On Tue, Mar 28, 2017 at 10:18:07PM +0200, Mathieu Parent wrote:
> 2017-03-28 21:07 GMT+02:00 Ola Lundqvist :
> > Hi Mathieu and Roberto
>
> Hi,
>
> > Mathieu, do you mean that they patches should apply cleanly and if they do
> > not, then we have missed some other important
Package: firebird2.5
Version: 2.5.2.26540.ds4-1~deb7u3
CVE ID : CVE-2017-6369
Debian Bug : 858641
George Noseevich discovered that firebird2.5, a relational database
system, did not properly check User-Defined Functions (UDF), thus
allowing remote authenticated users
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 29 Mar 2017 15:01:20 -0400
Source: firebird2.5
Binary: firebird2.5-super firebird2.5-classic firebird2.5-superclassic
libfbclient2 libfbembed2.5 libib-util firebird2.5-common
firebird2.5-server-common
On 2017-03-29 19:32:33, Adrian Zaugg wrote:
> Is backporting a newer version an option?
Litterally, "backporting" would mean uploading to wheezy-backports, and
there is already a backport there:
https://packages.debian.org/source/wheezy-backports/gnutls28
Since gnutls26 is not in jessie or any
On 29/03/17 19:32, Adrian Zaugg wrote:
>> I would tend towards fixing this only if it's the former, not the
>> latter. This is, after all, why we want people to upgrade...
> It is wise to upgrade in many situations and I completely agree that the
> newer versions solve many problems. There are
On 29/03/17 21:31, Carlos Alberto Lopez Perez wrote:
> Given that Wheezy LTS EOL is in 2 months [1]
Sorry. That is wrong. Wheezy LTS EOL is in 1 year and 2 months.
/me goes for some more coffee.
signature.asc
Description: OpenPGP digital signature
On 2017-03-29 17:02:44, Salvatore Bonaccorso wrote:
> Hi Antoine,
Hi!
> If you want to look at this part: There is a ./parse-dla.pl script in
> the webwml CVS, which is used to import the DLAs (this is an
> analogeous script to parse-advisory.pl which is used to import the
> DSAs).
I see... The
Hi
Upload to wheezy-security automatically enter the archive, so the upload
need to be synced with the DLA announcement (within a day or so at least).
Best regards
// Ola
On 29 March 2017 at 21:13, Philipp Huebner wrote:
> Hi Guido,
>
> > The changes look sane to me.
Hi Guido,
> The changes look sane to me. Could you upload to wheezy-security? If you
> don't want to prepare the DLA yourself I can do that but then it would
> be awesome if this cold happen on Friday earliest since I'm currently
> bit tight on time.
>
> I can test the package beforehand if you
On 29.03.17 16:36, Antoine Beaupré wrote:
> Is this a regression in GnuTLS? Or just an aggravating problem from the
> rising adoption of SHA-512?
I don't think the only problem with libgnutls26 is SHA-512. As it seems
the mentioned error can occur in many situations, some for example write
Hi Antoine,
On Wed, Mar 29, 2017 at 10:33:34AM -0400, Antoine Beaupré wrote:
> On 2017-03-29 07:29:06, Salvatore Bonaccorso wrote:
> > Hi,
> >
> > On Wed, Mar 29, 2017 at 06:28:49AM +0200, Salvatore Bonaccorso wrote:
> >> Hi,
> >>
> >> On Tue, Mar 28, 2017 at 10:16:52PM +, Holger Levsen
On 2017-03-29 13:41:54, Adrian Zaugg wrote:
> I know LTS is not about fixing bugs, this one is critical though and it
> affects probably many wheezy installations. As it gets worse with time,
> it might be that some one would like to care anyway or maybe there is a
> known solution to this problem
On 2017-03-29 07:29:06, Salvatore Bonaccorso wrote:
> Hi,
>
> On Wed, Mar 29, 2017 at 06:28:49AM +0200, Salvatore Bonaccorso wrote:
>> Hi,
>>
>> On Tue, Mar 28, 2017 at 10:16:52PM +, Holger Levsen wrote:
>> > On Tue, Mar 28, 2017 at 10:35:34PM +0200, Moritz Muehlenhoff wrote:
>> > > Well, you
Dear Longtermers
Watching the exim logs of my wheezy server, I discover a lot of
connection aborts of incoming TLS connections. The error is quite
generic: "A TLS packet with unexpected length was received." This seems
to be a often observed problem since long time.
Unfortunately the error is
On Wed, Mar 29, 2017 at 07:29:06AM +0200, Salvatore Bonaccorso wrote:
> The security-tracker side of this has been implemented now, Paul Wise
> did the corresponding work.
cool! thanks Paul!
--
cheers,
Holger
signature.asc
Description: Digital signature
On 29/03/17 10:12, Philipp Huebner wrote:
> Package: release.debian.org
> Severity: normal
> Tags: wheezy
> User: release.debian@packages.debian.org
> Usertags: pu
>
> Hi,
>
> I'm not sure if another point update for Wheezy is planned or if this is
> a case for the LTS team, but I would like
16 matches
Mail list logo