I see libdatetime-timezone-perl is in dla-needed.txt, but I can't see
*any* security vulnerabilies in
https://security-tracker.debian.org/tracker/source-package/libdatetime-timezone-perl
--
Brian May
https://linuxpenguins.xyz/brian/
On Tue 2018-11-06 10:08:26 -0500, Antoine Beaupré wrote:
> i think it should be possible to do a) - as "gpg2" of course. it would
> require modifications to enigmail to call that binary instead of legacy
> 1.4, but it might just work without breaking too much stuff as people
> probably don't rely o
On Tue, Nov 06, 2018 at 08:16:21PM +0100, Markus Koschany wrote:
> Am 06.11.18 um 20:09 schrieb Moritz Muehlenhoff:
> > Hi,
> > if you fix any issues which were formerly tagged in a DLA, make
> > sure
> > to remove the no-dsa in CVE/list as well, e.g. in the DLA-1568-1 for curl.
>
> I was about
Am 06.11.18 um 20:09 schrieb Moritz Muehlenhoff:
> Hi,
> if you fix any issues which were formerly tagged in a DLA, make sure
> to remove the no-dsa in CVE/list as well, e.g. in the DLA-1568-1 for curl.
I was about to do that, as usual, but when someone else does it four
minutes after I requested
Hi,
if you fix any issues which were formerly tagged in a DLA, make sure
to remove the no-dsa in CVE/list as well, e.g. in the DLA-1568-1 for curl.
Cheers,
Moritz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
October 2018 marked my 9th month as a Debian LTS paid contributor. I
had 14 hours of backlog, but due to some personal emergency situations
I couldn't spend much time. All I did was:
mupdf: marked CVE-2018-18662 as not affected.
libspring-java: Re
On Fri, Sep 28, 2018 at 08:32:25PM +0200, Markus Koschany wrote:
> Package: poppler
> X-Debbugs-CC: t...@security.debian.org
> Severity: important
> Tags: security
>
> Hi,
>
> The following vulnerability was published for poppler.
>
> CVE-2018-16646[0]:
> | In Poppler 0.68.0, the Parser::getObj(
Hi,
On 05/11/2018 16:26, Emilio Pozuelo Monfort wrote:
> LLVM (and the necessary deps) were accepted. Unfortunately I run into some
> trouble while bootstrapping rustc and cargo. I tried some different ways and
> finally fixed the first one (bootstrap using upstream binaries). I am
> uploading
>
On 2018-11-06 10:57:12, Holger Levsen wrote:
> On Tue, Nov 06, 2018 at 02:25:37PM +0700, Daniel Kahn Gillmor wrote:
>> On Tue 2018-10-30 11:46:35 -0400, Antoine Beaupré wrote:
>> > 5. backport the required GnuPG patchset from stretch to jessie
>> fwiw, i don't see how this is going to work, since
On Tue, Nov 06, 2018 at 02:25:37PM +0700, Daniel Kahn Gillmor wrote:
> On Tue 2018-10-30 11:46:35 -0400, Antoine Beaupré wrote:
> > 5. backport the required GnuPG patchset from stretch to jessie
> fwiw, i don't see how this is going to work, since jessie has only gpg
> 1.4.18 and 2.0.26 -- modern
On Sun, 28 Oct 2018, Wouter Verhelst wrote:
> On Sun, Oct 28, 2018 at 01:14:13AM +, Ben Hutchings wrote:
> > Debian can't afford to pay developers in general, and previous
> > proposals to pay specific developers were not well received.
>
> That was over a decade ago. The circumstances at the
On Tue 2018-10-30 11:46:35 -0400, Antoine Beaupré wrote:
> 5. backport the required GnuPG patchset from stretch to jessie
fwiw, i don't see how this is going to work, since jessie has only gpg
1.4.18 and 2.0.26 -- modern enigmail requires gnupg 2.0.14 at least, so
that rules out the 1.4 series.
12 matches
Mail list logo