-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Tue, 12 Nov 2019 15:00:36 +0100
Source: postgresql-common
Binary: postgresql-common postgresql-client-common postgresql-server-dev-all
postgresql postgresql-client postgresql-doc postgresql-contrib
Architecture: source all
On Wed, Nov 13, 2019 at 08:24:55AM -0500, Roberto C. Sánchez wrote:
> > We usually mark affected CVE as in data/CVE/list and just
> > add the package to security-support-ended.deb8 in
> > debian-security-support. We then upload new versions of the package
> > periodically and announce it via DLA.
On Thu, Nov 14, 2019 at 01:31:27PM -0500, Roberto C. Sánchez wrote:
> On Thu, Nov 14, 2019 at 05:19:03PM +, Holger Levsen wrote:
> > On Wed, Nov 13, 2019 at 08:24:55AM -0500, Roberto C. Sánchez wrote:
> > > > We usually mark affected CVE as in data/CVE/list and just
> > > > add the package to
On Tue, Nov 12, 2019 at 11:03:17AM +0100, Sylvain Beucler wrote:
> I believe it's a matter of magnitude: the doc's example is about a 10%
> excess, while this was about a ~200% excess.
this, exactly.
> Coordination allows to average the workload and reactivity, for instance
> by adding more
On Thu, Nov 14, 2019 at 05:19:03PM +, Holger Levsen wrote:
> On Wed, Nov 13, 2019 at 08:24:55AM -0500, Roberto C. Sánchez wrote:
> > > We usually mark affected CVE as in data/CVE/list and just
> > > add the package to security-support-ended.deb8 in
> > > debian-security-support. We then
In an attempt to complete this TODO item from the wiki:
automatically strip no-dsa tags by gen-DLA
https://wiki.debian.org/LTS/TODO#automatically_strip_no-dsa_tags_by_gen-DLA
This is my very early attempt to modify the CVE parser so that it can
write the results back to the CVE file again.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Thu, 14 Nov 2019 19:06:21 -0500
Source: ghostscript
Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common
libgs-dev ghostscript-dbg
Architecture: source all amd64
Version: 9.26a~dfsg-0+deb8u6
Distribution:
Package: ghostscript
Version: 9.26a~dfsg-0+deb8u6
CVE ID : CVE-2019-14869
Manfred Paul and Lukas Schauer reported that the .charkeys procedure in
Ghostscript, the GPL PostScript/PDF interpreter, does not properly
restrict privileged calls, which could result in bypass of