Re: [SECURITY] [DLA 579-1] openjdk-7 security update

2016-08-05 Thread Edson J. Bueno
Em Sexta-feira, 5 de Agosto de 2016 17:15, Emilio Pozuelo Monfort escreveu: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package        : openjdk-7 Version        : 7u111-2.6.7-1~deb7u1 CVE ID        : CVE-2016-3458 CVE-2016-3500 CVE-2016-3508 CVE-2016-3550      

Re: Security update of nettle

2016-08-05 Thread Magnus Holmgren
fredagen den 5 augusti 2016 22.16.29 skrev Ola Lundqvist: > Hi Magnus and LTS team > > Magnus, Niels and I have been discussing the nettle update due to > https://security-tracker.debian.org/tracker/CVE-2016-6489 > > Magnus has started to prepare a wheezy update but had a few > questions. Here

Re: Security update of firefox-esr for Wheezy

2016-08-05 Thread Emilio Pozuelo Monfort
On 04/08/16 23:02, Mike Hommey wrote: > On Thu, Aug 04, 2016 at 07:50:28PM +0200, Guido Günther wrote: >> Hi, >> On Thu, Aug 04, 2016 at 06:32:14PM +0900, Mike Hommey wrote: >>> On Thu, Aug 04, 2016 at 11:04:47AM +0200, Markus Koschany wrote: Hello Mike, Thank you for preparing the

Re: Icedtea plugin

2016-08-05 Thread Emilio Pozuelo Monfort
On 02/08/16 19:48, Emilio Pozuelo Monfort wrote: > On 01/08/16 23:26, Markus Koschany wrote: >> On 01.08.2016 23:01, Emilio Pozuelo Monfort wrote: >>> On 31/07/16 19:41, Roberto C. Sánchez wrote: On Sun, Jul 31, 2016 at 07:34:28PM +0200, Emilio Pozuelo Monfort wrote: > Hi, > >

Re: Security update of nettle

2016-08-05 Thread Ola Lundqvist
Hi Magnus You are of course welcome to improve the language in the changelog. :-) I should probably have put quite marks to clarify the language, that the text after the CVE number is a part of the CVE name. Like this: Protect against potential timing attacks against exponentiation operations as

Security update of nettle

2016-08-05 Thread Ola Lundqvist
Hi Magnus and LTS team Magnus, Niels and I have been discussing the nettle update due to https://security-tracker.debian.org/tracker/CVE-2016-6489 Magnus has started to prepare a wheezy update but had a few questions. Here are some information that you should know about.

Re: Wheezy update of twisted?

2016-08-05 Thread Free Ekanayaka
Hi, I had a quick look at the code too (both in wheezy and jessie), but I couldn't find the offending bits. Perhaps it'd be good to put together a small web server and see what happens when you pass the 'Proxy' header. Free On 5 August 2016 at 10:26, Brian May wrote: > This

Re: Wheezy update of twisted?

2016-08-05 Thread Brian May
This security vulnerability is described here: https://bugzilla.redhat.com/show_bug.cgi?id=1357345 as: "sets environmental variable based on user supplied Proxy request header" In particular it is talking about HTTP_PROXY, and it only a problem if the server makes an outgoing HTTP request