Re: nss: CVE-2015-7181, CVE-2015-7182 and CVE-2015-4000 [was nss: CVE-2015-4000]

Hi Luciano, On Thu, Dec 10, 2015 at 06:27:54PM +0100, Luciano Bello wrote: > On Saturday 28 November 2015 14.16.33 Guido Günther wrote: > > I've attached the patches for review. These also add some minimal > > autopkgtest to exercise the ASN1 parser (affected by the above CVEs). > > > > I'm happy

Re: squeeze update of openssh?

Hi Colin, On Fri, Jan 15, 2016 at 02:01:44PM +, Colin Watson wrote: > On Fri, Jan 15, 2016 at 02:50:33PM +0100, Yves-Alexis Perez wrote: > > On ven., 2016-01-15 at 14:47 +0100, Guido Günther wrote: > > > > I believe Yves-Alexis Perez is handing this. > > > > > > I figured Mike's mail is

squeeze update of cpio?

Hello dear maintainer(s), the Debian LTS team would like to fix the security issues which are currently open in the Squeeze version of cpio: https://security-tracker.debian.org/tracker/CVE-2016-2037 Would you like to take care of this yourself? If yes, please follow the workflow we have

squeeze update of cakephp?

Hello dear maintainer(s), the Debian LTS team would like to fix the security issues which are currently open in the Squeeze version of cakephp: https://security-tracker.debian.org/tracker/CVE-2015-8379 Would you like to take care of this yourself? If yes, please follow the workflow we have

squeeze update of eglibc?

Hello dear maintainer(s), the Debian LTS team would like to fix the security issues which are currently open in the Squeeze version of eglibc: https://security-tracker.debian.org/tracker/CVE-2014-9761 https://security-tracker.debian.org/tracker/CVE-2015-8776

wheezy: update for polarssl's CVE-2015-5291

Hi, I've forward ported Thorsten's fix fow squeeze to wheezy and added some autopkgtest (debdiff attached). Please find the debdiff attached. I'd be happy to upload ths to security master. Cheers, -- Guido diff --git a/debian/changelog b/debian/changelog index b52643b..b6c42f0 100644 ---

Accepted privoxy 3.0.16-1+deb6u2 (source i386) into squeeze-lts

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 22 Jan 2016 18:03:02 +0100 Source: privoxy Binary: privoxy Architecture: source i386 Version: 3.0.16-1+deb6u2 Distribution: squeeze-lts Urgency: high Maintainer: Roland Rosenfeld Changed-By: Thorsten

[SECURITY] [DLA 399-1] foomatic-filters security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: foomatic-filters Version: 4.0.5-6+squeeze2+deb6u13 CVE ID : not yet assigned cups-filters contains multiple buffer overflows caused by lack of size checks when copying from environment variables to local buffers

Accepted pound 2.6-1+deb6u1 (source) into squeeze-lts

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 23 Jan 2016 11:22:06 +1100 Source: pound Binary: pound Architecture: source Version: 2.6-1+deb6u1 Distribution: squeeze-lts Urgency: high Maintainer: Brett Parker Changed-By: Brian May

[SECURITY] [DLA 400-1] pound security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: pound Version: 2.6-1+deb6u1 CVE ID : CVE-2009-3555 CVE-2011-3389 CVE-2012-4929 CVE-2014-3566 This update fixes certain known vulnerabilities in pound in squeeze-lts by backporting the version in wheezy.