Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock juju 0.5.1-2 to get the security fix into Wheezy.
Cheers,
Moritz
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500,
On Fri, Aug 31, 2012 at 06:34:38PM +0200, Julien Cristau wrote:
On Fri, Aug 31, 2012 at 10:37:25 +0200, Thorsten Glaser wrote:
The Release Notes say that 1.19.2 is a security-fix release,
and does not list any unrelated changes. Question is, (to the
more seasoned MW packagers) can we
On Mon, Sep 03, 2012 at 09:51:28PM +0200, Lucas Nussbaum wrote:
On 16/01/12 at 21:20 +0100, Lucas Nussbaum wrote:
ruby1.9.1 is known to be broken on ia64 (see #593141). It currently
builds only because the test suite is disabled on that architecture, but
the fact that other Ruby packages
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
Hi,
tendra seems like a removal candidate for Wheezy:
- unfixed RC bug since a year
- marginal popcon
- not ported to amd64
Cheers,
Moritz
--
To UNSUBSCRIBE, email to
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package devscripts. It fixes CVE-2012-2240
and CVE-2012-2241.
unblock devscripts/2.12.3
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package libxcrypt. It fixes CVE-2011-2483.
unblock libxcrypt/1:2.4-1.1
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500,
On Mon, Sep 03, 2012 at 03:46:10PM +0200, Matthias Klumpp wrote:
Okay, breaking down the changes:
Since the review resources of the release managers are scarce and since we
should
get the security fixes into Wheezy, what about preparing a 0.7.5-2+deb7u1 upload
to testing-proposed-updates with
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
I've prepared a tpu security upload for openjpeg (attached).
Ok to upload?
Cheers,
Moritz
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy:
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi,
please unblock icedove 10.0.7-1. It fixes the latest round of
Mozilla security issues.
unblock icedove/10.0.7-1
Cheers,
Moritz
-- System Information:
Debian Release:
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package gnugk
It fixes CVE-2012-3534.
unblock gnugk/2:3.0.2-3
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package moodle
It fixes multiple security issues.
unblock moodle/2.2.3.dfsg-2.3
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy:
On Wed, Sep 19, 2012 at 08:45:27AM +0100, Adam D. Barratt wrote:
On 19.09.2012 08:23, Cajus Pollmeier wrote:
Am Dienstag, 18. September 2012, 18:54:47 schrieben Sie:
On Mon, Sep 10, 2012 at 02:20:54PM +0200, Mehdi Dogguy wrote:
Unfortunately, even if we can unblock qpid-cpp/0.16-7 for
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
Please remove gksu-polkit 0.0.3-1 from testing. No followup for #684489
since 1.5 months and apparently this was ignored also upstream
(the Debian maintainer is also upstream)
Cheers,
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi,
please unblock gunicorn 0.14.5-3
It fixes a security issue (no bug and no CVE yet)
Cheers,
Moritz
unblock gunicorn/0.14.5-3
-- System Information:
Debian Release: wheezy/sid
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi,
please unblock wpa 1.0-3 . It fixes CVE-2012-4445.
I saw on IRC that it's currently held back due to it's udeb, but
let's file a bug to keep it on the radar.
Cheers,
Moritz
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package dnsmasq
It fixes CVE-2012-3411
unblock dnsmasq/2.63-4
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi,
please unblock icedove 10.0.9-1
It fixes multiple security issues
Cheers,
Moritz
unblock icedove/10.0.9-1
-- System Information:
Debian Release: wheezy/sid
APT prefers
On Thu, Oct 18, 2012 at 08:08:11PM +0100, Adam D. Barratt wrote:
On Thu, 2012-10-18 at 08:38 +0200, Guido Günther wrote:
I'm not sure wheter there is active _upstream_ security support for
lightning but I guess thats not different from some other packages.
One of the reasons to build
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock cups-pk-helper 0.2.3-2
It fixes CVE-2012-4510
cheers,
Moritz
unblock cups-pk-helper/0.2.3-2
-- System Information:
Debian Release: wheezy/sid
APT prefers
icecast2-2.3.2/debian/changelog
--- icecast2-2.3.2/debian/changelog 2012-09-14 00:55:08.0 +0200
+++ icecast2-2.3.2/debian/changelog 2012-10-22 20:40:33.0 +0200
@@ -1,3 +1,9 @@
+icecast2 (2.3.2-9+deb7u2) wheezy; urgency=low
+
+ * CVE-2011-4612 (Closes: #652663)
+
+ -- Moritz Muehlenhoff
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi,
please unblock revelation 0.4.13-1.2. It fixes CVE-2012-3818.
Cheers,
Moritz
unblock revelation/0.4.13-1.2
-- System Information:
Debian Release: wheezy/sid
APT prefers
On Wed, Oct 10, 2012 at 12:42:42AM +0400, Alexander Golovko wrote:
Upstream recommend do not use hardening for bacula, so we have 71
lintian warning about this fact. In git master branch this warnings was
hidden by adding lintian-overrides. This is cosmetic change and should
not present in
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package libav. It fixes multiple security issues:
CVE-2012-2772
CVE-2012-2775
CVE-2012-2776
CVE-2012-2777
CVE-2012-2779
CVE-2012-2784
CVE-2012-2786
CVE-2012-2787
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package chromium-browser
It fixes multiple security issues.
In Wheezy Chromium will be updated by shipping the current upstream
releases in stable-security.
Cheers,
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock icedove 10.0.10-1. It fixes multiple security issues.
unblock icedove/10.0.10-1
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500,
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi,
please unblock python-django 1.4.2-1. It fixes
CVE-2012-4520
Cheers,
Moritz
unblock python-django/1.4.2-1
-- System Information:
Debian Release: wheezy/sid
APT prefers
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
Please remove lgeneral from testing. A DFSG-clean and up-to-date
version will be provided in unstable and delivered through
wheezy-backports.
See
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package elinks. It fixes CVE-2012-4545.
debdiff attached.
unblock elinks/0.12~pre5-9
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy:
On Wed, Oct 24, 2012 at 06:28:47PM +0200, Moritz Muehlenhoff wrote:
On Wed, Oct 10, 2012 at 12:42:42AM +0400, Alexander Golovko wrote:
Upstream recommend do not use hardening for bacula, so we have 71
lintian warning about this fact. In git master branch this warnings was
hidden by adding
On Wed, Oct 10, 2012 at 06:52:16PM +0200, Julien Cristau wrote:
On Mon, Oct 1, 2012 at 15:00:25 +0800, Thomas Goirand wrote:
diff -Nru keystone-2012.1.1/debian/keystone.postinst
keystone-2012.1.1/debian/keystone.postinst
--- keystone-2012.1.1/debian/keystone.postinst 2012-09-12
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package gnuboy
It's the last package using libggi. (I overlooked it initially since
it's in contrib)
unblock gnuboy/1.0.3-6.1
-- System Information:
Debian Release:
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
Please remove libjdic-java/0.9.5-7 from Wheezy. It's RC-buggy since a year
(incompatible
with current Mozilla), orphaned and apparently dead upstream (upstream homepage
vanished).
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
Hi,
as per #668065, please remove drupal6 and the reverse addons from testing.
These packages are rev deps and need to be removed along:
drupal6-mod-addtoany: 3.4-1
drupal6-mod-cck: 2.9-1
On Fri, Aug 24, 2012 at 12:03:17AM +0200, Julien Cristau wrote:
On Thu, Aug 23, 2012 at 23:09:13 +0200, Moritz Muehlenhoff wrote:
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
Hi,
as per #668065, please remove drupal6
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
Please drop pyjamas/0.7-1 from testing. It depends on sugar-hulahop,
which is going away for Wheezy.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to
On Sat, Aug 11, 2012 at 04:34:42PM +0200, Giuseppe Iuculano wrote:
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package chromium-browser
debian/ diff can be found here:
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
Please remove mathopd 1.5p6-1.1
We have enough mini httpds in the archive, which are actually maintained:
- No maintainer upload since 2008
- No followup to security bug since half a year
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
Now that pyjamas is dropped from testing, sugar-hulahop can be dropped
as well to address #631051
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
Package: release.debian.org
Severity: normal
Hi,
please unblock pcp 3.6.5. It fixes several security issues.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
Package: release.debian.org
Severity: normal
Hi,
please unblock mahara/1.5.1-2. It fixes several security issues.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
On Tue, Sep 04, 2012 at 08:48:09PM +0200, Niels Thykier wrote:
On 2012-09-03 23:52, Lisandro Damián Nicanor Pérez Meyer wrote:
On Mon 27 Aug 2012 17:08:48 Niels Thykier escribió:
[snip]
Hi Niels! Sune Vuorela asked with upstream and they both reviewed the code
to
find that, while
On Tue, Aug 28, 2012 at 08:45:19AM +0200, Cajus Pollmeier wrote:
Which may lead to these actions:
* Inspect the SONAME of the upcoming 0.18 release and choose some
non conflicting value between the 0.16 and 0.18 releases. I'd like
to avoid maintaining a completely different scheme
Matthias Urlichs has already filed bugs against packages that
still depend on gnutls7 and gnutls10 and their libgcrypt
counterparts. I noticed that libphone, which is close to transition
from sid, depends on gnutls10 for i386.
Wouldn't it be better to file RC bugs against gnutls7 and gnutls10
to
In gmane.linux.debian.devel.release Andreas Metzler wrote:
counterparts. I noticed that libphone, which is close to transition
from sid, depends on gnutls10 for i386.
SID balrog:/# dpkg -l '*libphon*'
No packages found matching *libphon*.
Typo; I meant linphone.
In gmane.linux.debian.devel.release, you wrote:
ppp 2.4.2+20040428-3 needed, have 2.4.2+20040428-2 for CAN-2004-1002
Candidate for to be forced into testing, if the diff seems sane
to RMs. If not we should backport only the security fix to t-p-u.
Users can only DoS their own
Steve Langasek wrote:
prozilla (unfixed; bug #284117) for CAN-2004-1120
Well it's not fixed, and no patch is known. Candidate for
removal.
Tagged for removal.
But as the stable version is already vulnerable this will still leave
people with an installed exploitable version when
Steve Langasek wrote:
mozilla-thunderbird
41 days old
FTBFS on alpha, arm, m68k
... with a patch in the BTS, if someone wants to NMU...
The maintainer posted a followup to the firefox side of the latest
Mozilla IDN buffer overflow, so I very much suspect he's currently
preparing
Andreas Barth wrote:
4:3.3.2-6.2 seems to be in NEW? And is blocking kdegraphics below.
Moritz Muehlenhoff wrote (privately):
But according to http://ftp-master.debian.org/new.html it is in
t-p-u? And it's not shown in the PTS either?
And why would it need to go through NEW
Steve Langasek wrote:
the fact that the mips/mipsel guys do their own thing in their own way is i
believe etch-RC though, and need to be solved in the next 6 month.
That's a decision that needs to be made together with the people who will be
doing security support for the kernel in etch.
Holger Levsen wrote:
* Unfortunatly, nobody from the kernel team is really interested in
working on 2.4 anymore. They do security fixes for the 2.4 kernels
in woody and sarge, for which I'm very thankful, but that's about it.
Even though 2.4 is moving very slowly nowadays
Matthias Klose wrote:
- Once the 4.1 packages are migrated to testing, make 4.1 the default
compiler for i386, amd64, powerpc.
GCC 4.1 has lightweight protective measures against stack overflows.
Is this something that must be explicitly activated by maintainers
through compiler flags or will
Andreas Barth wrote:
as we're now on track in getting sarge r2 out, I'm interessted when the
next kernel update should happen - and of course if there is something
important from your side. As far as I understood, that update will be an
ABI-change, which means: we need to rebuild the
Frans Pop wrote:
On Wednesday 15 March 2006 00:15, Moritz Muehlenhoff wrote:
The update is built and tested, it'll appear soon. It contains three
ABI changing security fixes, so the ABI will be bumped. I can't speak
for d-i.
ABI changes are for both 2.6 and 2.4 kernel, correct
Steve Langasek wrote:
# The most commonly installed binary package from gforge, gforge-common,
# has only 12 installations in popcon. One of its packages has been
# uninstallable for 64 days. There is also a possible security-related
# bug, #328224 (it is not RC only because no one has yet
Steve Langasek wrote:
On Sun, Jun 04, 2006 at 11:24:46AM +0200, Andreas Barth wrote:
- traditionally weak with keeping up, but currently in good shape
I don't agree that http://buildd.debian.org/stats/graph2-quarter-big.png
shows it in good shape. We can expect the build load to get
Martin Schulze wrote:
It would be good if we would be able some day to release kernel
updates in a more timely fashion and also not accumulate this many
security updates in one update. However, due to the number of
architectures and affected packages I'm not sure this goal can be met
any
dann frazier wrote:
On Tue, Jun 06, 2006 at 01:32:42PM -0600, dann frazier wrote:
On Tue, Jun 06, 2006 at 09:23:45PM +0200, Frans Pop wrote:
The more arches are built by the same person, the easier coordination is.
So your offer is very welcome.
Note that you'll need to check out
Russ Allbery wrote:
Debian 3.1r2 shipped with a broken rssh package due to a bug introduced
with a security fix.
I have prepared a new package () with the problem fixed. The patch is
attached.
The package can be found from
Russ Allbery wrote:
This probably needs an update on security.debian.org as well, and maybe
an advisory or advisory update (not sure). I mailed [EMAIL PROTECTED] a
while back about it with the same patch and got an acknowledgement, but
I think they then ran out of time to deal with it.
dann frazier wrote:
On Wed, Aug 16, 2006 at 05:07:31AM +0200, Goswin von Brederlow wrote:
Could we quantify that somewhat? Is one security bug enough? Are 10?
Do we have a delegate that could audit and veto a package already
other than the release team? Is that the domain of QA or security?
Steve Langasek wrote:
Steve Langasek wrote:
In the meantime, I'm downgrading 160579 because I don't see anything in=
that
report that would justify claiming the package is unreleasable.
It's also vulnerable to CVE-2004-2656 (no bug seems to exist) and
CVE-2001-1535 (328927).
FWIW, of
Steve Langasek wrote:
Another transition that today is in an earlier stage is the
mozilla-xulrunner transition. I've asked on #debian-release what people
thought should be done if seamonkey isn't packaged in time for etch --
should mozilla and all its reverse-deps be dropped because it's not
Holger Levsen wrote:
The first one doesn't look like a real security problem.
Please explain why you think that putting arbitrary long strings into fixed=
sized buffers is not a security problem, preferedly in the bugreport.
The buffer overflow can only be triggered through a file only root
Wouter Verhelst wrote:
August 16 birthday party in Breda, I discussed this with Jeroen Van
Wolffelaar who told me that in theory, it should not be very hard to
create a suite in dak to allow us to have a mostly-etch distribution;
one that is only slightly different from the 'real' etch. Given
Stephen R Marenka wrote:
My spare time is too limited to care about m68k. I'd suggest you prepare
the m68k binary updates from the regular source updates available on
s.d.o on your own.
Could m68k still do security building out of wanna-build?
Of course, you could also have continued access
On 2006-10-02, Norbert Preining [EMAIL PROTECTED] wrote:
On Mon, 02 Okt 2006, Ond??ej Surý wrote:
poppler 0.5.4 (f.d.o PDF rendering library) was declared stable by
upstream and I would like to upload new version to unstable which
changes SONAME from 0 to 1. No API changes were done between
Frank Küster wrote:
It's completely inacceptable for pdftex to acquire a dependency on gtk
or qt. If using plain libpoppler turns out to be impossible, we'd
Nearly 1000 packages in sid depend on glib, it's not that it's a completely
obscure lib causing major problems. Please elaborate why that
Michael Schmitz wrote:
It's not the ftpmaster stuff that needs to be done, it's the RM and
security stuff. Security stuff for *sarge* is already a problem, with
the xfree86 update currently blocking the release of r4, due to lack of
an m68k build, eg.
Build times for kdebase_4:3.3.2-1sarge3:
The current security state of testing looks quite well. I'd
like to point out some issues you might not be aware of, as they
are not tracked by RC bugs.
This mail also lists some issues I'd like to have resolved and where
help is very welcome, as quite some stable-security work has piled
up.
Only
Daniel Kobras wrote:
On Sun, Oct 22, 2006 at 12:54:34PM +0200, Moritz Muehlenhoff wrote:
- Imagemagick needs a co-maintainer. The current maintainer seems
really busy and hasn't replied to mail with patches since about
a month. It also needs a fix for #393025, it anyone wants to NMU
I noticed several RC bugfixes, which were uploaded with urgency=low.
You might want to check, whether these should be bumped: (I've left
out cases, where a new upstream has been incorporated)
395562 apt-listbugs 0.0.66
394204 aranym 0.9.4beta-4
376505 arch2darcs 1.0.7
394051
I already discussed this with Dann Frazier (bcc:ed), who said doing security
support for fai-kernels is no problem. (After all, it's just adding a
changelog entry and rebuilding the package once a new linux-source-$version
is available.)
So I have one question: should I *now* (let
Martin Schulze wrote:
#398437: Please add notice about PHP register_globals not security supported
Please go ahead. I hope that no PHP installation we currently provide
has it turned on.
If anyone spots a webapp packaged in Debian, which only works with
register_globals
enabled, please file
Hi Steinar,
assuming the hole isn't specific to -mpm-itk, of course).
Would this be OK for the security team? (I do not know of any objections from
the debian-apache team; after all, apache2-src was added explicitly to
support apache2-mpm-itk, as the debian-apache team currently does not
I've seen a couple of RC bugs being filed for rpath issues in various
packages. For stable-security these are only treated as DSA-worthy
if the rpath points to /tmp, but not towards a directory like /build
or a specific home directory, as exploiting these would require social
engineering against
of action.
The secure-testing list is inappropriate to ask the security team about a
package in Lenny. Please use the appropriate contact and get them to reply.
I was more concerned about getting feedback from the webkit
developers. I've already talked to Moritz Muehlenhoff from the
security
On Wed, Sep 08, 2010 at 03:22:29PM +0200, Julien Cristau wrote:
from now, and as far as I know neither the security team nor the stable
release managers usually accept that kind of changes in stable. If they
say they'll be happy to accept random chromium code dumps in released
squeeze,
The
On Thu, Sep 09, 2010 at 03:54:56PM +0100, Neil McGovern wrote:
On Thu, Sep 09, 2010 at 11:25:30AM +0200, Matthias Klose wrote:
Sometimes 2to3 will find a place in your source code that needs to be
changed, but 2to3 cannot fix automatically. In this case, 2to3 will
print a warning beneath
On 2010-09-11, Julien Cristau jcris...@debian.org wrote:
--ZPt4rx8FFjLCG7dd
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, Sep 8, 2010 at 08:43:08 +0200, Stefan Bauer wrote:
Am 04.09.2010 18:13, Adam D. Barratt
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
Please remove symfony from testing. It contains security sensitive
code copies and should not enter a stable release if it's orphaned.
Popcon is also very low. We can leave it in unstable for
On 2010-09-22, Stefan Bauer stefan.ba...@cubewerk.de wrote:
Am 22.09.2010 15:27, Julien Cristau schrieb:
On Wed, Sep 22, 2010 at 15:19:11 +0200, Stefan Bauer wrote:
Am 22.09.2010 14:53, Julien Cristau schrieb:
So there's something I'm not sure I understand here. AFAIK, we're
shipping motif
Hi,
I went through the security issues fixed in sid, but not yet in
Squeeze.
[ I didn't look into the diffs against current testing, some might
be too intrusive for which we need to poke maintainers with a long
stick to fix it through t-p-u. ] Please review the following:
zabbix/1:1.8.3-2 -
On 2010-10-01, Moritz Muehlenhoff j...@inutil.org wrote:
Hi,
I went through the security issues fixed in sid, but not yet in
Squeeze.
[ I didn't look into the diffs against current testing, some might
be too intrusive for which we need to poke maintainers with a long
stick to fix it through
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package lib3ds, it fixes a security issue.
unblock lib3ds/1.3.0-5
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
On 2010-10-09, Adam D. Barratt a...@adam-barratt.org.uk wrote:
I have to admit that I don't follow PHP development particularly
closely. Would it be possible to briefly explain why 5.3.2 is
unsuitable for release, and 5.3.3 so much better?
I did see from the changelog of the experimental
On 2010-10-06, Moritz Muehlenhoff j...@inutil.org wrote:
On 2010-10-01, Moritz Muehlenhoff j...@inutil.org wrote:
Hi,
I went through the security issues fixed in sid, but not yet in
Squeeze.
[ I didn't look into the diffs against current testing, some might
be too intrusive for which we
On 2010-10-11, Moritz Muehlenhoff j...@inutil.org wrote:
On 2010-10-06, Moritz Muehlenhoff j...@inutil.org wrote:
On 2010-10-01, Moritz Muehlenhoff j...@inutil.org wrote:
Hi,
I went through the security issues fixed in sid, but not yet in
Squeeze.
[ I didn't look into the diffs against
Hi Ryan/release team,
During my review of open security issues I noticed that the
version of Midori currently in Squeeze still has broken
HTTPS support. (#582213)
We shouldn't ship a browser with the state as-is. We could
either drop it or update to the version currently in sid?
Cheers,
On 2010-10-15, Moritz Muehlenhoff j...@inutil.org wrote:
On 2010-10-11, Moritz Muehlenhoff j...@inutil.org wrote:
On 2010-10-06, Moritz Muehlenhoff j...@inutil.org wrote:
On 2010-10-01, Moritz Muehlenhoff j...@inutil.org wrote:
Hi,
I went through the security issues fixed in sid, but not yet
In gmane.linux.debian.devel.release, you wrote:
On 17/10/2010 22:08, Moritz Muehlenhoff wrote:
Hi Ryan/release team,
During my review of open security issues I noticed that the
version of Midori currently in Squeeze still has broken
HTTPS support. (#582213)
This bug is only about
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
I looked into the RC security issues in teamspeak-client and teamspeak-server,
but I guess we should rather remove them from Squeeze. Popcon is minimal,
teamspeak is non-free, OSS-only and
On 2010-10-18, Moritz Muehlenhoff j...@inutil.org wrote:
On 2010-10-15, Moritz Muehlenhoff j...@inutil.org wrote:
On 2010-10-11, Moritz Muehlenhoff j...@inutil.org wrote:
On 2010-10-06, Moritz Muehlenhoff j...@inutil.org wrote:
On 2010-10-01, Moritz Muehlenhoff j...@inutil.org wrote:
Hi,
I
On 2010-10-20, Moritz Muehlenhoff j...@inutil.org wrote:
On 2010-10-18, Moritz Muehlenhoff j...@inutil.org wrote:
On 2010-10-15, Moritz Muehlenhoff j...@inutil.org wrote:
On 2010-10-11, Moritz Muehlenhoff j...@inutil.org wrote:
On 2010-10-06, Moritz Muehlenhoff j...@inutil.org wrote:
On 2010
On 2010-10-18, Julien Cristau jcris...@debian.org wrote:
webkit/1.2.5-1 - Multiple CVE IDs
debian/patches/debian-changes-1.2.5-1 seems to revert the rest of the
patches, that looks broken.
Seems fixed in 1.2.5-2.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package iceweasel. It fixes multiple security issues.
unblock iceweasel/3.5.14-1
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy:
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package iceape. It fixes multiple security issues.
unblock iceape/2.0.9-1
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500,
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package php5. It fixes multiple security issues.
The update was acked earlier on debian-release.
unblock php5/5.3.3-2
-- System Information:
Debian Release: squeeze/sid
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package gollem. It fixes CVE-2010-3447.
unblock gollem/1.1.1+debian0-1.1
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500,
[Followup-To: header set to gmane.linux.debian.devel.release.]
On 2010-10-25, Michael Tautschnig m...@debian.org wrote:
A few hours ago clamav upstream has released a new version (0.96.4) fixing a
number of bugs including memory leaks and problems with corrupted PDF files=
(if
bytecode
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
I was reviewing security bugs and ran across phpwiki (597907)
I think it should rather be removed from testing at this point:
- broken with PHP 5.3 (592099)
- license issues (597905, 591197)
-
1 - 100 of 684 matches
Mail list logo
