Re: Wheezy update of icu?

2016-09-19 Thread Roberto C . Sánchez
I've prepared the last two LTS updates for icu, so I went ahead and claimed it dla-needed.txt. Unless there are any objections, I will begin preparing the update by the end of the week. Regards, -Roberto On Mon, Sep 19, 2016 at 09:29:24AM +0100, Chris Lamb wrote: > Hello dear maintainer(s), >

Wheezy update of icu?

2016-09-19 Thread Chris Lamb
Hello dear maintainer(s), the Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of icu: https://security-tracker.debian.org/tracker/source-package/icu Would you like to take care of this yourself? If yes, please follow the workflow we have

Re: Wheezy update of icu?

2016-09-13 Thread Raphael Hertzog
Hi, On Sun, 11 Sep 2016, Brian May wrote: > > I have put myself a note to review the internal documentation to ensure we > > have something about this. It would be good to have something in the wiki > > as well. > > > > Anyone should feel free to do it before I find the time to do it. > > I had

Re: Wheezy update of icu?

2016-09-12 Thread Roberto C . Sánchez
On Sun, Sep 11, 2016 at 10:59:48AM +1000, Brian May wrote: > Raphael Hertzog writes: > > > I have put myself a note to review the internal documentation to ensure we > > have something about this. It would be good to have something in the wiki > > as well. > > > > Anyone

Re: Wheezy update of icu?

2016-09-10 Thread Brian May
Raphael Hertzog writes: > I have put myself a note to review the internal documentation to ensure we > have something about this. It would be good to have something in the wiki > as well. > > Anyone should feel free to do it before I find the time to do it. I had a go at

Re: Wheezy update of icu?

2016-09-08 Thread Raphael Hertzog
On Thu, 08 Sep 2016, Moritz Muehlenhoff wrote: > And please add that to the checklist/onboarding process of new people working > on Freexian/LTS. I have put myself a note to review the internal documentation to ensure we have something about this. It would be good to have something in the wiki

Re: Wheezy update of icu?

2016-09-08 Thread Moritz Muehlenhoff
On Thu, Sep 08, 2016 at 06:45:28AM -0400, Roberto C. Sánchez wrote: > On Thu, Sep 08, 2016 at 07:29:55AM +0200, Guido Günther wrote: > > > > If you find useful information on e.g. howto reproduce the bug or about > > the proper upstream fix use > > > >NOTE: > > > > See e.g. this entry from

Re: Wheezy update of icu?

2016-09-08 Thread Roberto C . Sánchez
On Thu, Sep 08, 2016 at 07:29:55AM +0200, Guido Günther wrote: > > If you find useful information on e.g. howto reproduce the bug or about > the proper upstream fix use > >NOTE: > > See e.g. this entry from the top of the current data/CVE/list: > > > CVE-2016-7155 [scsi: pvscsi: OOB read

Re: Wheezy update of icu?

2016-09-07 Thread Guido Günther
On Wed, Sep 07, 2016 at 07:15:56PM -0400, Roberto C. Sánchez wrote: > On Wed, Sep 07, 2016 at 09:10:16PM +0200, Moritz Muehlenhoff wrote: > > > > So, you've identified the upstream fix for CVE-2016-6293 and why does > > that not get commited to the security tracker? > > > > That really sucks.

Re: Wheezy update of icu?

2016-09-07 Thread Roberto C . Sánchez
On Wed, Sep 07, 2016 at 09:10:16PM +0200, Moritz Muehlenhoff wrote: > > So, you've identified the upstream fix for CVE-2016-6293 and why does > that not get commited to the security tracker? > > That really sucks. LTS development almost fully relies on the > security tracker, so why don't you

Re: Wheezy update of icu?

2016-09-07 Thread Moritz Muehlenhoff
On Wed, Sep 07, 2016 at 08:25:36AM -0400, Roberto C. Sánchez wrote: > On Wed, Sep 07, 2016 at 11:07:16AM +0200, Bálint Réczey wrote: > > > > I have not found however the proposed fix on the list thus I did not > > know if you used the upstream fix. > > > > I think it would be a good idea to send

Re: Wheezy update of icu?

2016-09-07 Thread Bálint Réczey
Hi Roberto, 2016-09-07 4:06 GMT+02:00 Roberto C. Sánchez : > Hi Balint, > > On Wed, Sep 07, 2016 at 03:12:46AM +0200, Bálint Réczey wrote: >> Hi Roberto, >> >> I think there is no need wait more (wearing my frontdesk hat). >> There are fixes in upstream's repository: >>

Re: Wheezy update of icu?

2016-09-06 Thread Roberto C . Sánchez
Hi Balint, On Wed, Sep 07, 2016 at 03:12:46AM +0200, Bálint Réczey wrote: > Hi Roberto, > > I think there is no need wait more (wearing my frontdesk hat). > There are fixes in upstream's repository: > http://bugs.icu-project.org/trac/log/icu/trunk/source/common/uloc.cpp > I actually sent my

Re: Wheezy update of icu?

2016-09-06 Thread Bálint Réczey
Hi Roberto, 2016-08-17 15:29 GMT+02:00 Roberto C. Sánchez : > On Sun, Jul 24, 2016 at 04:26:20PM -0400, Roberto C. Sánchez wrote: >> FYI, I did the last LTS update of ICU earlier this month, so I think I >> will be able to easily prepare another update. I went ahead and

Re: Wheezy update of icu?

2016-08-17 Thread Roberto C . Sánchez
On Sun, Jul 24, 2016 at 04:26:20PM -0400, Roberto C. Sánchez wrote: > FYI, I did the last LTS update of ICU earlier this month, so I think I > will be able to easily prepare another update. I went ahead and claimed > it in dla-needed.txt, but if the maintainer or someone else would like > to

Wheezy update of icu?

2016-07-24 Thread Chris Lamb
Hello dear maintainer(s), the Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of icu: https://security-tracker.debian.org/tracker/CVE-2016-6293 Would you like to take care of this yourself? If yes, please follow the workflow we have defined