On Wed, Oct 24, 2018 at 4:15 AM Sean Whitton wrote:
>
> On Tue 23 Oct 2018 at 05:06PM +0200, Markus Koschany wrote:
> >
> > In short: Make it very clear if you want to provide long-term support
> > for your project. Talk to the LTS team in case you need help. Nobody is
> > forced to do anything.
>
Hello,
Am 23.10.18 um 21:20 schrieb Anthony DeRobertis:
> Package: tomcat7
> Version: 7.0.56-3+really7.0.91-1
> Severity: important
>
> After applying the recent security update, the web app we're running
> (which is unfortunately a proprietary product provided by a vendor) no
> longer works.
Package: tomcat7
Version: 7.0.56-3+really7.0.91-1
Severity: important
After applying the recent security update, the web app we're running
(which is unfortunately a proprietary product provided by a vendor) no
longer works. Instead, I get an exception and a blank page.
Interestingly, in
On 2018-10-23 19:26:32, Ben Hutchings wrote:
> On Tue, 2018-10-23 at 14:00 -0400, Antoine Beaupré wrote:
>> Hi,
>>
>> After the lengthy discussion[1] regarding the pending security issues in
>> GnuTLS (CVE-2018-10844, CVE-2018-10845, CVE-2018-10846), I have
>> determined it might be simpler to
On Tue, 2018-10-23 at 14:00 -0400, Antoine Beaupré wrote:
> Hi,
>
> After the lengthy discussion[1] regarding the pending security issues in
> GnuTLS (CVE-2018-10844, CVE-2018-10845, CVE-2018-10846), I have
> determined it might be simpler to just upgrade to the latest upstream
> 3.3.x version
Ah, and I pushed my changes here:
https://salsa.debian.org/debian/gnutls/tree/gnutls28_jessie_3.3.30+
A.
--
We should act only in such away that if everyone
else acted as we do, we would accept the results.
- Emmanuel Kant
Hi,
After the lengthy discussion[1] regarding the pending security issues in
GnuTLS (CVE-2018-10844, CVE-2018-10845, CVE-2018-10846), I have
determined it might be simpler to just upgrade to the latest upstream
3.3.x version for which upstream is still providing updates. Upstream
agrees with the
Hi Steve!
On 2018-10-23 04:26:18, Steve McIntyre wrote:
> So I'm worried that those of us who have *not* volunteered to support
> LTS are being pressured into spending our time on it anyway. What can
> we do to fix that? How/where do we clarify for our users (and
> developers!) what LTS means,
Hello Raphael,
On Tue 23 Oct 2018 at 09:52AM +0200, Raphael Hertzog wrote:
> Instead we are rather aiming to integrate LTS more and more everywhere.
> However, when LTS is becoming a burden on other teams, we should
> definitely look how the LTS team can help to alleviate that burden.
> Because
Hello, everyone,
I prepared another set of fixes based on the current Xen package on
jessie-security (4.4.4lts2-0+deb8u1, DLA-1549).
These fixes include
CVE-2017-15595 / xsa 240
CVE-2017-15593 / xsa 242
CVE-2017-15592 / xsa 243
CVE-2017-16693 / xsa 244
CVE-2017-17044 / xsa 246
Hi Steve,
On Tue, 23 Oct 2018, Steve McIntyre wrote:
> So I'm worried that those of us who have *not* volunteered to support
> LTS are being pressured into spending our time on it anyway. What can
> we do to fix that? How/where do we clarify for our users (and
> developers!) what LTS means, and
11 matches
Mail list logo
