[SECURITY] [DLA 1242-1] xmltooling security update

2018-01-14 Thread Markus Koschany
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: xmltooling Version: 1.4.2-5+deb7u2 CVE ID : CVE-2018-0486 Philip Huppert discovered the Shibboleth service provider is vulnerable to impersonation attacks and information disclosure due to mishandling of DTDs in the

Accepted ca-certificates 20130119+deb7u2 (source all) into oldoldstable

2018-01-14 Thread Michael Shuler
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 18 Jul 2017 21:58:24 -0500 Source: ca-certificates Binary: ca-certificates Architecture: source all Version: 20130119+deb7u2 Distribution: wheezy-security Urgency: medium Maintainer: Michael Shuler

Accepted xmltooling 1.4.2-5+deb7u2 (source amd64 all) into oldoldstable

2018-01-14 Thread Markus Koschany
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 14 Jan 2018 20:41:01 +0100 Source: xmltooling Binary: libxmltooling5 libxmltooling-dev xmltooling-schemas libxmltooling-doc Architecture: source amd64 all Version: 1.4.2-5+deb7u2 Distribution: wheezy-security Urgency: high

Re: Bug#858539: should ca-certificates certdata.txt synchronize across all suites?

2018-01-14 Thread Brian May
Raphael Hertzog writes: > Yes, please. I saw reports of failures on IRC due to missing CA > certificates. Done that now. Does this deserve a DLA? If so, I have no idea what to include. Maybe something like: --- cut --- This release does a complete update of the CA list.

[SECURITY] [DLA 1241-1] libkohana2-php security update

2018-01-14 Thread Markus Koschany
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: libkohana2-php Version: 2.3.4-2+deb7u1 CVE ID : CVE-2016-10510 David Sopas discovered that Kohana, a PHP framework, was vulnerable to a Cross-site scripting (XSS) attack that allowed remote attackers to inject

Accepted libkohana2-php 2.3.4-2+deb7u1 (source all) into oldoldstable

2018-01-14 Thread Markus Koschany
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 14 Jan 2018 17:12:42 +0100 Source: libkohana2-php Binary: libkohana2-php libkohana2-modules-php Architecture: source all Version: 2.3.4-2+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Sven Velt

Re: Wheezy update of smarty3?

2018-01-14 Thread mike . gabriel
Hi Chris, On Sunday, January 14, 2018, Chris Lamb wrote: > Hey Mike, > > > I will take over fixing the open CVE for smarty3 on wheezy during the > > week in the course of getting the other versions fixed, too. > > > > Ping me again in a week, if no upload has occurred. > > Hey, how are you