[SECURITY] [DLA 1332-1] libvncserver security update

2018-03-30 Thread Abhijith PA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: libvncserver Version: 0.9.9+dfsg-1+deb7u3 CVE ID : CVE-2018-7225 Debian Bug : 894045 libvncserver version through 0.9.11. does not sanitize msg.cct.length which may result in access to uninitialized and

Re: upload libvncserver

2018-03-30 Thread Abhijith PA
On Friday 30 March 2018 11:28 PM, Ola Lundqvist wrote: > Hi > > I have re-built the package and uploaded now. Will you send the DLA or > do you want me to do that too? > > // Ola > Thanks. I will send the DLA. --abhijith

Accepted libvncserver 0.9.9+dfsg-1+deb7u3 (source amd64) into oldoldstable

2018-03-30 Thread Abhijith PA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 29 Mar 2018 22:55:20 +0530 Source: libvncserver Binary: libvncserver0 libvncserver-dev libvncserver-config libvncserver0-dbg linuxvnc Architecture: source amd64 Version: 0.9.9+dfsg-1+deb7u3 Distribution: wheezy-security

Re: [SECURITY] [DLA 1283-1] python-crypto security update

2018-03-30 Thread Ola Lundqvist
Hi We can simply send a DLA-1283-2 telling that it was not fixed. // Ola On 29 March 2018 at 21:34, Antoine Beaupré wrote: > On 2018-03-27 07:38:43, Brian May wrote: > > Antoine Beaupré writes: > > > >> I'm not sure. The security team marked

[SECURITY] [DLA 1331-1] mercurial security update

2018-03-30 Thread Antoine Beaupré
Package: mercurial Version: 2.2.2-4+deb7u7 CVE ID : CVE-2018-1000132 Debian Bug : 892964 Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to

[SECURITY] [DLA 1330-1] openssl security update

2018-03-30 Thread Antoine Beaupré
Package: openssl Version: 1.0.1t-1+deb7u4 CVE ID : CVE-2018-0739 It was discovered that constructed ASN.1 types with a recursive definition could exceed the stack, potentially leading to a denial of service. Details can be found in the upstream advisory:

Re: Bug#892590: Review graphite2

2018-03-30 Thread Moritz Mühlenhoff
On Fri, Mar 30, 2018 at 10:15:41AM +0530, Abhijith PA wrote: > Drop rene@, jmm@, 892...@bugs.debian.org. > > > On Tuesday 20 March 2018 01:47 AM, Moritz Mühlenhoff wrote: > > On Mon, Mar 19, 2018 at 05:04:17PM +0100, Rene Engelhard wrote: > >> I am not going over the .-release procedure for