Re: MySQL 5.5 EOL before Debian 8 LTS ends

2018-12-27 Thread Jan Ingvoldstad
On 2018-12-27 18:51, Lars Tangvald wrote: Upgrading to 5.6 would be less risky than MariaDB 10.1, but it's a similar sort of risk. I don't know what the risk with switching to MariaDB 10.1 would be, but as a general principle, MariaDB lags behind (the already annoyingly delayed) Oracle

[SECURITY] [DLA 1591-2] libphp-phpmailer regression update

2018-12-27 Thread Abhijith PA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: libphp-phpmailer Version: 5.2.9+dfsg-2+deb8u5 CVE ID : CVE-2018-19296 A possible regression was found in the recent security update for libphp-phpmailer, announced as DLA 1591-1. During backporting a new variable

Re: RFC: proposed fix for CVE-2018-19518 in uw-imap

2018-12-27 Thread Roberto C . Sánchez
Hi Tomas, On Mon, Dec 24, 2018 at 08:47:55PM +, Tomas Bortoli wrote: >Hi Robert, > >Your patch seems not to be definitive against CVE-2018-19518. >This because checking for spaces won't be enough if an attacker uses some >"bash trick" to get a space... >In fact you can

Re: limits of automatic unclaiming (Re: pdns/pdns-recursor)

2018-12-27 Thread Antoine Beaupré
On 2018-12-27 14:16:22, Holger Levsen wrote: > Hi Abhijith, Antoine, > > I just ran "./bin/review-update-needed --lts --unclaim 1814400 --exclude > linux linux-4.9" today and it unclaimed pdns/pdns-recursor as the last > NOTE entries were more than 3 weeks ago. However Abhijith wrote here: > > On

Re: MySQL 5.5 EOL before Debian 8 LTS ends

2018-12-27 Thread Lars Tangvald
Hi, On 19.12.2018 17:01, Holger Levsen wrote: Hi Emilio, thanks for bringing up this issue on the LTS list. On Mon, Dec 17, 2018 at 10:49:57AM +0100, Emilio Pozuelo Monfort wrote: MySQL 5.5 should be EOL this month if nothing has changed, although I don't see an announcement on [1] yet.

Accepted libphp-phpmailer 5.2.9+dfsg-2+deb8u5 (source all) into oldstable

2018-12-27 Thread Abhijith PA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 27 Dec 2018 09:46:16 +0530 Source: libphp-phpmailer Binary: libphp-phpmailer Architecture: source all Version: 5.2.9+dfsg-2+deb8u5 Distribution: jessie-security Urgency: medium Maintainer: Debian PHP PEAR Maintainers

Re: limits of automatic unclaiming (Re: pdns/pdns-recursor)

2018-12-27 Thread Holger Levsen
Hi Abhijith, On Thu, Dec 27, 2018 at 09:01:32PM +0530, Abhijith PA wrote: > > Abhijith, thanks for this update! Just please also update the notes for > > these packages in data/dla-needed.txt. > I will. Thank you. > >> time in it as it is not so popular one and it has no-DSA postponed > >>

Re: limits of automatic unclaiming (Re: pdns/pdns-recursor)

2018-12-27 Thread Abhijith PA
Hi, Holger.. On Thursday 27 December 2018 07:46 PM, Holger Levsen wrote: > Hi Abhijith, Antoine, > > I just ran "./bin/review-update-needed --lts --unclaim 1814400 --exclude > linux linux-4.9" today and it unclaimed pdns/pdns-recursor as the last > NOTE entries were more than 3 weeks ago.

[SECURITY] [DLA 1620-1] ghostscript security update

2018-12-27 Thread Lucas Kanashiro
Package: ghostscript Version: 9.06~dfsg-2+deb8u13 CVE ID : CVE-2018-19134 CVE-2018-19478 Some vulnerabilities were discovered in ghostscript, an interpreter for the PostScript language and for PDF. CVE-2018-19134 The setpattern operator did not properly validate

limits of automatic unclaiming (Re: pdns/pdns-recursor)

2018-12-27 Thread Holger Levsen
Hi Abhijith, Antoine, I just ran "./bin/review-update-needed --lts --unclaim 1814400 --exclude linux linux-4.9" today and it unclaimed pdns/pdns-recursor as the last NOTE entries were more than 3 weeks ago. However Abhijith wrote here: On Sat, Dec 22, 2018 at 01:02:06PM +0530, Abhijith PA wrote:

Accepted ghostscript 9.06~dfsg-2+deb8u13 (source all amd64) into oldstable

2018-12-27 Thread Lucas Kanashiro
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 27 Dec 2018 13:26:27 + Source: ghostscript Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg Architecture: source all amd64 Version: 9.06~dfsg-2+deb8u13 Distribution:

[SECURITY] [DLA 1619-1] graphicsmagick security update

2018-12-27 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: graphicsmagick Version: 1.3.20-3+deb8u5 CVE ID : CVE-2018-20184 CVE-2018-20185 CVE-2018-20189 Debian Bug : 916752 916719 916721 Multiple vulnerabilities have been found in GraphicsMagick, the image processing

Accepted graphicsmagick 1.3.20-3+deb8u5 (source amd64 all) into oldstable

2018-12-27 Thread Hugo Lefeuvre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 26 Dec 2018 09:51:39 +0100 Source: graphicsmagick Binary: graphicsmagick libgraphicsmagick3 libgraphicsmagick1-dev libgraphicsmagick++3 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat