Oh, and I forgot to mention the test packages are available here:
https://people.debian.org/~anarcat/debian/jessie-lts/
Cheers,
A.
Hi!
After asking Markus the status of the gdm3 security upgrade for jessie,
he nicely offered me to take it over since he got stuck.
Using his patches, however, I wasn't able to reproduce the
problems. Sure, it *looks* like gdm is "crashing", but I /think/ it's
actually doing what it's asked.
Package: twitter-bootstrap3
Version: 3.2.0+dfsg-1+deb7u1
CVE ID : CVE-2018-14040
Debian Bug : 907414
The Bootstrap framework was found to have cross-site scripting
vulnerabilities in the "collapse" plugin.
For Debian 8 "Jessie", this problem has been fixed in version
On Mon, 2018-08-27 at 16:23 +0200, Shaun Bugler - Hetzner (Pty) Ltd wrote:
> Hello, we have shifted a number of servers using linux-image-4.9-amd64
> from backports to the jessie-security release, with great success. Today
> however, we see the package was bumped to 4.9+80+deb9u6~deb8u1, which
On 2018-08-08 17:35:52, Brian May wrote:
> If I got this right, we cannot use $(xyz) unless the value of xyz is
> trusted. Otherwise executing $(xyz) can result in the execution of code
> if xyz is something like "". This
> happens immediately, and even if you don't use the return value.
>
>
> I
On 2018-08-14 17:27:29, Brian May wrote:
> I have been trying to reproduce this bug (buffer overflow), but instead
> I get increasing memory usage until my computer crashes. With versions
> from Jessie, Stretch, and Sid. So maybe another security issue?
>
> I note that CVE-2017-11613 and
Hello, we have shifted a number of servers using linux-image-4.9-amd64
from backports to the jessie-security release, with great success. Today
however, we see the package was bumped to 4.9+80+deb9u6~deb8u1, which
has a dependency on:
dedi # aptitude show linux-image-4.9-amd64
Package:
Package: dropbear
Version: 2014.65-1+deb8u3
CVE ID : CVE-2018-15599
Debian Bug : 906890
A vulnerability in dropbear, a lightweight SSH2 server and client, making it
possible to guess valid usernames has been found:
CVE-2018-15599:
The recv_msg_userauth_request