Re: [SECURITY] [DLA 1942-2] phpbb3 regression update

2019-10-07 Thread howard
Please discontinue sending [SECURITY] [XXX --] items,Thank you! On 10/7/19 12:23 AM, Mike Gabriel wrote: This is a follow-up to DLA-1942-1. There was some confusion about the correct fix for CVE-2019-13776. The correct announcement for this DLA should have been: Package:

Re: libsdl2 patches cause regressions in Jessie

2019-10-07 Thread Hugo Lefeuvre
> This looks like a regression, indeed. I will provide a regression update > as soon as possible. Looks like I'm actually not the one who issued this update. Abhijith: do you want to handle this, or should I proceed with a fix tomorrow? cheers, Hugo -- Hugo Lefeuvre (hle)|

Re: libsdl2 patches cause regressions in Jessie

2019-10-07 Thread Hugo Lefeuvre
Hi, > If my understanding is correct, some patches in libsdl2 > (2.0.2+dfsg1-6+deb8u1) as applied in Jessie cause issues because they were > intended for libsdl1.2, not libsdl2. > The patch for CVE-2019-7637 causes regressions (more info here >

libsdl2 patches cause regressions in Jessie

2019-10-07 Thread Avital Ostromich
Hello, If my understanding is correct, some patches in libsdl2 (2.0.2+dfsg1-6+deb8u1) as applied in Jessie cause issues because they were intended for libsdl1.2, not libsdl2. The patch for CVE-2019-7637 causes regressions (more info here ), the

Re: [SECURITY] [DLA 1942-1] phpbb3 security update

2019-10-07 Thread mike . gabriel
Hi Holger, Am Montag, 7. Oktober 2019 schrieb Holger Levsen: > Hi Mike, > > On Sun, Oct 06, 2019 at 10:14:23PM +, Mike Gabriel wrote: > > I tried another time, like described by Ben (a new DLA-1942-2), but the mail > > still has not arrived on the list. > > I've now send it for you. (mutt

[SECURITY] [DLA 1948-1] ruby-mini-magick security update

2019-10-07 Thread Abhijith PA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: ruby-mini-magick Version: 3.8.1-1+deb8u1 CVE ID : CVE-2019-13574 Debian Bug : 931932 In lib/mini_magick/image.rb in ruby-mini-magick, a fetched remote image filename could cause remote command execution because

Accepted ruby-mini-magick 3.8.1-1+deb8u1 (source all) into oldoldstable

2019-10-07 Thread Utkarsh Gupta
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 30 Sep 2019 22:56:54 +0530 Source: ruby-mini-magick Binary: ruby-mini-magick Architecture: source all Version: 3.8.1-1+deb8u1 Distribution: jessie-security Urgency: medium Maintainer: Debian Ruby Extras Maintainers

Re: [SECURITY] [DLA 1942-1] phpbb3 security update

2019-10-07 Thread Holger Levsen
Hi Mike, On Sun, Oct 06, 2019 at 10:14:23PM +, Mike Gabriel wrote: > I tried another time, like described by Ben (a new DLA-1942-2), but the mail > still has not arrived on the list. I've now send it for you. (mutt -H $file is what I've used for that.) > I will be afk for the next couple of

[SECURITY] [DLA 1942-2] phpbb3 regression update

2019-10-07 Thread Mike Gabriel
This is a follow-up to DLA-1942-1. There was some confusion about the correct fix for CVE-2019-13776. The correct announcement for this DLA should have been: Package: phpbb3 Version: 3.0.12-5+deb8u4 CVE ID : CVE-2019-13776 CVE-2019-16993 CVE-2019-16993 In phpBB,

(semi-)automatic unclaim of packages with more than 2 weeks of inactivity

2019-10-07 Thread Holger Levsen
hi, today I unclaimed for LTS: -xtrlock (Chris Lamb) and nothing for eLTS. -- tschau, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C