Antoine Beaupré writes:
> Brian, are you sure you're getting those failures in jessie? Which
> architecture? Here my tests were done in a VirtualBox VM using an up to
> date Debian jessie amd64 box.
My tests were done in a schroot. Not sure if I used i386 or amd64 now.
--
Brian May
Antoine Beaupré writes:
> On 2018-08-08 17:35:52, Brian May wrote:
>> If I got this right, we cannot use $(xyz) unless the value of xyz is
>> trusted. Otherwise executing $(xyz) can result in the execution of code
>> if xyz is something like "". This
>> happens immediately, and even if you don't
Antoine Beaupré wrote:
> It was challenging work, especially for the two main patches.
>
> The first big patch is "limit url downloads to whitelisted schemes":
>
> http://source.git-annex.branchable.com/?p=source.git;a=commitdiff;h=28720c795ff57a55b48e56d15f9b6bcb977f48d9
>
> The main challenge
Hi!
TL;DR: test packages ready for git-annex. fix probably incomplete,
patches attached for review.
I've been working for the past day or two on backporting the pending
security fixes for git-annex to Debian jessie as part of the LTS
project. The two security issues are of course CVE-2018-10857 a
On 2018-08-28 19:31:27, Markus Koschany wrote:
> Hello Chris,
>
> the Debian LTS team would like to fix CVE-2018-14424, gdm3 in Jessie. We
> have prepared a patch [1] based on your work which you have attached to
> the Gnome issue tracker. [2] We have noticed [3] that it is still
> possible to "cra
Hello Chris,
the Debian LTS team would like to fix CVE-2018-14424, gdm3 in Jessie. We
have prepared a patch [1] based on your work which you have attached to
the Gnome issue tracker. [2] We have noticed [3] that it is still
possible to "crash" gdm3 in Jessie with your POC although we cannot get
a
