subject:"Re\: Anyone having more information about the tcpdump security CVEs\?"

Re: Anyone having more information about the tcpdump security CVEs?

2017-01-30 Thread Guido Günther

On Mon, Jan 30, 2017 at 07:34:59PM +0100, Romain Francoise wrote:
> On Sun, Jan 29, 2017 at 05:14:33PM +0100, Romain Francoise wrote:
> > Ok, I will prepare the package and upload it next week.
> 
> Done! I didn't include the upstream tarball as I already uploaded it to
> jessie-security and IIUC it's the same archive, but I'm not absolutely
> certain this is right--if the upload gets rejected, I will reupload.

It is correct. The upstream tarball can only be uploaded to
securit-master once.
Cheers,
 -- Guido

Re: Anyone having more information about the tcpdump security CVEs?

2017-01-30 Thread Romain Francoise

On Sun, Jan 29, 2017 at 05:14:33PM +0100, Romain Francoise wrote:
> Ok, I will prepare the package and upload it next week.

Done! I didn't include the upstream tarball as I already uploaded it to
jessie-security and IIUC it's the same archive, but I'm not absolutely
certain this is right--if the upload gets rejected, I will reupload.

-- 
Romain Francoise 
http://people.debian.org/~rfrancoise/

Re: Anyone having more information about the tcpdump security CVEs?

2017-01-29 Thread Ola Lundqvist

Hi

Sounds great.

// Ola

On 29 January 2017 at 17:14, Romain Francoise  wrote:
> Hi,
>
> On Sat, Jan 28, 2017 at 09:02:20PM +0100, Ola Lundqvist wrote:
>> I can issue the DLA if you do the upload.
>
> Ok, I will prepare the package and upload it next week.
>
>> Are you sure the new tcpdump is backwards compatible?
>
> Almost certainly, yes. I will double-check compared to the wheezy
> version (4.3) which is now quite old, but I don't expect any
> user-visible changes.
>
> --
> Romain Francoise 
> https://people.debian.org/~rfrancoise/



-- 
 --- Inguza Technology AB --- MSc in Information Technology 
/  o...@inguza.comFolkebogatan 26\
|  o...@debian.org   654 68 KARLSTAD|
|  http://inguza.com/Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---

Re: Anyone having more information about the tcpdump security CVEs?

2017-01-29 Thread Romain Francoise

Hi,

On Sat, Jan 28, 2017 at 09:02:20PM +0100, Ola Lundqvist wrote:
> I can issue the DLA if you do the upload.

Ok, I will prepare the package and upload it next week.

> Are you sure the new tcpdump is backwards compatible?

Almost certainly, yes. I will double-check compared to the wheezy
version (4.3) which is now quite old, but I don't expect any
user-visible changes.

-- 
Romain Francoise 
https://people.debian.org/~rfrancoise/

Re: Anyone having more information about the tcpdump security CVEs?

2017-01-28 Thread Ola Lundqvist

Hi

Thank you for the information.

How to upload and issue a DLA is available here:
https://wiki.debian.org/LTS/Development

I can issue the DLA if you do the upload.

Are you sure the new tcpdump is backwards compatible?

Best regards

// Ola

On 28 January 2017 at 09:56, Romain Francoise  wrote:
> Hi,
>
> On Fri, Jan 27, 2017 at 10:25:42PM +0100, Ola Lundqvist wrote:
>> Do anyone have any reference to something that I can have a look at to
>> judge whether this package need an update in wheezy or not.
>
> It definitively needs an update, however you should be aware that for
> jessie the DSA will just update the package to the new upstream as we
> don't have broken-out patches for these vulnerabilities. I'm working on
> this right now.
>
> I can prepare packages for wheezy as well if you need, but I'm not yet
> familiar with how to get them uploaded to wheezy-lts.
>
> --
> Romain Francoise 
> http://people.debian.org/~rfrancoise/



-- 
 --- Inguza Technology AB --- MSc in Information Technology 
/  o...@inguza.comFolkebogatan 26\
|  o...@debian.org   654 68 KARLSTAD|
|  http://inguza.com/Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---

Re: Anyone having more information about the tcpdump security CVEs?

2017-01-28 Thread Romain Francoise

Hi,

On Fri, Jan 27, 2017 at 10:25:42PM +0100, Ola Lundqvist wrote:
> Do anyone have any reference to something that I can have a look at to
> judge whether this package need an update in wheezy or not.

It definitively needs an update, however you should be aware that for
jessie the DSA will just update the package to the new upstream as we
don't have broken-out patches for these vulnerabilities. I'm working on
this right now.

I can prepare packages for wheezy as well if you need, but I'm not yet
familiar with how to get them uploaded to wheezy-lts.

-- 
Romain Francoise 
http://people.debian.org/~rfrancoise/

Re: Anyone having more information about the tcpdump security CVEs?

Re: Anyone having more information about the tcpdump security CVEs?

Re: Anyone having more information about the tcpdump security CVEs?

Re: Anyone having more information about the tcpdump security CVEs?

Re: Anyone having more information about the tcpdump security CVEs?

Re: Anyone having more information about the tcpdump security CVEs?

6 matches

Site Navigation

Mail list logo

Footer information