tter
>> than not to.
>>
>> Github is up now but essentially the patch do what the description of
>> the vulnerability tells. It only allow integers.
>>
>> Best regards
>>
>> // Ola
>>
>> On Mon, 13 Jul 2020 at 09:55, Sylvain Beucler wrote:
>&
Hi Antonio,
On 08/07/2020 18:32, terce...@debian.org wrote:
> On Wed, Jul 08, 2020 at 12:45:08PM +0200, Sylvain Beucler wrote:
>> Back to the initial topic, the current tasks underway are:
>>
>>
>> - stretch update review
>>
>> The update is ready:
>&
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2280-1debian-...@lists.debian.org
https://www.debian.org/lts/security/
July 15, 2020
Hi,
On 06/07/2020 09:55, Pirate Praveen wrote:
> On 2020, ജൂലൈ 6 1:09:09 PM IST, Sylvain Beucler wrote:
>> On 06/07/2020 09:01, Pirate Praveen wrote:
>>> My main motivation for maintaining rails is for gitlab. Since gitlab is
>>> not in stable, I don't usually do stabl
Hi Chris,
Wrt. 29979a390f7915a46b9c7f18b6ff7576f3828039
you reference end-of-life of jruby/jessie, but triage jruby/stretch.
jruby was in dsa-needed.txt before the LTS switch (and I had moved it to
dla-needed.txt).
It's not present in security-support-ended.deb9.
I let you revert if you agree
Hi Security Team,
I see that 'rails' is present in dsa-needed.txt.
I'm currently testing an update for jessie and I can prepare an update
for stretch (which appears to be similar).
(not sure what's the plan for buster)
Would you be interested?
Note: since there's 2:4.2.7.1-1+deb9u2 in
Hi,
On 25/06/2020 18:20, Sylvain Beucler wrote:
> On 22/06/2020 13:23, Sylvain Beucler wrote:
>> On 22/06/2020 11:56, Utkarsh Gupta wrote:
>>> On Mon, Jun 22, 2020 at 3:11 PM Sylvain Beucler wrote:
>>>> Hmm, are you the only active maintainer for rails?
>>
Hi Security Team, Utkarsh,
On 19/06/2020 11:40, Salvatore Bonaccorso wrote:
> On Wed, Jun 17, 2020 at 11:09:41PM +0200, Sylvain Beucler wrote:
>> I'm currently testing an update for jessie and I can prepare an update
>> for stretch (which appears to be similar).
>> (not
Hi,
On 19/06/2020 23:29, Ola Lundqvist wrote:
> In the DLA needed entry for libdatetime-timezone-perl you have
> mentioned that we need to wait for oldstable update via point release
> before the LTS update is made. When looking at the version numbers for
> the different releases I fail to see
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: rails
Version: 2:4.1.8-1+deb8u7
CVE ID : CVE-2020-8164 CVE-2020-8165
Two vulnerabilities were found in Ruby on Rails, a MVC ruby-based
framework geared for web application development, which could lead to
remote
Hi,
On 19/06/2020 20:18, Utkarsh Gupta wrote:
> On Fri, Jun 19, 2020 at 11:28 PM Sylvain Beucler wrote:
>> Here's the prepared stretch update:
>> https://www.beuc.net/tmp/debian-lts/rails/
>> https://www.beuc.net/tmp/debian-lts/rails/debdiff.txt
>>
>> Te
Hi Salvatore,
On 04/06/2020 20:41, Salvatore Bonaccorso wrote:
> On Mon, May 25, 2020 at 07:47:56PM +0200, Moritz Mühlenhoff wrote:
>> On Mon, May 25, 2020 at 10:22:50AM +0200, Sylvain Beucler wrote:
>>> Hi Security Team,
>>>
>>> What is your view on updating
Hi Security Team,
On 05/06/2020 09:23, Sylvain Beucler wrote:
> On 04/06/2020 20:41, Salvatore Bonaccorso wrote:
>> On Mon, May 25, 2020 at 07:47:56PM +0200, Moritz Mühlenhoff wrote:
>>> On Mon, May 25, 2020 at 10:22:50AM +0200, Sylvain Beucler wrote:
>>>> Hi Securit
Hi,
On 05/06/2020 15:03, Abhijith PA wrote:
> On 20/02/20 11:14 pm, Holger Levsen wrote:
>> On Thu, Feb 20, 2020 at 06:08:52PM +0100, Emilio Pozuelo Monfort wrote:
>>> So we should add it to security-support-ended for those releases, and
>>> let it be supported in buster.
>>
>> done in
>>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: mysql-connector-java
Version: 5.1.49-0+deb8u1
CVE ID : CVE-2020-2875 CVE-2020-2933 CVE-2020-2934
Several issues were discovered in mysql-connector-java, a Java database
(JDBC) driver for MySQL, that allow attackers
Hi,
On 08/06/2020 23:13, Brian May wrote:
> I notice that according to DSA-4694, unbound is not supported anymore in
> Stretch.
>
> https://www.debian.org/security/2020/dsa-4694
>
> Does this mean we should also mark it as unsupported in Jessie?
I would say yes (we recently did the same with
Hi,
On 07/06/2020 10:48, Salvatore Bonaccorso wrote:
> On Fri, Jun 05, 2020 at 09:23:12AM +0200, Sylvain Beucler wrote:
> [...]
>> Hi Salvatore,
>>
>> On 04/06/2020 20:41, Salvatore Bonaccorso wrote:
>>> On Mon, May 25, 2020 at 07:47:56PM +0200, Moritz Mühlenhoff
Hi Security Team,
On 07/06/2020 09:44, Moritz Mühlenhoff wrote:
> On Fri, Jun 05, 2020 at 02:27:50PM +0200, Sylvain Beucler wrote:
>> On 05/06/2020 09:23, Sylvain Beucler wrote:
>> I finished testing and I prepared the upload accordingly:
>>
>> https://www.beuc.net/tmp
Hi,
On 23/07/2020 10:18, Emilio Pozuelo Monfort wrote:
> On 20/07/2020 12:04, Holger Levsen wrote:
>> today there were two packages unclaimed for LTS:
>> and four for ELTS:
> I often notice that after each round of these unclaims, people tend to reclaim
> their packages without adding a note on
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2283-1debian-...@lists.debian.org
https://www.debian.org/lts/security/
July 20, 2020
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2282-1debian-...@lists.debian.org
https://www.debian.org/lts/security/
July 20, 2020
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2461-1debian-...@lists.debian.org
https://www.debian.org/lts/security/
November 21, 2020
Hi,
On 2018-10 MongoDB changed its license from AGPL to SSPL.
https://jira.mongodb.org/browse/SERVER-37651
In broad terms, the main change is requiring service providers to make
available the source of not only MongoDB (like AGPL) but also of other
parts of their service.
The SSPL was
sing study
- Propose EOL and mitigation (internal list)
https://lists.debian.org/debian-lts/2020/11/msg00058.html
- ImageMagick
- Global CVE flood triage
- Misc triage (qemu, tmux...)
- IRC Meeting
http://meetbot.debian.net/debian-lts/2020/debian-lts.2020-11-26-14.59.html
--
Sylvain Beuc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2498-1debian-...@lists.debian.org
https://www.debian.org/lts/security/
December 17, 2020
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2499-1debian-...@lists.debian.org
https://www.debian.org/lts/security/
December 17, 2020
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2506-1debian-...@lists.debian.org
https://www.debian.org/lts/security/
December 23, 2020
Hi Antoine,
On 09/11/2020 16:48, Antoine Beaupré wrote:
On 2020-11-09 14:04:02, Sylvain Beucler wrote:
- -
Debian LTS Advisory DLA-2441-1debian-lts@lists.debian.org
https://www.debian.org/lts/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2441-1debian-...@lists.debian.org
https://www.debian.org/lts/security/
November 09, 2020
-team/sympa/-/merge_requests/1
aka CVE-2020-26932
- Prepare next minor update
https://www.beuc.net/tmp/debian-lts/sympa/
ELTS
No work done (hours were given back).
--
Sylvain Beucler
Debian LTS Team
Hi Laura,
Here's a pull request for your consideration:
https://salsa.debian.org/webmaster-team/webwml/-/merge_requests/566
I didn't switch to get_recent_security_list_rdf() because 'dsa.rdf.in'
(non-LTS/DSA) doesn't use it either. Instead I handled the LTS case in
this in the Debian
documentation, so I plan to add a note in README.Debian or NEWS.Debian.
https://github.com/sympa-community/sympa/issues/1020#issuecomment-710763168
Given there were no other reports I believe this addresses the issue.
Cheers!
Sylvain Beucler
Debian LTS Team
missed a
blocking issue.)
Cheers!
Sylvain Beucler
Debian LTS Team
(in addition to the Debian Security Team)?
Cheers!
Sylvain Beucler
Debian LTS Team
Hi,
> * reel
> NOTE: 20200909: it is now unmaintained. last commit was in Aug
2018. (utkarsh)
> NOTE: 20201226: Should be declared unsupported since we just have 5
users in total according to popcon (ola)
I concur we can drop this package:
- unmaintained (github project archived, last
Hi,
On 21/01/2021 17:17, Sylvain Beucler wrote:
On 20/01/2021 10:32, Robert Edmonds wrote:
Raphael Hertzog wrote:
On Tue, 19 Jan 2021, Robert Edmonds wrote:
There is an unfixed issue in Unbound 1.9.0 (#962459 / #973052) that
affects some users (I have not been able to reproduce it). Upstream
no open medium/critical vulnerability affects jessie
- xerces-c: ELA-330-1
https://deb.freexian.com/extended-lts/updates/ela-330-1-xerces-c/
- imagemagick: common work with LTS, determine jessie-specific vector
- lxml: tidy triage
- p11-kit: finish triage, not vulnerable
--
Sylvain Beucler
://deb.freexian.com/extended-lts/updates/ela-345-1-imagemagick/
- triage:
- common work with LTS
- golang/golang-1.7, cacti, pillow
--
Sylvain Beucler
Debian LTS Team
Hi,
On 25/01/2021 10:23, Sylvain Beucler wrote:
Reading the exchanges, a few quick questions:
- unbound does not seem to maintain any stable/parallel branches.
Before we start, does it make sense to bump to 1.9.6/1.10.1, or will
we get the same supportability issue (stability+security) right
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2688-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Sylvain Beucler
June 17, 2021
Hi Chris,
The script checks:
https://salsa.debian.org/webmaster-team/webwml/-/tree/master/english/lts/security/2021
Maybe you forgot to git-push there?
- Sylvain
On 14/06/2021 09:08, Chris Lamb wrote:
Hi Holger,
Just three DLAs have been reserved and haven't been published yet:
Thanks
Hi,
On 07/06/2021 09:40, Emilio Pozuelo Monfort wrote:
On 02/06/2021 14:24, Markus Koschany wrote:
Am Mittwoch, den 02.06.2021, 12:26 +0200 schrieb Emilio Pozuelo Monfort:
I think it is time
we declare the block list unsupported, asking users to switch to the
allow
list.
Thoughts?
I
?
// Ola
On Sun, 16 May 2021 at 09:08, Ola Lundqvist <mailto:o...@inguza.com>> wrote:
Hi
I have reviewed the changes and it looks good.
I'll see if I can get some time to perform any relevant tests too.
// Ola
On Sat, 15 May 2021 at 23:34, Sylvain Beucler
t; wrote:
Hi Sylvain
I have done some regression testing and it looks fine.
I'll try to reproduce the actual issue too.
// Ola
On Mon, 17 May 2021 at 11:09, Sylvain Beucler mailto:b...@beuc.net>> wrote:
Hi,
I thought you'd rebuild but here you go.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2664-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Sylvain Beucler
May 17, 2021
Hi,
According to debian-security-support, golang packages are not
"unsupported" but with "limited support".
Currently some packages are updated in stable and rdeps are manually
bin-num'd (e.g. #946467), see also
https://www.debian.org/News/2020/20200718 for stretch-before-LTS.
It looks like
Hi,
I claimed it yesterday and my work is mostly done.
Cheers!
Sylvain
On 15/05/2021 23:11, Ola Lundqvist wrote:
Hi Utkarsh
I have looked into your patch and I think it looks good. I do not fully
understand why all the changes in url.c were done but I think it looks
fine anyway.
The risk
://wiki.debian.org/LTS/TestSuites/curl
Cheers!
Sylvain
On 15/05/2021 23:22, Ola Lundqvist wrote:
Hi Sylvain
Great! Let me know if you want help with review, testing or something else.
// Ola
On Sat, 15 May 2021 at 23:18, Sylvain Beucler <mailto:b...@beuc.net>> wrote:
Hi,
I claimed it
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2661-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Sylvain Beucler
May 14, 2021
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2667-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Sylvain Beucler
May 26, 2021
Cheers!
Sylvain Beucler
Debian LTS Team
On 25/05/2021 15:52, Ola Lundqvist wrote:
Hi
I do not know the details of i2pd package.
For stretch we generally update only due to security reasons. There are
exceptions, but it needs to be a really good one. Like "if we do not
update the package is us
an-lts/2021/05/msg00081.html
– samba: dialogue with upstream on handling and testing security
issues in Debian
https://lists.debian.org/debian-security/2021/05/msg00010.html
https://lists.debian.org/debian-security/2021/05/msg00013.html
--
Sylvain Beucler
Debian LTS Team
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2701-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Sylvain Beucler
July 03, 2021
s-extra-tasks/-/issues/9
– Clarify progression status for squid3/lts, xmlbeans/lts,
firmware-nonfree/elts based on mailing list exchanges
– Video meeting
--
Sylvain Beucler
Debian LTS Team
Hi,
On Fri, Jun 18, 2021 at 06:35:11PM +0200, Sylvain Beucler wrote:
> On 07/06/2021 09:40, Emilio Pozuelo Monfort wrote:
> > On 02/06/2021 14:24, Markus Koschany wrote:
> > > Am Mittwoch, den 02.06.2021, 12:26 +0200 schrieb Emilio Pozuelo Monfort:
> > > > I think
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2704-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Sylvain Beucler
July 05, 2021
Hi,
I saw a batch of new CVEs were tracked for 'unbound', but not for the
stretch-specific 'unbound1.9' package[1].
I can go ahead and add '- unbound1.9' entries in data/CVE/list but I'm
not sure whether that's what we want. Should I?
[1]
anyway.
Fine by me.
- Sylvain
On 29/04/2021 22:16, Markus Koschany wrote:
Am Donnerstag, den 29.04.2021, 20:59 +0200 schrieb Salvatore Bonaccorso:
On Thu, Apr 29, 2021 at 06:29:33PM +0200, Sylvain Beucler wrote:
Hi,
I saw a batch of new CVEs were tracked for 'unbound', but not for the
stretch-sp
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2635-1debian-...@lists.debian.org
https://www.debian.org/lts/security/
April 23, 2021
/debian-lts/2021/debian-lts.2021-03-25-14.58.html
--
Sylvain Beucler
Debian LTS Team
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2604-1debian-...@lists.debian.org
https://www.debian.org/lts/security/
March 22, 2021
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2596-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Sylvain Beucler
March 17, 2021
Hi,
I'll let the Go packagers answer authoritatively but as I'm currently
working on golang fixes I'd like to share a few points:
On 08/03/2021 22:48, Ola Lundqvist wrote:
I have prepared a patch for CVE-2021-3121 described in:
https://security-tracker.debian.org/tracker/CVE-2021-3121
You
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2591-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Sylvain Beucler
March 13, 2021
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2592-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Sylvain Beucler
March 13, 2021
Hi,
During today's meeting we discussed how to track CVEs in related
source packages. For instance unbound vs. unbound-1.9, or golang
(ELTS) vs. golang-1.7/golang-1.8 (LTS) vs. golang-1.11.
We may miss/delay affected packages due to this, unless the front-desk
is already aware of all related
Hi,
Are CVE-2021-20225 and CVE-2021-20233 specific to SecureBoot?
- Sylvain
commit 77849e46951112dd87797b84485b40303e3c1239
Author: Utkarsh Gupta
Date: Thu Mar 4 14:11:27 2021 +0530
Drop grub2 from dla-needed; ignored
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index
Hi!
Thanks for preparing a LTS fix for privoxy.
For reference, our full procedure is documented at:
https://wiki.debian.org/LTS/Development
To answer your points:
- The debdiff looks good to me
- Salvatore updated the CVE-2021-20274 status accordingly
- 'minor issue' means there is not
Hi,
On 18/02/2021 12:04, Holger Levsen wrote:
On Thu, Feb 18, 2021 at 10:34:57AM +0100, Sylvain Beucler wrote:
Let's wait a bit more to understand what exactly is blocking.
I've went ahead and uploaded your upload (after confirming sigs and debdiff..)
because researching the past
://deb.freexian.com/extended-lts/updates/ela-365-1-php-horde-text-filter/
- imagemagick
- explain past triage in the context of an upcoming ELA
- golang
- common work with LTS, to be continued next month
- fix test suite
--
Sylvain Beucler
Debian LTS Team
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2621-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Sylvain Beucler
April 08, 2021
Hi,
On 17/04/2021 21:29, Holger Levsen wrote:
On Sat, Apr 17, 2021 at 05:42:11PM +0200, Sylvain Beucler wrote:
stretch however doesn't report the 3 packages I mentioned in my initial
mail. Should we fix it now?
because the packages are not listed in sec-support.ended9? if so, sure,
please
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
From: Sylvain Beucler
To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2631-1] zabbix security update
- -
Debian LTS Advisory DLA-2631-1debian
Hi Security Team,
I'm proposing a couple changes in debian-security-support and I'd
welcome your review :)
1) Match ecosystems
https://bugs.debian.org/986333
https://salsa.debian.org/debian/debian-security-support/-/merge_requests/10
Sometimes, entire ecosystems are affected by Debian
Hi Anton,
On 17/04/2021 14:58, Anton Gladky wrote:
Dear LTS team,
I prepared and uploaded python2.7_2.7.13-2+deb9u5, fixing
two CVEs.
Unfortunately it fails on i386 due to timeout during the network
test. I believe that one more try should fix the problem, because
most of the other archs are
Hi,
On 17/04/2021 14:44, Holger Levsen wrote:
On Fri, Apr 16, 2021 at 03:47:49PM +0200, Moritz Mühlenhoff wrote:
These source package sets comes to mind:
- node-*
That would be super-noisy and will potentially clash with a lot of local
package state. I won't hurt to patch
Hi,
On 12/02/2021 01:17, Carles Pina i Estany wrote:
When I was discussing this with a friend I had thought if Debian could
make available and visible for the users some metrics, contextualised in
similar (per functionality) packages:
-popularity
-number of recent updates in upstream
-number
Hi,
When packages reach LTS, users have been using them for years, and it
makes sense we try our best to fix vulnerabilities, and when that proves
near-impossible, we mark them unsupported on a case-by-case basis. This
accounts for poorly written software, but more often orphaned projects,
Hi Utkarsh,
On 18/02/2021 16:44, Utkarsh Gupta wrote:
On Thu, Feb 18, 2021 at 8:27 PM Sylvain Beucler wrote:
Can somebody sponsor:
https://people.debian.org/~beuc/lts/php-horde-text-filter/
https://people.debian.org/~beuc/lts/php-horde-text-filter/php-horde-text-filter_2.3.5-1
Hi,
Yesterday (2021-02-16 16:57Z) I uploaded qemu_2.8+dfsg-6+deb9u13 to
security-master.
I received neither acceptance nor rejection mail, which surprises me.
I recently got my GPG key changed (on 01-24), and I had to push a
missing renewal the next day, so maybe the key isn't sync'd, but
Hi Thorsten,
On 17/02/2021 21:50, Thorsten Alteholz wrote:
20210216171008|qemu_2.8+dfsg-6+deb9u13_source.changes|Error while
loading changes file qemu_2.8+dfsg-6+deb9u13_source.changes: No valid
signature found.
Anyway, all files are still available and a changes file with a valid
signature
Hi Holger,
On 18/02/2021 10:06, Holger Levsen wrote:
if your new key isn't in the keyring yet, but has a trust path I can confirm,
I'd be glad to "sponsor" your upload. You'd just need to point me to the
.dsc files and (due to keyserver network unreliability) mail me your gpg
pub keys.
Thanks
--
Debian LTS Advisory DLA-2560-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Sylvain Beucler
February 18, 2021 https://wiki.debian.org/LTS
Hi,
Due to AFAIU an incomplete import of my new GPG key EE887356CD2F16A0
last month, I currently cannot upload to the archive.
Can somebody sponsor:
https://people.debian.org/~beuc/lts/php-horde-text-filter/
Hi,
I wrote an analysis in June
https://lists.debian.org/debian-lts/2021/06/msg00024.html
https://lists.debian.org/debian-lts/2021/06/msg00040.html
I believe we should postpone these CVEs with the goal of tracking how
/upstream/ reverse dependencies are adapting to the removal of the
-microcode
As a result the update is currently not installable and stretch systems
remain affected by CVE-2017-5715.
Do you plan to fix this?
(added to dla-needed.txt so we keep track)
Cheers!
Sylvain Beucler
Debian LTS Team
On 31/08/2021 13:13, Philipp Hahn wrote:
Hello Philipp Kern,
Am 30.08.21
ort release (default: 0)
What do you think?
Cheers!
Sylvain
On Fri, Feb 26, 2021 at 06:32:00AM +0100, Salvatore Bonaccorso wrote:
> Hi Moritz,
>
> Thanks for CC'ing.
>
> On Thu, Feb 25, 2021 at 08:01:42PM +0100, Moritz Mühlenhoff wrote:
> > Am Thu, Feb
I submitted a MR for the tool at:
https://salsa.debian.org/security-tracker-team/security-tracker/-/merge_requests/88
Follow/comment there if you're interested.
Cheers!
Sylvain Beucler
Debian LTS Team
056.html
– Team meeting (Jitsi)
--
Sylvain Beucler
Debian LTS Team
Hi Roberto,
Thanks for your thorough review :)
I answer a couple comments below:
On 29/08/2021 05:08, Roberto C. Sánchez wrote:
On Sat, Aug 28, 2021 at 08:30:56PM +0200, Sylvain Beucler wrote:
Here are a few use cases:
...
# Also report CVE entries that may have been missed for newly
Hello Stefan,
Thanks for bringing this up, indeed it's worth fixing.
I can reproduce the issue on jessie and stretch (starting 2021-10-01),
but not on buster/oldstable.
I'll further look into this issue.
Cheers!
Sylvain Beucler
Debian LTS Team
On 09/09/2021 17:31, Stefan Huehner wrote
y patched to keep using 1.0 are affected.
Thanks.
This notably includes curl :/ So this needs fixing as well.
An openssl[1.0] update is underway, I'll coordinate with Thorsten.
Also, a work-around is to drop the expiring CA:
$ rm /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
$ update-ca-certifica
/1928989
Cheers!
Sylvain Beucler
Debian LTS Team
On 11/09/2021 23:21, Sylvain Beucler wrote:
Hello,
I have a stretch gnutls28 update ready for testing:
https://people.debian.org/~beuc/lts/gnutls28/
AFAICT this fixes wget and apt-transport-https.
On jessie the new testsuite unit is failing, I'm
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2761-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Sylvain Beucler
September 18, 2021
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2759-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Sylvain Beucler
September 17, 2021
was
introduced.
No news wrt the openssl update yet.
Cheers!
Sylvain Beucler
Debian LTS Team
On 10/09/2021 20:47, Sylvain Beucler wrote:
Hello,
On 09/09/2021 19:11, Stefan Huehner wrote:
looking a tiny bit at changelog for gnutls buster it looks like the backport
was already done :)
3.6.7-4+deb10u5
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2708-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Sylvain Beucler
July 15, 2021
https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/13
- bin/lts-needs-forward-port.py: fix, answer contributor query
https://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/2021-July/092987.html
--
Sylvain Beucler
Debian LTS Team
Hi,
On 02/08/2021 19:23, Utkarsh Gupta wrote:
On Mon, Aug 2, 2021 at 10:51 PM Chris Lamb wrote:
libpam-tacplus https://bugs.debian.org/962830
pyxdg https://bugs.debian.org/930099
Will resolve these two.
Um, I just uploaded libpam-tacplus. Maybe take care of pyxdg, please? Thank you!
How
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2732-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Sylvain Beucler
August 04, 2021
201 - 300 of 483 matches
Mail list logo