and/or test the updated package before it gets released.
You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of glusterfs updates
for the LTS releases.
Thank you very much.
Chris Lamb,
on behalf of the Debian LTS team.
PS: A member of the LTS
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlwyVjMACgkQHpU+J9Qx
Hlii2RAArou3FE/tuZDRzJq34JmyRg8VToxpSWIqSEyIFlqnzHwzPEHLb19LoRBe
hgSDjf9+Hzr72jjZhRbMyILJcLhjq
omeone can jump in, please do so.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Maintainer: Matthias Klose
Changed-By: Chris Lamb
Description:
python-lxml - pythonic binding for the libxml2 and libxslt libraries
python-lxml-dbg - pythonic binding for the libxml2 and libxslt libraries
(debug ext
python-lxml-doc - pythonic binding for the libxml2 and libxslt libraries
quot; URLs that used escaping such as
"j a v a s c r i p t". This is a similar issue to CVE-2014-3146.
For Debian 8 "Jessie", this issue has been fixed in lxml version
3.4.0-1+deb8u1.
We recommend that you upgrade your lxml packages.
Regards,
- --
,''`.
: :' :
r packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlv3y1IACgkQHpU+J9Qx
HliU8BAAtr8bEDPNoCYMmRIa39i/IWQp7cRW3NjF0iP6Kp6mR1/ZLICG
nerate and send the DLA announcement, and
additionally take over the claim in dla-needed.txt to avoid any
possible duplication:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a505bc0a18ed24f13643ce581065fc132cb2f88d
Regards,
--
,''`.
: :' : Chri
Chris Lamb wrote:
> I will take libphp-phpmailer
I have uploaded this and announced it as DLA 1591-1.
Thank you Abhijith for your debdiff. I completely (and
embarrassingly...) failed to credit you in the DLA announcement,
I'm afraid. :(
Regards,
--
,''`.
: :' : Chris L
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlv1JIIACgkQHpU+J9Qx
HlgpiQ/+J7IlWMZcUr00qRKpShdJviGrhcYow4a7chQ5wKGIn4x/KnOfy/B9f3Zh
JAYtfFpMmPZIfv
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 21 Nov 2018 10:20:34 +0100
Source: ruby-i18n
Binary: ruby-i18n
Architecture: source all
Version: 0.6.9-2+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Ruby Extras Maintainers
Changed-By: Chris Lamb
Changed-By: Chris Lamb
Description:
ruby-rack - Modular Ruby webserver interface
Closes: 913005
Changes:
ruby-rack (1.5.2-3+deb8u2) jessie-security; urgency=high
.
* CVE-2018-16471: Prevent a possible XSS vulnerability where a malicious
request could impact the HTTP/HTTPS scheme
the HTTP/HTTPS scheme being returned
to the underlying application.
For Debian 8 "Jessie", this issue has been fixed in ruby-rack version
1.5.2-3+deb8u2.
We recommend that you upgrade your ruby-rack packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@
s.
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
symfony_2.3.21+dfsg-4+deb8u3_amd64.build.xz
Description: application/xz
of arbitrary type.
For Debian 8 "Jessie", this issue has been fixed in libextractor version
1:1.3-2+deb8u3.
We recommend that you upgrade your libextractor packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
: Bertrand Marc
Changed-By: Chris Lamb
Description:
extract- displays meta-data from files of arbitrary type
libextractor-dbg - extracts meta-data from files of arbitrary type (debug)
libextractor-dev - extracts meta-data from files of arbitrary type
(development)
libextractor3 - extracts meta
kamailio-extra-modules
Architecture: source amd64
Version: 4.2.0-2+deb8u5
Distribution: jessie-security
Urgency: high
Maintainer: Debian VoIP Team
Changed-By: Chris Lamb
Description:
kamailio - very fast and configurable SIP proxy
kamailio-autheph-modules - authentication using ephemeral credentials
packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAluY7XsACgkQHpU+J9Qx
Hlio4hAAp1aSCGFey+nsDuyxF5ai68qQfCGpQJnqlEFO
Ben Hutchings wrote:
> This presumably needs to be fixed for jessie LTS as well, and I see
> Chris Lamb has claimed it.
I took the "claim" here so that there was definitely someone in the
LTS team who would ensure everything was followed-through, which
seems like it has happ
Hi Holger,
> the number of missing DLAs on https://www.debian.org/lts/security/ has
> recently gone up again. Missing are:
[..]
> Chris Lamb [DLA 1719-1] libjpeg-turbo security update
Really sorry about this. I've made a corresponding MR, now pending
merge. I think I manage
to http.NewRequest could allow execution of arbitrary
HTTP headers or Redis commands.
For Debian 8 "Jessie", this issue has been fixed in golang version
2:1.3.3-1+deb8u2.
We recommend that you upgrade your golang packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `
Team
Changed-By: Chris Lamb
Description:
golang - Go programming language compiler - metapackage
golang-doc - Go programming language compiler - documentation
golang-go - Go programming language compiler
golang-go-darwin-386 - Go standard library compiled for darwin_386
golang-go-darwin
too and happy to take this. Claimed package in:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/dd5c546e66da71f4029f09337a84aadaa527dcce
Looking forward to receiving your debdiffs. :)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
the updated package before it gets released.
You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of systemd updates
for the LTS releases.
Thank you very much.
Chris Lamb,
on behalf of the Debian LTS team.
PS: A member of the LTS team
the updated package before it gets released.
You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of drupal7 updates
for the LTS releases.
Thank you very much.
Chris Lamb,
on behalf of the Debian LTS team.
PS: A member of the LTS team
files from a server
using rssh.
Please see <https://bugs.debian.org/921655> for more information.
For Debian 8 "Jessie", this issue has been addressed in rssh
version 2.3.4-4+deb8u3.
We recommend that you upgrade your rssh packages.
Regards,
- --
,''`.
: :'
* The fix for the scp security vulneraability in 2.3.4-5+deb9u1
+ * The fix for the scp security vulnerability in 2.3.4-4+deb8u2
.. and released this as a DLA-1660-2 "regression" update. I will leave
the stable update to the security team.
Best wishes,
--
,''`.
: :
rect relevance to the
upstream changes listed on #920018, however.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
Bunk
[DLA 1688-1] waagent update — Bastian Blank
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
at least it doesn't make the connection very
obvious to someone installing the package. I think that was mostly why
I got sucked into this review in the first place. :)
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
ently
missing the latter.
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
ot"...?)
>
> What parts seem confusing to you? We are deleting our custom scripts and
> using the autogenerated scripts.
It is not immediately and 100% clear from reading the changelog
entry (ie. from our user's point of view) why one is doing this. :)
Best wishes,
--
possible in stable/
securoty updates. Again, likely one for recording for posterity in
debian/changelog rather than on this quasi-ephemeral list.
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
eranble from the version number alone.
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
Hi Brian,
> Patch for Jessie attached.
Again, like ikiwiki, this appears to be backwards? :)
> Note this patch changes python-rdflib-tools from Python2 to
> Python3.
Hm, this makes me a little nervous...
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@d
Hi again,
> As attached.
Sorry to be a pain but can you remake this with --exclude="*/.pc/*"
or similar...? :)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
Architecture: source all amd64
Version: 1:1.3.1-12+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Ondřej Surý
Changed-By: Chris Lamb
Description:
libjpeg-dev - Development files for the JPEG library [dummy package]
libjpeg-turbo-progs - Programs for manipulating JPEG files
libjpeg
. A heap-based
buffer over-read could be triggered by a specially-crafted bitmap
(BMP) file.
For Debian 8 "Jessie", this issue has been fixed in libjpeg-turbo
version 1:1.3.1-12+deb8u2.
We recommend that you upgrade your libjpeg-turbo packages.
Regards,
- --
,''`.
: :' :
his is not sufficient, can you suggest something better?
Something that at least references why the build/runtime moves to
Python 3.x (or whatever). Running out of ways to try and explain
this angle. :)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
dovecot-solr dovecot-lucene dovecot-dbg
Architecture: source amd64
Version: 1:2.2.13-12~deb8u5
Distribution: jessie-security
Urgency: high
Maintainer: Dovecot Maintainers
Changed-By: Chris Lamb
Description:
dovecot-core - secure POP3/IMAP server - core files
dovecot-dbg - secure POP3/IMAP server
in as anyone else in the system if both
auth_ssl_{require_client,username_from}_cert were enabled.
For Debian 8 "Jessie", this issue has been fixed in dovecot version
1:2.2.13-12~deb8u5.
We recommend that you upgrade your dovecot packages.
Regards,
- --
,''`.
: :' :
attacks within in the elliptic curve cryptography handling in the
Go programming language libraries.
For Debian 8 "Jessie", this issue has been fixed in golang version
2:1.3.3-1+deb8u1.
We recommend that you upgrade your golang packages.
Regards,
- --
,''`.
: :' :
import "crypto/elliptic".
However, it could be using it transitively so it might be worth
uploading just in case.
Sound sensible?
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
then; I needed to hack the "sid|unstable" bit in
the code but didn't want to yak-shave that at the time!)
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
gt; upstream's claim that the function is private.
Upstream have not replied so I will upload and release the ssize_t
version shortly.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
[Adding 922...@bugs.debian.org to CC for completeness / BTS archive]
Chris Lamb wrote:
> > So using the ssize_t version that preserves the sizes of the arguments
> > and return type of the function is the safer choice, regardless of
> > upstream's claim that the f
essie", this issue has been fixed in gsoap version
2.8.17-1+deb8u2.
We recommend that you upgrade your gsoap packages. Thanks to Mattias
Ellert for their assistance in
preparing this update.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-
daemon .
> >
> > Is it really unsafe to issue a "rsync --server --daemon ." command so it
> > deserves to be blocked?`
FYI this is the patch in question:
https://sources.debian.org/src/rssh/2.3.4-11/debian/patches/0007-Verify-rsync-command-options.patch/#L15-L20
Reg
this. LTS team, just as a sanity check;
uploading each of these with "dpkg-buildpackage -S […]" should be
sufficient, right?
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Tue, 12 Feb 2019 10:32:13 +0100
Source: heartbleeder
Binary: heartbleeder
Architecture: source amd64
Version: 0.1.1-2+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: pkg-go
Changed-By: Chris Lamb
Description
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
S" security upload.
I assume you are not part of the LTS team so you cannot follow the
procedure outlined above, but would you object if I took your patch
and did the upload and announcement myself?
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
t to this thread as it discusses the merits of the patch:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f9c0c26172f864a9fb70c332d61dabd72b47a56e
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
Hi Mattias,
> What exactly do you want to run past upstream? It is not clear to me
> what you are requesting here.
Your change to the patch, no? :)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
Hi Mattias,
> The patch was based on the suggested fix from upstream which uses int.
> But I agree ssize_t is a better choice.
Thanks for attaching an updated debdiff. Can you run this past upstream?
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org
Hi Antoine,
> all golang Debian packages are (as elsewhere) statically compiled
> and linked so we'd need to rebuild all the rdeps
Hm. Can we avoid /all/ the rdeps? I mean, grep the rdeps for ones
that use this library?
Best wishes,
--
,''`.
: :' : Chri
first need to figure out which packages actually use that specific lib.
Shall we loop the golang maintainers in here? They might even have
such a script or otherwise have some insight here...
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
8 "Jessie", this issue has been fixed in roundup version
1.4.20-1.1+deb8u2.
We recommend that you upgrade your roundup packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sun, 07 Apr 2019 13:49:33 +0200
Source: roundup
Binary: roundup
Architecture: source all
Version: 1.4.20-1.1+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Kai Storbeck
Changed-By: Chris Lamb
Description:
roundup
: high
Maintainer: Debian XML/SGML Group
Changed-By: Chris Lamb
Description:
libxslt1-dbg - XSLT 1.0 processing library - debugging symbols
libxslt1-dev - XSLT 1.0 processing library - development kit
libxslt1.1 - XSLT 1.0 processing library - runtime library
python-libxslt1 - Python bindings
this issue has been fixed in libxslt version
1.1.28-2+deb8u4.
We recommend that you upgrade your libxslt packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
iQIzBAEBCAAdFiEEwv5L0nHBO
for the RRDTool
monitoring tool.
For Debian 8 "Jessie", this issue has been fixed in cacti version
0.8.8b+dfsg-8+deb8u7.
We recommend that you upgrade your cacti packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
uld make
more sense and likely be more efficient if the same developer did both.
Happy to either "take over" your claim or you take over mine; I will
hold off on the ELTS update in the meantime, however.
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
take over is ok. :)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
attacker could
abuse this to crash the process.
For Debian 8 "Jessie", this issue has been fixed in minissdpd version
1.2.20130907-3+deb8u2.
We recommend that you upgrade your minissdpd packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sun, 26 May 2019 22:47:10 +0100
Source: minissdpd
Binary: minissdpd
Architecture: source amd64
Version: 1.2.20130907-3+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Thomas Goirand
Changed-By: Chris Lamb
.
For Debian 8 "Jessie", this issue has been fixed in python-django version
1.7.11-1+deb8u5.
We recommend that you upgrade your python-django packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP
Maintainer: Debian Python Modules Team
Changed-By: Chris Lamb
Description:
python-django - High-level Python web development framework (Python 2 version)
python-django-common - High-level Python web development framework (common)
python-django-doc - High-level Python web development framework
seeing anything relevant. Is it still vulnerable? If so, we
should remove it from dla-needed.txt, naturally.
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
ever does look at the package does not miss your fine investigatory
work.
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
for this argument, causing libvirtd to execute a
crafted executable with its own privileges.
For Debian 8 "Jessie", these issues have been fixed in libvirt
version 1.2.9-9+deb8u7.
We recommend that you upgrade your libvirt packages.
Regards,
- --
,''`.
: :' :
+deb8u7
Distribution: jessie-security
Urgency: high
Maintainer: Debian Libvirt Maintainers
Changed-By: Chris Lamb
Description:
libvirt-bin - programs for the libvirt library
libvirt-clients - programs for the libvirt library
libvirt-daemon - programs for the libvirt library
libvirt-daemon
least {!r})".format(url, match.group()))
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
/?=896ef4a54b0578985e5e1360b141593f1d62837b
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
and/or test the updated package before it gets released.
You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of freeimage updates
for the LTS releases.
Thank you very much.
Chris Lamb,
on behalf of the Debian LTS team.
PS: A member of the LTS
were not authorised to read data were able to view the
access control list.
For Debian 8 "Jessie", this issue has been fixed in zookeeper version
3.4.9-3+deb8u2.
We recommend that you upgrade your zookeeper packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `
-zookeeper
Architecture: source all amd64
Version: 3.4.9-3+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers
Changed-By: Chris Lamb
Description:
libzookeeper-java - Core Java libraries for zookeeper
libzookeeper-java-doc - API Documentation for zookeeper
"Jessie", this issue has been fixed in dhcpcd5 version
6.0.5-2+deb8u1. Thanks to Roy Marples .
We recommend that you upgrade your dhcpcd5 packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sun, 19 May 2019 18:33:49 +0100
Source: dhcpcd5
Binary: dhcpcd5
Architecture: source amd64
Version: 6.0.5-2+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian QA Group
Changed-By: Chris Lamb
Description
-security
Urgency: high
Maintainer: Debian Python Modules Team
Changed-By: Chris Lamb
Description:
python-django - High-level Python web development framework (Python 2 version)
python-django-common - High-level Python web development framework (common)
python-django-doc - High-level Python web
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl0d/UMACgkQHpU+J9Qx
Hlj0VxAAsYAiH43oUyuJ6fUSPLPVrW8fKiP/xnrj4++cf4o3rCcyfbO8yHGrbHnR
t+LlUNnFELGHHxNWWN+PoJlgHqBKtdoCQrRA
-perl
Architecture: source all
Version: 1.3.3-1+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Debian Perl Group
Changed-By: Chris Lamb
Description:
lemonldap-ng - OpenID, CAS and SAML compatible Web-SSO system
lemonldap-ng-doc - Lemonldap::NG Web-SSO system documentation
-value
database.
For Debian 8 "Jessie", these issues have been fixed in redis version
2:2.8.17-1+deb8u7.
We recommend that you upgrade your redis packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 10 Jul 2019 10:39:57 -0300
Source: redis
Binary: redis-server redis-tools
Built-For-Profiles: nocheck
Architecture: source amd64
Version: 2:2.8.17-1+deb8u7
Distribution: jessie-security
Urgency: high
Maintainer: Chris Lamb
: Luigi Gangitano
Changed-By: Chris Lamb
Description:
squid-cgi - Full featured Web Proxy cache (HTTP proxy) - control CGI
squid-purge - Full featured Web Proxy cache (HTTP proxy) - control utility
squid3 - Full featured Web Proxy cache (HTTP proxy)
squid3-common - Full featured Web Proxy
"Jessie", these issues have been fixed in squid3
version 3.4.8-6+deb8u7.
We recommend that you upgrade your squid3 packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP
packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlzB7uYACgkQHpU+J9Qx
HlhIWhAAo+ifxwrm/7ZsDfWkAn27/3oEHCBK/QKMNLuRIdK9
recommend that you upgrade your python-django packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl0abvYACgkQHpU+J9Qx
Hli6HQ//dSBNZSZJu42iLTz
date the website here:
https://salsa.debian.org/webmaster-team/webwml/merge_requests/169
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
be 110%
trusted or otherwise treated as gospel. I'd rather write a note,
however unconfirmed, than not, if you see what I mean.
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
: Debian Java Maintainers
Changed-By: Chris Lamb
Description:
libcommons-beanutils-java - Apache Commons BeanUtils - Utility for
manipulating Java beans
libcommons-beanutils-java-doc - Apache Commons BeanUtils - Documentation
Changes:
commons-beanutils (1.9.2-1+deb8u1) jessie-security; urgency=high
.
For Debian 8 "Jessie", this issue has been fixed in commons-beanutils
version 1.9.2-1+deb8u1.
We recommend that you upgrade your commons-beanutils packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
eb8u1.
We recommend that you upgrade your pump packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl1tHDQACgkQHpU+J9Qx
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Mon, 02 Sep 2019 14:32:57 +0100
Source: pump
Binary: pump
Architecture: source amd64
Version: 0.8.24-7+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Philippe Coval
Changed-By: Chris Lamb
Description:
pump
Changed-By: Chris Lamb
Description:
memcached - high-performance memory object caching system
Closes: 939337
Changes:
memcached (1.4.21-1.1+deb8u3) jessie-security; urgency=high
.
* CVE-2019-15026: Prevent a stack-based buffer over-read in conn_to_str.
(Closes: #939337)
* Add debian
0-6+deb8u6.
We recommend that you upgrade your expat packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl1ya08ACg
Maintainer: Laszlo Boszormenyi (GCS)
Changed-By: Chris Lamb
Description:
expat - XML parsing C library - example application
lib64expat1 - XML parsing C library - runtime library (64bit)
lib64expat1-dev - XML parsing C library - development kit (64bit)
libexpat1 - XML parsing C library - runtime
over
the internet.
For Debian 8 "Jessie", this issue has been fixed in curl version
7.38.0-4+deb8u16.
We recommend that you upgrade your curl packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP
+deb8u16
Distribution: jessie-security
Urgency: high
Maintainer: Alessandro Ghedini
Changed-By: Chris Lamb
Description:
curl - command line tool for transferring data with URL syntax
libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour)
libcurl3-dbg - debugging symbols
-security
Urgency: high
Maintainer: Debian Python Modules Team
Changed-By: Chris Lamb
Description:
python-django - High-level Python web development framework (Python 2 version)
python-django-common - High-level Python web development framework (common)
python-django-doc - High-level Python web
s/
Thanks to Carlton Gibson et al. for their handling of these issues.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
-BEGIN PGP SIGNATURE-
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl1JTwwACg
501 - 600 of 927 matches
Mail list logo
