-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 27 Jul 2016 19:01:31 +0200
Source: libupnp
Binary: libupnp6 libupnp6-dev libupnp-dev libupnp6-dbg libupnp6-doc
Architecture: source amd64 all
Version: 1:1.6.17-1.2+deb7u1
Distribution: wheezy-security
Urgency: medium
On 2016-08-17 21:04, Markus Koschany wrote:
On 26.07.2016 18:51, Diego Biurrun wrote:
Sorry, I'm afraid I maintained too much radio silence..
Yes, that happens. You don't need to wait until you have fixed all open
libav issues because LTS users will also benefit from a intermediate
release of
Hello dear maintainer(s),
the Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of libgcrypt11:
https://security-tracker.debian.org/tracker/CVE-2016-6313
Would you like to take care of this yourself?
If yes, please follow the workflow we have
Hello,
On 26.07.2016 18:51, Diego Biurrun wrote:
> Sorry, I'm afraid I maintained too much radio silence..
Yes, that happens. You don't need to wait until you have fixed all open
libav issues because LTS users will also benefit from a intermediate
release of your fixes. I believe we should work
On 16.08.2016 10:22, Brian May wrote:
> Markus Koschany writes:
>
>> I also tried to fix CVE-2015-8834 for Wheezy by backporting
>> changeset/32387 but the database upgrade failed, at least I could not
>> log back into the admin backend again. Did you notice a similar issue
>>
Hi,
For July 2016, I had in total 25.95 paid hours available (including
those spare from previous months) to work on Debian LTS via the Freexian
umbrella. However, I was only able to use 14. This is partially what I
have done:
* Helped to test the apache2 package prepared and uploaded by
On Sun, Jul 24, 2016 at 04:26:20PM -0400, Roberto C. Sánchez wrote:
> FYI, I did the last LTS update of ICU earlier this month, so I think I
> will be able to easily prepare another update. I went ahead and claimed
> it in dla-needed.txt, but if the maintainer or someone else would like
> to
It's probably best to compare the 4.1.12 upstream version and make sure it
follows whatever they do there. That in theory has been tested. I'm
surprised there was a database update skipped.
And yes the security bug was around having comments too long. I forget the
exact attack method but it was
On Wed, Aug 17, 2016 at 09:00:30AM +0100, Chris Lamb wrote:
> Hi Brian,
>
> > 45.3.0esr-1~deb7u1 in wheezy is vulnerable.
> > 45.3.0esr-1~deb8u1 in jessie is vulnerable.
> > 45.3.0esr-1 in sid and stretch is not vulnerable.
> >
> > Which makes me wonder if Wheezy and Jessie versions have been
Hi Brian,
> 45.3.0esr-1~deb7u1 in wheezy is vulnerable.
> 45.3.0esr-1~deb8u1 in jessie is vulnerable.
> 45.3.0esr-1 in sid and stretch is not vulnerable.
>
> Which makes me wonder if Wheezy and Jessie versions have been fixed, but
> not marked as such
Good spot.
CVE-2016-2839 is marked as
Guido Günther writes:
> As I wrote in dla-needed.txt the bignum handling is in
> crypto/peersec/mpi.c and it seems to use the same algorithms (and lacks
> the same checks in e.g. mp_exptmod) so I marked it as
> vulnerable. Porting back the fixes from the current version will be
11 matches
Mail list logo