Re: [SECURITY] [DLA 3623-1] linux-5.10 security update
Ben Hutchings wrote on 19.10.23 23:24: - Debian LTS Advisory DLA-3623-1debian-lts@lists.debian.org https://www.debian.org/lts/security/Ben Hutchings October 19, 2023 https://wiki.debian.org/LTS - Package: linux-5.10 Version: 5.10.197-1~deb10u1 Hello, was it intentional that this new build still has a build date of 2023-08-08 the same date as the previous kernel package linux-image-5.10.0-0.deb10.24-amd64 ? Best Regards Andreas P.S.: i'm not on the list, please CC an answer, thanks! OpenPGP_signature.asc Description: OpenPGP digital signature
Re: Preparing to announce Squeeze LTS end-of-life
Hi, > Additionally, I think it's fine to handle any updates to Squeeze on a > consultancy basis, but then not via the official mirrors. i agree, otherwise people wouldn't upgrade to wheezy at all because "they will keep fixing the big things in squeeze" - i observe similar behavior with typo3-upstream users... Regards Andreas
Re: End of life for MySQL 5.1
Hi, we use mysql-server and -client on some Debian squeeze machines, but we don't use any more advanced features like replication. > - Try to backport fixes based on the 5.5.x interdiffs (since Oracle > publishes no detailed bug details). Complicated, but could be done > in collaboration with Red Hat, RHEL 6 is also based on MySQL 5.1. >From my point of view, this would be the best way. But i think that this would be the option with the most work involved. Because oft that thought, our 2nd priority would be the backport. We upgraded some servers to wheezy (and therefore mysql-server-5.5) and had no problem at all regarding MySQL. The only negative thing that comes to my mind regarding a 5.5.x-backport would be, that there might be many squeeze-admins who did the simple switch to squeeze-lts in sources.list but wouldn't do the work involved with installing the backport. kind of a "political" question, whether these people should be supported in their lazyness.. Regards, Andreas Am 21.01.2015 um 08:46 schrieb Moritz Muehlenhoff: > Hi, > I just noticed that MySQL 5.1 is now EOLed by Oracle: > > http://www.mysql.com/support/eol-notice.html: > > | Per Oracle's Lifetime Support policy, as of December 31, 2013, MySQL > | 5.1 is covered under Oracle Sustaining Support. > > As per http://www.mysql.com/support/ this means: > > | No new releases, no new fixes (no error correction for new issues), no new > updates > > The mysql derivatives also stopped support for 5.1, e.g. mariadb's > last 5.1 release is a year old. > > Possible solutions: > - End of life for mysql in Debian LTS (but massive reverse deps) > - Provide a backport of 5.5 for squeeze-lts (mysql also ships a lib, > though) > - Try to backport fixes based on the 5.5.x interdiffs (since Oracle > publishes no detailed bug details). Complicated, but could be done > in collaboration with Red Hat, RHEL 6 is also based on MySQL 5.1. > > Cheers, > Moritz > > -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54c13605.4060...@andreas-ziegler.de
Re: Untrusted versions of packages
Hello, we had this problem too, but only on a few of many servers. solved by removing cached lists in /var/cache/apt/lists/ and apt-get update (or aptitude update) again. we use the http redirector at http.debian.net > Recently I started to get following errors on my squeeze server while > using squeeze-lts. > > # apt-get upgrade > Reading package lists... Done > Building dependency tree > Reading state information... Done > The following packages will be upgraded: > apt apt-utils rsyslog tzdata > 4 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. > Need to get 3375 kB of archives. > After this operation, 344 kB disk space will be freed. > Do you want to continue [Y/n]? > WARNING: The following packages cannot be authenticated! > apt tzdata apt-utils rsyslog > Install these packages without verification [y/N]? > E: Some packages could not be authenticated -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5447b270.8090...@andreas-ziegler.de
Fwd: [SECURITY] [DSA 2954-1] dovecot security update
Hi, is someone planning to fix that issue in squeeze-backports? although i read most of the mails on the debian-lts-related mailing lists and searched the wiki, i couldn't find information on how security issues with packages in squeeze-backports will be handled. perhaps worth adding the answer to that there? https://wiki.debian.org/LTS/FAQ Regards Andreas Ziegler Original-Nachricht Betreff: [SECURITY] [DSA 2954-1] dovecot security update Weitersenden-Datum: Mon, 9 Jun 2014 18:02:51 + (UTC) Weitersenden-Von: debian-security-annou...@lists.debian.org Datum: Mon, 09 Jun 2014 18:02:29 + Von: Salvatore Bonaccorso Antwort an: debian-secur...@lists.debian.org An: debian-security-annou...@lists.debian.org - Debian Security Advisory DSA-2954-1 secur...@debian.org http://www.debian.org/security/ Salvatore Bonaccorso June 09, 2014 http://www.debian.org/security/faq - Package: dovecot CVE ID : CVE-2014-3430 Debian Bug : 747549 It was discovered that the Dovecot email server is vulnerable to a denial of service attack against imap/pop3-login processes due to incorrect handling of the closure of inactive SSL/TLS connections. For the stable distribution (wheezy), this problem has been fixed in version 1:2.1.7-7+deb7u1. For the testing distribution (jessie), this problem has been fixed in version 1:2.2.13~rc1-1. For the unstable distribution (sid), this problem has been fixed in version 1:2.2.13~rc1-1. We recommend that you upgrade your dovecot packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/539a3526.5070...@andreas-ziegler.de
