Re: Analysis of issue for phpmyadmin and request for comment on XSS issues

On Sun, 2016-06-26 at 23:47 +0200, Ola Lundqvist wrote: > Hi LTS team > > I have done some analysis of the issues for phpmyadmin. > > It would be good to know what your opinion about XSS issues for admin > software like phpmyadmin is. I do not see how that can be very important. I > mean you

Accepted java-common 0.47+deb7u2 (source all amd64) into oldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 26 Jun 2016 20:40:32 +0200 Source: java-common Binary: java-common default-jre default-jre-headless default-jdk default-jdk-doc gcj-native-helper Architecture: source all amd64 Version: 0.47+deb7u2 Distribution:

Accepted tomcat7 7.0.28-4+deb7u5 (source all) into oldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 26 Jun 2016 19:23:57 +0200 Source: tomcat7 Binary: tomcat7-common tomcat7 tomcat7-user libtomcat7-java libservlet3.0-java libservlet3.0-java-doc tomcat7-admin tomcat7-examples tomcat7-docs Architecture: source all Version:

Accepted libcommons-fileupload-java 1.2.2-1+deb7u3 (source all) into oldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 26 Jun 2016 17:41:55 +0200 Source: libcommons-fileupload-java Binary: libcommons-fileupload-java libcommons-fileupload-java-doc Architecture: source all Version: 1.2.2-1+deb7u3 Distribution: wheezy-security Urgency: high

Re: claiming tiff

On 26/06/16 16:10, Bálint Réczey wrote: > Added that information in dla-needed.txt. Thanks. I added links to each cve in data/CVE/list but forgot to add a note to dla-needed. > In that case I don't claim them yet. Let's see how upstream responds. OK. Cheers, Emilio

Re: claiming tiff

Hi Emilio, 2016-06-26 9:58 GMT+02:00 Emilio Pozuelo Monfort : > On 26/06/16 02:19, Bálint Réczey wrote: >> Hi, >> >> There are newly discovered vulnerabilities in tiff [1]. >> >> I no one objects I plan looking into them and working with the >> maintainer(s) to get them fixed in

Re: cacti LTS

Hi Emilio [By the way, I read debian-lts, so no need to mail me directly, dropped your To: as well]. On 26-06-16 10:40, Emilio Pozuelo Monfort wrote: >> I believe CVE-2016-2313 should be included in this fix. > > Certainly! I have backported the fix and included in this new debdiff. Looks good

Re: testing php5 for Wheezy LTS

Hi, I installed some packages [1] and smoke tested with owncloud, no problems so far. I used the webclient, davdroid on android and a windows owncloud client to test. HTH Stefan [1] libapache2-mod-php5_5.4.45-0+deb7u4_i386.deb php-pear_5.4.45-0+deb7u4_all.deb

Re: cacti LTS

On 26/06/16 09:23, Paul Gevers wrote: > Hi Emilio > > On 25-06-16 22:03, Emilio Pozuelo Monfort wrote: >>> Just in case somebody starts working on it, I'd like to review proposed >>> uploads of cacti to LTS. CVE-2016-2313 was initially wrongly fixed (a >>> sledgehammer for a simple nail).

Re: claiming tiff

On 26/06/16 02:19, Bálint Réczey wrote: > Hi, > > There are newly discovered vulnerabilities in tiff [1]. > > I no one objects I plan looking into them and working with the > maintainer(s) to get them fixed in Wheezy LTS and in newer > releases. I looked at this yesterday. These CVEs aren't

Re: cacti LTS

Hi Emilio On 25-06-16 22:03, Emilio Pozuelo Monfort wrote: >> Just in case somebody starts working on it, I'd like to review proposed >> uploads of cacti to LTS. CVE-2016-2313 was initially wrongly fixed (a >> sledgehammer for a simple nail). CVE-2016-3659 still needs reproducing >> in Debian and