Re: [SECURITY] [DLA 419-1] gtk+2.0 security update

2016-02-17 Thread Guido Günther
Hi Santiago, On Wed, Feb 17, 2016 at 07:16:20PM +0100, Santiago Ruano Rincón wrote: > Hi Guido, > > El 17/02/16 a las 17:13, Guido Günther escribió: > > Hi Santiago, > > On Wed, Feb 17, 2016 at 11:21:04AM +0100, santiag...@riseup.net wrote: > > > Package: gtk+2.0 > > > Version:

Re: [PATCH] Given a package allow to check in which releases security support has ended

2016-02-17 Thread Guido Günther
Hi, On Wed, Feb 17, 2016 at 01:39:41PM -0500, Antoine Beaupré wrote: > On 2016-02-17 12:13:35, Guido Günther wrote: > > When triaging LTS issues I always have to look up what we still support > > and what not. Attached script simplifies this a bit: > > > > $ bin/support-ended.py --lists

Re: [PATCH] Given a package allow to check in which releases security support has ended

2016-02-17 Thread Antoine Beaupré
On 2016-02-17 12:13:35, Guido Günther wrote: > When triaging LTS issues I always have to look up what we still support > and what not. Attached script simplifies this a bit: > > $ bin/support-ended.py --lists /path/to/debian-security-support/ iceape > Package unsupported in wheezy >

Re: [SECURITY] [DLA 419-1] gtk+2.0 security update

2016-02-17 Thread Santiago Ruano Rincón
Hi Guido, El 17/02/16 a las 17:13, Guido Günther escribió: > Hi Santiago, > On Wed, Feb 17, 2016 at 11:21:04AM +0100, santiag...@riseup.net wrote: > > Package: gtk+2.0 > > Version: 2.20.1-2+deb6u1 > > CVE ID : CVE-2013-7447 > > Debian Bug : 799275 > > This doesn't

[PATCH] Given a package allow to check in which releases security support has ended

2016-02-17 Thread Guido Günther
When triaging LTS issues I always have to look up what we still support and what not. Attached script simplifies this a bit: $ bin/support-ended.py --lists /path/to/debian-security-support/ iceape Package unsupported in wheezy Package unsupported in squeeze Does this make sense? It

Re: [SECURITY] [DLA 419-1] gtk+2.0 security update

2016-02-17 Thread Guido Günther
Hi Santiago, On Wed, Feb 17, 2016 at 11:21:04AM +0100, santiag...@riseup.net wrote: > Package: gtk+2.0 > Version: 2.20.1-2+deb6u1 > CVE ID : CVE-2013-7447 > Debian Bug : 799275 This doesn't seem to be reflected in data/CVE/list. Did you forget to commit your changes?

[SECURITY] [DLA 419-1] gtk+2.0 security update

2016-02-17 Thread santiagorr
Package: gtk+2.0 Version: 2.20.1-2+deb6u1 CVE ID : CVE-2013-7447 Debian Bug : 799275 Gtk+2.0, a graphical user interface library, was susceptible to an integer overflow in its gdk_cairo_set_source_pixbuf function when allocating a large block of memory. For Debian 6

Accepted gtk+2.0 2.20.1-2+deb6u1 (source all amd64) into squeeze-lts

2016-02-17 Thread Santiago Ruano Rincón
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 16 Feb 2016 22:57:59 +0100 Source: gtk+2.0 Binary: libgtk2.0-0 libgtk2.0-0-udeb libgtk2.0-common libgtk2.0-bin libgtk2.0-dev libgtk2.0-0-dbg libgtk2.0-doc gtk2.0-examples gtk2-engines-pixbuf libgail18 libgail-common