Python review request, CVE-2022-22817 & CVE-2023-50447 in pillow

2024-02-29 Thread Sean Whitton
Hello, I have three review requests for src:pillow in LTS and ELTS. (1) I believe that the fixes previously uploaded to buster, stretch and jessie for CVE-2022-22817 are incomplete. Upstream updated the vulnerability a month after releasing the original fix with a follow-up fix in commit

Debian LTS and ELTS -- February 2024

2024-02-29 Thread Sean Whitton
Hello, This was my eighth month working on LTS and ELTS. Thank you to Freexian and Freexian's sponsors for making these projects possible: LTS - libssh - Finished backporting fixes for CVE-2020-16135, CVE-2023-6004, CVE-2023-6918 and

Re: debvm invocations for ELTS

2024-02-29 Thread Sean Whitton
Hello, On Thu 29 Feb 2024 at 02:14pm +08, Sean Whitton wrote: > Does anyone have working debvm runes for stretch & jessie? > > If you just use 'debvm-create -r stretch -- > http://deb.freexian.com/extended-lts' > then there isn't working networking. Thank you to those who responded here and on

[SECURITY] [DLA 3746-1] wireshark security update

2024-02-29 Thread Adrian Bunk
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3746-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk February 29, 2024

[SECURITY] [DLA 3745-1] gsoap security update

2024-02-29 Thread Adrian Bunk
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3745-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk February 29, 2024

Accepted wireshark 2.6.20-0+deb10u8 (source) into oldoldstable

2024-02-29 Thread Debian FTP Masters
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 29 Feb 2024 22:49:52 +0200 Source: wireshark Architecture: source Version: 2.6.20-0+deb10u8 Distribution: buster-security Urgency: medium Maintainer: Balint Reczey Changed-By: Adrian Bunk Changes: wireshark

Re: debvm invocations for ELTS

2024-02-29 Thread Santiago Ruano Rincón
El 29/02/24 a las 14:14, Sean Whitton escribió: > Hello, > > Does anyone have working debvm runes for stretch & jessie? > > If you just use 'debvm-create -r stretch -- > http://deb.freexian.com/extended-lts' > then there isn't working networking. AFAIU, networking is set up while running

Accepted gsoap 2.8.75-1+deb10u1 (source) into oldoldstable

2024-02-29 Thread Debian FTP Masters
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 29 Feb 2024 20:27:18 +0200 Source: gsoap Architecture: source Version: 2.8.75-1+deb10u1 Distribution: buster-security Urgency: medium Maintainer: Mattias Ellert Changed-By: Adrian Bunk Changes: gsoap (2.8.75-1+deb10u1)

[SECURITY] [DLA 3744-1] python-django security update

2024-02-29 Thread Chris Lamb
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3744-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Chris Lamb February 29, 2024

Accepted python-django 1:1.11.29-1+deb10u11 (source) into oldoldstable

2024-02-29 Thread Debian FTP Masters
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 29 Feb 2024 15:09:29 + Source: python-django Architecture: source Version: 1:1.11.29-1+deb10u11 Distribution: buster-security Urgency: high Maintainer: Debian Python Modules Team Changed-By: Chris Lamb Closes: 986447