Re: Accepted graphicsmagick 1.3.16-1.1+deb7u10 (source amd64 all) into oldoldstable

Antoine Beaupré writes: > Somehow the DLA-1130-1 that was associated with this upload never made > it to the mailing list archive here: Yes, I commented on that in a recent email. I didn't realize until after I uploaded the newer version associated with DLA-1140-1. So

[SECURITY] [DLA 1149-1] wget security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: wget Version: 1.13.4-3+deb7u5 CVE ID : CVE-2017-13089 CVE-2017-13090 CVE-2017-13089 Fix stack overflow in HTTP protocol handling. CVE-2017-13090 Fix heap overflow in HTTP protocol handling. For Debian

Re: Accepted graphicsmagick 1.3.16-1.1+deb7u10 (source amd64 all) into oldoldstable

On 2017-10-27 19:05:07, Hugo Lefeuvre wrote: > Hi Antoine, Brian, > >> Somehow the DLA-1130-1 that was associated with this upload never made >> it to the mailing list archive here: >> >> https://lists.debian.org/debian-lts-announce/2017/10/ >> >> I also didn't receive a copy, so I suspect it

Wheezy update of suricata?

Dear maintainer(s), The Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of suricata: https://security-tracker.debian.org/tracker/source-package/suricata Would you like to take care of this yourself? If yes, please follow the workflow we have

Wheezy update of puppet?

Dear maintainer(s), The Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of puppet: https://security-tracker.debian.org/tracker/source-package/puppet Would you like to take care of this yourself? If yes, please follow the workflow we have

Wheezy update of spip?

Dear maintainer(s), The Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of spip: https://security-tracker.debian.org/tracker/source-package/spip Would you like to take care of this yourself? If yes, please follow the workflow we have defined

Re: Accepted graphicsmagick 1.3.16-1.1+deb7u10 (source amd64 all) into oldoldstable

Hi Antoine, Brian, > Somehow the DLA-1130-1 that was associated with this upload never made > it to the mailing list archive here: > > https://lists.debian.org/debian-lts-announce/2017/10/ > > I also didn't receive a copy, so I suspect it was never sent. > > A. > > PS: I realized this while

Re: Accepted graphicsmagick 1.3.16-1.1+deb7u10 (source amd64 all) into oldoldstable

Somehow the DLA-1130-1 that was associated with this upload never made it to the mailing list archive here: https://lists.debian.org/debian-lts-announce/2017/10/ I also didn't receive a copy, so I suspect it was never sent. A. PS: I realized this while reviewing my own announcements - it seems

[SECURITY] [DLA 1144-1] git-annex security update

Package: git-annex Version: 3.20120629+deb7u1 CVE ID : CVE-2017-12976 Debian Bug : 873088 git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an

Re: Wheezy update of golang?

On 2017-10-24 15:44:18, Antoine Beaupré wrote: > Hi, > > After further analysis for the issues affecting golang in Wheezy, I have > concluded that it is not necessary to perform updates. > > CVE-2017-15041 concerns only the "go get" command, and only malicious > Subversion repositories which can