Re: [SECURITY] [DLA 3676-1] horizon security update

2023-11-30 Thread Roberto C . Sánchez
On Fri, Dec 01, 2023 at 02:05:42AM +0100, Guilhem Moulin wrote: > On Thu, 30 Nov 2023 at 19:47:42 -0500, Roberto C. Sánchez wrote: > > Yes, I would recommend two things. > > Done, thanks Roberto! > You're welcome! -- Roberto C. Sánchez

Re: [SECURITY] [DLA 3676-1] horizon security update

2023-11-30 Thread Guilhem Moulin
On Thu, 30 Nov 2023 at 19:47:42 -0500, Roberto C. Sánchez wrote: > Yes, I would recommend two things. Done, thanks Roberto! -- Guilhem.

Re: [SECURITY] [DLA 3676-1] horizon security update - INCORRECT DLA ID

2023-11-30 Thread Guilhem Moulin
On Thu, 30 Nov 2023 at 23:59:28 +0100, Guilhem Moulin wrote: > - > Debian LTS Advisory DLA-3676-1debian-lts@lists.debian.org > https://www.debian.org/lts/security/ Guilhem Moulin >

LTS meeting summary and notes

2023-11-30 Thread Roberto C . Sánchez
Thanks to everyone who participated in today's LTS contributor meeting. As the meeting took place over IRC, everything was recorded by Meetbot. The information can be found at these links: Minutes: http://meetbot.debian.net/debian-lts/2023/debian-lts.2023-11-30-13.57.html Minutes (text):

[SECURITY] [DLA 3678-1] horizon security update - CORRECTED ANNOUNCEMENT

2023-11-30 Thread Guilhem Moulin
- Debian LTS Advisory DLA-3678-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin December 30, 2023 https://wiki.debian.org/LTS

Debian LTS report for November 2023

2023-11-30 Thread Guilhem Moulin
During the month of November 2023 and on behalf of Freexian, I worked on the following: opensc -- Uploaded 0.19.0-1+deb10u3 and issued DLA-3668-1 https://lists.debian.org/msgid-search/?m=zwpsqzcsk_2as...@debian.org * CVE-2023-40660: Potential PIN bypass. The bypass was removed and

Re: [SECURITY] [DLA 3676-1] horizon security update

2023-11-30 Thread Roberto C . Sánchez
On Fri, Dec 01, 2023 at 12:48:19AM +0100, Guilhem Moulin wrote: > On Thu, 30 Nov 2023 at 23:59:28 +0100, Guilhem Moulin wrote: > > - > > Debian LTS Advisory DLA-3676-1debian-lts@lists.debian.org > >

[SECURITY] [DLA 3679-1] vlc security update

2023-11-30 Thread Adrian Bunk
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3679-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk November 30, 2023

Re: [SECURITY] [DLA 3676-1] horizon security update

2023-11-30 Thread Guilhem Moulin
On Thu, 30 Nov 2023 at 23:59:28 +0100, Guilhem Moulin wrote: > - > Debian LTS Advisory DLA-3676-1debian-lts@lists.debian.org > https://www.debian.org/lts/security/ Guilhem Moulin >

[SECURITY] [DLA 3676-1] horizon security update

2023-11-30 Thread Guilhem Moulin
- Debian LTS Advisory DLA-3676-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin November 30, 2023 https://wiki.debian.org/LTS

Accepted horizon 3:14.0.2-3+deb10u3 (source) into oldoldstable

2023-11-30 Thread Debian FTP Masters
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 30 Nov 2023 22:02:12 +0100 Source: horizon Architecture: source Version: 3:14.0.2-3+deb10u3 Distribution: buster-security Urgency: high Maintainer: Debian OpenStack Changed-By: Guilhem Moulin Changes: horizon

Accepted vlc 3.0.20-0+deb10u1 (source) into oldoldstable

2023-11-30 Thread Debian FTP Masters
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 30 Nov 2023 21:28:42 +0200 Source: vlc Architecture: source Version: 3.0.20-0+deb10u1 Distribution: buster-security Urgency: medium Maintainer: Debian Multimedia Maintainers Changed-By: Adrian Bunk Changes: vlc

[SECURITY] [DLA 3676-1] libde265 security update

2023-11-30 Thread gladk
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3676-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Anton Gladky November 30, 2023

[SECURITY] [DLA 3677-1] gimp-dds security update

2023-11-30 Thread Adrian Bunk
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3677-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk November 30, 2023

Accepted libde265 1.0.11-0+deb10u5 (source) into oldoldstable

2023-11-30 Thread Debian FTP Masters
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 30 Nov 2023 17:31:53 +0100 Source: libde265 Architecture: source Version: 1.0.11-0+deb10u5 Distribution: buster-security Urgency: medium Maintainer: Debian Multimedia Maintainers Changed-By: Anton Gladky Changes: libde265

Accepted gimp-dds 3.0.1-1+deb10u1 (source) into oldoldstable

2023-11-30 Thread Debian FTP Masters
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 30 Nov 2023 15:48:57 +0200 Source: gimp-dds Architecture: source Version: 3.0.1-1+deb10u1 Distribution: buster-security Urgency: medium Maintainer: Debian Games Team Changed-By: Adrian Bunk Changes: gimp-dds

Re: Policy queue in buster-security

2023-11-30 Thread Ben Hutchings
On Tue, 2023-11-28 at 09:57 +, Emilio Pozuelo Monfort wrote: > Hi, > > We're in the process of setting up a policy queue for buster-security. That > means that uploads to buster-security will end up in the policy queue, and > get > built there. Once things are ready (builds have happened,

[SECURITY] [DLA 3674-1] thunderbird security update

2023-11-30 Thread Emilio Pozuelo Monfort
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3674-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 30, 2023

Re: tinymce git repository

2023-11-30 Thread Sylvain Beucler
Hi Sean, At a point LTS pre-created *empty* Git repositories under /lts-team/packages for packages added to dla-needed.txt, but since then we've been trying to leave that to the contributor, so he can e.g. appropriately fork the repository and better keep the history. Consequently empty Git

Re: tinymce git repository

2023-11-30 Thread Sean Whitton
Thanks all. -- Sean Whitton

Accepted zbar 0.22-1+deb10u1 (source) into oldoldstable

2023-11-30 Thread Debian FTP Masters
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 30 Nov 2023 11:19:08 + Source: zbar Architecture: source Version: 0.22-1+deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian QA Group Changed-By: Bastien Roucariès Closes: 1051724 Changes: zbar

Re: tinymce git repository

2023-11-30 Thread Tobias Frost
Am 30. November 2023 09:29:32 UTC schrieb Sean Whitton : >Hello Anton, > >Ola added tinymce to dla-needed.txt. > >I found . > >Could you let me know why the repository was archived? > >Thanks. > the repositiory was one of those with an

Re: tinymce git repository

2023-11-30 Thread Emilio Pozuelo Monfort
On 30/11/2023 09:29, Sean Whitton wrote: Hello Anton, Ola added tinymce to dla-needed.txt. I found . Could you let me know why the repository was archived? It's an empty repository, with no upstream sources or anything else. We

curl: CVE-2023-28322 and CVE-2023-27534

2023-11-30 Thread Markus Koschany
Hi Samuel, I have recently triaged CVE-2023-28322 and CVE-2023-27534 for curl as ignored for Buster because I believe those are minor issues. Since you expressed interest as the maintainer of curl to fix potential security vulnerabilities, I am asking you for your assessment. Are you (or someone

tinymce git repository

2023-11-30 Thread Sean Whitton
Hello Anton, Ola added tinymce to dla-needed.txt. I found . Could you let me know why the repository was archived? Thanks. -- Sean Whitton signature.asc Description: PGP signature