Re: CVE-2016-9013 / django-python

On Fri, 2016-11-04 at 08:31 +1100, Brian May wrote: > Hello All, > > Looking at CVE-2016-9013 for django-python in wheezy-security, I see > that: > > * It only occurs if you run the tests on an Oracle server. > * The window for exploitation is reduced if you don't use the --keepdb >   option.

Debian LTS Report for October 2016

Hi, October 2016 was my second month as a payed Debian LTS contributor. I was allocated 12 hours. I have spent 12 hours doing the following tasks: * Test and upload a security update for libav (0.8.18-0+deb7u1). Discussion with upstream to get more point releases. DLA: 644-1 Closed CVEs:

Accepted xen 4.1.6.lts1-3 (source all amd64) into oldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 27 Oct 2016 12:27:44 +0200 Source: xen Binary: xen-docs-4.1 libxen-4.1 libxenstore3.0 libxen-dev xenstore-utils libxen-ocaml libxen-ocaml-dev xen-utils-common xen-utils-4.1 xen-hypervisor-4.1-amd64 xen-system-amd64

[SECURITY] [DLA 698-1] qemu security update

Package: qemu Version: 1.1.2+dfsg-6+deb7u18 CVE ID : CVE-2016-7909 CVE-2016-8909 CVE-2016-8910 CVE-2016-9101 CVE-2016-9102 CVE-2016-9103 CVE-2016-9104 CVE-2016-9105 CVE-2016-9106 Debian Bug : 839834 841950 841955 842455 842463 Several vulnerabilities were discovered

Accepted bsdiff 4.3-14+deb7u1 (source amd64) into oldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 03 Nov 2016 11:22:12 + Source: bsdiff Binary: bsdiff Architecture: source amd64 Version: 4.3-14+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Jari Aalto Changed-By: Chris Lamb

Re: wheezy update for libav

Hi Diego, > I looked into backporting the fixes for > > https://lists.debian.org/debian-lts/2016/09/msg00211.html > > that the Mozilla people complained about from the 9 release branch to the > 0.8 release branch. It's entirely nontrivial since the commits that fix > the issue constitute a