-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: drupal7
Version: 7.32-1+deb8u15
CVE ID : CVE-2019-6338
Drupal core uses the third-party PEAR Archive_Tar library. This
library has released a security update which impacts some Drupal
configurations. Refer to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: systemd
Version: 215-17+deb8u10
CVE ID : CVE-2019-6454
Chris Coulson discovered a flaw in systemd leading to denial of service.
An unprivileged user could take advantage of this issue to crash PID1 by
sending a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Tue, 19 Feb 2019 16:14:40 +0100
Source: systemd
Binary: systemd systemd-sysv libpam-systemd libsystemd0 libsystemd-dev
libsystemd-login0 libsystemd-login-dev libsystemd-daemon0 libsystemd-daemon-dev
libsystemd-journal0
Roman Medina-Heigl Hernandez writes:
> Well, in my case I had the following setting in rsyncd.conf:
> path = /backup/synology
> where path points to a different directory which is NOT $home nor
> doesn't permit to reach $home.
> So you cannot overwrite /home/synology/rsyncd.conf.
Can the
El 19/02/2019 a las 4:16, Russ Allbery escribió:
> Unfortunately, I took a closer look, and it turns out that this command
> was never safe. It also allows arbitrary code excution on the server
> side if the client can write to $HOME. This is because:
>
>--config=FILE
> This
On Mon, Feb 18, 2019 at 04:10:47PM -0500, Antoine Beaupré wrote:
> > can you please put that on wiki.d.o/LTS/Development?!
> This is now done. I added a new section to the wiki
awesome, thank you!
> I've done one more mass import, hopefully the last:
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: rdesktop
Version: 1.8.4-0+deb8u1
CVE ID : CVE-2018-8791 CVE-2018-8792 CVE-2018-8793 CVE-2018-8794
CVE-2018-8795 CVE-2018-8796 CVE-2018-8797 CVE-2018-8798
CVE-2018-8799 CVE-2018-8800
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Tue, 19 Feb 2019 11:10:52 +0100
Source: rdesktop
Binary: rdesktop
Architecture: source amd64
Version: 1.8.4-0+deb8u1
Distribution: jessie-security
Urgency: medium
Maintainer: Laszlo Boszormenyi (GCS)
Changed-By: Emilio Pozuelo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Mon, 18 Feb 2019 19:50:49 -0800
Source: rssh
Binary: rssh
Architecture: source amd64
Version: 2.3.4-4+deb8u3
Distribution: jessie-security
Urgency: high
Maintainer: Russ Allbery
Changed-By: Russ Allbery
Description:
rssh -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: rssh
Version: 2.3.4-4+deb8u3
Debian Bug : #921655
It was discovered that the fix for the security vulnerability
released for rssh in 2.3.4-4+deb8u2 via DLA-1660-1 introduced a
regression that blocked scp(1) of multiple
Hi Russ,
> I've not done an LTS security upload before, but it looks from the wiki
> that it uses the same security-master process as stable security updates.
> Please let me know if that's wrong.
This is mostly correct, yep! I made the following the changes to
your jessie diff:
- * The fix
11 matches
Mail list logo