tiff wheezy security update ready for testing

2017-01-19 Thread Antoine Beaupré
Hi, I've built an update for the tiff package for all the pending issues in the security tracker, including some issues that were marked "no-dsa" for various reasons. I believe some of those were actually misfiled, as arbitrary code execution seems serious enough, in my opinion, to warrant an

Accepted libphp-swiftmailer 4.1.5-1+deb7u1 (source all) into oldstable

2017-01-19 Thread Markus Koschany
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 19 Jan 2017 14:00:46 +0100 Source: libphp-swiftmailer Binary: libphp-swiftmailer Architecture: source all Version: 4.1.5-1+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Nicolas Roudaire

Accepted libav 6:0.8.20-0+deb7u1 (source amd64 all) into oldstable

2017-01-19 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 16 Jan 2017 22:09:59 +0100 Source: libav Binary: libav-tools ffmpeg ffmpeg-dbg libav-dbg libav-extra-dbg ffmpeg-doc libav-doc libavutil51 libavcodec53 libavdevice53 libavformat53 libavfilter2 libpostproc52 libswscale2

Re: wheezy update for libav

2017-01-19 Thread Hugo Lefeuvre
Hi Diego, > > Thanks for your work. I'll have a look at it and upload tomorrow. > > Nice. Uploaded. > > Concerning the old CVEs (CVE-2015-6820, etc.), we could maybe ask the > > ffmpeg project for the reproducers ? Not sure they will still have them, > > but it doesn't hurt to try. > > I'll

Re: wheezy update for libav

2017-01-19 Thread Diego Biurrun
On Mon, Jan 16, 2017 at 10:30:27PM +0100, Hugo Lefeuvre wrote: > > I just released libav 0.8.20 with some more fixes, changelog below. > > > > Diego > > > > version 0.8.20: > > > > - mpegvideo: Fix undefined negative shifts in mpeg_motion_internal (Bug-Id: > > 980, CVE-2016-9820) > > -

Re: Fixing CVE-2017-5522 (stack buffer overflow) for mapserver in wheezy

2017-01-19 Thread Bas Couwenberg
On 2017-01-19 10:27, Emilio Pozuelo Monfort wrote: On 19/01/17 08:14, Sebastiaan Couwenberg wrote: On 01/18/2017 10:17 PM, Ola Lundqvist wrote: Yes they are ok for wheezy-security. Thank you for your support. I've updated the secure-testing repo for this issue and sent the DLA. I haven't

Re: Fixing CVE-2017-5522 (stack buffer overflow) for mapserver in wheezy

2017-01-19 Thread Emilio Pozuelo Monfort
On 19/01/17 08:14, Sebastiaan Couwenberg wrote: > On 01/18/2017 10:17 PM, Ola Lundqvist wrote: >> Yes they are ok for wheezy-security. Thank you for your support. > > I've updated the secure-testing repo for this issue and sent the DLA. I haven't seen the DLA. Did you gpg-sign it? If you sent it