hi,
today I unclaimed for LTS:
-angular.js (Thorsten Alteholz)
-opendmarc (Thorsten Alteholz)
-tiff (Thorsten Alteholz)
and none for eLTS.
--
tschau,
Holger
---
Holger Levsen writes:
> then, just for the record, this was discussed with Raphael and me. Please
> don't do more hours than assigned without coordination. See "What should
> I do if I work more than the hours allocated?" in debian-lts.git for
> more info.
Huh? I don't see anything about
Hi Holger,
On 10/11/19 10:22 pm, Holger Levsen wrote:
> On Sun, Nov 10, 2019 at 12:18:37AM +0530, Utkarsh Gupta wrote:
>> I've fixed CVE-2017-1002201 and thus request for someone to sponsor the
>> upload of ruby-haml.
>> The package is tested and uploaded to mentors.d.net and the relevant
>> .dsc
Package: ruby-haml
Version: 4.0.5-2+deb8u1
CVE ID : CVE-2017-1002201
In haml, when using user input to perform tasks on the server, characters
like < > " ' must be escaped properly. In this case, the ' character was
missed. An attacker can manipulate the input to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sat, 09 Nov 2019 22:27:34 +0530
Source: ruby-haml
Binary: ruby-haml
Architecture: source all
Version: 4.0.5-2+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Ruby Extras Maintainers
Changed-By: Utkarsh Gupta
On Sun, Nov 10, 2019 at 12:18:37AM +0530, Utkarsh Gupta wrote:
> I've fixed CVE-2017-1002201 and thus request for someone to sponsor the
> upload of ruby-haml.
> The package is tested and uploaded to mentors.d.net and the relevant
> .dsc could be found here[1].
thanks, uploaded.
> I'm also
Hi,
first: thanks for your work and the report, Emilio!
On Sun, Nov 10, 2019 at 11:07:02AM +0100, Emilio Pozuelo Monfort wrote:
> Since the hours spent on LTS were higher than my allotted time, my November
> hours will be used for that, as well as a few from ELTS, and I will work on
> the
>
Hi,
During the month of October I spent 72 hours on finishing the Firefox ESR 68
update. That update took so much time due to the necessary toolchain updates,
which included rust & cargo, LLVM, and GCC, and to several issues which were
encountered with some of those components and with some old
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: firefox-esr
Version: 68.2.0esr-1~deb8u1
CVE ID : CVE-2019-11757 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761
CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-15903
Multiple security issues have