-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
May was my 27th month as a Debian LTS paid contributor.I was
assigned 14 hours plus 4 hours from last month, a total of 18 hours. I
spent all of them for the following
* Salt: Backoprted CVE-2020-11651, CVE-2020-11652. Uploaded and issued
dla[1]
hi,
today I unclaimed for LTS:
- bluez (Roberto C. Sánchez)
- opendmarc (Thorsten Alteholz)
- php5 (Thorsten Alteholz)
and none for ELTS.
Also, noone had claimed 4 or more packages.
Two DLAs have been reserved but not yet been published on www.debian.org:
- DLA 2238-1 (reserved by Abhijith PA
Hello everyone.
Yesterday, 7th June, I uploaded firefox-esr_68.9.0esr-1~deb8u1 to
jessie-security. The binary package I built and uploaded was for amd64.
It is known that the armhf/armel built has been broken (I think because
of a problem with the supporting toolchain), but the i386 build has bee
Hi Roberto,
> I will use the advisory text from DSA 4695-1 (the corresponding DSA
> for firefox-esr in stable and oldstable) and add a note that
> 68.9.0esr-1~deb8u1 was the first version to actually contain the
> referenced fixes. Should I include in the note anything about the
> reason for the
On Mon, Jun 08, 2020 at 09:22:22AM -0400, Roberto C. Sánchez wrote:
>...
> My intent is to upload firefox-esr_68.9.0esr-1~deb8u2 once the build is
> complete and then go through the normal DLA reservation/publication
> process with a version number of 68.9.0esr-1~deb8u2 (once the amd64
> buildd com
On Mon, Jun 08, 2020 at 05:32:20PM +0300, Adrian Bunk wrote:
> On Mon, Jun 08, 2020 at 09:22:22AM -0400, Roberto C. Sánchez wrote:
> >...
> > My intent is to upload firefox-esr_68.9.0esr-1~deb8u2 once the build is
> > complete and then go through the normal DLA reservation/publication
> > process w
I notice that according to DSA-4694, unbound is not supported anymore in
Stretch.
https://www.debian.org/security/2020/dsa-4694
Does this mean we should also mark it as unsupported in Jessie?
--
Brian May
https://linuxpenguins.xyz/brian/
This appears to be a vulnerability in that the "load()" function will
not correctly filter out javascript from loaded HTML.
https://snyk.io/vuln/SNYK-JS-JQUERY-569619
As per was supposedly fixed in the following commit:
https://github.com/jquery/jquery/commit/a938d7b1282fc0e5c52502c225ae8f0cef219
Brian,
> Do we only need to filter out javascript if a selector is provided for
> some reason?
Yes. Javascript development is fun.
(As I added in the notes, I do not know how we are meant to cleanly
fix this issue in jessie's version of jQuery.)
Regards,
--
,''`.
: :' : Chris
