[SECURITY] [DLA 1921-1] dnsmasq security update

frequently asked questions can be found at: https://wiki.debian.org/LTS - -- Jonas Meurer -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEELIzSg9Pv30M4kOeDUmLn/0kQSf4FAl17jjMACgkQUmLn/0kQ Sf5ooA//QDSu8a+HNPwkfC6P3oFKJ4g5OG6Ra+oN/gc8Q4VrzXeIQh3Ew2C6G0BQ AmlJqJrAYIKOyn2GX3Ki5CDSQ6xDBSkAGXlb

Accepted dnsmasq 2.72-3+deb8u5 (source amd64 all) into oldoldstable

-By: Jonas Meurer Description: dnsmasq- Small caching DNS proxy and DHCP/TFTP server dnsmasq-base - Small caching DNS proxy and DHCP/TFTP server dnsmasq-utils - Utilities for manipulating DHCP leases Changes: dnsmasq (2.72-3+deb8u5) jessie-security; urgency=high . * Non-maintainer upload

[SECURITY] [DLA 1852-1] python3.4 security update

at: https://security-tracker.debian.org/tracker/python3.4 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -- Jonas Meurer -BEGIN PGP SIGNATURE---

Accepted python3.4 3.4.2-1+deb8u5 (source all amd64) into oldoldstable

idle-python3.4 python3.4-doc python3.4-dbg libpython3.4-dbg Architecture: source all amd64 Version: 3.4.2-1+deb8u5 Distribution: jessie-security Urgency: high Maintainer: Matthias Klose Changed-By: Jonas Meurer Description: idle-python3.4 - IDE for Python (v3.4) using Tkinter libpython3.4

Re: On (semi-)automated testing and improved workflow of LTS uploads

Hello, Mike Gabriel: >> In the internal discussions, the following vision for an improved upload >> workflow arose: >> >> 1. Upload packages targeted at LTS suites to some dedicated place for >>    automated testing > >> 2. Run automatic tests (piuparts, autopkgtests, lintian?, ...) > > Maybe,

On (semi-)automated testing and improved workflow of LTS uploads

Hello, Some LTS members recently started discussing options for better (semi-)automated testing of LTS uploads and an improved upload workflow. I'll try to summarize the discussion in order to bring it to this public mailinglist. [1] The motivation for an improved package upload workflow

[SECURITY] [DLA 1843-1] pdns security update

ntly asked questions can be found at: https://wiki.debian.org/LTS - -- Jonas Meurer -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEELIzSg9Pv30M4kOeDUmLn/0kQSf4FAl0cq0AACgkQUmLn/0kQ Sf6uzRAAn57AZxX15uMo8TazTd4gFkT4MdP8BOdUKx05DPFVNCMcQCNheQsFoW83 Ewcdg9truLiG+NebnBpDnbVgXrkCmNXJbai6zrXuyqq+2m4PqUz/Qk

Accepted pdns 3.4.1-4+deb8u10 (source amd64) into oldstable

pdns-backend-remote pdns-backend-mydns Architecture: source amd64 Version: 3.4.1-4+deb8u10 Distribution: jessie-security Urgency: high Maintainer: Debian PowerDNS Maintainers Changed-By: Jonas Meurer Description: pdns-backend-geo - geo backend for PowerDNS pdns-backend-ldap - LDAP backend

Re: Request for help/comments: sqlite3

Hi Ola, thanks for your response! Ola Lundqvist: > I have now looked into this problem to see if I can out something. > > What I have done is to backtrack whether the code is ever executed by > sqlite and I cannot find that it can be. > > rtreenode function is registered using

Jessie update of pdns to fix CVE-2019-10162 and CVE-2019-10163

much. Jonas Meurer, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https://salsa.debian.org/security-tracker-team/security-tracker/raw/master/data

Accepted rdesktop 1.8.6-0+deb8u1 (source amd64) into oldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 25 Jun 2019 12:22:28 +0200 Source: rdesktop Binary: rdesktop Architecture: source amd64 Version: 1.8.6-0+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Laszlo Boszormenyi (GCS) Changed-By: Jonas Meurer

[SECURITY] [DLA 1837-1] rdesktop security update

out Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -- Jonas Meurer -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEELIzSg9Pv30M4kOeDUmLn/0kQSf4FAl0SBz4ACgkQUmLn/0kQ Sf4zeBAAsURlsypPbtkfDRc+EJY+MRx

Request for help/comments: sqlite3

(Putting Security Team in the loop as they're very likely to run into the same problem.) Hello, I spent quite some hours trying to backport the fix for CVE-2019-8457[1] to sqlite3 in Jessie. That ended in backporting huge amounts of upstream changes and in the end I decided to not further go

[SECURITY] [DLA 1817-1] libgd2 security update

our system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -- Jonas Meurer -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEELIzSg9Pv30M4kOeDUmLn/0kQSf4FAlz/1c0ACgkQUmLn/0kQ Sf7k2A/+P0+QrDVKNwgWGK5W5JZJuium/+4D5vcFmaP8uqrUiZnK4ym6wspxKlXy 8LrXWTe84lZs6QIDoh

Accepted libgd2 2.1.0-5+deb8u13 (source amd64) into oldstable

Maintainer: GD team Changed-By: Jonas Meurer Description: libgd-dbg - Debug symbols for GD Graphics Library libgd-dev - GD Graphics Library (development version) libgd-tools - GD command line tools and example code libgd2-noxpm-dev - GD Graphics Library (transitional package) libgd2-xpm-dev - GD

[SECURITY] [DLA 1797-1] drupal7 security update

advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -- Jonas Meurer -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEELIzSg9Pv30M4kOeDUmLn/0kQSf4FAlzit/4ACgkQUmLn/

Accepted drupal7 7.32-1+deb8u17 (source all) into oldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 20 May 2019 12:05:42 +0200 Source: drupal7 Binary: drupal7 Architecture: source all Version: 7.32-1+deb8u17 Distribution: jessie-security Urgency: medium Maintainer: Luigi Gangitano Changed-By: Jonas Meurer Description

Re: packages from old security releases.

Hey, Abhijith PA: >>From where we can find the security upload of packages in the old > releases? I was searching for this[1] particular package but I couldn't > find in the archive.debian.org[2]. > > [1] - https://lists.debian.org/debian-lts-announce/2018/04/msg1.html > [2] -

[SECURITY] [DLA 1778-1] symfony security update

nformation about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -- Jonas Meurer -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEELIzSg9Pv30M4kOeDUmLn/0kQSf4FAlzQh9UACgkQUmLn/0kQ Sf7pWxAAtYjN2

Accepted symfony 2.3.21+dfsg-4+deb8u5 (source all) into oldstable

: Debian PHP PEAR Maintainers Changed-By: Jonas Meurer Description: php-symfony-browser-kit - simulate the behavior of a web browser php-symfony-class-loader - load PHP classes automatically php-symfony-classloader - transitional dummy package php-symfony-config - load configurations from

Accepted evolution 3.12.9~git20141130.241663-1+deb8u1 (source all amd64) into oldstable

~git20141130.241663-1+deb8u1 Distribution: jessie-security Urgency: medium Maintainer: Debian Evolution Maintainers Changed-By: Jonas Meurer Description: evolution - groupware suite with mail client and organizer evolution-common - architecture independent files for Evolution evolution-dbg - debugging

Re: RFT and RFC: Updates for evolution{,-data-server}

Hi Mike, Mike Gabriel: > On  Mi 24 Apr 2019 12:56:18 CEST, Jonas Meurer wrote: > >> Jonas Meurer: >>> With evolution-data-server, the situation is slightly more complicated. >>> I'm still debugging issues with the patches[5] that are supposed to fix >>>

Re: RFT and RFC: Updates for evolution{,-data-server}

Jonas Meurer: > With evolution-data-server, the situation is slightly more complicated. > I'm still debugging issues with the patches[5] that are supposed to fix > the "[GPG] Mails that are not encrypted look encrypted" issue. > > [5] https://gitlab.gnome.org/GNOME/evo

RFT and RFC: Updates for evolution{,-data-server}

Hello, The last days, I spent quite some hours on backporting and debugging patches for CVE-2018-15587 (Signature Spoofing in PGP encrypted email) to evolution and evolution-data-server packages for Jessie LTS. One problem is that the scope of CVE-2018-15587 is a bit blurry. While the CVE

[SECURITY] [DLA 1748-1] apache2 security update

at: https://wiki.debian.org/LTS - -- Jonas Meurer -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEELIzSg9Pv30M4kOeDUmLn/0kQSf4FAlykw2cACgkQUmLn/0kQ Sf5PSBAAj2xchA8JqXqspzGwyMcNxLqcyy9IwO768Nf+m89Om9Kzk55ZzVNK3GnF Xc7ZFa0oFUoP4vAtlyX4FtIENiphijI8WiiKmWSa4I4Rh/qZFXJ81PABi9webOFC exe

Accepted apache2 2.4.10-10+deb8u14 (source amd64 all) into oldstable

-mod-macro apache2-utils apache2-suexec apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-dbg Architecture: source amd64 all Version: 2.4.10-10+deb8u14 Distribution: jessie-security Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Jonas Meurer

Re: jessie-updates gone

Hey Andy, Andy Smith: > Clearly the LTS team cannot provide the same level of support, so > wouldn't you agree that it is important that users realise when they > go from one state to another? I don't think I follow here. In my eyes, it's perfectly fine if Debian users who don't follow any

Re: Wheezy update of apache2?

Hi there, Am 17.07.2017 um 22:50 schrieb Chris Lamb: > Hi Stefan, > >> Note that a previous DLSA introduced a regression. It would be nice if >> you could take a look at that, too: >> >> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858373 > > Unfortunately I uploaded this morning before I

Re: request for testing: php5 security update

Hi Markus, Am 23.03.2017 um 14:19 schrieb Markus Koschany: > I have prepared a security update for php5 which addresses CVE-2016-7478 > and CVE-2016-7479. Please give it a try and tell me about any issues you > encounter. Prebuilt binary packages for amd64 and the debdiff, if you prefer > to

Re: Wheezy update of texlive-base?

Hi Norbert, Am 07.03.2017 um 03:08 schrieb Norbert Preining: > Hi Markus, > >> Would you like to take care of this yourself? > > I have prepared a new package and tried to build it in my > wheezy chroot/cowbuilder, but that ended in segfaults. > It seems that either my wheezy chroot is broken,

Accepted munin 2.0.6-4+deb7u4 (source all) into oldstable

: wheezy-security Urgency: high Maintainer: Munin Debian Maintainers <packag...@munin-monitoring.org> Changed-By: Jonas Meurer <m...@debian.org> Description: munin - network-wide graphing framework (grapher/gatherer) munin-async - network-wide graphing framework (async master/client)

[SECURITY] [DLA 836-2] munin regression update

stions can be found at: https://wiki.debian.org/LTS - -- Jonas Meurer -BEGIN PGP SIGNATURE- iQJEBAEBCAAuFiEELIzSg9Pv30M4kOeDUmLn/0kQSf4FAli4vrQQHG1lam9AZGVi aWFuLm9yZwAKCRBSYuf/SRBJ/vzED/9e0EaXAO9Xc96w+VRHEukAs6uWuYeCKGtt WmGWoTOGqe1HATwvMxN7gRK/7wAkNeeQbL/2KPl6Vor7r1k6rRM7NPpRxLp

Re: munin regression update possibly needed

Hi Salvatore, Am 02.03.2017 um 08:28 schrieb Salvatore Bonaccorso: > You might want to double check if munin for wheezy needs as well a > regression update for the zooming problem, #856455. > > But please be aware that the DSA-3794-2 update which I issued > introduces another regression, #856536

Accepted munin 2.0.6-4+deb7u3 (source all) into oldstable

: wheezy-security Urgency: high Maintainer: Munin Debian Maintainers <packag...@munin-monitoring.org> Changed-By: Jonas Meurer <m...@debian.org> Description: munin - network-wide graphing framework (grapher/gatherer) munin-async - network-wide graphing framework (async master/client)

Re: testing and review requested for Wheezy update of apache2

Am 22.02.2017 um 18:46 schrieb Guido Günther: > Hi Jonas, > On Wed, Feb 22, 2017 at 05:28:46PM +0100, Jonas Meurer wrote: >> This time with the debdiff between Antoine's version and mine. > Are there packages available for testing? I could give it another whirl. Sorry, yes yo

Re: testing and review requested for Wheezy update of apache2

This time with the debdiff between Antoine's version and mine. Cheers, jonas Am 22.02.2017 um 17:23 schrieb Jonas Meurer: > Hi Antoine, hi LTS list, > > first, thanks to Antoine for doing the backport. After digging into the > details myself I quite understand why he reques

Re: testing and review requested for Wheezy update of apache2

Hi Antoine, hi LTS list, first, thanks to Antoine for doing the backport. After digging into the details myself I quite understand why he requested a second (and ideally a third) opinion! Am 20.02.2017 um 21:27 schrieb Antoine Beaupré: > With a fresh mind (and 30 days delay!) I am looking at

Accepted gtk-vnc 0.5.0-3.1+deb7u1 (source amd64) into oldstable

-vnc-2.0 python-gtk-vnc mozilla-gtk-vnc gvncviewer Architecture: source amd64 Version: 0.5.0-3.1+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Debian Libvirt Maintainers <pkg-libvirt-maintain...@lists.alioth.debian.org> Changed-By: Jonas Meurer <m...@debian.org> Descript

[SECURITY] [DLA 798-1] pdns security update

at: https://wiki.debian.org/LTS - -- Jonas Meurer -BEGIN PGP SIGNATURE- iQJEBAEBCAAuFiEELIzSg9Pv30M4kOeDUmLn/0kQSf4FAliJGdQQHG1lam9AZGVi aWFuLm9yZwAKCRBSYuf/SRBJ/jXzEACHn3yGYHAWg+QS83siQs2YwpadJC5+svUV IFbHTiRTKjFql6DwVw+rGFvtvwXqOcA5oBzyDfA/I/XwDElR1yQuYtX9KW

Accepted pdns 3.1-4.1+deb7u3 (source amd64) into oldstable

Architecture: source amd64 Version: 3.1-4.1+deb7u3 Distribution: wheezy-security Urgency: high Maintainer: Debian PowerDNS Maintainers <pkg-pdns-maintain...@lists.alioth.debian.org> Changed-By: Jonas Meurer <m...@debian.org> Description: pdns-backend-geo - geo backend for PowerDNS

Re: pdns-recursor DLA 788-1 CVE-2016-7068

Am 22.01.2017 um 18:03 schrieb Markus Koschany: > Hi, > > DLA 788-1 claims that CVE-2016-9139 was fixed which looks like an > mistake to me. Is it correct that this should be changed to > CVE-2016-7086 instead in data/CVE/list ? Hi Markus, indeed, you're right. Except that the CVE that got

Call for testing: pdns 3.1-4.1+deb7u3

Hi Debian LTS users, I prepared pdns 3.1-4.1+deb7u3 to be uploaded to wheezy-security soon. Due to the intrusive patch, some testing by users who actually use pdns in a production environment would be much appreciated. You can find the packages at https://people.debian.org/~mejo/wheezy-lts/

Accepted pdns-recursor 3.3-3+deb7u2 (source amd64) into oldstable

<pkg-pdns-maintain...@lists.alioth.debian.org> Changed-By: Jonas Meurer <m...@debian.org> Description: pdns-recursor - PowerDNS recursor pdns-recursor-dbg - debugging symbols for PowerDNS recursor Changes: pdns-recursor (3.3-3+deb7u2) wheezy-security; urgency=high . * Non-maint

Accepted otrs2 3.1.7+dfsg1-8+deb7u6 (source all) into oldstable

hanged-By: Jonas Meurer <m...@debian.org> Description: otrs - Open Ticket Request System (OTRS 3) otrs2 - Open Ticket Request System Closes: 843091 Changes: otrs2 (3.1.7+dfsg1-8+deb7u6) wheezy-security; urgency=high . * Non-maintainer upload by the LTS Team. * Add patch 38-CVE-201

[SECURITY] [DLA 787-1] otrs2 security update

e problems have been fixed in version 3.1.7+dfsg1-8+deb7u6. We recommend that you upgrade your otrs2 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -- Jo

[SECURITY] [DLA 760-1] spip security update

recommend that you upgrade your spip packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -- Jonas Meurer -BEGIN PGP

Accepted spip 2.1.17-1+deb7u8 (source all) into oldstable

org> Changed-By: Jonas Meurer <m...@debian.org> Description: spip - website engine for publishing Changes: spip (2.1.17-1+deb7u8) wheezy-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2016-9998: fix reflected cross-site scripting (XSS) vulnerability in

Re: nagios3 spurious backport?

Hi Antoine, Am 18.12.2016 um 16:25 schrieb Antoine Beaupré: > On 2016-12-18 10:05:48, Jonas Meurer wrote: >> I see that the current situation with a higher nagios3 version in >> backports than in wheezy-security is not very nice. I'll ping the >> backports ftpmaster

Re: nagios3 spurious backport?

Hi Antoine, Am 16.12.2016 um 15:15 schrieb Antoine Beaupré: > I am looking at recent nagios3 vulnerabilities and I can't make sense of > this: > > nagios3 (3.4.1-3+deb7u1) wheezy; urgency=low > > [...] > > -- Jonas Meurer <m...@debian.org> Fri, 01 Nov

[SECURITY] [DLA 732-3] monit regression update

nformation about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -- Jonas Meurer -BEGIN PGP SIGNATURE- iQJEBAEBCAAuFiEELIzSg9Pv30M4kOeDUmLn/0kQSf4FAlhPAzoQHG1lam9AZGVi aWFuLm9yZwAKCR

Accepted monit 1:5.4-2+deb7u3 (source amd64) into oldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 12 Dec 2016 20:29:00 +0100 Source: monit Binary: monit Architecture: source amd64 Version: 1:5.4-2+deb7u3 Distribution: wheezy-security Urgency: high Maintainer: Sergey B Kirpichev <skirpic...@gmail.com> Changed-By:

[SECURITY] [DLA 732-2] monit regression update

nformation about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -- Jonas Meurer -BEGIN PGP SIGNATURE- iQJEBAEBCAAuFiEELIzSg9Pv30M4kOeDUmLn/0kQSf4FAlhGyocQHG1lam9AZGVi aWFuLm9yZwAKCR

Re: monit segfault on stop and start

Hi Marco, Victor, Chris, Am 06.12.2016 um 14:04 schrieb Chris Lamb: > [Adding Jonas as they made the relevant upload] > > Hey, > >> monit segfault on stop and start > > This appears to be a regression in the latest LTS upload so pinging > the relevant people. thanks to bugreport, patch and

Versioning of new releases in (old)stable (Was: nss security update package ready for review)

Hi Security and LTS folks, Am 01.12.2016 um 15:54 schrieb Salvatore Bonaccorso: > On Wed, Nov 30, 2016 at 04:05:20PM -0500, Antoine Beaupré wrote: >> +nss (2:3.26.2-1+debu7u1) UNRELEASED; urgency=high >> + >> + * Non-maintainer upload by the LTS Security Team. >> + * New upstream release to fix

Accepted memcached 1.4.13-0.2+deb7u2 (source amd64) into oldstable

hanged-By: Jonas Meurer <m...@debian.org> Description: memcached - A high-performance memory object caching system Closes: 735314 842811 842812 842814 Changes: memcached (1.4.13-0.2+deb7u2) wheezy-security; urgency=high . * Non-maintainer upload by the LTS Team. * Add 08_CVE-2013-7291.p

[SECURITY] [DLA 695-1] spip security update

our system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -- Jonas Meurer -BEGIN PGP SIGNATURE- iQItBAEBCAAXBQJYGmHXEBxtZWpvQGRlYmlhbi5vcmcACgkQUmLn/0kQSf7ijw// QnOplqpjFiV8t7kSRRaAylrNOPOScodU/P/YwuFdRhIlqMK68m4M8N

Re: xen packages available for testint

Hello, Am 31.10.2016 um 10:33 schrieb Guido Günther: > It would be great if somebody running Xen on wheezy could test the > packages at: > > https://korte.credativ.com/~fge/xen/ > > including a fix for XSA-190: > > >

[SECURITY] [DLA 661-1] libarchive security update

nformation about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -- Jonas Meurer -BEGIN PGP SIGNATURE- iQItBAEBCAAXBQJYBToPEBxtZWpvQGRlYmlhbi5vcmcACgkQUmLn/0kQSf5+9Q/+

Accepted libarchive 3.0.4-3+wheezy5 (source amd64) into oldstable

Maintainers <ah-libarch...@debian.org> Changed-By: Jonas Meurer <m...@debian.org> Description: bsdcpio- Implementation of the 'cpio' program from FreeBSD bsdtar - Implementation of the 'tar' program from FreeBSD libarchive-dev - Multi-format archive and compression library

[SECURITY] [DLA 655-1] mpg123 security update

our mpg123 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -- Jonas Meurer -BEGIN PGP SIGNATURE- iQItBAEBCAAXBQJYAg5ZEBxtZWpvQGRlYmlhbi5vcmcACgkQUmLn

Accepted mpg123 1.14.4-1+deb7u1 (source amd64) into oldstable

pkg-multimedia-maintain...@lists.alioth.debian.org> Changed-By: Jonas Meurer <m...@debian.org> Description: libmpg123-0 - MPEG layer 1/2/3 audio decoder (shared library) libmpg123-dev - MPEG layer 1/2/3 audio decoder (development files) mpg123 - MPEG layer 1/2/3 audio player Cl

Re: [Pkg-privacy-maintainers] mat bug #826101 in Wheezy (embeded images in PDFs)

Hi intrigeri, Am 22.09.2016 um 09:48 schrieb intrigeri: > Jonas Meurer: >> I contact you as member of the Debian LTS team regarding bug #826101 in >> Wheezy. The problem with metadata of embedded images in PDFs is known >> for several months now and despite an upstrea

[SECURITY] [DLA 650-1] mat security update

out Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -- Jonas Meurer -BEGIN PGP SIGNATURE- iQItBAEBCAAXBQJX+nsbEBxtZWpvQGRlYmlhbi5vcmcACgkQUmLn/0kQSf5pfQ/+ Pxzl3EE5DA170FQv4pm2GlLSEKsw

Accepted mat 0.3.2-1+deb7u1 (source all) into oldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 09 Oct 2016 17:00:57 +0200 Source: mat Binary: mat Architecture: source all Version: 0.3.2-1+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Debian MAT maintainers <pkg-...@lists.riseup.net> Changed-By:

Re: libarchive12: ldconfig warns that libarchive.so.12 is not a symbolic link

Hello Bruce, Am 19.09.2016 um 14:47 schrieb Bruce Toll: > I reported a bug with the recent (Sept. 10) libarchive12 security update > (Debian BTS 838243) and heard back from Andreas Henriksson that I should > reach out to the package uploader and Debian LTS team directly. > > I appreciate the

Accepted libarchive 3.0.4-3+wheezy3 (source amd64) into oldstable

Maintainers <ah-libarch...@debian.org> Changed-By: Jonas Meurer <m...@debian.org> Description: bsdcpio- Implementation of the 'cpio' program from FreeBSD bsdtar - Implementation of the 'tar' program from FreeBSD libarchive-dev - Multi-format archive and compression library

Re: Wheezy update of libtomcrypt?

Am 07.09.2016 um 13:23 schrieb Bálint Réczey: >>> I (on behalf of the LTS Team since I'm responsible for frontdesk now) take >>> your >>> answer as covering all future security updates for releases in LTS period >>> thus we won't contact you for each CVE. >> >> It's great idea to have maintainers

Re: Wheezy update of libtomcrypt?

Hi Bálint, Am 07.09.2016 um 00:21 schrieb Bálint Réczey: > 2016-09-04 17:51 GMT+02:00 Michael Stapelberg : >> Thanks for your work on LTS. >> >> Time does not permit me to do any of this work myself. >> >> Please go ahead and make any changes as you see fit, there’s no need

[SECURITY] [DLA 589-1] mupdf security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: mupdf Version: 0.9-2+deb7u3 CVE ID : CVE-2016-6525 Debian Bug : 833417 A flaw was discovered in the pdf_load_mesh_params() function allowing out-of-bounds write access to memory locations. With carefully crafted

Accepted mupdf 0.9-2+deb7u3 (source amd64) into oldstable

hanged-By: Jonas Meurer <m...@debian.org> Description: libmupdf-dev - development files for the MuPDF viewer mupdf - lightweight PDF viewer mupdf-tools - commmand line tools for the MuPDF viewer Changes: mupdf (0.9-2+deb7u3) wheezy-security; urgency=high . * Non-maintainer upload by

Re: Wheezy update of mupdf?

Dear maintainer, dear LTS team, Am 06.08.2016 um 15:59 schrieb Jonas Meurer: > the Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of mupdf: > https://security-tracker.debian.org/tracker/CVE-2016-6525 > [...] > > PS:

Wheezy update of mupdf?

the updated package before it gets released. Thank you very much. Jonas Meurer, on behalf of the Debian LTS team. PS: I already started working on backporting the fix for CVE-2016-6525 to the mupdf version in wheezy. Now I realized, that in an earlier conversation you expressed interest to prepare

Accepted libsys-syslog-perl 0.29-1+deb7u1 (source amd64) into oldstable

ain...@lists.alioth.debian.org> Changed-By: Jonas Meurer <m...@debian.org> Description: libsys-syslog-perl - Perl interface to the UNIX syslog(3) calls Changes: libsys-syslog-perl (0.29-1+deb7u1) wheezy-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2016-

Re: Wheezy update of libsys-syslog-perl?

Am 03.08.2016 um 18:47 schrieb Markus Koschany: > On 03.08.2016 18:18, Jonas Meurer wrote: > [...] >> Please find changes file and debdiff for libsys-syslog-perl >> 0.29-1+deb7u1 attached to this mail. This is going to be my first upload >> on behalf of the LTS team, s

Re: Wheezy update of libsys-syslog-perl?

Dear LTS team, Am 03.08.2016 um 01:15 schrieb Jonas Meurer: > the Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of libsys-syslog-perl: > https://security-tracker.debian.org/tracker/CVE-2016-1238 > [...] > > PPS:

Wheezy update of libsys-syslog-perl?

and/or test the updated package before it gets released. Thank you very much. Jonas Meurer, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https