Hello dear maintainer(s),
the Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of openssh:
https://security-tracker.debian.org/tracker/CVE-2016-6515
Would you like to take care of this yourself?
If yes, please follow the workflow we have
> ola@tigereye:~/git/debian-lts$ ./find-work
> Traceback (most recent call last):
> File "./find-work", line 3, in
> import requests
>
I think I'm missing some bit of your traceback/testcase here?
> 8056874b90d35883fd3a1747b911d935367edda3
Guessing from this, I think you had locale
On Mon, 2016-08-08 at 11:52 +0200, Ola Lundqvist wrote:
> Package: mongodb
> Version: 2.0.6-1+deb7u1
> CVE ID : CVE-2016-6494
> Debian Bug : 832908, 833087
>
> Two security related problems have been found in the mongodb
> package, related to logging.
>
>
Hi Chris
First thanks for impoving find-work. The additions have been good,
except for one thing.
I have Debian stable on my workstation and the latest find-work update
make it spit out the following:
ola@tigereye:~/git/debian-lts$ ./find-work
Traceback (most recent call last):
File
Hi libical developers, libical maintainer and LTS team
As part of the Debian Long Term Security team I have started to look
into a few possible security related vulnerabilities.
More details are available here:
https://security-tracker.debian.org/tracker/source-package/libical
My problem is that
Hi Kurt
Thanks a lot for a quick and good answer. Will mark it as unaffected in
wheezy too then.
Best regards
// Ola
On Mon, Aug 8, 2016 at 6:30 PM, Kurt Roeckx wrote:
> On Mon, Aug 08, 2016 at 01:12:28PM +0200, Ola Lundqvist wrote:
> > Hi Kurt
> >
> > As a member of the LTS
On Mon, Aug 08, 2016 at 01:12:28PM +0200, Ola Lundqvist wrote:
> Hi Kurt
>
> As a member of the LTS team I have started to look into a ntp security
> update of CVE-2016-4953 mentioned here:
> https://security-tracker.debian.org/tracker/source-package/ntp
>
> I see that you have prepared security
Hi Kurt
As a member of the LTS team I have started to look into a ntp security
update of CVE-2016-4953 mentioned here:
https://security-tracker.debian.org/tracker/source-package/ntp
I see that you have prepared security updates for Debian wheezy in the past
so I would like to check with you if
Hi all
I have now prepared a build of nettle for wheezy, based on the patch that
Magnus prepared for me (thanks a lot for that!). You can find the debdiff
here:
http://apt.inguza.net/wheezy-security/nettle/nettle.debdiff
You can find the prepared packages here:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: mupdf
Version: 0.9-2+deb7u3
CVE ID : CVE-2016-6525
Debian Bug : 833417
A flaw was discovered in the pdf_load_mesh_params() function allowing
out-of-bounds write access to memory locations. With carefully crafted
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Format: 1.8
Date: Sat, 06 Aug 2016 16:13:05 +0200
Source: mupdf
Binary: libmupdf-dev mupdf mupdf-tools
Architecture: source amd64
Version: 0.9-2+deb7u3
Distribution: wheezy-security
Urgency: high
Maintainer: Kan-Ru Chen
Changed-By:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Mon, 01 Aug 2016 21:10:47 +
Source: mongodb
Binary: mongodb mongodb-server mongodb-clients mongodb-dev
Architecture: source amd64
Version: 1:2.0.6-1+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Antonin Kral
Hi,
Just a quick comment on:
On Mon, Aug 08, 2016 at 06:29:30PM +1000, Brian May wrote:
> I am inclined to say that no version of twisted, by itself, has this
> vulnerability. However like I said earlier it is possible that
> applications that use twisted have this vulnerability.
Looking at the
Hi,
On Mon, Aug 08, 2016 at 05:59:36PM +1000, Brian May wrote:
> Brian May writes:
>
> > Attached is my latest debdiff patch, only includes changes to debian/*.
>
> I just uploaded this to wheezy-security. Not 100% certain my upload will
> get accepted yet, my first attempt
Free Ekanayaka writes:
> I had a quick look at the code too (both in wheezy and jessie), but I
> couldn't find the offending bits. Perhaps it'd be good to put together a
> small web server and see what happens when you pass the 'Proxy'
> header.
So I created the following
On Mon, 08 Aug 2016, Emilio Pozuelo Monfort wrote:
> > Shall we mark gcc-4.8 as unsupported in wheezy, explaining that its only
> > purpose is to enable build of other packages?
>
> That would make sense.
>
> I'll see if I can take a look at this.
The problematic part is likely libstdc++. I
16 matches
Mail list logo