On Wed, Sep 07, 2016 at 07:15:56PM -0400, Roberto C. Sánchez wrote:
> On Wed, Sep 07, 2016 at 09:10:16PM +0200, Moritz Muehlenhoff wrote:
> >
> > So, you've identified the upstream fix for CVE-2016-6293 and why does
> > that not get commited to the security tracker?
> >
> > That really sucks.
On Wed, Sep 07, 2016 at 09:10:16PM +0200, Moritz Muehlenhoff wrote:
>
> So, you've identified the upstream fix for CVE-2016-6293 and why does
> that not get commited to the security tracker?
>
> That really sucks. LTS development almost fully relies on the
> security tracker, so why don't you
Hi,
I have prepared an update for curl in Wheezy.
Please see the diff to previous version attached.
Changes:
curl (7.26.0-1+wheezy15) wheezy-security; urgency=medium
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2016-7141: Incorrect reuse of client certificates
The binary
On Wed, Sep 07, 2016 at 08:25:36AM -0400, Roberto C. Sánchez wrote:
> On Wed, Sep 07, 2016 at 11:07:16AM +0200, Bálint Réczey wrote:
> >
> > I have not found however the proposed fix on the list thus I did not
> > know if you used the upstream fix.
> >
> > I think it would be a good idea to send
Am 07.09.2016 um 13:23 schrieb Bálint Réczey:
>>> I (on behalf of the LTS Team since I'm responsible for frontdesk now) take
>>> your
>>> answer as covering all future security updates for releases in LTS period
>>> thus we won't contact you for each CVE.
>>
>> It's great idea to have maintainers
On Tue, 2016-09-06 at 22:28 -0400, Antoine Beaupré wrote:
> I am a bit surprised to see this - are ircd packages sponsored now?
> There's a similar issue in Charybdis and I deliberately marked it as
> unsupported in LTS because, AFAIK, no customer expressed the need to
> support those yet.
If
Hi Balint,
On Wed, 7 Sep 2016, Bálint Réczey wrote:
Are you still working on the remaining CVE-s?
yes, I am still working on them.
Thorsten
Hi,
Thanks for having a look!
On Wed, Sep 07, 2016 at 01:23:49PM +0200, Bálint Réczey wrote:
> Hi,
>
> 2016-09-07 8:00 GMT+02:00 Guido Günther :
> > Hi Bálint,
> > On Wed, Sep 07, 2016 at 12:21:28AM +0200, Bálint Réczey wrote:
> >> Hi Michael,
> >>
> >> 2016-09-04 17:51
Hi,
2016-09-07 8:00 GMT+02:00 Guido Günther :
> Hi Bálint,
> On Wed, Sep 07, 2016 at 12:21:28AM +0200, Bálint Réczey wrote:
>> Hi Michael,
>>
>> 2016-09-04 17:51 GMT+02:00 Michael Stapelberg :
>> > Thanks for your work on LTS.
>> >
>> > Time does not
Hi Roberto,
2016-09-07 4:06 GMT+02:00 Roberto C. Sánchez :
> Hi Balint,
>
> On Wed, Sep 07, 2016 at 03:12:46AM +0200, Bálint Réczey wrote:
>> Hi Roberto,
>>
>> I think there is no need wait more (wearing my frontdesk hat).
>> There are fixes in upstream's repository:
>>
Hi
If you are sure CVE-2016-4068 is mitigated then we should be able to
mark it as fixed.
But you need to be sure. :-)
// Ola
On Tue, Sep 6, 2016 at 6:13 PM, Raphael Hertzog wrote:
> Hi Markus,
>
> On Wed, 20 Jul 2016, Markus Koschany wrote:
>> Feel free to work on
On 08/31/2016 08:37 PM, Thorsten Alteholz wrote:
Hi everybody,
I uploaded version 5.4.45-0+deb7u4 of php5 to:
https://people.debian.org/~alteholz/packages/wheezy-lts/php5/amd64/
Please give it a try and tell me about any problems you met. As
requested by Jan, besides the CVEs I also added
Hi
The LTS team also tries to fix security holes in all packages. Not
only the ones explicitly expressed a need for by the customers. The
ones expressed a need for always have a higher priority.
However if it is like you write that 2.0.5 is full of security holes
and nobody have expressed a
Hi Bálint,
On Wed, Sep 07, 2016 at 12:21:28AM +0200, Bálint Réczey wrote:
> Hi Michael,
>
> 2016-09-04 17:51 GMT+02:00 Michael Stapelberg :
> > Thanks for your work on LTS.
> >
> > Time does not permit me to do any of this work myself.
> >
> > Please go ahead and make any
14 matches
Mail list logo