On Fri, Aug 30, 2019 at 11:48:05PM +0200, Rainer Dorsch wrote:
> Hi Roberto,
>
> just saw that your Dovecot update failed on my jessie system:
>
This is concerning.
> root@netcup:~# apt-get -f install
> Reading package lists... Done
> Building dependency tree
> Reading state
Hi Roberto,
just saw that your Dovecot update failed on my jessie system:
root@netcup:~# apt-get -f install
Reading package lists... Done
Building dependency tree
Reading state information... Done
Correcting dependencies... Done
The following extra packages will be installed:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: libextractor
Version: 1:1.3-2+deb8u5
CVE ID : CVE-2019-15531
jianglin found an issue in libextractor, a library that extracts meta-data
from files of arbitrary type.
A crafted file could result in a
Hi,
Am Freitag, 30. August 2019 schrieb Salvatore Bonaccorso:
> hi Mike,
>
> On Fri, Aug 30, 2019 at 03:22:23PM +0200, Salvatore Bonaccorso wrote:
> > Hi Mike,
> >
> > On Fri, Aug 30, 2019 at 11:25:16AM +, Mike Gabriel wrote:
> > > However, to address CVE-2019-5477 it should also be
hi Mike,
On Fri, Aug 30, 2019 at 03:22:23PM +0200, Salvatore Bonaccorso wrote:
> Hi Mike,
>
> On Fri, Aug 30, 2019 at 11:25:16AM +, Mike Gabriel wrote:
> > However, to address CVE-2019-5477 it should also be associated to the
> > rexical src:pkg in stretch and later. @security-team: can you
On Fri, 30 Aug 2019, Raphael Hertzog wrote:
> Hi,
>
> On Fri, 30 Aug 2019, Alexander Wirt wrote:
> > > We're not speaking of crap software, we're just speaking of software that
> > > can't be maintained multiple years by backports of security patches, where
> > > we get fixes only with new
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Fri, 30 Aug 2019 19:36:27 +0200
Source: libextractor
Binary: libextractor3 libextractor-dbg libextractor-dev extract
Architecture: source amd64
Version: 1:1.3-2+deb8u5
Distribution: jessie-security
Urgency: high
Maintainer:
Hi,
On Fri, 30 Aug 2019, Alexander Wirt wrote:
> > We're not speaking of crap software, we're just speaking of software that
> > can't be maintained multiple years by backports of security patches, where
> > we get fixes only with new upstream versions (mixed with new features).
> I don't want to
Hi Hugo,
(taking out pkg maintainers out of the loop as this is an LTS workflow issue)
On Fr 30 Aug 2019 15:03:03 CEST, Hugo Lefeuvre wrote:
Hi Mike,
The Debian LTS team recently reviewed the security issue(s) affecting your
package in Jessie:
On Fr 30 Aug 2019 15:22:23 CEST, Salvatore Bonaccorso wrote:
Hi Mike,
On Fri, Aug 30, 2019 at 11:25:16AM +, Mike Gabriel wrote:
However, to address CVE-2019-5477 it should also be associated to the
rexical src:pkg in stretch and later. @security-team: can you please update
data/CVE/list
Hi Mike,
On Fri, Aug 30, 2019 at 11:25:16AM +, Mike Gabriel wrote:
> However, to address CVE-2019-5477 it should also be associated to the
> rexical src:pkg in stretch and later. @security-team: can you please update
> data/CVE/list appropriately (instead of me updating it and you correcting
Hi Sylvain,
On Fr 30 Aug 2019 11:13:14 UTC, Sylvain Beucler wrote:
Hi,
On 30/08/2019 10:28, Mike Gabriel wrote:
Hi Sylvain, hi all,
On Fr 08 Mär 2019 11:03:49 CET, Sylvain Beucler wrote:
Hi,
On 04/03/2019 17:37, Sylvain Beucler wrote:
On 04/03/2019 16:55, Markus Koschany wrote:
Am
--
Mythic Beasts Security
secur...@mythic-beasts.com
-Original Message-
From: "Roberto C. Sánchez"
Reply-To: debian-lts@lists.debian.org
Date: Thu, 29 Aug 2019 15:02:49 -0400
To: "debian-lts-annou...@lists.debian.org"
Subject: [SECURITY] [DLA 1901-1] dovecot security update
>Package
Hi Mike,
> The Debian LTS team recently reviewed the security issue(s) affecting your
> package in Jessie:
> https://security-tracker.debian.org/tracker/source-package/imagemagick
>
> We decided that a member of the LTS team should take a look at this
> package, although the security impact of
The Debian LTS team recently reviewed the security issue(s) affecting your
package in Jessie:
https://security-tracker.debian.org/tracker/CVE-2019-14464
https://security-tracker.debian.org/tracker/CVE-2019-14496
https://security-tracker.debian.org/tracker/CVE-2019-14497
We decided that a member
Dear maintainer(s),
The Debian LTS team would like to fix the security issues which are
currently open in the Jessie version of ruby-nokogiri:
https://security-tracker.debian.org/tracker/CVE-2019-5477
Would you like to take care of this yourself?
If yes, please follow the workflow we have
Dear maintainer(s),
The Debian LTS team would like to fix the security issues which are
currently open in the Jessie version of libcommons-compress-java:
https://security-tracker.debian.org/tracker/CVE-2019-12402
Would you like to take care of this yourself?
If yes, please follow the workflow
Dear maintainer(s),
The Debian LTS team would like to fix the security issues which are
currently open in the Jessie version of libgcrypt20:
https://security-tracker.debian.org/tracker/CVE-2019-13627
Would you like to take care of this yourself?
If yes, please follow the workflow we have
Hi,
while triaging ruby-nokogiri/CVE-2019-5477, I noticed this in [1]:
```
[...]
This vulnerability appears in code generated by the Rexical gem
versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate
lexical scanner code for parsing CSS queries. The underlying
vulnerability
Hi,
On 30/08/2019 10:28, Mike Gabriel wrote:
> Hi Sylvain, hi all,
>
> On Fr 08 Mär 2019 11:03:49 CET, Sylvain Beucler wrote:
>
>> Hi,
>>
>> On 04/03/2019 17:37, Sylvain Beucler wrote:
>>> On 04/03/2019 16:55, Markus Koschany wrote:
Am 04.03.19 um 16:33 schrieb Sylvain Beucler:
[...]
Dear Rhonda,
The Debian LTS team would like to fix the security issues which are
currently open in the Jessie version of irssi:
https://security-tracker.debian.org/tracker/source-package/irssi
Would you like to take care of this yourself?
If yes, please follow the workflow we have defined here:
The Debian LTS team recently reviewed the security issue(s) affecting your
package in Jessie:
https://security-tracker.debian.org/tracker/source-package/ansible
We decided that a member of the LTS team should take a look at this
package, although the security impact of still open issues is low.
On Fri, 30 Aug 2019, Raphael Hertzog wrote:
> On Fri, 30 Aug 2019, Alexander Wirt wrote:
> > There were several discussions over the last years. And yes, our vision of
> > backports does not match the vision of those fastpace/not ready for
> > stable/whatever you call them repos. In our vision
On Fri, 30 Aug 2019, Alexander Wirt wrote:
> There were several discussions over the last years. And yes, our vision of
> backports does not match the vision of those fastpace/not ready for
> stable/whatever you call them repos. In our vision debian-backports consists
> of new (tested, as in "is
Dear maintainer(s),
The Debian LTS team recently reviewed the security issue(s) affecting your
package in Jessie:
https://security-tracker.debian.org/tracker/source-package/imagemagick
We decided that a member of the LTS team should take a look at this
package, although the security impact of
Hi Sylvain, hi all,
On Fr 08 Mär 2019 11:03:49 CET, Sylvain Beucler wrote:
Hi,
On 04/03/2019 17:37, Sylvain Beucler wrote:
On 04/03/2019 16:55, Markus Koschany wrote:
Am 04.03.19 um 16:33 schrieb Sylvain Beucler:
[...]
I see this as a strong signal that we should not attempt to backport
On Fri, Aug 30, 2019 at 09:17:32AM +0200, Raphael Hertzog wrote:
> Hi,
>
> On Fri, 30 Aug 2019, Pirate Praveen wrote:
> > Fast Track repo works exactly like current backports except the packages
> > are added from unstable (or experimental during transitions and freeze)
> > as they cannot go to
On Fri, 30 Aug 2019, Raphael Hertzog wrote:
> Hi,
>
> On Fri, 30 Aug 2019, Pirate Praveen wrote:
> > Fast Track repo works exactly like current backports except the packages
> > are added from unstable (or experimental during transitions and freeze)
> > as they cannot go to testing and hence to
Hi,
On Fri, 30 Aug 2019, Pirate Praveen wrote:
> Fast Track repo works exactly like current backports except the packages
> are added from unstable (or experimental during transitions and freeze)
> as they cannot go to testing and hence to current backports.
>
> As Paul noted earlier, backports
29 matches
Mail list logo
