Hi,
I've built an update for the tiff package for all the pending issues in
the security tracker, including some issues that were marked "no-dsa"
for various reasons. I believe some of those were actually misfiled, as
arbitrary code execution seems serious enough, in my opinion, to warrant
an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Thu, 19 Jan 2017 14:00:46 +0100
Source: libphp-swiftmailer
Binary: libphp-swiftmailer
Architecture: source all
Version: 4.1.5-1+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Nicolas Roudaire
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Mon, 16 Jan 2017 22:09:59 +0100
Source: libav
Binary: libav-tools ffmpeg ffmpeg-dbg libav-dbg libav-extra-dbg ffmpeg-doc
libav-doc libavutil51 libavcodec53 libavdevice53 libavformat53 libavfilter2
libpostproc52 libswscale2
Hi Diego,
> > Thanks for your work. I'll have a look at it and upload tomorrow.
>
> Nice.
Uploaded.
> > Concerning the old CVEs (CVE-2015-6820, etc.), we could maybe ask the
> > ffmpeg project for the reproducers ? Not sure they will still have them,
> > but it doesn't hurt to try.
>
> I'll
On Mon, Jan 16, 2017 at 10:30:27PM +0100, Hugo Lefeuvre wrote:
> > I just released libav 0.8.20 with some more fixes, changelog below.
> >
> > Diego
> >
> > version 0.8.20:
> >
> > - mpegvideo: Fix undefined negative shifts in mpeg_motion_internal (Bug-Id:
> > 980, CVE-2016-9820)
> > -
On 2017-01-19 10:27, Emilio Pozuelo Monfort wrote:
On 19/01/17 08:14, Sebastiaan Couwenberg wrote:
On 01/18/2017 10:17 PM, Ola Lundqvist wrote:
Yes they are ok for wheezy-security. Thank you for your support.
I've updated the secure-testing repo for this issue and sent the DLA.
I haven't
On 19/01/17 08:14, Sebastiaan Couwenberg wrote:
> On 01/18/2017 10:17 PM, Ola Lundqvist wrote:
>> Yes they are ok for wheezy-security. Thank you for your support.
>
> I've updated the secure-testing repo for this issue and sent the DLA.
I haven't seen the DLA. Did you gpg-sign it? If you sent it