Hello dear maintainer(s),
the Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of dropbear:
https://security-tracker.debian.org/tracker/CVE-2016-7406
https://security-tracker.debian.org/tracker/CVE-2016-7407
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Thu, 15 Sep 2016 15:20:36 +0200
Source: tomcat7
Binary: tomcat7-common tomcat7 tomcat7-user libtomcat7-java libservlet3.0-java
libservlet3.0-java-doc tomcat7-admin tomcat7-examples tomcat7-docs
Architecture: source all
Version:
Hi,
Yes, sorry I didn't communicate what I was doing. I've built and tested the
package I uploaded to git, for both Wheezy and Jessie, but I think that's as
far as I can take it.
When I've done work on the security updates before, at this stage I've simply
sent a debdiff over to the security
On Wed, Sep 14, 2016 at 09:07:32AM -0400, Roberto C. Sánchez wrote:
>
> That is not to say that they couldn't have addressed the vulnerabilities
> without contacting David to tell him that they had done say. That said,
> the exploit is explained in a very detailed and methodical way in the
>
Hi Lars,
I was preparing to package the 5.5.52 relese of MySQL for Debian Wheezy
as part of my LTS work. However, I saw that you imported the new
upstream release into the pkg-mysql/mysql-5.5 repository yesterday and
made a debian/changelog to that effect. Do you intend to build and
upload the
Raphael Hertzog writes:
> I agree on all this but somehow I have the feeling that we can still
> do better for example by blacklisting tags that are known to use a single
> extension and refusing to handle them as custom
>
> My problem is that I'm not sure that we have a
Salvatore Bonaccorso writes:
> Minor comment: if you are sure that those are duplicates you might try
> to contact MITRE to made them aware.
I was just going based on what others have said, e.g. in the linked
reports. Would hope that one of them has already contacted MITRE...