterday
Hi Sylvain,
On Di 01 Okt 2019 13:32:25 CEST, Sylvain Beucler wrote:
Hi Gabriel,
I see you reverted affectation for CVE-2019-13376.
CVE-2019-13376 is an follow-up fix to CVE-2019-16993 (2016) which I
registered just yesterday toclarify that we've been missing this earlier
fix (AFAICS
Hi Urkarsh,
On Wed, Oct 02, 2019 at 06:35:29AM +0530, Utkarsh Gupta wrote:
> Hey, I joined back in July as a trainee and now a part of the LTS team
> since this October, and all this while I forgot to introduce myself, so
> here it goes.. I am 19 y/o Debian Maintainer (opening a NM process for
>
Hi,
Here is my LTS report for September 2019.
I was allocated 23.75h. Unfortunately I did not manage to spend any of
them. Last month was very busy on the personal side, and I had to
temporarily pause my Debian involvement. Everything should be back to
normal now, and I expect to be able to
Hi Utkarsh,
> Apart from open source, my interests lies in Parsers, Compilers,
> and Computer Architecture. Though I haven't gotten much there,
> but I hope I soon will (still figuring out how to go about it).
Ah, I immediately think of my university days and the "Dragon
Book"… Welcome to the
11 matches
Mail list logo