Re: CVE-2019-15690/libvncserver: reference embedded copies in italc/ssvnc/tightvnc/veyon/vncsnapshot ?

Hi all, On 18/03/2020 19:27, Moritz Muehlenhoff wrote: > On Wed, Mar 18, 2020 at 06:14:36PM +0100, Sylvain Beucler wrote: >> I excluded 3 out of 8 packages. I only added packages that actually >> contain the impacted code (VNC client connection, using original RealVNC >> codebase). > > "Contains

[SECURITY] [DLA 2157-1] weechat security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: weechat Version: 1.0.1-1+deb8u3 CVE ID : CVE-2020-8955 CVE-2020-9759 CVE-2020-9760 Several issues have been found in weechat, a fast, light and extensible chat client. All issues are about crafted messages, that

[SECURITY] [DLA 2156-1] e2fsprogs security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: e2fsprogs Version: 1.42.12-2+deb8u2 CVE ID : CVE-2019-5188 An issue has been found in e2fsprogs, a package that contains ext2/ext3/ext4 file system utilities. A specially crafted ext4 directory can cause an

Accepted weechat 1.0.1-1+deb8u3 (source all amd64) into oldoldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 16 Mar 2020 19:03:02 +0100 Source: weechat Binary: weechat weechat-curses weechat-core weechat-plugins weechat-doc weechat-dev weechat-dbg Architecture: source all amd64 Version: 1.0.1-1+deb8u3 Distribution: jessie-security

Accepted e2fsprogs 1.42.12-2+deb8u2 (source amd64) into oldoldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 22 Mar 2020 16:30:02 +0100 Source: e2fsprogs Binary: e2fsck-static libcomerr2 comerr-dev libss2 ss-dev e2fsprogs-udeb e2fslibs e2fslibs-dev e2fsprogs e2fsprogs-dbg e2fslibs-dbg libcomerr2-dbg libss2-dbg Architecture: source

Accepted ruby2.1 2.1.5-2+deb8u9 (source amd64 all) into oldoldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 24 Mar 2020 17:09:41 +0100 Source: ruby2.1 Binary: ruby2.1 libruby2.1 ruby2.1-dev ruby2.1-doc ruby2.1-tcltk Architecture: source amd64 all Version: 2.1.5-2+deb8u9 Distribution: jessie-security Urgency: medium Maintainer:

Re: tor EOL in jessie

On Tue, Mar 24, 2020 at 03:23:26PM +, Peter Palfrader wrote: > On Tue, 24 Mar 2020, Emilio Pozuelo Monfort wrote: > > >> Upstream is no longer maintaining the 0.2.4.x tree. Maybe it's time to > > >> terminate support for Tor in wheezy/oldoldstable? > > > I think so. I have marked it as

Re: tor EOL in jessie

On Tue, 24 Mar 2020, Emilio Pozuelo Monfort wrote: > On 28/12/2017 11:48, Emilio Pozuelo Monfort wrote: > > On 04/12/17 13:31, Peter Palfrader wrote: > >> Upstream is no longer maintaining the 0.2.4.x tree. Maybe it's time to > >> terminate support for Tor in wheezy/oldoldstable? > > > > I

tor EOL in jessie

On 28/12/2017 11:48, Emilio Pozuelo Monfort wrote: > On 04/12/17 13:31, Peter Palfrader wrote: >> Upstream is no longer maintaining the 0.2.4.x tree. Maybe it's time to >> terminate support for Tor in wheezy/oldoldstable? > > I think so. I have marked it as unsupported in

[SECURITY] [DLA 2155-1] tomcat8 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: tomcat8 Version: 8.0.14-1+deb8u16 CVE ID : CVE-2019-12418 Tomcat8 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to