For August I was allocated 14.5 hours. I spent 11 hours as follows:
* CVE-2016-6293: Fix buffer overflow in uloc_acceptLanguageFromHTTP
This issue turned out to be very complex to figure out. It was
initially discovered by a PHP developer and reported to the PHP bug
tracker. As the upstr
August 2016 was my third month as a debian-lts contributor. I was
allocated 14.75 hours in addition to the 2 hours not used in the
previous month.
I used 9.5 hours in which I worked on the following:
* DLA 581-1 libreoffice security update (CVE-2016-1513)
* DLA 595-1 wireshark security update (9
unsubscribe
> On 5.9.2016, at 21:07 , Chris Lamb wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Package: jsch
> Version: 0.1.42-2+deb7u1
> CVE ID : CVE-2016-5725
>
> It was discovered that there was a path traversal vulnerability in jsch, a
> pure Java
Hi Hugo and Guido,
On Mon, 5 Sep 2016, Hugo Lefeuvre wrote:
There are several "versions" of Plan 9 currently. The Bell one, which is rather
inactive, and forked one, 9front, which seems to be under active development[0].
oh, great, I "found" the wrong one.
I wasn't sure whether we should do
On Mon, 2016-09-05 at 18:16 +1000, Brian May wrote:
> > Christopher Samuel writes:
>
> >
> > I found that error reported in an unrelated bug report, the solution
> > seems to be:
> >
> > https://bugs.contribs.org/show_bug.cgi?id=7664#c4
>
> Thanks for this. Finally got it working...
>
> ...BU
Hi Brian
I think we should state no-dsa for this.
Matrixssl is very seldomly used. According to popcon there are in
total 75 users.
https://qa.debian.org/popcon.php?package=matrixssl
Considering that it is really hard to reproduce (or impossible) and
lack of users I think we should spend our eff
Hi Thorsten,
> > "A privileged user inside guest could use this flaw to access undue
> > files on the host."
>
> ... you should also cite:
> "... host directory sharing via Plan 9 File System(9pfs) support ..."
>
> The latest news on [1] is from 2008. I am not sure whether there are really
> tha
Brian May writes:
> Ok, managed to rebuild the Debian package with ssl3 support enabled. It
> appears to work. Will try the exploit. Still leaves me wondering if it
> is actually worth fixing security issues in matrixssl.
Hmmm.. Interesting. Wheezy version appears to be not vulnerable to these
ex
Christopher Samuel writes:
> I found that error reported in an unrelated bug report, the solution
> seems to be:
>
> https://bugs.contribs.org/show_bug.cgi?id=7664#c4
Thanks for this. Finally got it working...
...BUT matrixssl is SSLv3 only. openssl in sid - which seems to be
required for the e
