On Fri, May 11, 2018 at 09:25:17AM +0200, Emilio Pozuelo Monfort wrote:
> Hi Kurt,
>
> On 30/01/18 21:59, Kurt Roeckx wrote:
> > On Tue, Jan 30, 2018 at 08:33:53PM +0100, Ola Lundqvist wrote:
> >> Dear maintainers,
> >>
> >> The Debian LTS team w
On Tue, Jan 30, 2018 at 08:33:53PM +0100, Ola Lundqvist wrote:
> Dear maintainers,
>
> The Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of libmad:
> https://security-tracker.debian.org/tracker/CVE-2017-8372
>
On Wed, Nov 08, 2017 at 11:22:24PM +0100, Markus Koschany wrote:
> Am 08.11.2017 um 23:04 schrieb Kurt Roeckx:
> > On Wed, Nov 08, 2017 at 10:07:57PM +0100, Markus Koschany wrote:
> >> Hello Kurt,
> >>
> >> we saw that you reserved a DLA number for OpenSSL last
On Wed, Nov 08, 2017 at 10:07:57PM +0100, Markus Koschany wrote:
> Hello Kurt,
>
> we saw that you reserved a DLA number for OpenSSL last week but the new
> version 1.0.1t-1+deb7u3 has not been uploaded yet. Is there anything we
> can do to assist you?
The package has been ready in svn since
On Mon, Aug 07, 2017 at 07:39:34AM -0400, Chris Lamb wrote:
> Dear maintainer(s),
>
> The Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of libmad:
> https://security-tracker.debian.org/tracker/source-package/libmad
>
> Would you like to
On Fri, Jul 21, 2017 at 04:47:23PM -0400, Antoine Beaupré wrote:
> On 2017-07-21 22:19:20, Philipp Kern wrote:
> > My point was that you state what your delta is and essentially boils
> > down to attach the diff of what will actually happen to the .deb. I
> > think it's generally fine to add new
On Wed, Mar 22, 2017 at 09:02:16PM +0100, Ola Lundqvist wrote:
> Hello dear maintainer(s),
>
> the Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of ntp:
> https://security-tracker.debian.org/tracker/CVE-2017-6460
>
On Tue, Jan 31, 2017 at 11:13:55PM +0100, Emilio Pozuelo Monfort wrote:
> Hi Kurt,
>
> I have prepared an update of openssl for wheezy based on 1.0.1t-1+deb8u6. I
> have
> done some smoke testing on it and it seems fine, but I haven't been able to
> verify the three fixes as I can't find
On Mon, Nov 21, 2016 at 11:13:13PM +0100, Ola Lundqvist wrote:
> Hello dear maintainer(s),
>
> The Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of ntp:
> https://security-tracker.debian.org/tracker/CVE-2016-7426
>
On Tue, Nov 01, 2016 at 03:09:06PM +0100, Guido Günther wrote:
> Hello dear maintainer(s),
>
> the Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of openssl:
> https://security-tracker.debian.org/tracker/CVE-2016-8610
I will fix this soon.
Package: openssl
Version: 1.0.1t-1+deb7u1
CVE ID : CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180
CVE-2016-2181 CVE-2016-2182 CVE-2016-6302 CVE-2016-6303
CVE-2016-6304 CVE-2016-6306
Several vulnerabilities were discovered in
: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
libcrypto1.0.0-udeb - crypto shared library - udeb (udeb)
libssl-dev - SSL development libraries, header files and documentation
libssl-doc - SSL
On Fri, Sep 23, 2016 at 09:43:03PM +0200, Moritz Mühlenhoff wrote:
> On Fri, Sep 23, 2016 at 09:38:10PM +0200, Kurt Roeckx wrote:
> > So I would like to just upload the 1.0.1u version to
> > wheezy-security. If nobody complains that is what I will do.
>
> Then the version n
Hi,
The version in wheezy-security is currently 1.0.1e-2+deb7u21.
Recently I've changed the jessie version from 1.0.1k to 1.0.1t
without any problem.
Supporting the 1.0.1e now requires a great deal of extra work
because the patches just don't apply. If it's not because of the
reformatting of
On Mon, Aug 08, 2016 at 01:12:28PM +0200, Ola Lundqvist wrote:
> Hi Kurt
>
> As a member of the LTS team I have started to look into a ntp security
> update of CVE-2016-4953 mentioned here:
> https://security-tracker.debian.org/tracker/source-package/ntp
>
> I see that you have prepared security
On Wed, Jun 01, 2016 at 07:23:22AM +0200, Santiago Ruano Rincón wrote:
>
> I have picked your patches (I hope all of them) from the svn to build a
> test package, and have also taken a look to remaining issues. I have
> only could "backport" the fix for CVE-2016-1551, the refclock
>
On Wed, May 18, 2016 at 01:24:37PM -0400, Antoine Beaupré wrote:
> On 2016-02-13 05:49:24, Kurt Roeckx wrote:
> > On Sat, Feb 13, 2016 at 10:06:23AM +, Damyan Ivanov wrote:
> >> Hello dear maintainer(s),
> >>
> >> The Debian LTS team would l
Package: openssl
Version: 1.0.1e-2+deb7u21
CVE ID : CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108
CVE-2016-2109 CVE-2016-2176
Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer
toolkit.
CVE-2016-2105
Guido Vranken
On Sun, Mar 06, 2016 at 03:33:16PM +1100, Brian May wrote:
> Hello,
>
> Just wondering if there is some other way we can track security issues
> for when CVEs are not available.
>
> Thinking of imagemagick here, it has a lot of security issues, and
> requests for CVEs are not getting any
will end
soon. If you are using openssl you should upgrade to wheezy or preferably
jessie. The version in those versions contain many security improvements.
Kurt Roeckx
signature.asc
Description: PGP signature
: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
libcrypto0.9.8-udeb - crypto shared library - udeb (udeb)
libssl-dev - SSL development libraries, header files and documentation
libssl0.9.8 - SSL shared libraries
On Sat, Feb 13, 2016 at 10:06:23AM +, Damyan Ivanov wrote:
> Hello dear maintainer(s),
>
> The Debian LTS team would like to fix the security issues which are
> currently open in the Squeeze version of ntp:
> https://security-tracker.debian.org/tracker/source-package/ntp
I was under the
On Sat, Feb 13, 2016 at 03:55:31PM +, Damyan Ivanov wrote:
> -=| Kurt Roeckx, 13.02.2016 11:49:24 +0100 |=-
> > On Sat, Feb 13, 2016 at 10:06:23AM +, Damyan Ivanov wrote:
> > > Hello dear maintainer(s),
> > >
> > > The Debian LTS team would l
Package: openssl
Version: 0.9.8o-4squeeze22
CVE ID : CVE-2015-3195
When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak
memory. This structure is used by the PKCS#7 and CMS routines so any
application which reads PKCS#7 or CMS data from untrusted
On Wed, Oct 28, 2015 at 09:35:59AM +0900, Ben Hutchings wrote:
> On Tue, 2015-10-27 at 21:57 +0100, Kurt Roeckx wrote:
> > On Sun, Oct 25, 2015 at 01:30:18PM +0900, Ben Hutchings wrote:
> > > I've looked through the upstream repository for the patches that fix he
> > >
ain...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
ntp- Network Time Protocol daemon and utility programs
ntp-doc- Network Time Protocol documentation
ntpdate- client for setting system time from NTP servers
Changes:
ntp (1:4.2.6.p2+d
Package: ntp
Version: 1:4.2.6.p2+dfsg-1+deb6u4
CVE ID : CVE-2015-5146 CVE-2015-5194 CVE-2015-5195 CVE-2015-5219
CVE-2015-5300 CVE-2015-7691 CVE-2015-7692 CVE-2015-7701
CVE-2015-7702 CVE-2015-7703 CVE-2015-7704 CVE-2015-7850
On Sun, Oct 25, 2015 at 01:30:18PM +0900, Ben Hutchings wrote:
> I've looked through the upstream repository for the patches that fix he
> recently announced issues. Quite a few of them turned out not to apply
> to squeeze, or the newer stable releases, and I've updated the security
> tracker
On Sun, Oct 25, 2015 at 11:19:03AM +0100, Kurt Roeckx wrote:
> On Sun, Oct 25, 2015 at 01:30:18PM +0900, Ben Hutchings wrote:
> > I've looked through the upstream repository for the patches that fix he
> > recently announced issues. Quite a few of them turned out not to apply
On Mon, Oct 26, 2015 at 06:55:06AM +0900, Ben Hutchings wrote:
> On Sun, 2015-10-25 at 22:45 +0100, Kurt Roeckx wrote:
> > On Mon, Oct 26, 2015 at 06:13:07AM +0900, Ben Hutchings wrote:
> [...]
> > > > While I have addiotional patches for:
> > > > CVE-2014-9750
On Mon, Oct 26, 2015 at 06:13:07AM +0900, Ben Hutchings wrote:
> On Sun, 2015-10-25 at 11:19 +0100, Kurt Roeckx wrote:
> > On Sun, Oct 25, 2015 at 01:30:18PM +0900, Ben Hutchings wrote:
> > > I've looked through the upstream repository for the patches that fix he
> > >
Package: openssl
Version: 0.9.8o-4squeeze21
CVE ID : CVE-2014-8176 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791
CVE-2015-1792 CVE-2015-4000
Multiple vulnerabilities were discovered in OpenSSL, a Secure Sockets
Layer toolkit.
CVE-2014-8176
Praveen
On Fri, Apr 10, 2015 at 11:05:47PM +0200, Raphael Hertzog wrote:
Hello dear maintainer(s),
the Debian LTS team would like to fix the security issues which are
currently open in the Squeeze version of ntp:
https://security-tracker.debian.org/tracker/CVE-2015-1798
On Fri, Apr 10, 2015 at 11:33:22PM +0200, Raphael Hertzog wrote:
Hi,
On Fri, 10 Apr 2015, Kurt Roeckx wrote:
On Fri, Apr 10, 2015 at 11:05:47PM +0200, Raphael Hertzog wrote:
Would you like to take care of this yourself? We are still understaffed so
any help is always highly appreciated
On Mon, Mar 09, 2015 at 04:29:43PM +0100, Raphael Hertzog wrote:
Hello dear maintainer(s),
the Debian LTS team would like to fix the security issues which are
currently open in the Squeeze version of openssl:
https://security-tracker.debian.org/tracker/CVE-2015-0209
35 matches
Mail list logo