On 2019-08-31 19:39, Rainer Dorsch wrote:
I then stopped dovecot.socket first and dovecot.service second:
root@netcup:~# systemctl stop dovecot.socket
root@netcup:~# systemctl stop dovecot.service
This really stops dovecot
Yes, that's it. The same issue is present in Stretch, and crops up v
On 2019-04-03 02:02, Andy Smith wrote:
c) if getting warnings from "apt update" does seem to be an
effective final way to reach such users, would it be a good idea
to find a way to have apt tell them about their transition into
LTS?
So, sort of a variant on Pierre Fourès's suggesti
On 2019-04-01 20:14, Andy Smith wrote:
I don't know what the answer is other than having apt itself show a
warning about the levels of support changing, but until we work out
a better solution, isn't having the -updates suite go away at
least a final chance to get the user's attention?
I don't
On 2019-01-03 10:40, Otto Kekäläinen wrote:
You can always cross-migrate via logical database dumps as .sql files
instead of in-place binary files.
This is not guaranteed to work, and you need to take special care with
mysqldump and mysql options for such migration dumps.
For instance, if a
On 2018-12-27 18:51, Lars Tangvald wrote:
Upgrading to 5.6 would be less risky than MariaDB 10.1, but it's a
similar sort of risk.
I don't know what the risk with switching to MariaDB 10.1 would be, but
as a general principle, MariaDB lags behind (the already annoyingly
delayed) Oracle secur
On 2018-12-11 22:15, Moritz Mühlenhoff wrote:
On Tue, Dec 11, 2018 at 04:42:17PM +, Mike Gabriel wrote:
From my understanding the potential remote code executions that are
mentioned in the CVE descriptions are triggered by a malign server and the
code executions then happen on the client si
On 2018-10-26 21:25, Ben Hutchings wrote:
I don't think we would need to rename everything, at least not at once.
The critical thing to change is that we should change the way we refer
to jessie's status (and future releases when regular security support
for them ends).
Yup.
But also: startin
On 2018-08-16 10:12, Moritz Muehlenhoff wrote:
On Thu, Aug 16, 2018 at 05:12:11PM +1000, Brian May wrote:
Note: This is only being sent to debian-LTS.
I am currently investigating CVE-2016-4975 for Apache2. The issue is
already two years old but was only made public yesterday. [1] I skimmed
th
On 2018-06-01 15:14, ghe wrote:
On 06/01/2018 03:52 AM, Miroslav Skoric wrote:
On 05/31/2018 10:44 PM, Adrian Zaugg wrote:
Dear LTS Team
Your work is greatly appreciated! I would like to thank you all for your
effort. Without the LTS of wheezy it would have been a big pain for me.
Thanks a lo
On 2018-01-24 08:02, Moritz Mühlenhoff wrote:
That sounds far too disruptive for an LTS; better declare announce the server
part of mysql (where all the vulnerabilities apply) as unsupported in advance
and in December change the package to only build the libmysqlclient parts.
The client library p
On 2017-07-31 05:23, Michael Gilbert wrote:
Hi all,
Hi!
I do not have enough free time to be able to keep up with security
updates to chromium in jessie (oldstable) any more. It is technically
feasible to keep it working in a jessie environment, but each update
has been more and more work.
On 2016-10-05 09:04, Brian May wrote:
Hello All,
Just looking at this issue in Wheezy. Looks like it should be easy to
patch, assuming we consider this deserving a security update - it
requires local access.
If "local access" means having a process with any user/privilege on the
same computer
On 09/18/2016 05:12 PM, Thorsten Alteholz wrote:
Package: php5
Version: 5.4.45-0+deb7u5
Thanks!
* BUG-70436.patch
Use After Free Vulnerability in unserialize()
This one still has no CVE ID.
* BUG-72681.patch
PHP Session Data Injection Vulnerability, consume
On 08/31/2016 08:37 PM, Thorsten Alteholz wrote:
Hi everybody,
I uploaded version 5.4.45-0+deb7u4 of php5 to:
https://people.debian.org/~alteholz/packages/wheezy-lts/php5/amd64/
Please give it a try and tell me about any problems you met. As
requested by Jan, besides the CVEs I also added patc
On 2016-08-23 19:56, Thorsten Alteholz wrote:
Hi Jan,
Hi Thorsten,
do you know whether there has been a CVE assigned for these bugs
already? As far as I can see there is none yet.
Nope, not a clue. All I have to go by is PHP's security announcement
(http://php.net/releases/5_6_25.php) and
Hi,
PHP 5.6.25 was released a few days ago, and it seems as if some of the
issues are relevant to PHP 5.4 as well.
It looks as if the patches for unserializing and session handling are
relevant, possibly others:
https://bugs.php.net/bug.php?id=70436
https://bugs.php.net/bug.php?id=72681
H
On 2016-07-22 10:57, Alastair Sherringham wrote:
I can look at editing the various scripts etc. and seeing if I can fix
them up better. I don't want things to be fragile and cause updates to
fail. Maybe I'll look to upgrade the server to stable.
The error message states that the problem is due
On 2016-07-21 21:13, Alastair Sherringham wrote:
Hello,
Hi!
I saw that Apache2 had a Wheezy LTS update today and did the usual :
apt-get update && apt-get dist-upgrade
However, this gave me an error, and it seems to be "monit" :
Processing triggers for man-db ...
Setting up apache2.2-bin (
Hi,
Considering that security support for PHP 5.4 has been terminated for a
while, and that security support for PHP 5.5 (which is not in neither
Wheezy nor Jessie, but is almost identical to PHP 5.4 in other regards)
will be terminated in July, how will support for PHP be handled in
wheezy-l
On 2016-02-29 20:27, Paul Gevers wrote:
I know, but that is not what I meant. I meant (and wrote), upgrade via
wheezy.
I think that (what you wrote ealier) would be a sensible recommendation
to make.
We're only keeping Wheezy around for system setups that were established
while Wheezy was s
On 2016-02-20 20:46, Miroslav Skoric wrote:
Probably it would be enough to do the following: at first to update as
much as possible with the actual "squeeze-lts" entry, following by
changing all "squeeze-lts" and "squeeze" entries to "wheezy" and
update/upgrade it again in some way of a 'safe up
On 02/09/2016 02:51 PM, Holger Levsen wrote:
There's one irritation though, which I could not fix yet: if support for
Squeeze LTS ends now or on the last day of February, and support for Wheezy
will be taken over from the security team on April 26th, what will the LTS
team do in the maintime? It
On 02/09/2016 12:20 PM, Johnathon Tinsley wrote:
I'd definitely agree with this. I, as a user, expected a formal notice
of end of support, rather than a quiet whimper into support end. Finding
out LTS ended officially 3 days ago after-the-fact is.. unpleasant.
The wiki still states "Debian 6 “S
On 02/09/2016 08:51 AM, Guido Günther wrote:
Regarding the date do you propose we end support on the 14th sharp or on
2015-02-29? I'd vote for the later to give people some more time to
upgrade and us to prepare at least the answers for the missing bits of
[1] (so we can have an updated debian-s
On 01/25/2016 01:25 PM, Jan Ingvoldstad wrote:
It's possible that we can phase out openjdk-*-jre and openjdk-*-jdk, and
require that our customers do their development elsewhere, I'll check
into that. If so, it should be easy to skip openjdk-6 entirely.
Okay, the impact was less sev
On 01/25/2016 12:23 PM, Raphael Hertzog wrote:
Hello,
Hi!
- what to do with openjdk-6?
This one's a bit tricky for us, as openjdk-7-jdk and openjdk-7-jre pull
in 73 additional packages, compared to openjdk-6-jdk and openjdk-6-jre.
There are a bunch of GNOME and MESA packages, as well as
On 01/05/2016 12:05 PM, Raphael Hertzog wrote:
Hi,
On Tue, 05 Jan 2016, Jan Ingvoldstad wrote:
W: GPG error: http://http.debian.net squeeze-lts Release: The following
signatures were invalid: BADSIG 8B48AD6246925553 Debian Archive Automatic
Signing Key (7.0/wheezy)
So that message is not
On 01/04/2016 05:48 PM, Ben Hutchings wrote:
What tool is showing that error,
apt-get upgrade
> and which file is it validating -
Release.gpg or the .dsc file?
The full error message is:
W: GPG error: http://http.debian.net squeeze-lts Release: The following
signatures were invalid: BADS
On 01/02/2016 06:06 PM, Ben Hutchings wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sat, 02 Jan 2016 03:31:10 +
Source: linux-2.6
We're getting a warning about invalid signature for this update:
BADSIG 8B48AD6246925553
This occasionally seems to happen shortly
On 08/12/2015 03:00 PM, Guido Günther wrote:
Hello dear maintainers,
the Debian LTS team would like to fix the security issues which are
currently open in the Squeeze version of wordpress:
https://security-tracker.debian.org/tracker/CVE-2015-5622
Just as a bit of information regarding this pac
On 2015-08-07 18:32, Adam D. Barratt wrote:
On 2015-08-07 16:56, golinux wrote:
Unbelievable. You deleted - IOW censored - my comments and others in
this "kernel failure" question to this list.
https://lists.debian.org/debian-lts/2014/12/msg00035.html
I'm confused. That link shows two posts
On 06/17/2015 09:23 AM, Patrick Matthäi wrote:
Hello,
[please CC me, I am not subscribed to this list]
We have got problems with the new version on all of our vSphere 5.1/5.5
VMs and dedicated hosts.
It looks like our xen VMs are not affected. Here some snips of dmesg:
This is the same problem
Hi.
That kernel upgrade was not very successful for us.
Several times per second, we get a bunch of kernel oops messages like these.
We've downgraded to the previous kernel build now.
Message from syslogd@HOST at Jun 17 07:45:40 ...
kernel:[ 108.138466] CR2: 005c
Message f
On 04/29/2015 08:17 PM, Thorsten Alteholz wrote:
Hi Jan,
On Wed, 29 Apr 2015, Jan Ingvoldstad wrote:
On 04/29/2015 01:32 PM, Thorsten Alteholz wrote:
They seem to work, at least for my testsite.
great, so I uploaded the package now. Thanks again for doing all the tests.
No problem, it&#
On 04/29/2015 01:32 PM, Thorsten Alteholz wrote:
> Hi Jan,
Hi again, Thorsten!
> hmm, seems to be that I only updated the i386 packages. Now the amd64
ones
> should be new as well..
Ah, d'oh, I forgot to mention that I used amd64, haha. :)
They seem to work, at least for my testsite.
--
Chee
On 04/29/2015 08:58 AM, Jan Ingvoldstad wrote:
On 04/28/2015 10:40 PM, Thorsten Alteholz wrote:
Hi Jan,
Hello again, Thorsten, and thanks for your patience!
but the problems didn't show up after the new version of libgd2 earlier
this month, did they?
As far as I can tell, these pro
On 04/28/2015 10:40 PM, Thorsten Alteholz wrote:
Hi Jan,
Hello again, Thorsten, and thanks for your patience!
but the problems didn't show up after the new version of libgd2 earlier
this month, did they?
As far as I can tell, these problems are perfectly timed with upgrading
the PHP packag
On 04/28/2015 11:54 AM, Jan Ingvoldstad wrote:
We've received some vague reports that code handling image uploads no
longer works, with messages reporting something about server file size
being greater than local file size.
I'll see if I can find some specific error messages.
Th
On 04/27/2015 07:15 PM, Thorsten Alteholz wrote:
Hi Jan,
Hi Thorsten,
thanks for testing.
No problem at all.
On Mon, 27 Apr 2015, Jan Ingvoldstad wrote:
So far, there are few indications of any problems, but I'll monitor
for a while.
This sounds promising.
We've received
On 04/26/2015 03:41 PM, Thorsten Alteholz wrote:
Hi,
Hello!
I prepared a new php5 package for Squeeze LTS and would like to ask for
tests. The packages for amd64 and i386 are available at:
https://people.debian.org/~alteholz/packages/squeeze-lts/php5/
Please give it a try and tell me abo
Raphael Hertzog wrote, on 18.02.15 10.54:
Hello dear maintainer(s),
…
I'd just like to say that I very much like this way of contacting the
Debian package maintainer(s) in question.
--
Cheers,
Jan
--
To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org
with a subject of "unsubscrib
Den 02.02.15 15.54, skrev Disch Services GmbH:
Dear List,
Hi there!
Please note that what I write are my impressions and opinions, and not
any official statement regarding what LTS can or should support. I'm not
in a position to make such statements, either.
right now I struggle with some i
Den 28.12.14 20.05, skrev Thorsten Alteholz:
On Sun, 28 Dec 2014, Jan Ingvoldstad wrote:
hope you've all had a pleasant winter solstice celebration so far!
Yes, thanks alot, but it is not over yet :-).
Is there a chance that the unzip security update for wheezy etc. will
be appli
Hi there, hope you've all had a pleasant winter solstice celebration so far!
Is there a chance that the unzip security update for wheezy etc. will be
applied to squeeze as well?
--
Cheers,
Jan
--
To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org
with a subject of "unsubscribe". Tro
On 2014-09-03 23:27, Thijs Kinkhorst wrote:
With "is good", you mean that you're actually using it or have an interest
in it being kept up to date? Because I've gotten no other responses, so am
uncertain whether there's actually interest to keep this package alive for
squeeze-lts.
We're using i
On 2. sep. 2014, at 10:15, Jan Ingvoldstad wrote:
>
> I've just installed them to a fairly busy webserver, and I see no telltale
> error entries in the relevant logs yet.
>
> I'll keep an eye on it for half an hour or so, and if there's noone
> complaining
On 1. sep. 2014, at 20:14, Thijs Kinkhorst wrote:
> Op maandag 1 september 2014 19:19:26 schreef Thorsten Alteholz:
>> On Thu, 28 Aug 2014, Jan Ingvoldstad wrote:
>>> Is an eglibc update for the privilege escalation attack forthcoming?
>>
>> I uploaded packages
Hi,
(https://security-tracker.debian.org/tracker/CVE-2014-5119)
Is an eglibc update for the privilege escalation attack forthcoming?
As exploits are already in the wild, this is causing some amount of nervousness
around here. :)
--
Cheers,
Jan
--
To UNSUBSCRIBE, email to debian-lts-requ...@l
On 18. juli 2014, at 16:28, Marko Randjelovic wrote:
> Hi,
Hi!
>
> Some patches from 5.4.4-14+deb7u12 could be unmodified or with
> modifications applied to 5.3.3-7+squeeze20. Some of them may be
> relevant for security. Since I am not a DD, patches I found could be
> useful are attached with
On 22. juli 2014, at 13:45, Jan Ingvoldstad wrote:
> It's a bit hard for me to read this, but I assume you're referring to DSA
> 2974-1.
Astute observation, Watson, you perceive that Marko mentioned this in the
subject.
D'oh. :)
--
Cheers,
Jan
--
To UNSUBSCRIBE, ema
Hiho :)
This belongs in a separate discussion thread, IMHO: there are several of
us who have mentioned that we'd like to contribute as volunteers, and
perhaps presenting what we can and want to do, how we can do it and how
much we can do it, would be helpful to others.
So here I go:
I wil
On 6. juni 2014, at 13:31, Evgeni Golov wrote:
>
> Could you document this in the wiki? Didn't think about
> "default-release" interfering here.
Sure, I've created an account and added it as a third point here:
https://wiki.debian.org/LTS/Using
--
Cheers,
Jan
--
To UNSUBSCRIBE, email to d
On 6. juni 2014, at 07:05, Jan Ingvoldstad wrote:
>
> The package doesn't appear to be updated yet for amd64 at
> http://http.debian.net/ either.
>
> I've checked intermittently since the announcement.
I've identified the issue, and it was a configuration issue,
On 2014-06-06 02:46, Carlos Alberto Lopez Perez wrote:
For the future... is there any site where one can manually download the
packages waiting on the queue? I know about incoming.debian.org, but
this openssl:i386=0.9.8o-4squeeze15 don't seems to be there
The package doesn't appear to be upda
On 19. mai 2014, at 15:27, Moritz Muehlenhoff wrote:
> On Mon, May 19, 2014 at 08:52:04AM +0200, Jan Ingvoldstad wrote:
>> On 16. mai 2014, at 22:07, Matt Palmer wrote:
>>>
>>> On the other hand, I do like the idea of providing alternate kernels,
>>&
On 16. mai 2014, at 22:07, Matt Palmer wrote:
>
> On the other hand, I do like the idea of providing alternate kernels,
> although I wonder if the regular backported kernel isn't enough for people?
No, they're not, because there isn't security support as we understand it in
the stable branch.
56 matches
Mail list logo
