On Wed, Sep 07, 2022 at 07:37:45AM +0200, Alexander Wirt wrote:
> > > Now that buster is LTS and no longer officially supported, should the
> > > -backports pocket be closed? AFAIK, buster just receives the security
> > > uploads by the -security pocket and shouldn't have -backports open
> > >
The fix is to apply the change from
https://github.com/pypa/setuptools/pull/1190 It is small and should
backport easily to older versions of setuptools.
noah
signature.asc
Description: PGP signature
TL;DR: Python setuptools is going to lose the ability to talk to pypi in
the near future.
As documented at [1] and [2], Fastly, the CDN that serves
files.pythonhosted.org and pypi.python.org is going to disable support
for clients that don't support the SNI TLS protocol extension.
It seems that
On Sat, Mar 20, 2021 at 01:42:34AM +0530, Utkarsh Gupta wrote:
> > The debdiff is attached. If somebody wants to take this and handle
> > uploading to LTS and whatever followup is needed, that's fine with me.
> > Otherwise, I can perform the upload if that's all that's required, but
> > I'd
+1,9 @@
+cloud-init (0.7.9-2+deb9u1) stretch-security; urgency=medium
+
+ * Avoid logging generated passwords (CVE-2021-3429) (Closes: #985540)
+
+ -- Noah Meyerhans Fri, 19 Mar 2021 17:35:37 +
+
cloud-init (0.7.9-2) unstable; urgency=medium
* Add net-tools as runtime depends (Closes
Hi! On behalf of the Debian cloud team, I want to let you know that we
intend to continue publishing updates to our stretch VM images on
various popular cloud services after the handoff to the LTS team. This
includes Amazon EC2, Microsoft Azure, and OpenStack. We understand that
Google will
On Sat, Feb 01, 2020 at 03:28:09PM +, Mike Gabriel wrote:
> So, I'd like to play the ball back to Noah. Do you think, that applying the
> security patches is sufficient for spamassassin in stretch/buster? Or have
> their been so many other fixes(TM) that justify an upstream backport to
>
On Wed, Sep 19, 2018 at 08:26:28PM +0200, Ola Lundqvist wrote:
> The Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of spamassassin:
> https://security-tracker.debian.org/tracker/CVE-2018-11780
>
-de...@lists.alioth.debian.org>
Changed-By: Noah Meyerhans <no...@debian.org>
Description:
ipsec-tools - IPsec utilities
racoon - IPsec Internet Key Exchange daemon
Changes:
ipsec-tools (1:0.8.0-14+deb7u3) wheezy-security; urgency=medium
.
* Backport debian/patches/asn1_utf
On Mon, Jul 31, 2017 at 08:35:58PM +0200, Markus Koschany wrote:
> I have noticed that your recent upload of ipsec-tools fails to build
> from source in Wheezy. It appears to be the same test failure on all
> architectures. Could you take a look please?
Looks like LTS has backported an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: ipsec-tools
Version: 1:0.8.0-14+deb7u1
CVE ID : CVE-2016-10396
Debian Bug : 867986
The racoon daemon in IPsec-Tools 0.8.2 and earlier contains a remotely
exploitable computational-complexity attack when parsing
com>
Changed-By: Noah Meyerhans <no...@debian.org>
Description:
ipsec-tools - IPsec utilities
racoon - IPsec Internet Key Exchange daemon
Closes: 867986
Changes:
ipsec-tools (1:0.8.0-14+deb7u2) wheezy-security; urgency=medium
.
* Import NetBSD's patch to address CVE-2016-1
Bret Busby bret.busby@... writes:
So, is the LTS only for security updates, and, not for fixing
software problems?
Clarification would be good, for we lay people - the users.
Indeed; these updates were released to stable via point releases, not
security updates.
Using different policies
. (Closes: 771408)
+ * Remove references to ahbl.org DNSBL, which has ceased operation.
+(Closes: #774768)
+
+ -- Noah Meyerhans no...@debian.org Sat, 31 Jan 2015 22:46:29 -0800
+
spamassassin (3.3.1-1.1) stable; urgency=high
* Fix the RCVD_ILLEGAL_IP rule to no longer consider addresses
14 matches
Mail list logo