On 2017-02-23 19:14:59, Jonas Meurer wrote:
> Am 23.02.2017 um 11:59 schrieb Guido Günther:
>> On Wed, Feb 22, 2017 at 06:54:46PM +0100, Jonas Meurer wrote:
>>> Am 22.02.2017 um 18:46 schrieb Guido Günther:
Hi Jonas,
On Wed, Feb 22, 2017 at 05:28:46PM +0100, Jonas Meurer wrote:
> This
Hi,
On Thursday, 23 February 2017 19:14:59 CET Jonas Meurer wrote:
> All right, then we should go for the update. Antoine, do you take care
> of it?
Great work and sorry that I did not have time to help you more.
In case it helps: For stable, I have suggested this text for the DSA to the
secur
Am 23.02.2017 um 11:59 schrieb Guido Günther:
> On Wed, Feb 22, 2017 at 06:54:46PM +0100, Jonas Meurer wrote:
>> Am 22.02.2017 um 18:46 schrieb Guido Günther:
>>> Hi Jonas,
>>> On Wed, Feb 22, 2017 at 05:28:46PM +0100, Jonas Meurer wrote:
This time with the debdiff between Antoine's version an
On Wed, Feb 22, 2017 at 06:54:46PM +0100, Jonas Meurer wrote:
> Am 22.02.2017 um 18:46 schrieb Guido Günther:
> > Hi Jonas,
> > On Wed, Feb 22, 2017 at 05:28:46PM +0100, Jonas Meurer wrote:
> >> This time with the debdiff between Antoine's version and mine.
> > Are there packages available for test
Am 22.02.2017 um 18:46 schrieb Guido Günther:
> Hi Jonas,
> On Wed, Feb 22, 2017 at 05:28:46PM +0100, Jonas Meurer wrote:
>> This time with the debdiff between Antoine's version and mine.
> Are there packages available for testing? I could give it another whirl.
Sorry, yes you can find them at
htt
Hi Jonas,
On Wed, Feb 22, 2017 at 05:28:46PM +0100, Jonas Meurer wrote:
> This time with the debdiff between Antoine's version and mine.
Are there packages available for testing? I could give it another whirl.
-- Guido
This time with the debdiff between Antoine's version and mine.
Cheers,
jonas
Am 22.02.2017 um 17:23 schrieb Jonas Meurer:
> Hi Antoine, hi LTS list,
>
> first, thanks to Antoine for doing the backport. After digging into the
> details myself I quite understand why he requested a second (and ide
Hi Antoine, hi LTS list,
first, thanks to Antoine for doing the backport. After digging into the
details myself I quite understand why he requested a second (and ideally
a third) opinion!
Am 20.02.2017 um 21:27 schrieb Antoine Beaupré:
> With a fresh mind (and 30 days delay!) I am looking at this
On Monday, 20 February 2017 15:27:23 CET Antoine Beaupré wrote:
> > Probably a good idea is to put the packages somewhere and ask for testers
> > on secur...@lists.debian.org.
>
> security@lists.d.o is not a list, as far as i know. there's
> debian-security@lists.d.o, but I never posted there...
On Tue, Feb 21, 2017 at 4:27 AM, Antoine Beaupré wrote:
> security@lists.d.o is not a list, as far as i know. there's
> debian-security@lists.d.o, but I never posted there... or did you mean
> t...@security.debian.org?
secur...@lists.debian.org goes to root (DSA) and listmaster AFAICT.
--
bye,
On 2017-02-13 21:48:45, Stefan Fritsch wrote:
> Hi Antoine,
Hi!
With a fresh mind (and 30 days delay!) I am looking at this again...
>> here are those tests:
>>
>> 2: [ "GET / HTTP/1.0\n\n" => 400],
>> 8: [ "GET / HTTP/1.0\0\r\n\r\n"=> 400],
>> 26: [
Hi Antoine,
> here are those tests:
>
> 2: [ "GET / HTTP/1.0\n\n" => 400],
> 8: [ "GET / HTTP/1.0\0\r\n\r\n"=> 400],
> 26: [ "GET / HTTP/1.0\r\nFoo: b\0ar\r\n\r\n"=> 400],
>
> #2 is weird - it just returns nothing now:
>
> $ printf "GET / HTT
On Monday, 23 January 2017 14:38:51 CET Antoine Beaupré wrote:
> By the way, would it be possible to enable the test suite in the package
> build, since we have the code ready to go there anyways? Or in
> autopkgtest?
I have hacked something ugly into the package and an autopkgtest for running
th
On 2017-01-23 15:14:30, Antoine Beaupré wrote:
> On 2017-01-22 11:25:08, Stefan Fritsch wrote:
>> Test Summary Report
>> ---
>> t/apache/chunkinput.t (Wstat: 0 Tests: 37 Failed: 1)
>>Failed test: 3
>> t/apache/contentlength.t (Wstat: 0 Tests: 24 Failed:
On 2017-01-22 11:25:08, Stefan Fritsch wrote:
> Test Summary Report
> ---
> t/apache/chunkinput.t (Wstat: 0 Tests: 37 Failed: 1)
>Failed test: 3
> t/apache/contentlength.t (Wstat: 0 Tests: 24 Failed: 8)
>Failed tests: 2, 4, 14, 16, 18, 20, 22, 24
>
On 2017-01-22 11:25:08, Stefan Fritsch wrote:
> On Thursday, 19 January 2017 20:47:15 CET Stefan Fritsch wrote:
>> On Tuesday, 17 January 2017 11:59:17 CET Antoine Beaupré wrote:
>> > I would need people to start testing the package at this point, not
>> > necessarily in production considering how
On Thursday, 19 January 2017 20:47:15 CET Stefan Fritsch wrote:
> On Tuesday, 17 January 2017 11:59:17 CET Antoine Beaupré wrote:
> > I would need people to start testing the package at this point, not
> > necessarily in production considering how big the change is, but your
> > comfort level will
On Tuesday, 17 January 2017 11:59:17 CET Antoine Beaupré wrote:
> I would need people to start testing the package at this point, not
> necessarily in production considering how big the change is, but your
> comfort level will vary with the severity and complexity of services. :)
There is a separa
Hi
I think we should be fairly safe with both options. That is both
releasing your fixed version and ship 2.2.32 directly. Apache have a
rather good reputation on backwards compatiblity.
Unfortunately I could not test myself as my servers were running i386
and the debs were for amd64.
Best regar
On 2016-12-28 15:44:25, Stefan Fritsch wrote:
> Hi Ola,
>
> On Friday, 23 December 2016 23:56:45 CET Ola Lundqvist wrote:
>> the Debian LTS team would like to fix the security issues which are
>> currently open in the Wheezy version of apache2:
>> https://security-tracker.debian.org/tracker/CVE-201
20 matches
Mail list logo