Control: tags -1 + pending
On Mon, 2016-03-21 at 13:13 +0100, Raphael Hertzog wrote:
> Hi,
>
> On Sun, 20 Mar 2016, Adam D. Barratt wrote:
> > > +dolibarr (3.5.5+dfsg1-1+deb8u1) UNRELEASED; urgency=high
> > > +
> > > + * Fix CVE-2016-1912 (Closes: #812496)
> > > + * Fix CVE-2015-8685 (Closes:
Hi,
On Sun, 20 Mar 2016, Adam D. Barratt wrote:
> > +dolibarr (3.5.5+dfsg1-1+deb8u1) UNRELEASED; urgency=high
> > +
> > + * Fix CVE-2016-1912 (Closes: #812496)
> > + * Fix CVE-2015-8685 (Closes: #812449)
> > + * Fix CVE-2015-3935 (Closes: #787762)
> > +
> > + -- Laurent Destailleur (eldy)
Control: tags -1 + confirmed
On Sun, 2016-03-20 at 15:09 +0100, Laurent Destailleur (aka Eldy) wrote:
> A fix was prepared to solve several CVE. Security team already
> answered me they on't plan any DSA released for this patch. All fixes
> are already included into unstable.
[...]
> +dolibarr
Hi Adam.
A fix was prepared to solve several CVE. Security team already answered me
they on't plan any DSA released for this patch. All fixes are already
included into unstable.
Can we push it into stable ? It fixes the following CVE:
* Fix CVE-2016-1912 (Closes: #812496)
* Fix CVE-2015-8685
Hi Laurent,
On Tue, Feb 23, 2016 at 12:48:16PM +, Adam D. Barratt wrote:
> On 2016-02-23 12:29, Laurent Destailleur (aka Eldy) wrote:
> >To fix opened securities hole into dolibarr stable package, i prepared
> >the following 3 patch. This patch is now already included into
> >unstable.
> >It
On Tue, 23 Feb 2016, Adam D. Barratt wrote:
> Are you asking about stable or stable-security? Your changelog doesn't say
> either but you appear to have CCed the Security Team whilst following up to
> a release.debian.org bug.
It was mostly meant for the security team for now. They haven't said
On 2016-02-23 12:29, Laurent Destailleur (aka Eldy) wrote:
To fix opened securities hole into dolibarr stable package, i prepared
the following 3 patch. This patch is now already included into
unstable.
It fixes the following CVE:
* Fix CVE-2016-1912 (Closes: #812496)
* Fix CVE-2015-8685
To fix opened securities hole into dolibarr stable package, i prepared the
following 3 patch. This patch is now already included into unstable.
It fixes the following CVE:
* Fix CVE-2016-1912 (Closes: #812496)
* Fix CVE-2015-8685 (Closes: #812449)
* Fix CVE-2015-3935 (Closes: #787762)
This is
On Thu, 2015-09-03 at 18:49 +0100, Adam D. Barratt wrote:
> On Thu, 2015-09-03 at 19:05 +0200, Laurent Destailleur (aka Eldy) wrote:
> [...]
> > Do you mean
> > * i need first to update upstream of "unstable" with 3.8 (so it will
> > include the CVE fix)
>
> That would be the first step, yes.
Control: tags -1 + moreinfo
On 2015-09-03 15:44, Laurent Destailleur (eldy) wrote:
A security error CVE-2015-3935 was reported for Dolibarr ERP CRM
package. This bug is fixed into official package 3.5.7 of Dolibarr.
Package 3.5.7 is a maintenance release compared to 3.5.5 and contains
only
Sorry. I didn't understood your answer (my english is not my mother
language).
You are speaking about "unstable".
I am speaking about pushing a CVE fix into stable 3.5.5. This fix is part
of a patch that include other fix and this patch is called 3.5.7.
My question is can I push fix1 + fix2 +
On Thu, 2015-09-03 at 19:05 +0200, Laurent Destailleur (aka Eldy) wrote:
[...]
> Do you mean
> * i need first to update upstream of "unstable" with 3.8 (so it will
> include the CVE fix)
That would be the first step, yes. Then we'd consider which of:
> to be ok to fix stable with the
12 matches
Mail list logo
