Re: Fwd: [Announce] Samba 4.6.1, 4.5.7 and 4.4.12 Security Releases Available for Download

On Tue, Mar 28, 2017 at 10:18:07PM +0200, Mathieu Parent wrote: > 2017-03-28 21:07 GMT+02:00 Ola Lundqvist : > > Hi Mathieu and Roberto > > Hi, > > > Mathieu, do you mean that they patches should apply cleanly and if they do > > not, then we have missed some other important

[SECURITY] [DLA 879-1] firebird2.5 security update

Package: firebird2.5 Version: 2.5.2.26540.ds4-1~deb7u3 CVE ID : CVE-2017-6369 Debian Bug : 858641 George Noseevich discovered that firebird2.5, a relational database system, did not properly check User-Defined Functions (UDF), thus allowing remote authenticated users

Accepted firebird2.5 2.5.2.26540.ds4-1~deb7u3 (source all amd64) into oldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 29 Mar 2017 15:01:20 -0400 Source: firebird2.5 Binary: firebird2.5-super firebird2.5-classic firebird2.5-superclassic libfbclient2 libfbembed2.5 libib-util firebird2.5-common firebird2.5-server-common

Re: exim4 & libgnutls26: "A TLS packet with unexpected length was received."

On 2017-03-29 19:32:33, Adrian Zaugg wrote: > Is backporting a newer version an option? Litterally, "backporting" would mean uploading to wheezy-backports, and there is already a backport there: https://packages.debian.org/source/wheezy-backports/gnutls28 Since gnutls26 is not in jessie or any

Re: exim4 & libgnutls26: "A TLS packet with unexpected length was received."

On 29/03/17 19:32, Adrian Zaugg wrote: >> I would tend towards fixing this only if it's the former, not the >> latter. This is, after all, why we want people to upgrade... > It is wise to upgrade in many situations and I completely agree that the > newer versions solve many problems. There are

Re: exim4 & libgnutls26: "A TLS packet with unexpected length was received."

On 29/03/17 21:31, Carlos Alberto Lopez Perez wrote: > Given that Wheezy LTS EOL is in 2 months [1] Sorry. That is wrong. Wheezy LTS EOL is in 1 year and 2 months. /me goes for some more coffee. signature.asc Description: OpenPGP digital signature

Re: Bug#761945: fixing links for DLAs in the security tracker

On 2017-03-29 17:02:44, Salvatore Bonaccorso wrote: > Hi Antoine, Hi! > If you want to look at this part: There is a ./parse-dla.pl script in > the webwml CVS, which is used to import the DLAs (this is an > analogeous script to parse-advisory.pl which is used to import the > DSAs). I see... The

Re: Bug#858973: wheezy-pu: package ejabberd/2.1.10-4+deb7u2

Hi Upload to wheezy-security automatically enter the archive, so the upload need to be synced with the DLA announcement (within a day or so at least). Best regards // Ola On 29 March 2017 at 21:13, Philipp Huebner wrote: > Hi Guido, > > > The changes look sane to me.

Re: Bug#858973: wheezy-pu: package ejabberd/2.1.10-4+deb7u2

Hi Guido, > The changes look sane to me. Could you upload to wheezy-security? If you > don't want to prepare the DLA yourself I can do that but then it would > be awesome if this cold happen on Friday earliest since I'm currently > bit tight on time. > > I can test the package beforehand if you

Re: exim4 & libgnutls26: "A TLS packet with unexpected length was received."

On 29.03.17 16:36, Antoine Beaupré wrote: > Is this a regression in GnuTLS? Or just an aggravating problem from the > rising adoption of SHA-512? I don't think the only problem with libgnutls26 is SHA-512. As it seems the mentioned error can occur in many situations, some for example write

Re: Bug#761945: fixing links for DLAs in the security tracker

Hi Antoine, On Wed, Mar 29, 2017 at 10:33:34AM -0400, Antoine Beaupré wrote: > On 2017-03-29 07:29:06, Salvatore Bonaccorso wrote: > > Hi, > > > > On Wed, Mar 29, 2017 at 06:28:49AM +0200, Salvatore Bonaccorso wrote: > >> Hi, > >> > >> On Tue, Mar 28, 2017 at 10:16:52PM +, Holger Levsen

Re: exim4 & libgnutls26: "A TLS packet with unexpected length was received."

On 2017-03-29 13:41:54, Adrian Zaugg wrote: > I know LTS is not about fixing bugs, this one is critical though and it > affects probably many wheezy installations. As it gets worse with time, > it might be that some one would like to care anyway or maybe there is a > known solution to this problem

Re: fixing links for DLAs in the security tracker

On 2017-03-29 07:29:06, Salvatore Bonaccorso wrote: > Hi, > > On Wed, Mar 29, 2017 at 06:28:49AM +0200, Salvatore Bonaccorso wrote: >> Hi, >> >> On Tue, Mar 28, 2017 at 10:16:52PM +, Holger Levsen wrote: >> > On Tue, Mar 28, 2017 at 10:35:34PM +0200, Moritz Muehlenhoff wrote: >> > > Well, you

exim4 & libgnutls26: "A TLS packet with unexpected length was received."

Dear Longtermers Watching the exim logs of my wheezy server, I discover a lot of connection aborts of incoming TLS connections. The error is quite generic: "A TLS packet with unexpected length was received." This seems to be a often observed problem since long time. Unfortunately the error is

Re: fixing links for DLAs in the security tracker

On Wed, Mar 29, 2017 at 07:29:06AM +0200, Salvatore Bonaccorso wrote: > The security-tracker side of this has been implemented now, Paul Wise > did the corresponding work. cool! thanks Paul! -- cheers, Holger signature.asc Description: Digital signature

Re: Bug#858973: wheezy-pu: package ejabberd/2.1.10-4+deb7u2

On 29/03/17 10:12, Philipp Huebner wrote: > Package: release.debian.org > Severity: normal > Tags: wheezy > User: release.debian@packages.debian.org > Usertags: pu > > Hi, > > I'm not sure if another point update for Wheezy is planned or if this is > a case for the LTS team, but I would like