>Thanks Roger. Since this upload seems to have been forgotten, I just
>made the upload and will soon release the DLA.
thanks for caring, it got buried under 2k unread emails, it wasn't forgotten,
but I have really too much old work to fixup and I'm slowly recovering only now
G.
Hello Roger,
>Here you go. Build and runtime tested.
we should really patch also jessie, stretch and sid, right?
(and Ubuntu, if you want to send me debdiffs)
thanks!
G.
Hello Thorsten,
>I hope you don't mind that I added both of you to data/dla-needed.txt for
>the Wheezy update of mosquitto for CVE-2017-9868.
>
Roger, do you want to provide debdiffs?
thanks
G.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: mosquitto
Version: 0.15-2+deb7u1
CVE ID : CVE-2017-7650
Debian Bug :
CVE-2017-7650: Pattern based ACLs can be bypassed by clients that set their
username/client id to ‘#’ or ‘+’.
This allows locally or remotely
Hi Adam,
(answering in general, not in this particular situation)
>I've reviewed the upload, but I'm not sure if you coordinated it
>with the LTS team. I find a contradition:
> https://lists.debian.org/debian-lts/2016/06/msg00031.html
>says vlc is no longer supported in wheezy, yet in
> https
Hi,
>Hello,
>
>we have virtualbox-ose in dla-needed.txt for a while already. Upstream
>support by Oracle ended in June 2015 and I doubt that we will ever have
>fixes for the latest issues that have been reported against it...
>
>I would thus suggest that we send out a DLA announcing that it's n
Hi Folks,
I did the update (I did some testing and everything seems good)
http://debomatic-amd64.debian.net/distribution#squeeze-lts/virtualbox-ose/3.2.28-dfsg-1+squeeze1/buildlog
I see Mike on the page mentioned on the wiki,
"virtualbox-ose (Mike Gabriel)"
so please Mike, can you get the pac
Hi Ben,
>> I plan to do the same with virtualbox-ose and squeeze if you allow me too.
>> (from 3.2.10 to 3.2.28).
>That's handled by the separate Debian LTS team at debian-...@list.debian.org
updating from 3.2.10 to 3.2.28 in a similar way to the one we did for -security
will fix all the CVEs
Hi Ben,
sorry for the late answer, but I need to understand how Oracle will continue to
play the Open Source game.
They generally refuse to give CVE patches.
Oracle forbids employes to give commit id to Developers who want to cherry-pick
a patch for a CVE.
Months ago Frank (from Oracle) he
Hi dear Nguyen,
for me if it applies to ettercap/squeeze cleanly it is fine :)
Let's wait for Raphael, I don't have any more issues!
Cheers,
G.
Il Sabato 27 Dicembre 2014 5:04, Nguyen Cong
ha scritto:
Dear Gianfranco Costamagna,
Many thanks for your comments.
> I would s
es are not available here
the other looks good to me :)
cheers,
G.
(sorry for top posting)
Il Giovedì 25 Dicembre 2014 11:26, Nguyen Cong
ha scritto:
Hello Gianfranco Costamagna and Raphael Hertzog,
Many thanks for your comments, especially Raphael :).
> I propose something like this ins
Hi *,
nope, you seems to be modifying other patches rather than the strict necessary
to fix this bug.
Moreover the patch is lacking of a CVE description (actually the patch is
fixing two CVEs, and the
description mentions only one)
(there is also no need to mention me, I'm not the author of th
12 matches
Mail list logo