Accepted pound 2.6-6+deb8u3 (source amd64) into oldoldstable

2020-05-03 Thread Debian FTP Masters
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 01 May 2020 14:26:10 +0200 Source: pound Binary: pound Architecture: source amd64 Version: 2.6-6+deb8u3 Distribution: jessie-security Urgency: high Maintainer: Brett Parker Changed-By: Carsten Leonhardt Description: pound

[SECURITY] [DLA 2196-1] pound security update

2020-04-30 Thread Thorsten Alteholz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: pound Version: 2.6-6+deb8u2 CVE ID : CVE-2016-10711 An issue has been found in pound, A request smuggling vulnerability was discovered in pound, a everse proxy, load balancer and HTTPS front-end for Web servers

Accepted pound 2.6-6+deb8u2 (source amd64) into oldoldstable

2020-04-30 Thread Debian FTP Masters
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 29 Apr 2020 19:03:02 +0200 Source: pound Binary: pound Architecture: source amd64 Version: 2.6-6+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Brett Parker Changed-By: Thorsten Alteholz Description: pound

Re: pound / CVE-2016-10711

2019-07-15 Thread Abhijith PA
Carsten, On 13/07/19 5:38 pm, Carsten Leonhardt wrote: > Hi, > > if you're interested in addressing this CVE, you can find a fixed > version for jessie at https://salsa.debian.org/debian/pound/tree/jessie > > An amd64 binary package can be found here: > > https://salsa

pound / CVE-2016-10711

2019-07-13 Thread Carsten Leonhardt
Hi, if you're interested in addressing this CVE, you can find a fixed version for jessie at https://salsa.debian.org/debian/pound/tree/jessie An amd64 binary package can be found here: https://salsa.debian.org/debian/pound/-/jobs/221014/artifacts/browse/debian/output/ Regards, Carsten

[SECURITY] [DLA 1280-1] pound security update

2018-02-12 Thread Markus Koschany
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: pound Version: 2.6-2+deb7u2 CVE ID : CVE-2016-10711 Debian Bug : 888786 A request smuggling vulnerability was discovered in pound that may allow attackers to send a specially crafted http request to a web server

Accepted pound 2.6-2+deb7u2 (source amd64) into oldoldstable

2018-02-12 Thread Markus Koschany
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 12 Feb 2018 22:32:32 +0100 Source: pound Binary: pound Architecture: source amd64 Version: 2.6-2+deb7u2 Distribution: wheezy-security Urgency: high Maintainer: Brett Parker <idu...@sommitrealweird.co.uk> Changed-By:

Re: pound

2016-01-25 Thread Steve McIntyre
On Mon, Jan 25, 2016 at 02:23:39PM +0100, Raphael Hertzog wrote: >On Mon, 25 Jan 2016, Brian May wrote: >> I tried to create an account, but this failed with a generic error; so I >> wondered if I already had an account (I don't think I do), and tried the >> forget password routine. I am wondering

Re: pound

2016-01-25 Thread Raphael Hertzog
On Mon, 25 Jan 2016, Brian May wrote: > I tried to create an account, but this failed with a generic error; so I > wondered if I already had an account (I don't think I do), and tried the > forget password routine. I am wondering if it has detected a security > violation and blocked my IP address.

Re: pound

2016-01-25 Thread Guido Günther
On Mon, Jan 25, 2016 at 09:14:21PM +1100, Brian May wrote: [..snip..] > > Did you check that the new upstream version is backwards compatible in > > terms of usage? > > Yes. It is mostly bug fixes and several new features, such as SNI > support. I did a diff, and compared. That matches what I

Re: pound

2016-01-25 Thread Raphael Hertzog
d ~deb6u1 at the end (possibly replacing the +deb7uX to avoid a too long version string). > Does this look ok? > https://linuxpenguins.xyz/debian/pool/main/p/pound/ Did you check that the new upstream version is backwards compatible in terms of usage? I have to say that you have been a bit has

Re: pound

2016-01-25 Thread Brian May
Raphael Hertzog writes: > On Sat, 23 Jan 2016, Brian May wrote: >> * Wasn't sure what to do with the version number - I have to use a lower >> then then wheezy - so I merged the changelog entries for 2.6-* into >> one and named the version 2.6-1+deb6u1 > > The usual way

Re: pound

2016-01-25 Thread Raphael Hertzog
On Mon, 25 Jan 2016, Brian May wrote: > So version 2.6-2+deb7u1~deb6u1 or 2.6-2~deb6u1? Yes. > I considered doing this, and adding a new entry to the end of the > changelog, however was worried that this would mean the changelog > wouldn't be in the correct incrementing version order. That's

Re: pound

2016-01-25 Thread Brian May
Raphael Hertzog writes: > Usually this means that you just are not logged in. :) I get this if I go to https://wiki.debian.org/ - there is no option to login. I tried to create an account, but this failed with a generic error; so I wondered if I already had an account (I

Accepted pound 2.6-1+deb6u1 (source) into squeeze-lts

2016-01-23 Thread Brian May
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 23 Jan 2016 11:22:06 +1100 Source: pound Binary: pound Architecture: source Version: 2.6-1+deb6u1 Distribution: squeeze-lts Urgency: high Maintainer: Brett Parker <idu...@sommitrealweird.co.uk> Changed-By: Brian

[SECURITY] [DLA 400-1] pound security update

2016-01-23 Thread Brian May
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: pound Version: 2.6-1+deb6u1 CVE ID : CVE-2009-3555 CVE-2011-3389 CVE-2012-4929 CVE-2014-3566 This update fixes certain known vulnerabilities in pound in squeeze-lts by backporting the version in wheezy. CVE-2009