On Tue, Feb 21, 2017 at 4:27 AM, Antoine Beaupré wrote:
> security@lists.d.o is not a list, as far as i know. there's
> debian-security@lists.d.o, but I never posted there... or did you mean
> t...@security.debian.org?
secur...@lists.debian.org goes to root (DSA) and listmaster AFAICT.
--
bye,
It seems a bit too much to do a DLA for a single issue in the php5
package (CVE-2016-7478, namely):
https://security-tracker.debian.org/tracker/source-package/php5
I looked at the issue and the patch is easily ported, but i suggest we
postpone this DLA until we have piled up more important
issues
On 2017-02-13 21:48:45, Stefan Fritsch wrote:
> Hi Antoine,
Hi!
With a fresh mind (and 30 days delay!) I am looking at this again...
>> here are those tests:
>>
>> 2: [ "GET / HTTP/1.0\n\n" => 400],
>> 8: [ "GET / HTTP/1.0\0\r\n\r\n"=> 400],
>> 26: [
