Re: Anyone having more information about the tcpdump security CVEs?
On Mon, Jan 30, 2017 at 07:34:59PM +0100, Romain Francoise wrote: > On Sun, Jan 29, 2017 at 05:14:33PM +0100, Romain Francoise wrote: > > Ok, I will prepare the package and upload it next week. > > Done! I didn't include the upstream tarball as I already uploaded it to > jessie-security and IIUC it's the same archive, but I'm not absolutely > certain this is right--if the upload gets rejected, I will reupload. It is correct. The upstream tarball can only be uploaded to securit-master once. Cheers, -- Guido
Re: Anyone having more information about the tcpdump security CVEs?
On Sun, Jan 29, 2017 at 05:14:33PM +0100, Romain Francoise wrote: > Ok, I will prepare the package and upload it next week. Done! I didn't include the upstream tarball as I already uploaded it to jessie-security and IIUC it's the same archive, but I'm not absolutely certain this is right--if the upload gets rejected, I will reupload. -- Romain Francoisehttp://people.debian.org/~rfrancoise/
Re: Anyone having more information about the tcpdump security CVEs?
Hi Sounds great. // Ola On 29 January 2017 at 17:14, Romain Francoisewrote: > Hi, > > On Sat, Jan 28, 2017 at 09:02:20PM +0100, Ola Lundqvist wrote: >> I can issue the DLA if you do the upload. > > Ok, I will prepare the package and upload it next week. > >> Are you sure the new tcpdump is backwards compatible? > > Almost certainly, yes. I will double-check compared to the wheezy > version (4.3) which is now quite old, but I don't expect any > user-visible changes. > > -- > Romain Francoise > https://people.debian.org/~rfrancoise/ -- --- Inguza Technology AB --- MSc in Information Technology / o...@inguza.comFolkebogatan 26\ | o...@debian.org 654 68 KARLSTAD| | http://inguza.com/Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---
Re: Anyone having more information about the tcpdump security CVEs?
Hi, On Sat, Jan 28, 2017 at 09:02:20PM +0100, Ola Lundqvist wrote: > I can issue the DLA if you do the upload. Ok, I will prepare the package and upload it next week. > Are you sure the new tcpdump is backwards compatible? Almost certainly, yes. I will double-check compared to the wheezy version (4.3) which is now quite old, but I don't expect any user-visible changes. -- Romain Francoisehttps://people.debian.org/~rfrancoise/
Re: Anyone having more information about the tcpdump security CVEs?
Hi Thank you for the information. How to upload and issue a DLA is available here: https://wiki.debian.org/LTS/Development I can issue the DLA if you do the upload. Are you sure the new tcpdump is backwards compatible? Best regards // Ola On 28 January 2017 at 09:56, Romain Francoisewrote: > Hi, > > On Fri, Jan 27, 2017 at 10:25:42PM +0100, Ola Lundqvist wrote: >> Do anyone have any reference to something that I can have a look at to >> judge whether this package need an update in wheezy or not. > > It definitively needs an update, however you should be aware that for > jessie the DSA will just update the package to the new upstream as we > don't have broken-out patches for these vulnerabilities. I'm working on > this right now. > > I can prepare packages for wheezy as well if you need, but I'm not yet > familiar with how to get them uploaded to wheezy-lts. > > -- > Romain Francoise > http://people.debian.org/~rfrancoise/ -- --- Inguza Technology AB --- MSc in Information Technology / o...@inguza.comFolkebogatan 26\ | o...@debian.org 654 68 KARLSTAD| | http://inguza.com/Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---
Re: Anyone having more information about the tcpdump security CVEs?
Hi, On Fri, Jan 27, 2017 at 10:25:42PM +0100, Ola Lundqvist wrote: > Do anyone have any reference to something that I can have a look at to > judge whether this package need an update in wheezy or not. It definitively needs an update, however you should be aware that for jessie the DSA will just update the package to the new upstream as we don't have broken-out patches for these vulnerabilities. I'm working on this right now. I can prepare packages for wheezy as well if you need, but I'm not yet familiar with how to get them uploaded to wheezy-lts. -- Romain Francoisehttp://people.debian.org/~rfrancoise/