On Tue, 2018-11-13 at 12:31 -0500, Daniel Kahn Gillmor wrote:
> On Mon 2018-11-12 15:16:39 -0500, Antoine Beaupré wrote:
>
> > * libgcrypt20 (part of GnuTLS, 1.6 -> 1.7)
>
> libgcrypt is not a part of GnuTLS. GnuTLS has used nettle instead of
> gcrypt for years. gcrypt is more properly "part
On Mon 2018-11-12 15:16:39 -0500, Antoine Beaupré wrote:
> * libgcrypt20 (part of GnuTLS, 1.6 -> 1.7)
libgcrypt is not a part of GnuTLS. GnuTLS has used nettle instead of
gcrypt for years. gcrypt is more properly "part of GnuPG" than anything
else.
basically, all of these libraries are gnupg
Package: spamassassin
Version: 3.4.2-0+deb8u1
CVE ID : CVE-2016-1238 CVE-2017-15705 CVE-2018-11780 CVE-2018-11781
Debian Bug : 784023 865924 883775 889501 891041 908969 908970 908971 913571
Multiple vulnerabilities were found in Spamassassin, which could lead
to Remote
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Tue, 30 Oct 2018 13:28:29 -0400
Source: spamassassin
Binary: spamassassin spamc sa-compile
Architecture: source all amd64
Version: 3.4.2-0+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Noah Meyerhans
Changed-By:
On 2018-11-13 18:41:47, Emilio Pozuelo Monfort wrote:
> I can think of two options:
>
> 1) Ship them in a private dir (e.g. /usr/lib/gnupg2/), and link them to those
> libs. Then ld should add an RPATH, otherwise an LD_LIBRARY_PATH hack could be
> used.
>
> 2) Statically link the libraries into
On 13/11/2018 17:43, Antoine Beaupré wrote:
> On 2018-11-13 13:24:39, Ben Hutchings wrote:
>> On Mon, 2018-11-12 at 15:16 -0500, Antoine Beaupré wrote:
>>> Hi,
>>>
>>> So I've been looking at Enigmail again, after a long journey helping
>>> people in stable getting that stuff fixed. It's pretty
On 2018-11-13 13:24:39, Ben Hutchings wrote:
> On Mon, 2018-11-12 at 15:16 -0500, Antoine Beaupré wrote:
>> Hi,
>>
>> So I've been looking at Enigmail again, after a long journey helping
>> people in stable getting that stuff fixed. It's pretty obvious there's
>> no way to upload that without
On Mon, 2018-11-12 at 15:16 -0500, Antoine Beaupré wrote:
> Hi,
>
> So I've been looking at Enigmail again, after a long journey helping
> people in stable getting that stuff fixed. It's pretty obvious there's
> no way to upload that without first doing a GnuPG 2.1 backport into
> jessie.
>
>