Re: Security update of dhcpd5

Hi again It was possible to build this but it was not trivial. The Android tests must be done with some clever automation because I had to edit the dhcpcd.c file to rename the main function there. Building worked after that. g++ -Wall -Werror -Wunused-parameter -I/usr/src/gtest -I.

Re: Wheezy update of vlc?

On 29.05.2016 19:53 +0200, Thorsten Alteholz wrote: Hello dear maintainer(s), the Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of vlc: https://security-tracker.debian.org/tracker/CVE-2016-5108 Would you like to take care of this yourself?

Re: Security update of libxstream-java

On 02.06.2016 22:03, Moritz Muehlenhoff wrote: > On Thu, Jun 02, 2016 at 09:32:27PM +0200, Markus Koschany wrote: >> On 02.06.2016 11:35, Emmanuel Bourg wrote: >>> Le 2/06/2016 à 11:19, Markus Koschany a écrit : >>> I saw that you have claimed libxstream-java in dla-needed.txt. It's been

Re: Security update of libxstream-java

On 02.06.2016 11:35, Emmanuel Bourg wrote: > Le 2/06/2016 à 11:19, Markus Koschany a écrit : > >> I saw that you have claimed libxstream-java in dla-needed.txt. It's been >> a while since the security update for Jessie has been released. Is there >> a reason why libxstream-java hasn't been

Re: Wheezy update of vlc?

Hi Santiago, On Sun, 29 May 2016, Santiago Ruano Rincón wrote: Keep in mind that vlc was marked as not-supported in wheezy. oh, I seem to have ignored that. So sorry for the noise. Thorsten

/usr/sbin/update-flashplugin-nonfree fails

Hello, root@reliand:/home/schaefer# /usr/sbin/update-flashplugin-nonfree --status Flash Player version installed on this system : 11.2.202.616 [---] Flash Player version available on upstream site: 11.2.202.621 [ ... ] Happens even if you

Re: Security update of dhcpd5

On Thu, 02 Jun 2016, Ola Lundqvist wrote: > What I did was to manually apply the correction made for android. Why did you pick the android fix when the security tracker also lists commits on the upstream VCS? http://roy.marples.name/projects/dhcpcd/ci/528541c4c619520e?sbs=0

Re: Should we give security support for squid when wheezy also has squid3?

On Thu, 02 Jun 2016, Ola Lundqvist wrote: > Do we have a good link to look at that describe what our sponsors use? You should have a look at the files available in the private git repository of paid contributors... there's a "packages-to-support" file (and you are supposed to use ./find-work to

Re: Should we give security support for squid when wheezy also has squid3?

Hi Thanks. Do we have a good link to look at that describe what our sponsors use? / Ola Sent from a phone Den 2 jun 2016 13:38 skrev "Raphael Hertzog" : > On Thu, 02 Jun 2016, Ola Lundqvist wrote: > > Raphael, very good to know about the principles. I thought we primarily

Re: Should we give security support for squid when wheezy also has squid3?

On Thu, 02 Jun 2016, Ola Lundqvist wrote: > Raphael, very good to know about the principles. I thought we primarily > supported what sponsors use but now I understand that we support the whole > release. Yes we handle packages used by sponsors in priority. But when we have dealt with all issues

Re: Should we give security support for squid when wheezy also has squid3?

Hi Thanks Raphael and Holger for feedback. Holger, very good to know about the upgrade issue. I should have guessed that considering that there were two versions in the same release. Raphael, very good to know about the principles. I thought we primarily supported what sponsors use but now I

Security update of libxstream-java

Hello, I saw that you have claimed libxstream-java in dla-needed.txt. It's been a while since the security update for Jessie has been released. Is there a reason why libxstream-java hasn't been updated in Wheezy yet? Regards, Markus signature.asc Description: OpenPGP digital signature

Re: Wheezy update of vlc?

On 29.05.2016 22:21, Santiago Ruano Rincón wrote: > El 29/05/16 a las 19:53, Thorsten Alteholz escribió: >> Hello dear maintainer(s), >> >> the Debian LTS team would like to fix the security issues which are >> currently open in the Wheezy version of vlc: >>

Accepted graphicsmagick 1.3.16-1.1+deb7u2 (source amd64 all) into oldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 02 Jun 2016 09:33:03 +0200 Source: graphicsmagick Binary: graphicsmagick libgraphicsmagick3 libgraphicsmagick1-dev libgraphicsmagick++3 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat

[SECURITY] Debian 7 Wheezy LTS now supporting armel and armhf

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Debian Long Term Support (LTS) is a project created to extend the life of all Debian stable releases to (at least) 5 years. Thanks to the LTS sponsors, Debian's buildd maintainers and the Debian FTP Team are excited to announce that two new

Re: HFS+ specific vulnerability

On Thu, 2016-06-02 at 17:39 +1000, Brian May wrote: > Hello, > > Do we care about vulerabilities that are specific to HFS+? > > http://www.talosintel.com/reports/TALOS-2016-0093/ > CVE-2016-2334 If a program automatically detects file formats then every supported file format is part of its

Re: HFS+ specific vulnerability

Brian May writes: > Hello, > > Do we care about vulerabilities that are specific to HFS+? > > http://www.talosintel.com/reports/TALOS-2016-0093/ > CVE-2016-2334 Along similar lines, just noticed that the next issue is UDF specific.

HFS+ specific vulnerability

Hello, Do we care about vulerabilities that are specific to HFS+? http://www.talosintel.com/reports/TALOS-2016-0093/ CVE-2016-2334 Regards -- Brian May https://linuxpenguins.xyz/brian/

Re: Should we give security support for squid when wheezy also has squid3?

On Wed, 01 Jun 2016, Ola Lundqvist wrote: > As you can see from the below links, it is quite obvious that squid3 > is in better shape from a secuirty patching point of view compared to > the squid package. > https://security-tracker.debian.org/tracker/source-package/squid >

[SECURITY] [DLA 501-1] gdk-pixbuf security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: gdk-pixbuf Version: 2.26.1-1+deb7u5 CVE ID : CVE-2015-7552 It was discovered that the original fix for CVE-2015-7552 (DLA-450-1) was incomplete. A heap-based buffer overflow in gdk-pixbuf, a library for image