Russ Allbery writes:
> I'll follow up with the proposed diffs for stable and oldstable.
Here are the proposed diffs for stable and oldstable. The stable diff
just fixes the libssh2 interoperability regression. The oldstable diff
fixes both that and the regression with downloading multiple
Roman Medina-Heigl Hernandez writes:
> El 18/02/2019 a las 18:27, Russ Allbery escribió:
>> While I agree that using undocumented features of rsync is a little
>> dubious, I'm also willing to include a fix to allow the specific
>> command line "rsync --server --daemon " since (a) it seems to be
Hi all,
Here's my early LTS report. The TL;DR: is:
* website work
* python-gpg
* golang
* libarchive
* netmask
* libreoffice
* enigmail
# Website work
I again worked on the website this month, doing one more mass import
([MR 53][]) which was finally merged by Holger Levsen, after I
Antoine Beaupré wrote:
> > Does this plan sound good to everyone? I'll follow up with the proposed
> > diffs for stable and oldstable.
>
> Works for me (LTS), although I won't be the one performing the upgrade
> (I've unclaimed the package for other reasons).
Works for me too and happy to take
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: uriparser
Version: 0.8.0.1-2+deb8u2
CVE ID : CVE-2018-20721
Joergen Ibsen reported an issue with uriparser, a URI parsing library
compliant with RFC 3986.
An Out-of-bounds read for incomplete URIs with IPv6
On 2019-02-01 20:58:28, Holger Levsen wrote:
> On Fri, Feb 01, 2019 at 01:58:04PM -0500, Antoine Beaupré wrote:
[...]
> can you please put that on wiki.d.o/LTS/Development?!
This is now done. I added a new section to the wiki
On 2019-02-18 09:27:37, Russ Allbery wrote:
> Does this plan sound good to everyone? I'll follow up with the proposed
> diffs for stable and oldstable.
Works for me (LTS), although I won't be the one performing the upgrade
(I've unclaimed the package for other reasons).
Thanks for your work!
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Mon, 18 Feb 2019 19:03:02 +0100
Source: uriparser
Binary: liburiparser1 liburiparser-dev
Architecture: source amd64
Version: 0.8.0.1-2+deb8u2
Distribution: jessie-security
Urgency: medium
Maintainer: Jörg Frings-Fürst
Changed-By:
El 18/02/2019 a las 18:27, Russ Allbery escribió:
> While I agree that using undocumented features of rsync is a little
> dubious, I'm also willing to include a fix to allow the specific command
> line "rsync --server --daemon " since (a) it seems to be safe, (b)
> looks easy enough to do, and (c)
Antoine Beaupré writes:
> That said, if we do fix this in jessie, we should do it at the same time
> as the regression identified in stretch (DSA-4377-2).
> Russ, do you want to handle the Jessie update or should the LTS team do
> it?
> Should we wait for resolution on this issue before
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Thu, 14 Feb 2019 16:59:28 +0100
Source: gsoap
Binary: libgsoap5 libgsoap-dev gsoap gsoap-doc libgsoap-dbg gsoap-dbg
Architecture: source amd64 all
Version: 2.8.17-1+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer:
[Adding 922...@bugs.debian.org to CC for completeness / BTS archive]
Chris Lamb wrote:
> > So using the ssize_t version that preserves the sizes of the arguments
> > and return type of the function is the safer choice, regardless of
> > upstream's claim that the function is private.
>
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: gsoap
Version: 2.8.17-1+deb8u2
CVE ID : CVE-2019-7659
It was discovered that there was a denial of service vulnerability in
gsoap a C/C++ language binding used for SOAP-based web services.
For Debian 8 "Jessie",
Hi Mattias,
> Is the aim of this discussion still to determine which version of the
> proposed change to use? The original int version, or the updated
> ssize_t version?
I'm sorry to hear in your mail that you are feeling frustrated
("derail into a general complaint…" etc.) as our shared goal is
lör 2019-02-16 klockan 22:05 + skrev Ben Hutchings:
> On Sat, 2019-02-16 at 06:43 +0100, Mattias Ellert wrote:
> > lör 2019-02-16 klockan 00:12 +0100 skrev Chris Lamb:
> > > Hi Mattias,
> > >
> > > > What exactly do you want to run past upstream? It is not clear to me
> > > > what you are
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Mon, 18 Feb 2019 12:00:44 +0100
Source: postgresql-9.4
Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3
postgresql-9.4 postgresql-9.4-dbg postgresql-client-9.4
postgresql-server-dev-9.4 postgresql-doc-9.4
Thank you merci
Le Lun 18 Fév 2019 8:13, Brian May a écrit :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Package: tiff
> Version: 4.0.3-12.3+deb8u8
> CVE ID : CVE-2018-17000 CVE-2018-19210 CVE-2019-7663
>
>
> Brief introduction
>
> CVE-2018-17000
>
> A
17 matches
Mail list logo