On Fri, 2016-11-04 at 08:31 +1100, Brian May wrote:
> Hello All,
>
> Looking at CVE-2016-9013 for django-python in wheezy-security, I see
> that:
>
> * It only occurs if you run the tests on an Oracle server.
> * The window for exploitation is reduced if you don't use the --keepdb
> option.
Hi,
October 2016 was my second month as a payed Debian LTS contributor.
I was allocated 12 hours. I have spent 12 hours doing the following tasks:
* Test and upload a security update for libav (0.8.18-0+deb7u1). Discussion
with upstream to get more point releases.
DLA: 644-1
Closed CVEs:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Thu, 27 Oct 2016 12:27:44 +0200
Source: xen
Binary: xen-docs-4.1 libxen-4.1 libxenstore3.0 libxen-dev xenstore-utils
libxen-ocaml libxen-ocaml-dev xen-utils-common xen-utils-4.1
xen-hypervisor-4.1-amd64 xen-system-amd64
Package: qemu
Version: 1.1.2+dfsg-6+deb7u18
CVE ID : CVE-2016-7909 CVE-2016-8909 CVE-2016-8910 CVE-2016-9101
CVE-2016-9102 CVE-2016-9103 CVE-2016-9104 CVE-2016-9105 CVE-2016-9106
Debian Bug : 839834 841950 841955 842455 842463
Several vulnerabilities were discovered
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Thu, 03 Nov 2016 11:22:12 +
Source: bsdiff
Binary: bsdiff
Architecture: source amd64
Version: 4.3-14+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Jari Aalto
Changed-By: Chris Lamb
Hi Diego,
> I looked into backporting the fixes for
>
> https://lists.debian.org/debian-lts/2016/09/msg00211.html
>
> that the Mozilla people complained about from the 9 release branch to the
> 0.8 release branch. It's entirely nontrivial since the commits that fix
> the issue constitute a