Antoine Beaupré writes:
> Somehow the DLA-1130-1 that was associated with this upload never made
> it to the mailing list archive here:
Yes, I commented on that in a recent email.
I didn't realize until after I uploaded the newer version associated
with DLA-1140-1. So
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: wget
Version: 1.13.4-3+deb7u5
CVE ID : CVE-2017-13089 CVE-2017-13090
CVE-2017-13089
Fix stack overflow in HTTP protocol handling.
CVE-2017-13090
Fix heap overflow in HTTP protocol handling.
For Debian
On 2017-10-27 19:05:07, Hugo Lefeuvre wrote:
> Hi Antoine, Brian,
>
>> Somehow the DLA-1130-1 that was associated with this upload never made
>> it to the mailing list archive here:
>>
>> https://lists.debian.org/debian-lts-announce/2017/10/
>>
>> I also didn't receive a copy, so I suspect it
Dear maintainer(s),
The Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of suricata:
https://security-tracker.debian.org/tracker/source-package/suricata
Would you like to take care of this yourself?
If yes, please follow the workflow we have
Dear maintainer(s),
The Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of puppet:
https://security-tracker.debian.org/tracker/source-package/puppet
Would you like to take care of this yourself?
If yes, please follow the workflow we have
Dear maintainer(s),
The Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of spip:
https://security-tracker.debian.org/tracker/source-package/spip
Would you like to take care of this yourself?
If yes, please follow the workflow we have defined
Hi Antoine, Brian,
> Somehow the DLA-1130-1 that was associated with this upload never made
> it to the mailing list archive here:
>
> https://lists.debian.org/debian-lts-announce/2017/10/
>
> I also didn't receive a copy, so I suspect it was never sent.
>
> A.
>
> PS: I realized this while
Somehow the DLA-1130-1 that was associated with this upload never made
it to the mailing list archive here:
https://lists.debian.org/debian-lts-announce/2017/10/
I also didn't receive a copy, so I suspect it was never sent.
A.
PS: I realized this while reviewing my own announcements - it seems
Package: git-annex
Version: 3.20120629+deb7u1
CVE ID : CVE-2017-12976
Debian Bug : 873088
git-annex before 6.20170818 allows remote attackers to execute arbitrary
commands via an ssh URL with an initial dash character in the hostname,
as demonstrated by an
On 2017-10-24 15:44:18, Antoine Beaupré wrote:
> Hi,
>
> After further analysis for the issues affecting golang in Wheezy, I have
> concluded that it is not necessary to perform updates.
>
> CVE-2017-15041 concerns only the "go get" command, and only malicious
> Subversion repositories which can
10 matches
Mail list logo