[SECURITY] [DLA 333-1] cakephp security update

) attacks, if the target application accepts XML as an input. It is caused by insecure design of Cake's Xml class. For Debian 6 Squeeze, this issue has been fixed in cakephp version 1.3.2-1.1+deb6u11. Regards, - - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org

Accepted cakephp 1.3.2-1.1+deb6u11 (source all) into squeeze-lts

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 23 Oct 2015 11:38:38 +0100 Source: cakephp Binary: cakephp cakephp-scripts Architecture: source all Version: 1.3.2-1.1+deb6u11 Distribution: squeeze-lts Urgency: high Maintainer: Chris Lamb <la...@debian.org> Changed-By:

[SECURITY] [DLA 332-1] optipng security update

0.6.4-1+deb6u11. Regards, - - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJWKTciAAoJEB6VPifUMR5YKhIP/jE5sfJZbATpWsEKYNwGKrBt v9gAhNYO7SFRAMA+olDk3wFA3v2SuFx/bHBJFDGbm

Accepted optipng 0.6.4-1+deb6u11 (source amd64) into squeeze-lts

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 22 Oct 2015 19:43:01 +0100 Source: optipng Binary: optipng Architecture: source amd64 Version: 0.6.4-1+deb6u11 Distribution: squeeze-lts Urgency: high Maintainer: Nelson A. de Oliveira <nao...@debian.org> Changed-By:

Accepted busybox 1:1.17.1-8+deb6u11 (source all amd64) into squeeze-lts

: Debian Install System Team <debian-b...@lists.debian.org> Changed-By: Chris Lamb <la...@debian.org> Description: busybox- Tiny utilities for small and embedded systems busybox-static - Standalone rescue shell with tons of builtin utilities busybox-syslogd - Provides syslogd and

[SECURITY] [DLA 338-1] xscreensaver security update

Squeeze, this issue has been fixed in xscreensaver version 5.11-1+deb6u11. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJWNRkBAAoJEB6VPifUMR5YNj8P/0s6hCihupSowSjzR

Accepted xscreensaver 5.11-1+deb6u11 (source amd64) into squeeze-lts

Architecture: source amd64 Version: 5.11-1+deb6u11 Distribution: squeeze-lts Urgency: high Maintainer: Jose Luis Rivas <ghost...@debian.org> Changed-By: Chris Lamb <la...@debian.org> Description: xscreensaver - Automatic screensaver for X xscreensaver-data - data files to be shared among

Accepted zendframework 1.10.6-1squeeze6 (source all) into squeeze-lts

dla...@lordlamer.de> Changed-By: Chris Lamb <la...@debian.org> Description: zendframework - powerful PHP framework zendframework-bin - binary scripts for zendframework Changes: zendframework (1.10.6-1squeeze6) squeeze-lts; urgency=medium . * ZF2015-08: Potential SQL injection vector usi

[SECURITY] [DLA 326-1] zendframework security update

terminator, allowing an attacker to add arbitrary SQL following a null byte, and thus create a SQL injection. For Debian 6 Squeeze, this issue has been fixed in zendframework version 1.10.6-1squeeze6. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris

flightgear upload for squeeze

and headers in order that the backported itself patch applied with minimal mangling. (Part of training, hence the low-priority package.) Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-

[SECURITY] [DLA 363-1] libphp-phpmailer security update

. For Debian 6 Squeeze, this issue has been fixed in libphp-phpmailer version 5.1-1+deb6u11. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJWZyKJAAoJEB6VPifUMR5YRHQP

Accepted libphp-phpmailer 5.1-1+deb6u11 (source all) into squeeze-lts

hanged-By: Chris Lamb <la...@debian.org> Description: libphp-phpmailer - full featured email transfer class for PHP Closes: 807265 Changes: libphp-phpmailer (5.1-1+deb6u11) squeeze-lts; urgency=high . * CVE-2015-8476: Reject line breaks in to, from, and HELO calls to avoid command inject

Accepted foomatic-filters 4.0.5-6+squeeze2+deb6u11 (source amd64) into squeeze-lts

int...@lists.debian.org> Changed-By: Chris Lamb <la...@debian.org> Description: foomatic-filters - OpenPrinting printer support - filters Closes: 806886 Changes: foomatic-filters (4.0.5-6+squeeze2+deb6u11) squeeze-lts; urgency=high . * CVE-2015-8327: Fix insufficient script injectio

[SECURITY] [DLA 365-1] foomatic-filters security update

to convert incoming PostScript data into the printer's native format. For Debian 6 Squeeze, this issue has been fixed in foomatic-filters version 4.0.5-6+squeeze2+deb6u11 Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk

Re: squeeze update of cacti?

le -- push a patch upstream. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-

Re: DSA for libphp-phpmailer?

> The version in Wheezy is identical to the one in Squeeze, and has > already been fixed via LTS. Chris, are you willing to prepare the upload > for Wheezy too? No problem, will get to it. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-

[SECURITY] [DLA 369-1] pygments security update

. For Debian 6 Squeeze, this issue has been fixed in pygments version 1.3.1+dfsg-1+deb6u11. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -BEGIN PGP SIGNATURE- Version: GnuPG v1

Re: squeeze update of cacti?

ted it, here is the diffoscope comparison from the previous version in squeeze: https://try.diffoscope.org/zbpxqvgckury.html Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-

Re: squeeze update of cacti?

nouncements, etc. Either way is fine, just let me know :) Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-

[SECURITY] [DLA 374-3] cacti regression update

+squeeze9+deb6u12. For Debian 6 Squeeze, this issue has been fixed in cacti version 0.8.7g-1+squeeze9+deb6u13. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -BEGIN PGP SIGNATURE- Version: GnuPG v1

Re: Accepted cacti 0.8.7g-1+squeeze9+deb6u13 (source all) into squeeze-lts

ributed; I made the assumption that you would either not care or you had seen exactly what I had done. Will do so in future though, noted. Best, -- Chris Lamb chris-lamb.co.uk / @lolamby

Accepted cacti 0.8.7g-1+squeeze9+deb6u12 (source all) into squeeze-lts

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 30 Dec 2015 17:40:37 +0100 Source: cacti Binary: cacti Architecture: source all Version: 0.8.7g-1+squeeze9+deb6u12 Distribution: squeeze-lts Urgency: high Maintainer: Sean Finney <sean...@debian.org> Changed-By: Chris La

[SECURITY] [DLA 374-2] cacti regression update

has been fixed in cacti version 0.8.7g-1+squeeze9+deb6u12. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJWhFlaAAoJEB6VPifUMR5YZf0P/1gCagSHYlvt850a/jIL7pwr

[SECURITY] [DLA 374-1] cacti security update

of monitoring systems. For Debian 6 Squeeze, this issue has been fixed in cacti version 0.8.7g-1+squeeze9+deb6u11. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -BEGIN PGP SIGNATURE- Version: GnuPG v1

Accepted cacti 0.8.7g-1+squeeze9+deb6u11 (source all) into squeeze-lts

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 26 Dec 2015 12:53:42 + Source: cacti Binary: cacti Architecture: source all Version: 0.8.7g-1+squeeze9+deb6u11 Distribution: squeeze-lts Urgency: high Maintainer: Sean Finney <sean...@debian.org> Changed-By: Chris La

Re: [Python-modules-team] squeeze update of python-django?

> > (I took it in dla-needed.txt but please take it back) > > Well, first come, first served, so go ahead if you want to work on it > right now. Uploaded; apologies for not following up here earlier. Regards, -- ,''`. : :' : Chris Lamb `. `'` l

Accepted python-django 1.2.3-3+squeeze15 (source all) into squeeze-lts

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 25 Nov 2015 23:16:40 +0200 Source: python-django Binary: python-django python-django-doc Architecture: source all Version: 1.2.3-3+squeeze15 Distribution: squeeze-lts Urgency: medium Maintainer: Chris Lamb <la...@debian.

Re: [Python-modules-team] squeeze update of python-django?

; Raphaël Hertzog ◈ Debian Developer > > Support Debian LTS: http://www.freexian.com/services/debian-lts.html > Learn to master Debian: http://debian-handbook.info/get/ > -- Chris Lamb chris-lamb.co.uk / @lolamby

Accepted redmine 1.0.1-2+deb6u11 (source all) into squeeze-lts

apo...@melix.org> Changed-By: Chris Lamb <la...@debian.org> Description: redmine- flexible project management web application redmine-mysql - metapackage providing MySQL dependencies for Redmine redmine-pgsql - metapackage providing PostgreSQL dependencies for Redmine redmine-sqlite -

Re: [SECURITY] [DLA 520-1] horizon security update

> All of Openstack is no longer support in Wheezy LTS. Please > don't spend time on unsupported packages. D'oh. I was aware of Openstack being unsupported, but somehow (!) didn't connect Horizon of being part of it.. Regards, -- ,''`. : :' : Chris Lamb `. `'`

[SECURITY] [DLA 520-1] horizon security update

heezy", this issue has been fixed in horizon version 2012.1.1-10+deb7u1. We recommend that you upgrade your horizon packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -BEGIN PGP SIGNATURE- Version

Accepted cacti 0.8.7g-1+squeeze9+deb6u14 (source all) into squeeze-lts

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 14 Jan 2016 11:54:27 +0100 Source: cacti Binary: cacti Architecture: source all Version: 0.8.7g-1+squeeze9+deb6u14 Distribution: squeeze-lts Urgency: medium Maintainer: Sean Finney <sean...@debian.org> Changed-By: Chri

[SECURITY] [DLA 386-1] cacti security update

, this issue has been fixed in cacti version 0.8.7g-1+squeeze9+deb6u14. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJWl4CaAAoJEB6VPifUMR5YSPAP/2rBTk9OnPlgQdc

Accepted prosody 0.7.0-1squeeze1+deb6u1 (source amd64) into squeeze-lts

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 16 Jan 2016 10:29:40 +0100 Source: prosody Binary: prosody Architecture: source amd64 Version: 0.7.0-1squeeze1+deb6u1 Distribution: squeeze-lts Urgency: high Maintainer: Matthew James Wild <mwi...@gmail.com> Changed-By:

Re: [SECURITY] [DLA 532-1] movabletype-opensource security update

ow > unsupported packages in a special status I have pushed preliminary support for this. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-

Re: Preparing to announce Squeeze LTS end-of-life

nouncement. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-

[SECURITY] [DLA 429-1] pixman security update

in pixman version 0.16.4-1+deb6u2. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJWzhtTAAoJEB6VPifUMR5YxpgP/i/rSAJkBQE+xoVgnaCcR6Sn

squeeze update of websvn?

the updated package before it gets released. Thank you very much. Chris Lamb, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https://anonscm.debian.org

squeeze update of tomcat6?

. Chris Lamb, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup Regards

[SECURITY] [DLA 431-1] libfcgi-perl security update

web server protocol for Perl. For Debian 6 Squeeze, this issue has been fixed in libfcgi-perl version 0.71-1+squeeze1+deb6u1. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -BEGIN PGP SIGNATURE- Version: GnuPG v1

[SECURITY] [DLA 430-1] libfcgi security update

. For Debian 6 Squeeze, this issue has been fixed in libfcgi version 2.4.0-8+deb6u1. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -BEGIN PGP SIGNATURE- Version: GnuPG v1

Accepted libfcgi-perl 0.71-1+squeeze1+deb6u1 (source amd64) into squeeze-lts

ain...@lists.alioth.debian.org> Changed-By: Chris Lamb <la...@debian.org> Description: libfcgi-perl - helper module for FastCGI Closes: 815840 Changes: libfcgi-perl (0.71-1+squeeze1+deb6u1) squeeze-lts; urgency=high . * CVE-2012-6687: Fix remote denial of service via a large number of

squeeze update of libssh?

the updated package before it gets released. Thank you very much. Chris Lamb, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https://anonscm.debian.org

Accepted nginx 0.7.67-3+squeeze4+deb6u1 (source amd64) into squeeze-lts

hanged-By: Chris Lamb <la...@debian.org> Description: nginx - small, but very powerful and efficient web server and mail proxy nginx-dbg - Debugging symbols for nginx Closes: 812806 Changes: nginx (0.7.67-3+squeeze4+deb6u1) squeeze-lts; urgency=high . * CVE-2016-0742: Invalid pointer

[SECURITY] [DLA 404-1] nginx security update

, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJWqI/TAAoJEB6VPifUMR5YdrcP/20Tm257pxDmud0zbGC8OaJV kciLXfhxIJhkzjNEDJW85uh9rIeeOabhoLDLm7uyN59v4W+tD4LVfYKHQ6XQ+RE+ dmxD+/YUzKAZzWuQVo0qNgVXuDaGrj

[SECURITY] [DLA 420-1] libmatroska security update

leak. For Debian 6 Squeeze, this issue has been fixed in libmatroska version 0.8.1-1.1+deb6u1. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -BEGIN PGP SIGNATURE- Version: GnuPG v1

Accepted xdelta3 0y.dfsg-1+deb6u1 (source amd64) into squeeze-lts

hanged-By: Chris Lamb <la...@debian.org> Description: python-xdelta3 - Xdelta3 python module xdelta3- A diff utility which works with binary files Closes: 814067 Changes: xdelta3 (0y.dfsg-1+deb6u1) squeeze-lts; urgency=high . * CVE-2014-9765: Fix buffer overflow in main_get_apphe

Accepted libmatroska 0.8.1-1.1+deb6u1 (source amd64) into squeeze-lts

maintainers <pkg-multimedia-maintain...@lists.alioth.debian.org> Changed-By: Chris Lamb <la...@debian.org> Description: libmatroska-dev - extensible open standard audio/video container format libmatroska0 - extensible open standard audio/video container format Changes: libmatroska (0.8.

Re: Archive of squeeze-lts ?

Hi Marc, > I am under the impression that most mirrors, in the world, have > emptied their squeeze-lts mirror. If yes, where can the files > be found ? archive.debian.org :) Best wishes, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-

[SECURITY] [DLA 482-1] libgd2 security update

attackers to cause a denial of service via a crafted imagefilltoborder call. For Debian 7 "Wheezy", this issue has been fixed in libgd2 version 2.0.36~rc1~dfsg-6.1+deb7u3. We recommend that you upgrade your libgd2 packages. Regards, - -- ,''`. : :' : Chris Lamb `. `

Re: No DLA for xen, librsvg, libidn?

email address - that way you can immediately test whether the email was signed correctly and not immediately mangled by your MTA.) Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-

Wheezy update of mysql-5.5?

or not. If you don't want to take care of this update, it's not a problem, we will do our best with your package. Just let us know whether you would like to review and/or test the updated package before it gets released. Thank you very much. Chris Lamb, on behalf of the Debian LTS team. PS

Re: Wheezy update of dietlibc?

etlibc is a static library. I need some help here - do I simply request these in the usual way? I have not done this for security before. > gbp buildpackage --git-pristine-tar --git-debian-branch=wheezy It's still "git-buildpackage" in wheezy's version! ;) Regards, -- ,''`.

Wheezy update of icu?

the updated package before it gets released. Thank you very much. Chris Lamb, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https://anonscm.debian.org

Re: Bug#832908: mongodb: CVE-2016-6494: world-readable .dbshell history file: LTS update and upgrade handling

rther down in the file) as it was to just change this specific > case of logging. Well, sure, of course. :) Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-

Re: Bug#832908: mongodb: CVE-2016-6494: world-readable .dbshell history file: LTS update and upgrade handling

olated to just this bit? Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-

Re: Redis not uploaded and timely security announcements

Chris Lamb wrote: > > DLA-577-1 has been issued two days ago but redis hasn't been uploaded > > yet. [..] > Could these checks be automated instead of relying on a diligent > front-desk..?) I've pushed such a script as bin/lts-missing-uploads.py. Please consider it to be proo

Re: Wheezy update of libsys-syslog-perl?

> The patch looks good to me Same here. Regards, -- Chris Lamb chris-lamb.co.uk / @lolamby

Re: Redundant emails - front desk

g.. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-

Wheezy update of dietlibc?

and/or test the updated package before it gets released. Thank you very much. Chris Lamb, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https

Re: Wheezy update of dietlibc?

ead. > So I assume as a next step I should upload the package > I've already prepared, right? Is that possible for DMs? I.. don't actually know! No harm in trying to upload as an DM. If it fails, please me know and I can upload it for you. Regards, -- ,''`. : :' : Chris

Wheezy update of shadow?

us know whether you would like to review and/or test the updated package before it gets released. Thank you very much. Chris Lamb, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone

Accepted drupal7 7.14-2+deb7u14 (source all) into oldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 15 Jul 2016 09:35:17 +0200 Source: drupal7 Binary: drupal7 Architecture: source all Version: 7.14-2+deb7u14 Distribution: wheezy-security Urgency: high Maintainer: Luigi Gangitano <lu...@debian.org> Changed-By: Chris La

Re: CVE-2016-6232 / kdelibs4

his topic around busybox/CVE-2011-5325) Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-

Re: find-work script no longer working on stable

ii' codec can't encode character '\xe1' in position 13: ordinal not in range(128) > Or can we in some other way make it work also on Debian stable? I've fixed the above issue in 19dab98. No need to jump to reverting stuff.. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-

Re: find-work script no longer working on stable

egards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-

Re: find-work script no longer working on stable

g to Python 3..) Anyway, glad it's working for you now. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-

Re: find-work script no longer working on stable

> He did post the entire traceback. Nope, or at least not in my MTA.. http://i.imgur.com/VD7Xmpb.jpg *shrugs* -- Chris Lamb chris-lamb.co.uk / @lolamby

Re: Redis not uploaded and timely security announcements

Chris Lamb wrote: > > DLA-577-1 has been issued two days ago but redis hasn't been uploaded > > yet. Chris could you investigate please? > > Very odd; I distinctly remember uploading this as my machine was > aggressively firewalled (internet cafe!) so I had to route it t

Re: Redis not uploaded and timely security announcements

n > the dak problem is solved on security-master, ansgar told me he will look > into it tonight. Just received "redis_2.4.14-1+deb7u1_amd64.changes ACCEPTED into oldstable". Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-

Accepted redis 2:2.4.14-1+deb7u1 (source amd64) into oldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 01 Aug 2016 11:32:06 -0400 Source: redis Binary: redis-server Architecture: source amd64 Version: 2:2.4.14-1+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Chris Lamb <la...@debian.org> Changed-By: Chri

Re: Wheezy update of dietlibc?

f view, I will assume I will then issue a single DLA, mentioning the n packages that were rebuilt. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-

Wheezy update of uclibc?

let us know whether you would like to review and/or test the updated package before it gets released. Thank you very much. Chris Lamb, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone

Wheezy update of libgcrypt11?

the updated package before it gets released. Thank you very much. Chris Lamb, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https

[SECURITY] [DLA 810-1] libarchive security update

. For Debian 7 "Wheezy", this issue has been fixed in libarchive version 3.0.4-3+wheezy5+deb7u1. We recommend that you upgrade your libarchive packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -BEGIN PGP

[SECURITY] [DLA 817-1] libphp-phpmailer security update

Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAliYOsMACgkQHpU+J9Qx HlhV4BAAoiPxzEcuo/886pJcR8ogmVvVCK5CBviEne259wRsSG7N2cZFuY8oYhY/ MhV+24YM0eNkclxk7KlHASRMXgsm1I+ocfpdbqFIiT

Accepted libphp-phpmailer 5.1-1.3+deb7u1 (source all) into oldstable

hanged-By: Chris Lamb <la...@debian.org> Description: libphp-phpmailer - full featured email transfer class for PHP Closes: 853232 Changes: libphp-phpmailer (5.1-1.3+deb7u1) wheezy-security; urgency=high . * CVE-2017-5223: Fix vulnerability caused by insufficient parsing of HTML

Accepted hesiod 3.0.2-21+deb7u1 (source amd64) into oldstable

hanged-By: Chris Lamb <la...@debian.org> Description: hesiod - Project Athena's DNS-based directory service - utilities libhesiod-dev - Project Athena's DNS-based directory service - development files libhesiod0 - Project Athena's DNS-based directory service - libraries Closes: 8

Wheezy update of wireshark?

and/or test the updated package before it gets released. You can also opt-out from receiving future similar emails in your answer and then the LTS Team will take care of wireshark updates for the LTS releases. Thank you very much. Chris Lamb, on behalf of the Debian LTS team. PS: A member

Accepted wireshark 1.12.1+g01b65bf-4+deb8u6~deb7u6 (source amd64 all) into oldstable

libwiretap4 libwiretap-dev Architecture: source amd64 all Version: 1.12.1+g01b65bf-4+deb8u6~deb7u6 Distribution: wheezy-security Urgency: high Maintainer: Balint Reczey <bal...@balintreczey.hu> Changed-By: Chris Lamb <la...@debian.org> Description: libwireshark-data - network packet dissec

Wheezy update of tomcat7?

and/or test the updated package before it gets released. You can also opt-out from receiving future similar emails in your answer and then the LTS Team will take care of tomcat7 updates for the LTS releases. Thank you very much. Chris Lamb, on behalf of the Debian LTS team. PS: A member of the LTS

Re: Wheezy update of chicken?

hanges... Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-

[SECURITY] [DLA 596-1] extplorer security update

packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -BEGIN PGP SIGNATURE- iQIcBAEBCAAGBQJXskJOAAoJEB6VPifUMR5Y7FsP/Ap8+dtoh5Cu6V4kzEJytxl5 Uh5/vS5wU/IeP6sl7qSlfcWQTAksMFqi1A/DVWyQe4yQ

Accepted cracklib2 2.8.19-3+deb7u1 (source amd64) into oldstable

Maintainer: Jan Dittberner <ja...@debian.org> Changed-By: Chris Lamb <la...@debian.org> Description: cracklib-runtime - runtime support for password checker library cracklib2 libcrack2 - pro-active password checker library libcrack2-dev - pro-active password checker library - devel

[SECURITY] [DLA 598-1] suckless-tools security update

t;Wheezy", this issue has been fixed in suckless-tools version 38-2+deb7u1. We recommend that you upgrade your suckless-tools packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -BEGIN

Accepted suckless-tools 38-2+deb7u1 (source amd64) into oldstable

hanged-By: Chris Lamb <la...@debian.org> Description: suckless-tools - simple commands for minimalistic window managers Changes: suckless-tools (38-2+deb7u1) wheezy-security; urgency=high . * CVE-2016-6866: Fix SEGV in slock when users account has been disabled. . The sc

[SECURITY] [DLA 599-1] cracklib2 security update

checker library. For Debian 7 "Wheezy", this issue has been fixed in cracklib2 version 2.8.19-3+deb7u1. We recommend that you upgrade your cracklib2 packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-

[SECURITY] [DLA 611-1] jsch security update

issue has been fixed in jsch version 0.1.42-2+deb7u1. We recommend that you upgrade your jsch packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -BEGIN PGP SIGNATURE- iQIcBAEBCAAGBQJXzbQ7AAoJEB6VPi

Re: Wheezy update of mailman?

have prepared an update for LTS: https://gist.githubusercontent.com/lamby/42b6636c257c730903a874e1edeee1f9/raw Let me know if I should go ahead and upload it. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-

[SECURITY] [DLA 608-1] mailman security update

to obtain a user's password. For Debian 7 "Wheezy", this issue has been fixed in mailman version 1:2.1.15-1+deb7u2. We recommend that you upgrade your mailman packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-

Accepted mailman 1:2.1.15-1+deb7u2 (source amd64) into oldstable

ack...@lists.alioth.debian.org> Changed-By: Chris Lamb <la...@debian.org> Description: mailman- Powerful, web-based mailing list manager Closes: 835970 Changes: mailman (1:2.1.15-1+deb7u2) wheezy-security; urgency=high . * CVE-2016-6893: Fix CSRF vulnerability associated in the user options pag

Re: Wheezy update of inspircd?

d as unsupported (and will do so by default). Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-

Re: Bug#837427: wheezy-pu: package libphp-adodb/5.15-1

lease, so I assume the diff is reasonably large. Good to know, thanks. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-

Accepted dwarfutils 20120410-2+deb7u1 (source amd64) into oldstable

hanged-By: Chris Lamb <la...@debian.org> Description: dwarfdump - utility to dump DWARF debug information from ELF objects libdwarf-dev - library to consume and produce DWARF debug information Changes: dwarfutils (20120410-2+deb7u1) wheezy-security; urgency=high . * Specify "3.0 (

Wheezy update of irssi?

much. Chris Lamb, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup

Accepted freeimage 3.15.1-1.1+deb7u1 (source amd64) into oldstable

Group <packa...@qa.debian.org> Changed-By: Chris Lamb <la...@debian.org> Description: libfreeimage-dev - Support library for graphics image formats (development files) libfreeimage3 - Support library for graphics image formats (library) libfreeimage3-dbg - Support library for graphics i

[SECURITY] [DLA DLA-649-1] python-django security update

o packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -BEGIN PGP SIGNATURE- iQIcBAEBCAAGBQJX9sCkAAoJEB6VPifUMR5Y/NkP/3pn6GIrzDur8U8jMGEpsrCL Rx0iCzsPte80mRW7c5FQhqYtEFq5LKikjIoGeMeshUKck6vdXiI34T

Re: matrixssl

and push to > ssh://git.debian.org/git/collab-maint/debian-security-support.git Yes :) > Do I need to ask anybody before doing so? No. With my FD hat on, I went ahead and did this. :) Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-

Wheezy update of icu?

. Chris Lamb, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup Regards

[SECURITY] [DLA 634-1] dropbear security update

message formatting. - CVE-2016-7407: Overflows when parsing OpenSSH's ASN.1 key format. For Debian 7 "Wheezy", this issue has been fixed in dropbear version 2012.55-1.3+deb7u1. We recommend that you upgrade your dropbear packages. Regards, - -- ,''`. : :' :

  1   2   3   4   5   6   7   8   9   10   >