-0.14.2/debian/changelog 2022-12-06
15:39:13.0 +
@@ -1,3 +1,10 @@
+libapache2-mod-auth-mellon (0.14.2-1+deb10u1) buster; urgency=high
+
+ * Upload to fix security issues:
+- Open redirect in logout endpoint (CVE-2019-13038 CVE-2021-3639)
+
+ -- Thijs Kinkhorst Tue, 06 Dec 2022 15:39
20:12:37.0 +0100
@@ -1,3 +1,10 @@
+libapache2-mod-auth-mellon (0.17.0-1+deb11u1) bullseye; urgency=medium
+
+ * Upload to fix security issue:
+- Open redirect in logout endpoint (CVE-2021-3639)
+
+ -- Thijs Kinkhorst Tue, 06 Dec 2022 20:12:37 +0100
+
libapache2-mod-auth-mellon
=medium
+
+ * Fix incompatibility with PHP 7.3 (closes: #944820).
+
+ -- Thijs Kinkhorst Mon, 16 Dec 2019 14:15:00 +0100
+
simplesamlphp (1.16.3-1+deb10u1) buster-security; urgency=high
* Fix security issue CVE-2019-3465.
diff -Nru simplesamlphp-1.16.3/debian/patches/fix-xmlseclibs-php73
to prevent
+breaking systemd services that have PrivateTmp=true (closes: #881725).
+
+ -- Thijs Kinkhorst Mon, 16 Sep 2019 09:39:51 +0200
+
tmpreaper (1.6.13+nmu1+deb9u1) stretch-security; urgency=high
* Non-maintainer upload by the Security Team.
diff -Nru tmpreaper-1.6.13+nmu1+deb9u1/debian
with maintainer approval.
+ * Add `--protect '/tmp/systemd-private*/*'` to cron job to prevent
+breaking systemd services that have PrivateTmp=true (closes: #881725).
+
+ -- Thijs Kinkhorst Mon, 16 Sep 2019 07:15:24 +
+
tmpreaper (1.6.14) unstable; urgency=medium
* Upload to unstable
On Sat, March 23, 2019 16:56, Jonathan Wiltshire wrote:
> On Sat, Mar 23, 2019 at 03:00:06PM +0100, Thijs Kinkhorst wrote:
>> Please unblock package libapache2-mod-auth-mellon
>>
>> The upload contains fixes for two security issues, it is a new
>> upstream tha
y release. (closes: #925197)
+- Auth bypass when used with reverse proxy [CVE-2019-3878]
+- Open redirect vulnerability in logout [CVE-2019-3877]
+
+ -- Thijs Kinkhorst Fri, 22 Mar 2019 12:10:11 +
+
libapache2-mod-auth-mellon (0.14.1-1) unstable; urgency=medium
[ Thijs Kinkhorst ]
On Fri, January 12, 2018 10:24, Raphael Hertzog wrote:
> Hi,
>
> On Tue, 09 Jan 2018, Brian May wrote:
>> Raphael Hertzog writes:
>>
>> > I think this mail went through the cracks as we haven't received a
>> reply
>> > from you so far. Can you let us know the status and
dependencies in SpamAssassin.py (Closes: #838288).
+Thanks Stephen Rothwell for the patch.
+
+ -- Thijs Kinkhorst <th...@debian.org> Thu, 14 Sep 2017 12:23:04 +0200
+
mailman (1:2.1.23-1) unstable; urgency=medium
* New upstream release.
diff -Nru mailman-2.1.23/debian/contrib/SpamAssas
session transfer vulnerability [CVE-2017-6807].
+
+ -- Thijs Kinkhorst <th...@debian.org> Mon, 13 Mar 2017 13:06:19 +
+
libapache2-mod-auth-mellon (0.12.0-1) unstable; urgency=high
* New upstream release.
diff -Nru
libapache2-mod-auth-mellon-0.12.0/debian/patches/01_logout_segfault
On Fri, December 23, 2016 18:53, Moritz Mühlenhoff wrote:
> Sebastian Andrzej Siewior schrieb:
>
> Please use t...@security.debian.org if you want to reach the security
> team, not debian-security@ldo.
>
>> tl;dr: Has anyone a problem if sslscan embeds openssl 1.0.2 in
/changelog 2015-05-07 16:30:55.0 +
@@ -1,3 +1,11 @@
+pound (2.6-6+deb8u1) jessie; urgency=medium
+
+ * Non-maintainer upload by the security team with maintainer approval.
+ * Add missing part of anti_beast patch to fix disabling of client
+renegotiation. (Closes: #765649)
+
+ -- Thijs
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package commons-httpclient.
It fixes security issue CVE-2014-3577.
unblock commons-httpclient/3.1-11
Cheers,
Thijs
diff -Nru commons-httpclient-3.1/debian/ant.properties
filtering to prevent XSS and protect viewer's
+ privacy.
+
+ -- Thijs Kinkhorst th...@debian.org Mon, 06 Apr 2015 16:53:54 +
+
mediawiki (1:1.19.20+dfsg-2.2) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru mediawiki-1.19.20+dfsg/debian/patches/security_1.19.24.patch
installations which use an Exim or Postfix transport
+instead of fixed aliases; attacker needs to be able to place
+files on the local filesystem.
+(CVE-2015-2775, Closes: 781626)
+
+ -- Thijs Kinkhorst th...@debian.org Mon, 06 Apr 2015 15:36:15 +
+
mailman (1:2.1.18-1) unstable; urgency
Hi Antonio,
On Mon, February 2, 2015 15:34, Antonio Terceiro wrote:
ping :)
As a heads up, we're currently preparing a upload for stable-security
where this patch will most likely be included.
Thijs
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package python-django.
It fixes several security issues.
The NMU seems to add a stray .orig in the source package; but I reckon
that is harmless and should not block fixing
arbitrary
+file access (CVE-2013-6892, Closes: #775682).
+
+ -- Thijs Kinkhorst th...@debian.org Sat, 24 Jan 2015 12:31:44 +
+
websvn (2.3.3-1.1) unstable; urgency=low
* Non-maintainer upload.
diff -Nru websvn-2.3.3/debian/patches/13_security_CVE-2013-6892.patch websvn-2.3.3/debian/patches
Hi ftpmaster,
Op maandag 12 januari 2015 19:18:28 schreef Adam D. Barratt:
On Mon, 2015-01-12 at 19:15 +0100, Thijs Kinkhorst wrote:
This is not something we do very routinely, so I'd like to confirm: if
these binNMU's are triggered for stable-security, do they still end up
On Mon, January 12, 2015 20:18, Ansgar Burchardt wrote:
Hi,
Thijs Kinkhorst th...@debian.org writes:
Op maandag 12 januari 2015 19:18:28 schreef Adam D. Barratt:
On Mon, 2015-01-12 at 19:15 +0100, Thijs Kinkhorst wrote:
This is not something we do very routinely, so I'd like to confirm
Op maandag 12 januari 2015 08:15:39 schreef Adam D. Barratt:
On Mon, 2015-01-12 at 06:47 +0100, Stephen Kitt wrote:
binutils was recently updated in wheezy-security and wheezy-p-u to fix
a number of security issues identified in DSA-3123-1; of these, a
number concern binutils-mingw-w64 as
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package znc.
The upload adds an upstream patch that allows to disable SSL
protocols, and disables SSLv2 and SSLv3.
unblock znc/1.4-2
Thanks,
Thijs
--
To UNSUBSCRIBE,
+
@@ -1,3 +1,11 @@
+simplesamlphp (1.13.1-2) unstable; urgency=medium
+
+ * Add xmlc14n.patch fixing extreme resource consumption when processing
+large metadata files (closes: #772121).
+See: https://simplesamlphp.org/metaprocessing
+
+ -- Thijs Kinkhorst th...@debian.org Fri, 05
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
Hi,
Please remove cyassl from jessie. The library has a number of open security
issues affecting the version in jessie, but has no packages actually depending
on it.
While security team
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package gnutls28. The only change is a patch from upstream
to disable the obsolete protocol SSLv3. OpenSSL in jessie also has SSLv3
disabled.
unblock gnutls28/3.3.8-5
Hi Roland,
On Mon, November 17, 2014 10:02, Roland Stigge wrote:
On 11/16/2014 01:17 PM, Thijs Kinkhorst wrote:
Sorry, I have to change my request because I've now seen that the new
upstream release of polarssl also fixes some other security issues.
Will you be contacting the release team
On Sun, November 16, 2014 17:01, Daniel Pocock wrote:
On 16 November 2014 16:58:47 CET, Jonathan Wiltshire j...@debian.org
Did you get any responses from elsewhere to this?
Not yet, I'll follow up after the weekend. If no response, I'm happy to
NMU the one line fix to copy the missing header
On Wed, November 12, 2014 12:55, Marco d'Itri wrote:
Can I merge this for jessie?
I'd strongly prefer if we could indeed merge this for jessie.
INN, at the moment, supports TLS connections to nnrpd, but does not
allow any configuration besides the certificate and key.
+=item Itlsprotocols
On Wed, November 12, 2014 14:29, Marco d'Itri wrote:
On Nov 12, Thijs Kinkhorst th...@debian.org wrote:
Can you remove SSLv3 from the default list?
I do not know the implications wrt clients support.
Christian, did you do any tests?
+=item Itlscompression
+Whether to enable or disable
Package: release.debian.org
Severity: important
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package file.
* Fixes a security issue, urgency set to high
* Cherry-pick upstream commit FILE5_20-5-g39c7ac1:
Fix note bounds reading, Francisco Alonso / Red Hat
On Sat, November 8, 2014 22:25, intrigeri wrote:
I doubt it would add much value, but Jonathan's point was about
getting enough information to assess severity, so perhaps you could
tell the release team what severity you _would_ set for each of these
bugs in the Debian BTS, if they were
On Fri, November 7, 2014 12:52, Jonathan Wiltshire wrote:
On 2014-11-07 07:30, Thijs Kinkhorst wrote:
This is an upstream release limited to strictly bugfixes.
Are there corresponding Debian bugs so we can assess severity please?
These are the issues fixed in this release.
https://github.com
; urgency=medium
+
+ * New upstream pseudorelease.
+- Accesses OAuth API over SSL by default (Closes: #736446, #760815).
+- Addresses rate limit warning (Closes: #756960).
+
+ -- Thijs Kinkhorst th...@debian.org Thu, 30 Oct 2014 22:36:58 +0100
+
ttytter (2.1.0-1) unstable; urgency=low
.
+
+ -- Thijs Kinkhorst th...@debian.org Mon, 27 Oct 2014 19:23:35 +
+
simplesamlphp (1.13.0-1) unstable; urgency=medium
* New upstream release.
diff -Nru simplesamlphp-1.13.0/debian/control simplesamlphp-1.13.1/debian/control
--- simplesamlphp-1.13.0/debian/control 2014-08-18 11:11:23.0
On Tue, September 23, 2014 22:36, Moritz Mühlenhoff wrote:
On Sat, Sep 20, 2014 at 02:18:34PM +0200, Julien Cristau wrote:
On Sat, Sep 20, 2014 at 12:53:54 +0200, Moritz Muehlenhoff wrote:
On Sat, Sep 20, 2014 at 10:45:00AM +0200, Julien Cristau wrote:
On Wed, Sep 17, 2014 at 22:29:10
Op dinsdag 8 juli 2014 20:52:08 schreef Adam D. Barratt:
Unfortunately, something appears to have gone wrong with the
ia32-libs-gtk upload and I've flagged that one for rejection.
Specifically, the entire debdiff is:
Right, what went wrong is that there are 0 updates for ia32-libs-gtk since
urgency=high accordingly
[ gnutls26 (2.8.6-1+squeeze3) oldstable-security; urgency=high ]
* 22_gnutls-2.8.5-cve-2014-0092.patch by Nikos Mavrogiannopoulos: Fix
certificate validation issue. CVE-2014-0092
-- Thijs Kinkhorst th...@debian.org Mon, 30 Jun 2014 13:45:39 +0200
ia32-libs-gtk
On Mon, June 16, 2014 00:06, Adam D. Barratt wrote:
Control: tags -1 + pending
On Sun, 2014-05-25 at 17:55 +0200, Stefan Fritsch wrote:
I have just uploaded apache2_2.2.22-13+deb7u2:
Flagged for acceptance; sorry for the delay.
apache2 (2.2.22-13+deb7u2) wheezy; urgency=medium
*
On Fri, April 18, 2014 17:46, Adam D. Barratt wrote:
On 2014-04-16 16:18, William Dauchy wrote:
On Apr16 11:06, Adam D. Barratt wrote:
On a related note, it would be appreciated if comments such as
cleanup
series were more verbose in future, as it appears to have involved
removing
enabled
Hi Adam,
On Sun, April 13, 2014 14:39, Adam D. Barratt wrote:
On Sun, 2014-04-13 at 13:58 +0200, William Dauchy wrote:
Is there someone available to validate this package? Lots of present
fixes are more than needed to have an usable version of php in
production.
Such comments really aren't
Package: release.debian.org
Severity: minor
Tags: patch
Attached patch uses softer colours which are easier on the eye for
the architecture qualification page.
From 3932bb06d69557a5d05efbf50459d9b7b9b5cccf Mon Sep 17 00:00:00 2001
From: Thijs Kinkhorst th...@debian.org
Date: Sat, 22 Mar 2014 14
On Sat, March 22, 2014 16:28, Julien Cristau wrote:
looks like that if col==red is now broken?
Indeed, see fixed patch attached.
Thijs
From 8f84a1be4a9c49782ea8f736ef315508591e1608 Mon Sep 17 00:00:00 2001
From: Thijs Kinkhorst th...@debian.org
Date: Sat, 22 Mar 2014 16:47:16 +0100
Subject
Hi Clement,
On Tue, February 25, 2014 07:32, Clement Wong wrote:
Our web servers has been using a self patched version for a long time
because of the sybase regression from deb7u3, and this is a big problem
for us in terms of security, we dont have the manpower to keep our php up
to date.
Hi Lior,
On Mon, February 17, 2014 09:45, Lior Kaplan wrote:
1. First time I encounter this problem, any idea where can I see the
buildd
logs for these security uploads to see
why haven't they built fine.
The security team receives those. I'll forward them to you for this case.
2. I see
.patch.
+CVE-2013-5605: Null_Cipher() does not respect maxOutputLen; allowing
+remote attackers to cause a denial of service or possibly have
+unspecified other impact via invalid handshake packets.
+
+ -- Thijs Kinkhorst th...@debian.org Fri, 31 Jan 2014 09:19:46 +0100
+
ia32-libs
On Thu, January 30, 2014 00:03, Niels Thykier wrote:
On 2014-01-29 23:24, Steven Chamberlain wrote:
What exactly does the 'scope of the port' mean? Suites of packages,
tasksel tasks, desktop environments? Particular use cases (server,
laptop, desktop)? Or something else?
So, at this point,
to syslog() (CVE-2013-4258).
+
+ -- Thijs Kinkhorst th...@debian.org Fri, 11 Oct 2013 09:40:55 +0200
+
ia32-libs (20130924) squeeze-proposed-updates; urgency=low
* Packages updated
diff -Nru ia32-libs-20130924/debian/copyright ia32-libs-20131011/debian/copyright
--- ia32-libs-20130924/debian
On Wed, October 2, 2013 19:21, Bastian Blank wrote:
On Tue, Oct 01, 2013 at 04:58:43PM +0200, Thijs Kinkhorst wrote:
On Mon, September 30, 2013 18:52, Bastian Blank wrote:
I don't think this will work. The current security process ignores
any communitation that is otherwise part of the NMU
On Mon, September 30, 2013 18:52, Bastian Blank wrote:
On Mon, Sep 30, 2013 at 04:38:24PM +0200, Thijs Kinkhorst wrote:
Thanks. I've read them. My conclusion is that there are two problems:
1/ On a previous upload, someone from the security team added extra
changes without coordination
On Mon, September 23, 2013 10:47, Bastian Blank wrote:
On Mon, Sep 23, 2013 at 09:47:32AM +0200, Thijs Kinkhorst wrote:
Do you have a message ID for me? I'd rather try to see what the problems
with the wheezy-security route are and how we can resolve them, rather
than try to work around them
On Sun, September 22, 2013 23:34, Bastian Blank wrote:
On Sun, Sep 22, 2013 at 09:58:54PM +0100, Adam D. Barratt wrote:
On Wed, 2013-09-18 at 14:06 +0200, Bastian Blank wrote:
There are several CVE pending for Xen, plus some embargoed ones. This
fixes all publicly ones that have fixes.
Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian@packages.debian.org
Usertags: rm
Hi,
Please remove jcliclmoodle from wheezy.
It's only useful with Moodle, which isn't in wheezy. The package missed a
dependency on moodle so wasn't removed together with moodle;
-upgrades to wheezy (Closes: #585448).
+
+ -- Thijs Kinkhorst th...@debian.org Wed, 05 Jun 2013 18:11:23 +0200
+
dpkg-ruby (0.3.6+nmu1) unstable; urgency=high
* Non-maintainer upload.
diff -Nru dpkg-ruby-0.3.6+nmu1/lib/debian.rb dpkg-ruby-0.3.6+nmu2/lib/debian.rb
--- dpkg-ruby-0.3.6+nmu1/lib
On Thu, May 2, 2013 09:25, Steffen Möller wrote:
I have talked back to my pkg-boinc mates and, well, feelings are mixed.
The remaining source to this TV report and some prominent discussions
about it I found at
http://www.rechenkraft.net/phpBB/viewtopic.php?f=12amp;t=12717amp;start=12
Hi Steffen,
On Tue, April 30, 2013 22:07, Steffen Moeller wrote:
The PHP code shipping with the BOINC Server Maker package was not updated
for a long time because of the freeze coinciding with the general overhaul
the BOINC package structure. An important security update was missed.
The
On Wed, May 1, 2013 12:17, Alyssa Milburn wrote:
These missed server issues were presumably what's now CVE-2013-2018:
http://article.gmane.org/gmane.comp.security.oss.general/10083
Thanks, noted.
Thijs
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of
Hi Pau,
On Sat, April 27, 2013 01:31, Pau Garcia i Quiles wrote:
Wheezy contains my package jquery-jplayer 2.1.0-1, which is affected by a
few security issues which have been recently fixed upstream. One of the
issues is CVE-2013-1942. Two other issues, although important, did not get
a CVE
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi,
Please unblock package phpmyadmin.
This is a security update. The issues fixed are not present in squeeze.
unblock phpmyadmin/4:3.4.11.1-2
Thanks,
Thijs
--
To UNSUBSCRIBE, email
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
Hi,
Please remove semanticscuttle from wheezy.
The problems are detailed in RC bug #659390. My last message details that
I had to conquer three different problems to get to an error-free home
: #704228).
+
+ -- Thijs Kinkhorst th...@debian.org Sun, 31 Mar 2013 13:09:54 +0200
+
dput (0.9.6.3+nmu1) unstable; urgency=low
* Non-maintainer upload.
diff -Nru dput-0.9.6.3+nmu1/dput.cf dput-0.9.6.3+nmu2/dput.cf
--- dput-0.9.6.3+nmu1/dput.cf 2012-10-14 14:54:17.0 +0200
+++ dput
On Tue, March 19, 2013 01:37, Christoph Anton Mitterer wrote:
severity 703290 important
stop
On Tue, 2013-03-19 at 10:20 +1300, Andrew McMillan wrote:
Is there any way to do an XSS exploit in 12 characters? If not, then I
don't think this is 'grave'.
Unless someone from the security or
severity 703294 important
thanks
On Tue, March 19, 2013 11:20, Jonathan Wiltshire wrote:
Agreed that it's not grave until we have a concrete vulnerability at
hand.
The code could/should definitely be more robust, but there's not yet
an acute issue.
Is it fair to apply this line of reasoning
On Sat, March 16, 2013 00:02, Balint Reczey wrote:
I would like to upload wireshark/1.8.2-5wheezy1 to
testing-proposed-updates to fix open security issues in wheezy.
This request can be postponed, as we're going to try to handle this
through wheezy-security as a first guinea pig. If this works
package release.debian.org
user release.debian@packages.debian.org
usertag 687583 + rm - unblock
retitle 687583 RM: altos/1.0.3
thanks
Hi Release Managers,
Please remove altos from testing as per maintainer comment in #676739.
Cheers,
Thijs
signature.asc
Description: This is a digitally
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi Release Team,
I've been looking into Postfix RC bug #700719. In short, my proposal is to
fix the maintainer field and then unblock the package. Please see my message
in the bug log for
Op woensdag 6 maart 2013 10:16:18 schreef Adam D. Barratt:
It looks like the maintainer field is already fixed in sid, in
2.10.0-1; that is a number of upstream releases more recent than the
current wheezy package, however.
Your last message in #700719 indicates that your inclination
Op donderdag 28 februari 2013 21:35:09 schreef Moritz Mühlenhoff:
So we should proceed with providing backports for openjdk in the future.
If Matthias keeps the Debian/Ubuntu packaging in a state that it's easily
buildable on squeeze/wheezy for ojdk6 and for wheezy on ojdk7 I think
we should
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi RT,
Package pigz/2.2.4-2 was uploaded to sid fixing CVE-2013-0296 (#700608).
The maintainer also added hardening flags. This may be on the border of
acceptable/unacceptable for an
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi,
Please unblock and bump the urgency of package pktstat.
It fixes security issue CVE-2013-0350; #701211: left over debug code caused
both a temp file race and information leak.
On Sat, February 23, 2013 17:55, Niels Thykier wrote:
Control: reopen -1
On 2013-02-23 17:45, Alexander Wirt wrote:
Thijs Kinkhorst schrieb am Saturday, den 23. February 2013:
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
As mentioned in #700805, this line introduces a memory leak if realloc
fails for any reason.
Upstream has committed a fix for the issue but also concluded that this
causing real world trouble is not very probable.
So either the patch needs to be applied to openconnect or the package needs to
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Dear release team,
Please unblock package nagios-nrpe.
The update is documentation only. It's done to address #547092: SSL support
is fundamentally broken in NRPE, which cannot be fixed
Op vrijdag 15 februari 2013 17:58:23 schreef Adam D. Barratt:
On Mon, 2013-02-11 at 10:41 +0100, Thijs Kinkhorst wrote:
[ cups (1.4.4-7+squeeze2) stable-security; urgency=high ]
Our sanity check grumbled about this one, as p-u has +squeeze3; is that
intentional? I can't remember what
On Sun, February 10, 2013 17:25, Adam D. Barratt wrote:
We're somewhat overdue with the next Squeeze point release (6.0.7) and
it'd be good to get it done before the wheezy release, so that we can
pull in some upgrade fixes.
Attached are the proposed updates to ia32-libs and ia32-libs-core at
On Mon, February 11, 2013 10:40, Thijs Kinkhorst wrote:
On Sun, February 10, 2013 17:25, Adam D. Barratt wrote:
We're somewhat overdue with the next Squeeze point release (6.0.7) and
it'd be good to get it done before the wheezy release, so that we can
pull in some upgrade fixes.
Attached
On Thu, January 17, 2013 23:50, Neil Williams wrote:
On Thu, 17 Jan 2013 19:51:13 +
Robert Lemmen rober...@semistable.com wrote:
#695716 is a GFDL-bug, upstream has relicensed their docs and released a
new version 0.6.7, I have updated the package and uploaded to unstable.
... which
retitle 692911 unblock: ca-certificates/20121114
thanks
Hi,
ca-certificates/20121114 has been uploaded in the meantime which addresses
both the wish for documentation expressed in this bug log above and fixes
RC bug #537051. It has been in unstable for over 30 days now without new
issues
On Sun, December 9, 2012 16:10, Salvatore Bonaccorso wrote:
On Sun, December 9, 2012 13:11, Salvatore Bonaccorso wrote:
Thank you Dominic for keeping updated. Security team, attached is the
proposed debdiff for the libcgi-pm-perl part.
Yes, please upload this to security master.
I did a
Hi,
I propose that we remove the flightgear, simgear and probably associated
packages fgfs-base and fgrun from wheezy, because they have RC bugs and there
seems to be no concrete indication that this will be resolved anytime soon.
This is based on the following observations.
Security issues
-1.2) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Revert conversion to Multi-Arch: same done in 2.30.3-1.1.
+This needs to be done coordinated with changes to libglade2.
+ * Keep the Multi-Arch: foreign change for libgnomecanvas-common.
+
+ -- Thijs Kinkhorst th...@debian.org Sun
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi,
I believe we should consider to have ia32-libs and friends migrate to
testing. In my perception the status is as follows.
All blocking bugs against ia32-libs have been closed. I have
for wheezy+1 (Closes: #677993, #678077).
+ * Fix DoS via specially crafted EAP-TLS messages with longer message
+length than TLS data length (CVE-2012-4445, DSA 2557-1, Closes: #689990).
+
+ -- Thijs Kinkhorst th...@debian.org Sat, 13 Oct 2012 14:48:08 +
+
wpa (1.0-2) unstable; urgency=low
On Thu, October 11, 2012 10:07, Thijs Kinkhorst wrote:
On Wed, October 10, 2012 22:43, Adam D. Barratt wrote:
On Thu, 2012-08-30 at 22:13 +0100, Adam D. Barratt wrote:
On Mon, 2012-08-27 at 23:00 -0400, David Prévot wrote:
Can someone from the release team please confirm that you would
On Wed, October 10, 2012 22:43, Adam D. Barratt wrote:
On Thu, 2012-08-30 at 22:13 +0100, Adam D. Barratt wrote:
On Mon, 2012-08-27 at 23:00 -0400, David Prévot wrote:
Can someone from the release team please confirm that you would
consider
unblocking such an upload of gnupg, knowing that
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi,
Please unblock package tinyproxy. It fixes a denial of service.
unblock tinyproxy/1.8.3-3
Thanks,
Thijs
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a
On Fri, September 28, 2012 07:04, Adam D. Barratt wrote:
Is adding the epoch any more involved than just changing the version
number, from a packaging point of view? If not, then doing that today
would indeed be one way out of the issue, depending on your opinion of
doing so, with your
On Thu, September 27, 2012 20:52, Adam D. Barratt wrote:
On Wed, 2012-09-26 at 12:53 +0200, Thijs Kinkhorst wrote:
On Wed, September 26, 2012 11:02, Philipp Kern wrote:
On Wed, Sep 26, 2012 at 09:17:53AM +0200, Thijs Kinkhorst wrote:
OK, so we need to update ia32-libs again, now that all
On Thu, September 27, 2012 22:38, Adam D. Barratt wrote:
On Thu, 2012-09-27 at 22:10 +0200, Thijs Kinkhorst wrote:
On Thu, September 27, 2012 20:52, Adam D. Barratt wrote:
a) prop-up the packages from p-u to testing (meh) and unstable (bad)
during the point release
b) exclude ia32-libs
On Mon, September 17, 2012 15:58, Philipp Kern wrote:
ok, given the replies, let's settle on this:
On Fri, Sep 07, 2012 at 09:43:03PM +0200, Philipp Kern wrote:
* Sep 29/30: ok from RT side
OK, so we need to update ia32-libs again, now that all changes are in.
The other two ia32-libs-* do not
On Wed, September 26, 2012 11:02, Philipp Kern wrote:
Hi,
On Wed, Sep 26, 2012 at 09:17:53AM +0200, Thijs Kinkhorst wrote:
OK, so we need to update ia32-libs again, now that all changes are in.
The other two ia32-libs-* do not require an update in this release.
Attached is the proposed
.
+
+ -- Thijs Kinkhorst th...@debian.org Wed, 29 Aug 2012 15:43:31 +
+
simplesamlphp (1.9.1-1) unstable; urgency=medium
* New upstream security release:
diff -Nru simplesamlphp-1.9.1/docs/simplesamlphp-changelog.txt simplesamlphp-1.9.2/docs/simplesamlphp-changelog.txt
--- simplesamlphp-1.9.1/docs
On Mon, August 27, 2012 03:38, David Prévot wrote:
Attached the current (from the gnupg package repository) debdiff,
excluding the translation, since it contains other pending changes that
may not be in line with the current freeze policy (so the release team
may point what changes could be
Hi,
As it seems, Daniel has uploaded a version of open-vm-tools that reverts
the contentious changes. This version has been in unstable for 11 days now
and no bugs have been reported since.
Can you please review and unblock?
thanks,
Thijs
--
To UNSUBSCRIBE, email to
site scripting [PMASA-2012-4].
+
+ -- Thijs Kinkhorst <th...@debian.org> Mon, 13 Aug 2012 13:24:09 +
+
phpmyadmin (4:3.4.11-1) unstable; urgency=low
* New upstream release.
diff -Nru phpmyadmin-3.4.11/js/db_structure.js phpmyadmin-3.4.11.1/js/db_structure.js
--- phpmyadmin-3.4
On Wed, August 8, 2012 01:15, Cyril Brulebois wrote:
Thijs Kinkhorst th...@debian.org (07/08/2012):
On Tue, August 7, 2012 01:44, Cyril Brulebois wrote:
while I have only glanced at it, that doesn't look bad at all,
please go ahead and ping us once it's accepted.
It has now been accepted
On Tue, August 7, 2012 01:44, Cyril Brulebois wrote:
Hello Thijs,
Thijs Kinkhorst th...@debian.org (06/08/2012):
I would like to upload simplesamlphp/1.9.1-1: an upstream security
release that only fixes a security issue and adds some minor
documentation fixes. The debdiff is attached
.
+
+ -- Thijs Kinkhorst th...@debian.org Mon, 06 Aug 2012 12:57:02 +
+
simplesamlphp (1.9.0-1) unstable; urgency=low
* New upstream release.
diff -Nru simplesamlphp-1.9.0/docs/simplesamlphp-changelog.txt simplesamlphp-1.9.1/docs/simplesamlphp-changelog.txt
--- simplesamlphp-1.9.0/docs
Hi,
open-vm-tools/2:8.8.0+2012.05.21-724730-3 was uploaded to fix an RC bug in the
package (#679886). It has now aged for 11 days without problems discovered.
It must be noted that wheezy now contains -1. -2 was uploaded before the
freeze and got an automatic unblock already. Its changes have
On Sun, May 6, 2012 10:00, Thijs Kinkhorst wrote:
On Sat, May 5, 2012 20:49, Adam D. Barratt wrote:
On Sat, 2012-05-05 at 20:39 +0200, Ondrej Sury wrote:
For some reason I had it in my head that 5.4.2 was the upstream
version
with the fixed fix rather than the not-quite fixed fix.
I think
On Sat, May 5, 2012 20:49, Adam D. Barratt wrote:
On Sat, 2012-05-05 at 20:39 +0200, Ondrej Sury wrote:
For some reason I had it in my head that 5.4.2 was the upstream
version
with the fixed fix rather than the not-quite fixed fix.
I think this is the case (e.g. 5.4.2 is the fixed
1 - 100 of 287 matches
Mail list logo