Accepted postgresql-common 165+deb8u4 (source all) into oldoldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 12 Nov 2019 15:00:36 +0100 Source: postgresql-common Binary: postgresql-common postgresql-client-common postgresql-server-dev-all postgresql postgresql-client postgresql-doc postgresql-contrib Architecture: source all

Re: Drop support for libqb?

On Wed, Nov 13, 2019 at 08:24:55AM -0500, Roberto C. Sánchez wrote: > > We usually mark affected CVE as in data/CVE/list and just > > add the package to security-support-ended.deb8 in > > debian-security-support. We then upload new versions of the package > > periodically and announce it via DLA.

Re: Drop support for libqb?

On Thu, Nov 14, 2019 at 01:31:27PM -0500, Roberto C. Sánchez wrote: > On Thu, Nov 14, 2019 at 05:19:03PM +, Holger Levsen wrote: > > On Wed, Nov 13, 2019 at 08:24:55AM -0500, Roberto C. Sánchez wrote: > > > > We usually mark affected CVE as in data/CVE/list and just > > > > add the package to

Re: (E)LTS report for October

On Tue, Nov 12, 2019 at 11:03:17AM +0100, Sylvain Beucler wrote: > I believe it's a matter of magnitude: the doc's example is about a 10% > excess, while this was about a ~200% excess. this, exactly. > Coordination allows to average the workload and reactivity, for instance > by adding more

Re: Drop support for libqb?

On Thu, Nov 14, 2019 at 05:19:03PM +, Holger Levsen wrote: > On Wed, Nov 13, 2019 at 08:24:55AM -0500, Roberto C. Sánchez wrote: > > > We usually mark affected CVE as in data/CVE/list and just > > > add the package to security-support-ended.deb8 in > > > debian-security-support. We then

automatically strip no-dsa tags by gen-DLA

In an attempt to complete this TODO item from the wiki: automatically strip no-dsa tags by gen-DLA https://wiki.debian.org/LTS/TODO#automatically_strip_no-dsa_tags_by_gen-DLA This is my very early attempt to modify the CVE parser so that it can write the results back to the CVE file again.

Accepted ghostscript 9.26a~dfsg-0+deb8u6 (source all amd64) into oldoldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 14 Nov 2019 19:06:21 -0500 Source: ghostscript Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg Architecture: source all amd64 Version: 9.26a~dfsg-0+deb8u6 Distribution:

[SECURITY] [DLA 1992-1] ghostscript security update

Package: ghostscript Version: 9.26a~dfsg-0+deb8u6 CVE ID : CVE-2019-14869 Manfred Paul and Lukas Schauer reported that the .charkeys procedure in Ghostscript, the GPL PostScript/PDF interpreter, does not properly restrict privileged calls, which could result in bypass of