[SECURITY] [DLA 1685-1] drupal7 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: drupal7 Version: 7.32-1+deb8u15 CVE ID : CVE-2019-6338 Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to

[SECURITY] [DLA 1684-1] systemd security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: systemd Version: 215-17+deb8u10 CVE ID : CVE-2019-6454 Chris Coulson discovered a flaw in systemd leading to denial of service. An unprivileged user could take advantage of this issue to crash PID1 by sending a

Accepted systemd 215-17+deb8u10 (source amd64) into oldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 19 Feb 2019 16:14:40 +0100 Source: systemd Binary: systemd systemd-sysv libpam-systemd libsystemd0 libsystemd-dev libsystemd-login0 libsystemd-login-dev libsystemd-daemon0 libsystemd-daemon-dev libsystemd-journal0

Re: rssh security update breaks rsync via Synology's "hyper backup"

Roman Medina-Heigl Hernandez writes: > Well, in my case I had the following setting in rsyncd.conf: > path = /backup/synology > where path points to a different directory which is NOT $home nor > doesn't permit to reach $home. > So you cannot overwrite /home/synology/rsyncd.conf. Can the

Re: rssh security update breaks rsync via Synology's "hyper backup"

El 19/02/2019 a las 4:16, Russ Allbery escribió: > Unfortunately, I took a closer look, and it turns out that this command > was never safe. It also allows arbitrary code excution on the server > side if the client can write to $HOME. This is because: > >--config=FILE > This

Re: heads up: DLA should now be published on the website

On Mon, Feb 18, 2019 at 04:10:47PM -0500, Antoine Beaupré wrote: > > can you please put that on wiki.d.o/LTS/Development?! > This is now done. I added a new section to the wiki awesome, thank you! > I've done one more mass import, hopefully the last: >

[SECURITY] [DLA 1683-1] rdesktop security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: rdesktop Version: 1.8.4-0+deb8u1 CVE ID : CVE-2018-8791 CVE-2018-8792 CVE-2018-8793 CVE-2018-8794 CVE-2018-8795 CVE-2018-8796 CVE-2018-8797 CVE-2018-8798 CVE-2018-8799 CVE-2018-8800

Accepted rdesktop 1.8.4-0+deb8u1 (source amd64) into oldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 19 Feb 2019 11:10:52 +0100 Source: rdesktop Binary: rdesktop Architecture: source amd64 Version: 1.8.4-0+deb8u1 Distribution: jessie-security Urgency: medium Maintainer: Laszlo Boszormenyi (GCS) Changed-By: Emilio Pozuelo

Accepted rssh 2.3.4-4+deb8u3 (source amd64) into oldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 18 Feb 2019 19:50:49 -0800 Source: rssh Binary: rssh Architecture: source amd64 Version: 2.3.4-4+deb8u3 Distribution: jessie-security Urgency: high Maintainer: Russ Allbery Changed-By: Russ Allbery Description: rssh -

[SECURITY] [DLA 1660-2] rssh regression update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: rssh Version: 2.3.4-4+deb8u3 Debian Bug : #921655 It was discovered that the fix for the security vulnerability released for rssh in 2.3.4-4+deb8u2 via DLA-1660-1 introduced a regression that blocked scp(1) of multiple

Re: rssh security update breaks rsync via Synology's "hyper backup"

Hi Russ, > I've not done an LTS security upload before, but it looks from the wiki > that it uses the same security-master process as stable security updates. > Please let me know if that's wrong. This is mostly correct, yep! I made the following the changes to your jessie diff: - * The fix