Wheezy update of dropbear?

Hello dear maintainer(s), the Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of dropbear: https://security-tracker.debian.org/tracker/CVE-2016-7406 https://security-tracker.debian.org/tracker/CVE-2016-7407

Accepted tomcat7 7.0.28-4+deb7u6 (source all) into oldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 15 Sep 2016 15:20:36 +0200 Source: tomcat7 Binary: tomcat7-common tomcat7 tomcat7-user libtomcat7-java libservlet3.0-java libservlet3.0-java-doc tomcat7-admin tomcat7-examples tomcat7-docs Architecture: source all Version:

Re: MySQL 5.5.52 update for Debian wheezy?

Hi, Yes, sorry I didn't communicate what I was doing. I've built and tested the package I uploaded to git, for both Wheezy and Jessie, but I think that's as far as I can take it. When I've done work on the security updates before, at this stage I've simply sent a debdiff over to the security

Re: Questions regarding MySQL update

On Wed, Sep 14, 2016 at 09:07:32AM -0400, Roberto C. Sánchez wrote: > > That is not to say that they couldn't have addressed the vulnerabilities > without contacting David to tell him that they had done say. That said, > the exploit is explained in a very detailed and methodical way in the >

MySQL 5.5.52 update for Debian wheezy?

Hi Lars, I was preparing to package the 5.5.52 relese of MySQL for Debian Wheezy as part of my LTS work. However, I saw that you imported the new upstream release into the pkg-mysql/mysql-5.5 repository yesterday and made a debian/changelog to that effect. Do you intend to build and upload the

Re: tiff / tiff3 / CVE-2015-7554 / CVE-2016-5318

Raphael Hertzog writes: > I agree on all this but somehow I have the feeling that we can still > do better for example by blacklisting tags that are known to use a single > extension and refusing to handle them as custom > > My problem is that I'm not sure that we have a

Re: tiff / tiff3 / CVE-2015-7554 / CVE-2016-5318

Salvatore Bonaccorso writes: > Minor comment: if you are sure that those are duplicates you might try > to contact MITRE to made them aware. I was just going based on what others have said, e.g. in the linked reports. Would hope that one of them has already contacted MITRE...