[SECURITY] [DLA 3123-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3123-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort September 27, 2022

[SECURITY] [DLA 3138-1] bind9 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3138-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort October 05, 2022

buster LTS open, don't conflict with OPU

Hi, The changes to transition buster to LTS have been implemented, and buster is now open for LTS uploads. I tested it with the xorg-server update and found a couple of issues on the wanna-build side, but those are solved now, and things should be fine. IMPORTANT: before preparing/releasing

Re: EOL candidates for security-support-ended.deb10

On 05/08/2022 11:48, Raphael Hertzog wrote: Hello, On Wed, 03 Aug 2022, Sylvain Beucler wrote: OpenStack: we tend not to support openstack beyond upstream's support, but I'm having a hard time associating the components version with OpenStack's major version; possibly other openstack packages

Re: EOL candidates for security-support-ended.deb10 (recap)

Hi Sylvain, On 09/08/2022 19:04, Sylvain Beucler wrote: Hi, Here's a little recap for security-support-ended.deb9 -> deb10 evaluation, following our discussion, also including dropped entries for completeness/transparency: Supported again in buster: - ansible - chromium chromium was

Re: EOL candidates for security-support-ended.deb10 (recap)

On 10/08/2022 17:10, Sylvain Beucler wrote: Hi, On 10/08/2022 11:47, Emilio Pozuelo Monfort wrote: On 09/08/2022 19:04, Sylvain Beucler wrote: Here's a little recap for security-support-ended.deb9 -> deb10 evaluation, following our discussion, also including dropped entries for completen

[SECURITY] [DLA 3070-1] gnutls28 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3070-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort August 11, 2022

[SECURITY] [DLA 3072-1] postgresql-11 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3072-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort August 11, 2022

[SECURITY] [DLA 3071-1] libtirpc security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3071-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort August 11, 2022

Re: postgresql-11 11.17-0+deb10u1

Hi Christoph, On 11/08/2022 14:10, Christoph Berg wrote: Hi, I just uploaded postgresql-11, if anyone wants to do the LTS paperwork for that: postgresql-11 (11.17-0+deb10u1) buster-security; urgency=medium * New upstream version. + Do not let extension scripts replace objects not

[SECURITY] [DLA 3068-1] xorg-server security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3068-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort August 04, 2022

Re: updating debian-security-support(.limited) in buster and bullseye (Re: EOL candidates for security-support-ended.deb10 (recap))

On 17/08/2022 11:19, Holger Levsen wrote: On Sat, Aug 13, 2022 at 09:30:03AM +, Holger Levsen wrote: - today prepare buster branch for release (33% done, see below) - today until aug 23: possible further updates to the master branch which then get copied to the buster branch - aug 23:

[SECURITY] [DLA 3073-1] webkit2gtk security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3073-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort August 17, 2022

webkit2gtk update in buster

Hi Berto, Thanks for the updated webkit2gtk package in buster! Since buster is now under LTS, it needs a separate announcement (DLA). Are you planning on releasing one yourself, or would you prefer if someone on the LTS team handled it? Cheers, Emilio

[SECURITY] [DLA 3074-1] epiphany-browser security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3074-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort August 18, 2022

[SECURITY] [DLA 3241-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3241-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort December 15, 2022

[SECURITY] [DLA 3242-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3242-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort December 15, 2022

[SECURITY] [DLA 3243-1] php7.3 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3243-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort December 15, 2022

[SECURITY] [DLA 3196-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3196-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 17, 2022

[SECURITY] [DLA 3199-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3199-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 17, 2022

[SECURITY] [DLA 3275-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3275-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort January 19, 2023

[SECURITY] [DLA 3274-1] webkit2gtk security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3274-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort January 19, 2023

[SECURITY] [DLA 3185-1] xorg-server security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3185-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 10, 2022

[SECURITY] [DLA 3183-1] webkit2gtk security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3183-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 09, 2022

Re: Accepted dropbear 2018.76-5+deb10u2 (source) into oldstable

Hi Utkarsh, On 28/10/2022 14:30, Debian FTP Masters wrote: Format: 1.8 Date: Fri, 28 Oct 2022 17:29:39 +0530 Source: dropbear Architecture: source Version: 2018.76-5+deb10u2 Distribution: buster-security Urgency: high Maintainer: Guilhem Moulin Changed-By: Utkarsh Gupta Changes: dropbear

[SECURITY] [DLA 3364-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3364-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort March 17, 2023

[SECURITY] [DLA 3365-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3365-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort March 20, 2023

[SECURITY] [DLA 3367-1] libdatetime-timezone-perl security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3367-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort March 24, 2023

[SECURITY] [DLA 3366-1] tzdata new timezone database

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3366-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort March 24, 2023

Re: (E)LTS improved salsa pipeline support

On 19/03/2023 07:50, Bastien Roucariès wrote: Le jeudi 16 mars 2023 09:34:17 UTC, vous avez écrit : Hi, Hi, I have been working in improving our Salsa pipeline support for LTS and ELTS. Right now builds were failing for jessie and while stretch builds were still somewhat working, they were

Re: (E)LTS improved salsa pipeline support

On 17/03/2023 19:39, Raphael Hertzog wrote: Hi, On Thu, 16 Mar 2023, Emilio Pozuelo Monfort wrote: The result is an improved pipeline with better support for both LTS and ELTS. [1] Great work Emilio! It would be nice to have all this properly documented in https://lts-team.pages.debian.net

Re: [SECURITY] [DLA 3357-2] imagemagick regression update

Hi Bastien, On 18/03/2023 18:56, Bastien Roucaries wrote: From: imagemagick <> To: debian-lts-annou...@lists.debian.org Subject: [SECURITY] [DLA 3357-2] imagemagick regression update - Debian LTS Advisory DLA-3357-2

Re: Using Salsa-CI as pre-upload QA for Bullseye and Buster uploads: Lintian and Piuparts

Hi Otto, I do run lintian from the target release before upload (actually on every build). I don't think running lintian from sid for (old*)stable makes sense as I'm not interested in newly introduced warnings or errors that affect sid. I'm interested in having the most stable lintian

Re: (E)LTS improved salsa pipeline support

On 17/03/2023 06:39, Anton Gladky wrote: Hello Emilio, thanks for this update! I will test it on a couple of projects in the lts-team namespace and if everything is OK, we will switch all of them per batch-update. So, does it mean that we can drop the gitlab-ci.yml almost in all repos and let

(E)LTS improved salsa pipeline support

Hi, I have been working in improving our Salsa pipeline support for LTS and ELTS. Right now builds were failing for jessie and while stretch builds were still somewhat working, they were bound to break once the move to archive.debian.org happens, plus they were only building on a vanilla

[SECURITY] [DLA 3354-1] kopanocore security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3354-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort March 06, 2023

Re: RFC: ruby-loofah 2.2.3-1+deb10u2

Hi Daniel, On 13/03/2023 23:18, Daniel Leidert wrote: Hi there, I prepared my first LTS update. You can find it here: https://salsa.debian.org/lts-team/packages/ruby-loofah When I ran some test cases to see if all the vulnerabilities are fixed, I discovered that there is a slight behavioral

[SECURITY] [DLA 3324-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3324-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort February 20, 2023

[SECURITY] [DLA 3325-1] openssl security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3325-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort February 20, 2023

[SECURITY] [DLA 3320-1] webkit2gtk security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3320-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort February 17, 2023

[SECURITY] [DLA 3328-1] clamav security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3328-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort February 20, 2023

[SECURITY] [DLA 3319-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3319-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort February 16, 2023

[SECURITY] [DLA 3337-1] mariadb-10.3 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3337-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Otto Kekäläinen February 23, 2023

[SECURITY] [DLA 3338-1] git security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3338-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort February 23, 2023

[SECURITY] [DLA 3391-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3391-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort April 12, 2023

Re: (E)LTS improved salsa pipeline support

On 19/04/2023 18:16, Sylvain Beucler wrote: Hi, On 17/04/2023 21:36, Sylvain Beucler wrote: On 20/03/2023 09:40, Emilio Pozuelo Monfort wrote: On 17/03/2023 19:39, Raphael Hertzog wrote: On Thu, 16 Mar 2023, Emilio Pozuelo Monfort wrote: The result is an improved pipeline with better

[SECURITY] [DLA 3400-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3400-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort April 24, 2023

[SECURITY] [DLA 3413-1] libdatetime-timezone-perl new timezone database

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3413-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort May 02, 2023

[SECURITY] [DLA 3412-1] tzdata new timezone database

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3412-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort May 02, 2023

Re: (E)LTS improved salsa pipeline support

On 31/03/2023 06:19, Anton Gladky wrote: Hello Emilio, could you please provide an example, how the pipeline can be prepared? I set the value here [1], but it looks like the pipeline did not start. [1] https://salsa.debian.org/lts-team/packages/389-ds-base/-/pipelines The CI/CD configuration

Re: [Git][security-tracker-team/security-tracker][master] Reserve DLA-3389-1 for lldpd

Hi Chris, On 12/04/2023 10:16, Chris Lamb (@lamby) wrote: Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: d3d0edc1 by Chris Lamb at 2023-04-12T09:14:31+01:00 Reserve DLA-3389-1 for lldpd My previous reservation of DLA-3388-1 didnt successfully push

[SECURITY] [DLA 3307-1] openjdk-11 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3307-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort February 06, 2023

[SECURITY] [DLA 3308-1] webkit2gtk security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3308-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort February 06, 2023

[SECURITY] [DLA 3312-1] shim security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3312-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort February 08, 2023

Re: Upload MariaDB 1:10.3.37-0+deb10u1 ?

Hi Otto, On 07/02/2023 07:47, Otto Kekäläinen wrote: Hi! On Mon, 26 Dec 2022 at 14:08, Otto Kekäläinen wrote: On Mon, 5 Dec 2022 at 01:18, Utkarsh Gupta wrote: Hi Otto, On Mon, Dec 5, 2022 at 5:33 AM Otto Kekäläinen wrote: I didn't get a reply to this, so asking again. I could take

Re: [SECURITY] [DLA 3452-1] thunderbird security update

On 12/06/2023 17:10, sko...@uns.ac.rs wrote: Hi, Hi, On 12/06/2023 13:35, Miroslav Skoric wrote: Although unrelated with the security issues above, may I ask something that I noticed for the first time in Thunderbird 102.11.0 (32-bit) that annoys me and what differs from some older versions

Re: WebKit 2.40 update for buster

On 27/06/2023 16:18, Alberto Garcia wrote: On Tue, Jun 27, 2023 at 10:53:40AM +0200, Emilio Pozuelo Monfort wrote: I have been testing it a bit using a buster VM but I don't think this is very stable. After removing ~/.cache/epiphany, ~/.local/share/epiphany and ~/.local/share/webkitgtk I am

[SECURITY] [DLA 3490-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3490-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort July 11, 2023

[SECURITY] [DLA 3484-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3484-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort July 08, 2023

WebKit 2.40 update for buster

Hi, With the release of WebKitGTK+ 2.40, the series currently in buster, 2.38, has become EOL. Unfortunately 2.40 bumped the compiler and other library requirements quite a bit, so a backport wasn't easy, but I've managed to do it. It requires clang++-13 to build (which is presently in

[SECURITY] [DLA 3448-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3448-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort June 08, 2023

[SECURITY] [DLA 3452-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3452-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort June 12, 2023

Re: [SECURITY] [DLA 3452-1] thunderbird security update

Hi, On 12/06/2023 13:35, Miroslav Skoric wrote: Although unrelated with the security issues above, may I ask something that I noticed for the first time in Thunderbird 102.11.0 (32-bit) that annoys me and what differs from some older versions in the past, as I can remember:  In fact, a right

[SECURITY] [DLA 3510-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3510-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort July 31, 2023

Re: Accepted thunderbird 1:102.14.0-1~deb10u1 (source) into oldoldstable

Hi Sylvain, On 07/08/2023 11:46, Sylvain Beucler wrote: Hello Carsten, Thanks for updating Thunderbird for buster :) Do you want the LTS Team to take care of the DLA registration and announcement, or do you plan to do that yourself? Please send it out, or I can do it if you want. (I

Re: Accepted thunderbird 1:102.14.0-1~deb10u1 (source) into oldoldstable

On 08/08/2023 12:00, Emilio Pozuelo Monfort wrote: Hi Sylvain, On 07/08/2023 11:46, Sylvain Beucler wrote: Hello Carsten, Thanks for updating Thunderbird for buster :) Do you want the LTS Team to take care of the DLA registration and announcement, or do you plan to do that yourself

[SECURITY] [DLA 3521-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3521-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort August 08, 2023

Re: firefox on buster

Hi Chris, On 07/08/2023 23:57, Chris Frey wrote: I noticed firefox security updates for 102.14.x have been released for bullseye and bookworm, but not for buster (still on 102.13.x) Anything that an outsider can do to help with that? Given that the package is no longer in sid, I had a little

[SECURITY] [DLA 3523-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3523-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort August 09, 2023

Re: WebKit 2.40 update for buster

Hi Berto, On 19/06/2023 12:59, Alberto Garcia wrote: On Fri, Jun 02, 2023 at 02:17:37PM +0200, Emilio Pozuelo Monfort wrote: I have prepared a repository at deb [allow-insecure=yes] https://people.debian.org/~pochu/lts/webkit/ ./ I'd appreciate some testing of any webkit applications

Re: nvidia-graphics-drivers in DLA needed?

On 07/05/2023 10:20, Tobias Frost wrote: Hi, (this thread is linked in dla-needed.txt and such) I'm not sure about the status of the nvidia drivers in LTS, so I thought it is better to ask if or not we support nvidia-drivers Said that I've juse claimed them from dla-needed.txt and will work on

Re: nvidia-graphics-drivers in DLA needed?

On 10/05/2023 11:42, Tobias Frost wrote: On Wed, May 10, 2023 at 10:00:11AM +0200, Emilio Pozuelo Monfort wrote: On 07/05/2023 10:20, Tobias Frost wrote: Hi, (this thread is linked in dla-needed.txt and such) I'm not sure about the status of the nvidia drivers in LTS, so I thought

[SECURITY] [DLA 3417-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3417-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort May 11, 2023

[SECURITY] [DLA 3422-1] postgresql-11 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3422-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort May 15, 2023

[SECURITY] [DLA 3421-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3421-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort May 15, 2023

[SECURITY] [DLA 3419-1] webkit2gtk security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3419-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort May 12, 2023

Re: [SECURITY] [DLA 3735-1] runc security update

Hi, On 19/02/2024 07:11, Salvatore Bonaccorso wrote: Hi, On Mon, Feb 19, 2024 at 03:28:00AM +0100, Daniel Leidert wrote: - Debian LTS Advisory DLA-3735-1debian-lts@lists.debian.org

[SECURITY] [DLA 3697-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3697-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort December 29, 2023

[SECURITY] [DLA 3698-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3698-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort December 29, 2023

Policy queue in buster-security

Hi, We're in the process of setting up a policy queue for buster-security. That means that uploads to buster-security will end up in the policy queue, and get built there. Once things are ready (builds have happened, tests have been done, etc) the update can be released to buster-security and

Re: tinymce git repository

On 30/11/2023 09:29, Sean Whitton wrote: Hello Anton, Ola added tinymce to dla-needed.txt. I found . Could you let me know why the repository was archived? It's an empty repository, with no upstream sources or anything else. We

[SECURITY] [DLA 3661-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3661-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 23, 2023

[SECURITY] [DLA 3684-1] tzdata new timezone database

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3684-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort December 07, 2023

[SECURITY] [DLA 3674-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3674-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 30, 2023

[SECURITY] [DLA 3720-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3720-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort January 25, 2024

[SECURITY] [DLA 3727-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3727-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort January 31, 2024

[SECURITY] [DLA 3728-1] openjdk-11 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3728-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort January 31, 2024

[SECURITY] [DLA 3653-1] libclamunrar security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3653-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 15, 2023

[SECURITY] [DLA 3651-1] postgresql-11 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3651-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 14, 2023

Re: Question about the status of libclamunrar9/libclamunrar and CVE-2023-40477 in debian buster aka oldoldstable

On 13/11/2023 21:29, Markus Koschany wrote: Hi, Ist there any chance that the patched version (0.103.10) will be back- ported from bullseye? Thanks for the heads-up. We will update clamav in Buster to 0.103.10 as well to include the patches for libclamunrar. clamav is unaffected in Debian

[SECURITY] [DLA 3748-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3748-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort March 04, 2024

[SECURITY] [DLA 3747-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3747-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort March 04, 2024

Re: Security releases for ecosystems that use static linking

[ Adding debian-dak@ to Cc ] On 22/12/2023 09:54, Moritz Muehlenhoff wrote: On Thu, Dec 21, 2023 at 07:30:51PM -0300, Santiago Ruano Rincón wrote: So let me ask you: are you interested in addressing the infrastructure limitations to handle those kind of packages? and having some help for that?

Re: c-ares, CVE-2023-31147, CVE-2023-31124

On 23/06/2023 10:21, Moritz Muehlenhoff wrote: But in fact the view in the Debian security is a little misleading, given that it displays "vulnerable" all over the place, e.g. https://security-tracker.debian.org/tracker/CVE-2023-31147 It would be nice if that "unimportant" issues it would

Re: Guidance for CVE triage and listing packages in dla-needed.txt

On 14/03/2024 21:36, Roberto C. Sánchez wrote: - if a CVE is 'fixed' in LTS but 'ignored' in (old)stable, then the security team should be contacted to see if they would be willing to change to 'no-dsa' so that a point release fix can be made Small nitpick: a CVE 'ignored' for

[SECURITY] [DLA 3775-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3775-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort March 25, 2024

[SECURITY] [DLA 3769-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3769-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort March 23, 2024

Re: gtkwave update for {bookworm,bullseye,buster}-security

On 29/03/2024 00:06, Adrian Bunk wrote: Hi, attached are proposed debdiffs for updating gtkwave to 3.3.118 in {bookworm,bullseye,buster}-security for review for a DSA (and as preview for buster). General notes: As suggested by the security team in #1060407, this is a backport of a new

[SECURITY] [DLA 3789-1] libdatetime-timezone-perl new timezone database

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3789-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort April 18, 2024

[SECURITY] [DLA 3788-1] tzdata new timezone database

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3788-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort April 18, 2024

<    4   5   6   7   8   9   10   >