On Wed, May 4, 2016 at 12:23 AM, Tom Turelinckx wrote:
> Jessie is not available for sparc.
If you are actually using sparc I would recommend you look at
migrating to and assisting the sparc64 porting efforts. Or reviving
sparc if you need 32-bit SPARC. Or switch to another architecture.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 04 May 2016 00:19:39 +0200
Source: biogenesis
Binary: biogenesis
Architecture: source all
Version: 0.8-1+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Miriam Ruiz
Changed-By: Markus
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 04 May 2016 00:29:13 +0200
Source: rjava
Binary: r-cran-rjava
Architecture: source amd64
Version: 0.9-3-1+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Dirk Eddelbuettel
Changed-By: Markus
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Tue, 03 May 2016 22:38:11 +0200
Source: jedit
Binary: jedit
Architecture: source all
Version: 4.5.2+dfsg-1+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Debian Java Maintainers
returned in the buffer.
Additional information about these issues can be found in the OpenSSL
security advisory at https://www.openssl.org/news/secadv/20160503.txt
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Fri, 22 Apr 2016 21:58:26 +0200
Source: jftp
Binary: jftp
Architecture: source all
Version: 1.52+dfsg-2+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Debian Java maintainers
in the OpenSSL
security advisory at https://www.openssl.org/news/secadv/20160503.txt
signature.asc
Description: PGP signature
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: asterisk
Version: 1:1.8.13.1~dfsg1-3+deb7u4
CVE ID : CVE-2014-2286 CVE-2014-4046 CVE-2014-6610 CVE-2014-8412
CVE-2014-8418 CVE-2015-3008
Debian Bug : 741313 762164 771463 782411
CVE-2014-6610
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: minissdpd
Version: 1.1.20120121-1+deb7u1
CVE ID : CVE-2016-3178 CVE-2016-3179
The minissdpd daemon contains a improper validation of array index
vulnerability (CWE-129) when processing requests sent to the Unix
Markus,
If I do that, apt-get update can't find any of the Packages files.
There is no wheezy nor wheezy-updates on archive.debian.org/debian...
Tom
-Original Message-
From: Markus Koschany [mailto:a...@debian.org]
Sent: Tuesday, May 03, 2016 6:35 PM
To: Tom Turelinckx
Cc:
Am 03.05.2016 um 18:37 schrieb Moritz Muehlenhoff:
> On Tue, May 03, 2016 at 06:28:03PM +0200, Markus Koschany wrote:
>> The second best solution would be to backport either the 1.0.x branch or
>> your jessie-backport packages to Wheezy. Since you actively maintain
>> them, what do you think, how
On Tue, May 03, 2016 at 06:28:03PM +0200, Markus Koschany wrote:
> The second best solution would be to backport either the 1.0.x branch or
> your jessie-backport packages to Wheezy. Since you actively maintain
> them, what do you think, how complex is the task to backport the
> packages from
Hello Tom,
Am 03.05.2016 um 18:23 schrieb Tom Turelinckx:
> Hello Markus,
>
> Jessie is not available for sparc.
True. sparc64 is the only non-official release architecture that comes
somewhat close.
>
> My /etc/apt/sources.list looks like this:
>
> deb http://ftp.be.debian.org/debian wheezy
Am 03.05.2016 um 17:49 schrieb Guilhem Moulin:
> On Tue, 03 May 2016 at 10:47:31 -0400, Antoine Beaupré wrote:
>> I agree, however I suspect most people using roundcube in production are
>> probably using the backport... There's even a dangling backport in
>> wheezy right now (0.9)... a little
On Tue, 03 May 2016 at 10:47:31 -0400, Antoine Beaupré wrote:
> I agree, however I suspect most people using roundcube in production are
> probably using the backport... There's even a dangling backport in
> wheezy right now (0.9)... a little messy.
Sorry, I meant oldstable-backports not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: smarty3
Version: 3.1.10-2+deb7u1
CVE ID : CVE-2014-8350
Debian Bug : 765920
Smarty3, a template engine for PHP, allowed remote attackers to bypass
the secure mode restrictions and execute arbitrary PHP code as
On 2016-05-03 04:07:08, Brian May wrote:
> Hello,
>
> Raphael Hertzog asked me to post the debdiff of the Ubuntu package I am
> working on here.
>
> He had some concerns with using the Ubuntu version like this. In
> particular Ubuntu does some things differently with respect to init.d
> scripts,
On 2016-05-02 18:58:23, Gabriel Filion wrote:
> Oops, I forgot to mention that I am not subscribed to the mailing list.
> So please include me in CC for replies.
>
>> thanks alot for testing the package, I really appreciate it.
>>
>> On Thu, 28 Apr 2016, Gabriel Filion wrote:
>>
>>>
>
On 2016-05-02 15:31:39, Guilhem Moulin wrote:
> Hi there,
>
> On Mon, 02 May 2016 at 21:19:13 +0200, Markus Koschany wrote:
>> Would you like to take care of this yourself?
>
> Not replying in the name of team (however I'm the one who pushed for
> Roundcube in jessie-backports and who is trying to
Bonjour,
Je viens de voir mon annonce pour le job de security updates. Je suis en
fait développeur Debian 'retired', est-ce que cela vous convient pour le
poste?
Amitiés,
2016-05-02 11:41 GMT+02:00 Raphael Hertzog :
> Hello,
>
> the amount of sponsorship for Debian LTS[1]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: openjdk-7
Version: 7u101-2.6.6-2~deb7u1
CVE ID : CVE-2016-0636 CVE-2016-0686 CVE-2016-0687
CVE-2016-0695 CVE-2016-3425 CVE-2016-3426 CVE-2016-3427
Several vulnerabilities have been discovered in
On Tue, May 03, 2016 at 11:01:16AM +0200, Raphael Hertzog wrote:
> I don't think that any Xen experience makes a big difference here as
> the problem I pointed out are in the packaging and not in the upstream
> source code. I still believe that we should update to the latest 4.1.x
> release.
On Tue, 03 May 2016, Brian May wrote:
> I have a suspicion that many of these installs may be due libav being
> installed to satisfy dependancies. There are a large number of packages
> that do depend on libav.
Yes, that's obvious, a library is usually installed by way of
dependencies. But if you
On Tue, 03 May 2016, Brian May wrote:
> He had some concerns with using the Ubuntu version like this. In
> particular Ubuntu does some things differently with respect to init.d
> scripts, has a different changelog, and there are some changes other
> changes here that may not be security related.
On Mon, 02 May 2016, Ansgar Burchardt wrote:
> > Send them first only to debian-lts-changes@ as it might be that the
> > tracker gets them that way too.
>
> Now I already set both mail addresses. Should I change that to only
> debian-lts-changes@?
> Note that security.d.o doesn't sent mail to
On Mon, May 02, 2016 at 08:57:40PM +0200, Ansgar Burchardt wrote:
> Raphael Hertzog writes:
> > On Mon, 02 May 2016, Markus Koschany wrote:
> >> thank you for fixing the mirror bug. Moritz Mühlenhoff informed us on
> >> IRC that accepted mails for LTS uploads are still sent to dak AT
> >>
26 matches
Mail list logo