) attacks, if the target application accepts XML
as an input. It is caused by insecure design of Cake's Xml class.
For Debian 6 Squeeze, this issue has been fixed in cakephp version
1.3.2-1.1+deb6u11.
Regards,
- - --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Fri, 23 Oct 2015 11:38:38 +0100
Source: cakephp
Binary: cakephp cakephp-scripts
Architecture: source all
Version: 1.3.2-1.1+deb6u11
Distribution: squeeze-lts
Urgency: high
Maintainer: Chris Lamb <la...@debian.org>
Changed-By:
0.6.4-1+deb6u11.
Regards,
- - --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQIcBAEBCAAGBQJWKTciAAoJEB6VPifUMR5YKhIP/jE5sfJZbATpWsEKYNwGKrBt
v9gAhNYO7SFRAMA+olDk3wFA3v2SuFx/bHBJFDGbm
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Thu, 22 Oct 2015 19:43:01 +0100
Source: optipng
Binary: optipng
Architecture: source amd64
Version: 0.6.4-1+deb6u11
Distribution: squeeze-lts
Urgency: high
Maintainer: Nelson A. de Oliveira <nao...@debian.org>
Changed-By:
: Debian Install System Team <debian-b...@lists.debian.org>
Changed-By: Chris Lamb <la...@debian.org>
Description:
busybox- Tiny utilities for small and embedded systems
busybox-static - Standalone rescue shell with tons of builtin utilities
busybox-syslogd - Provides syslogd and
Squeeze, this issue has been fixed in xscreensaver version
5.11-1+deb6u11.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQIcBAEBCAAGBQJWNRkBAAoJEB6VPifUMR5YNj8P/0s6hCihupSowSjzR
Architecture: source amd64
Version: 5.11-1+deb6u11
Distribution: squeeze-lts
Urgency: high
Maintainer: Jose Luis Rivas <ghost...@debian.org>
Changed-By: Chris Lamb <la...@debian.org>
Description:
xscreensaver - Automatic screensaver for X
xscreensaver-data - data files to be shared among
dla...@lordlamer.de>
Changed-By: Chris Lamb <la...@debian.org>
Description:
zendframework - powerful PHP framework
zendframework-bin - binary scripts for zendframework
Changes:
zendframework (1.10.6-1squeeze6) squeeze-lts; urgency=medium
.
* ZF2015-08: Potential SQL injection vector usi
terminator, allowing an attacker to add arbitrary SQL following a
null byte, and thus create a SQL injection.
For Debian 6 Squeeze, this issue has been fixed in zendframework
version 1.10.6-1squeeze6.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris
and headers in order that the backported
itself patch applied with minimal mangling.
(Part of training, hence the low-priority package.)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
.
For Debian 6 Squeeze, this issue has been fixed in libphp-phpmailer
version 5.1-1+deb6u11.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQIcBAEBCAAGBQJWZyKJAAoJEB6VPifUMR5YRHQP
hanged-By: Chris Lamb <la...@debian.org>
Description:
libphp-phpmailer - full featured email transfer class for PHP
Closes: 807265
Changes:
libphp-phpmailer (5.1-1+deb6u11) squeeze-lts; urgency=high
.
* CVE-2015-8476: Reject line breaks in to, from, and HELO calls to avoid
command inject
int...@lists.debian.org>
Changed-By: Chris Lamb <la...@debian.org>
Description:
foomatic-filters - OpenPrinting printer support - filters
Closes: 806886
Changes:
foomatic-filters (4.0.5-6+squeeze2+deb6u11) squeeze-lts; urgency=high
.
* CVE-2015-8327: Fix insufficient script injectio
to convert
incoming PostScript data into the printer's native format.
For Debian 6 Squeeze, this issue has been fixed in foomatic-filters
version 4.0.5-6+squeeze2+deb6u11
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
le -- push a patch upstream.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
> The version in Wheezy is identical to the one in Squeeze, and has
> already been fixed via LTS. Chris, are you willing to prepare the upload
> for Wheezy too?
No problem, will get to it.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
.
For Debian 6 Squeeze, this issue has been fixed in pygments
version 1.3.1+dfsg-1+deb6u11.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
ted it, here is the diffoscope comparison from
the previous version in squeeze:
https://try.diffoscope.org/zbpxqvgckury.html
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
nouncements, etc.
Either way is fine, just let me know :)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
+squeeze9+deb6u12.
For Debian 6 Squeeze, this issue has been fixed in cacti version
0.8.7g-1+squeeze9+deb6u13.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
ributed; I made the assumption that you would either not care or you had
seen exactly what I had done.
Will do so in future though, noted.
Best,
--
Chris Lamb
chris-lamb.co.uk / @lolamby
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 30 Dec 2015 17:40:37 +0100
Source: cacti
Binary: cacti
Architecture: source all
Version: 0.8.7g-1+squeeze9+deb6u12
Distribution: squeeze-lts
Urgency: high
Maintainer: Sean Finney <sean...@debian.org>
Changed-By: Chris La
has been fixed in cacti version
0.8.7g-1+squeeze9+deb6u12.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQIcBAEBCAAGBQJWhFlaAAoJEB6VPifUMR5YZf0P/1gCagSHYlvt850a/jIL7pwr
of monitoring systems.
For Debian 6 Squeeze, this issue has been fixed in cacti version
0.8.7g-1+squeeze9+deb6u11.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sat, 26 Dec 2015 12:53:42 +
Source: cacti
Binary: cacti
Architecture: source all
Version: 0.8.7g-1+squeeze9+deb6u11
Distribution: squeeze-lts
Urgency: high
Maintainer: Sean Finney <sean...@debian.org>
Changed-By: Chris La
> > (I took it in dla-needed.txt but please take it back)
>
> Well, first come, first served, so go ahead if you want to work on it
> right now.
Uploaded; apologies for not following up here earlier.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` l
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 25 Nov 2015 23:16:40 +0200
Source: python-django
Binary: python-django python-django-doc
Architecture: source all
Version: 1.2.3-3+squeeze15
Distribution: squeeze-lts
Urgency: medium
Maintainer: Chris Lamb <la...@debian.
; Raphaël Hertzog ◈ Debian Developer
>
> Support Debian LTS: http://www.freexian.com/services/debian-lts.html
> Learn to master Debian: http://debian-handbook.info/get/
>
--
Chris Lamb
chris-lamb.co.uk / @lolamby
apo...@melix.org>
Changed-By: Chris Lamb <la...@debian.org>
Description:
redmine- flexible project management web application
redmine-mysql - metapackage providing MySQL dependencies for Redmine
redmine-pgsql - metapackage providing PostgreSQL dependencies for Redmine
redmine-sqlite -
> All of Openstack is no longer support in Wheezy LTS. Please
> don't spend time on unsupported packages.
D'oh. I was aware of Openstack being unsupported, but somehow (!) didn't
connect Horizon of being part of it..
Regards,
--
,''`.
: :' : Chris Lamb
`. `'`
heezy", this issue has been fixed in horizon version
2012.1.1-10+deb7u1.
We recommend that you upgrade your horizon packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
Version
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Thu, 14 Jan 2016 11:54:27 +0100
Source: cacti
Binary: cacti
Architecture: source all
Version: 0.8.7g-1+squeeze9+deb6u14
Distribution: squeeze-lts
Urgency: medium
Maintainer: Sean Finney <sean...@debian.org>
Changed-By: Chri
, this issue has been fixed in cacti version
0.8.7g-1+squeeze9+deb6u14.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQIcBAEBCAAGBQJWl4CaAAoJEB6VPifUMR5YSPAP/2rBTk9OnPlgQdc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sat, 16 Jan 2016 10:29:40 +0100
Source: prosody
Binary: prosody
Architecture: source amd64
Version: 0.7.0-1squeeze1+deb6u1
Distribution: squeeze-lts
Urgency: high
Maintainer: Matthew James Wild <mwi...@gmail.com>
Changed-By:
ow
> unsupported packages in a special status
I have pushed preliminary support for this.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
nouncement.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
in pixman version
0.16.4-1+deb6u2.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQIcBAEBCAAGBQJWzhtTAAoJEB6VPifUMR5YxpgP/i/rSAJkBQE+xoVgnaCcR6Sn
the updated package before it gets released.
Thank you very much.
Chris Lamb,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this file:
https://anonscm.debian.org
.
Chris Lamb,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this file:
https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup
Regards
web server protocol for Perl.
For Debian 6 Squeeze, this issue has been fixed in libfcgi-perl version
0.71-1+squeeze1+deb6u1.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
.
For Debian 6 Squeeze, this issue has been fixed in libfcgi version
2.4.0-8+deb6u1.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
ain...@lists.alioth.debian.org>
Changed-By: Chris Lamb <la...@debian.org>
Description:
libfcgi-perl - helper module for FastCGI
Closes: 815840
Changes:
libfcgi-perl (0.71-1+squeeze1+deb6u1) squeeze-lts; urgency=high
.
* CVE-2012-6687: Fix remote denial of service via a large number of
the updated package before it gets released.
Thank you very much.
Chris Lamb,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this file:
https://anonscm.debian.org
hanged-By: Chris Lamb <la...@debian.org>
Description:
nginx - small, but very powerful and efficient web server and mail proxy
nginx-dbg - Debugging symbols for nginx
Closes: 812806
Changes:
nginx (0.7.67-3+squeeze4+deb6u1) squeeze-lts; urgency=high
.
* CVE-2016-0742: Invalid pointer
,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQIcBAEBCAAGBQJWqI/TAAoJEB6VPifUMR5YdrcP/20Tm257pxDmud0zbGC8OaJV
kciLXfhxIJhkzjNEDJW85uh9rIeeOabhoLDLm7uyN59v4W+tD4LVfYKHQ6XQ+RE+
dmxD+/YUzKAZzWuQVo0qNgVXuDaGrj
leak.
For Debian 6 Squeeze, this issue has been fixed in libmatroska
version 0.8.1-1.1+deb6u1.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
hanged-By: Chris Lamb <la...@debian.org>
Description:
python-xdelta3 - Xdelta3 python module
xdelta3- A diff utility which works with binary files
Closes: 814067
Changes:
xdelta3 (0y.dfsg-1+deb6u1) squeeze-lts; urgency=high
.
* CVE-2014-9765: Fix buffer overflow in main_get_apphe
maintainers
<pkg-multimedia-maintain...@lists.alioth.debian.org>
Changed-By: Chris Lamb <la...@debian.org>
Description:
libmatroska-dev - extensible open standard audio/video container format
libmatroska0 - extensible open standard audio/video container format
Changes:
libmatroska (0.8.
Hi Marc,
> I am under the impression that most mirrors, in the world, have
> emptied their squeeze-lts mirror. If yes, where can the files
> be found ?
archive.debian.org :)
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
attackers to
cause a denial of service via a crafted imagefilltoborder call.
For Debian 7 "Wheezy", this issue has been fixed in libgd2 version
2.0.36~rc1~dfsg-6.1+deb7u3.
We recommend that you upgrade your libgd2 packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `
email address - that way you can immediately
test whether the email was signed correctly and not immediately mangled by your
MTA.)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
or not.
If you don't want to take care of this update, it's not a problem, we
will do our best with your package. Just let us know whether you would
like to review and/or test the updated package before it gets released.
Thank you very much.
Chris Lamb,
on behalf of the Debian LTS team.
PS
etlibc is a static library.
I need some help here - do I simply request these in the usual way?
I have not done this for security before.
> gbp buildpackage --git-pristine-tar --git-debian-branch=wheezy
It's still "git-buildpackage" in wheezy's version! ;)
Regards,
--
,''`.
the updated package before it gets released.
Thank you very much.
Chris Lamb,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this file:
https://anonscm.debian.org
rther down in the file) as it was to just change this specific
> case of logging.
Well, sure, of course. :)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
olated to just this bit?
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Chris Lamb wrote:
> > DLA-577-1 has been issued two days ago but redis hasn't been uploaded
> > yet.
[..]
> Could these checks be automated instead of relying on a diligent
> front-desk..?)
I've pushed such a script as bin/lts-missing-uploads.py. Please consider
it to be proo
> The patch looks good to me
Same here.
Regards,
--
Chris Lamb
chris-lamb.co.uk / @lolamby
g..
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
and/or test the updated package before it gets released.
Thank you very much.
Chris Lamb,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this file:
https
ead.
> So I assume as a next step I should upload the package
> I've already prepared, right? Is that possible for DMs?
I.. don't actually know! No harm in trying to upload as an DM. If it
fails, please me know and I can upload it for you.
Regards,
--
,''`.
: :' : Chris
us know whether you would
like to review and/or test the updated package before it gets released.
Thank you very much.
Chris Lamb,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Fri, 15 Jul 2016 09:35:17 +0200
Source: drupal7
Binary: drupal7
Architecture: source all
Version: 7.14-2+deb7u14
Distribution: wheezy-security
Urgency: high
Maintainer: Luigi Gangitano <lu...@debian.org>
Changed-By: Chris La
his topic around busybox/CVE-2011-5325)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
ii' codec can't encode character '\xe1' in position 13:
ordinal not in range(128)
> Or can we in some other way make it work also on Debian stable?
I've fixed the above issue in 19dab98. No need to jump to reverting
stuff..
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
egards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
g to Python 3..)
Anyway, glad it's working for you now.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
> He did post the entire traceback.
Nope, or at least not in my MTA.. http://i.imgur.com/VD7Xmpb.jpg
*shrugs*
--
Chris Lamb
chris-lamb.co.uk / @lolamby
Chris Lamb wrote:
> > DLA-577-1 has been issued two days ago but redis hasn't been uploaded
> > yet. Chris could you investigate please?
>
> Very odd; I distinctly remember uploading this as my machine was
> aggressively firewalled (internet cafe!) so I had to route it t
n
> the dak problem is solved on security-master, ansgar told me he will look
> into it tonight.
Just received "redis_2.4.14-1+deb7u1_amd64.changes ACCEPTED into oldstable".
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Mon, 01 Aug 2016 11:32:06 -0400
Source: redis
Binary: redis-server
Architecture: source amd64
Version: 2:2.4.14-1+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Chris Lamb <la...@debian.org>
Changed-By: Chri
f view, I will assume I will then issue a single
DLA, mentioning the n packages that were rebuilt.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
let us know whether you would
like to review and/or test the updated package before it gets released.
Thank you very much.
Chris Lamb,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone
the updated package before it gets released.
Thank you very much.
Chris Lamb,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this file:
https
.
For Debian 7 "Wheezy", this issue has been fixed in libarchive version
3.0.4-3+wheezy5+deb7u1.
We recommend that you upgrade your libarchive packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAliYOsMACgkQHpU+J9Qx
HlhV4BAAoiPxzEcuo/886pJcR8ogmVvVCK5CBviEne259wRsSG7N2cZFuY8oYhY/
MhV+24YM0eNkclxk7KlHASRMXgsm1I+ocfpdbqFIiT
hanged-By: Chris Lamb <la...@debian.org>
Description:
libphp-phpmailer - full featured email transfer class for PHP
Closes: 853232
Changes:
libphp-phpmailer (5.1-1.3+deb7u1) wheezy-security; urgency=high
.
* CVE-2017-5223: Fix vulnerability caused by insufficient parsing of HTML
hanged-By: Chris Lamb <la...@debian.org>
Description:
hesiod - Project Athena's DNS-based directory service - utilities
libhesiod-dev - Project Athena's DNS-based directory service - development
files
libhesiod0 - Project Athena's DNS-based directory service - libraries
Closes: 8
and/or test the updated package before it gets released.
You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of wireshark updates
for the LTS releases.
Thank you very much.
Chris Lamb,
on behalf of the Debian LTS team.
PS: A member
libwiretap4 libwiretap-dev
Architecture: source amd64 all
Version: 1.12.1+g01b65bf-4+deb8u6~deb7u6
Distribution: wheezy-security
Urgency: high
Maintainer: Balint Reczey <bal...@balintreczey.hu>
Changed-By: Chris Lamb <la...@debian.org>
Description:
libwireshark-data - network packet dissec
and/or test the updated package before it gets released.
You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of tomcat7 updates
for the LTS releases.
Thank you very much.
Chris Lamb,
on behalf of the Debian LTS team.
PS: A member of the LTS
hanges...
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
iQIcBAEBCAAGBQJXskJOAAoJEB6VPifUMR5Y7FsP/Ap8+dtoh5Cu6V4kzEJytxl5
Uh5/vS5wU/IeP6sl7qSlfcWQTAksMFqi1A/DVWyQe4yQ
Maintainer: Jan Dittberner <ja...@debian.org>
Changed-By: Chris Lamb <la...@debian.org>
Description:
cracklib-runtime - runtime support for password checker library cracklib2
libcrack2 - pro-active password checker library
libcrack2-dev - pro-active password checker library - devel
t;Wheezy", this issue has been fixed in suckless-tools version
38-2+deb7u1.
We recommend that you upgrade your suckless-tools packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN
hanged-By: Chris Lamb <la...@debian.org>
Description:
suckless-tools - simple commands for minimalistic window managers
Changes:
suckless-tools (38-2+deb7u1) wheezy-security; urgency=high
.
* CVE-2016-6866: Fix SEGV in slock when users account has been disabled.
.
The sc
checker
library.
For Debian 7 "Wheezy", this issue has been fixed in cracklib2 version
2.8.19-3+deb7u1.
We recommend that you upgrade your cracklib2 packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
issue has been fixed in jsch version
0.1.42-2+deb7u1.
We recommend that you upgrade your jsch packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
iQIcBAEBCAAGBQJXzbQ7AAoJEB6VPi
have prepared an update for LTS:
https://gist.githubusercontent.com/lamby/42b6636c257c730903a874e1edeee1f9/raw
Let me know if I should go ahead and upload it.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
to obtain
a user's password.
For Debian 7 "Wheezy", this issue has been fixed in mailman version
1:2.1.15-1+deb7u2.
We recommend that you upgrade your mailman packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
ack...@lists.alioth.debian.org>
Changed-By: Chris Lamb <la...@debian.org>
Description:
mailman- Powerful, web-based mailing list manager
Closes: 835970
Changes:
mailman (1:2.1.15-1+deb7u2) wheezy-security; urgency=high
.
* CVE-2016-6893: Fix CSRF vulnerability associated in the user options pag
d as
unsupported (and will do so by default).
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
lease, so I assume the diff is reasonably large.
Good to know, thanks.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
hanged-By: Chris Lamb <la...@debian.org>
Description:
dwarfdump - utility to dump DWARF debug information from ELF objects
libdwarf-dev - library to consume and produce DWARF debug information
Changes:
dwarfutils (20120410-2+deb7u1) wheezy-security; urgency=high
.
* Specify "3.0 (
much.
Chris Lamb,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this file:
https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup
Group <packa...@qa.debian.org>
Changed-By: Chris Lamb <la...@debian.org>
Description:
libfreeimage-dev - Support library for graphics image formats (development
files)
libfreeimage3 - Support library for graphics image formats (library)
libfreeimage3-dbg - Support library for graphics i
o packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
iQIcBAEBCAAGBQJX9sCkAAoJEB6VPifUMR5Y/NkP/3pn6GIrzDur8U8jMGEpsrCL
Rx0iCzsPte80mRW7c5FQhqYtEFq5LKikjIoGeMeshUKck6vdXiI34T
and push to
> ssh://git.debian.org/git/collab-maint/debian-security-support.git
Yes :)
> Do I need to ask anybody before doing so?
No. With my FD hat on, I went ahead and did this. :)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
.
Chris Lamb,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this file:
https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup
Regards
message formatting.
- CVE-2016-7407: Overflows when parsing OpenSSH's ASN.1 key format.
For Debian 7 "Wheezy", this issue has been fixed in dropbear version
2012.55-1.3+deb7u1.
We recommend that you upgrade your dropbear packages.
Regards,
- --
,''`.
: :' :
1 - 100 of 924 matches
Mail list logo