On 15.07.2014 22:47, Thorsten Alteholz wrote:
Hi,
the packages for libxml2 can be found at [1].
Can you please test them and give some feedback whether they are ready
for upload?
Tested on a squeeze system with noch ill effects.
-- Guido
Thanks!
Thorsten
[1]
Hi,
I'm still running some squeeze based armel systems so to prevent
ShellShock I've rebuilt the bash's debian-lts version and put it here:
http://honk.sigxcpu.org/projects/squeeze-lts/b/bash/
I'll drop other armel squeeze-lts packges there on a 'as needed'
basis.
Cheers,
-- Guido
--
To
Hi Javi,
On Tue, Jun 02, 2015 at 09:20:57PM +0100, Javi Merino wrote:
Hi Guido,
On Fri, May 29, 2015 at 04:01:24PM +0200, Guido Günther wrote:
On Wed, May 27, 2015 at 12:16:38PM +0100, Javi Merino wrote:
On Tue, May 12, 2015 at 10:15:38PM +0900, Javi Merino wrote:
On Mon, May 11, 2015
Package: mercurial
Version: 1.6.4-1+deb6u1
CVE ID : CVE-2014-9390 CVE-2014-9462
CVE-2014-9462
Jesse Hertz of Matasano Security discovered that Mercurial, a
distributed version control system, is prone to a command injection
vulnerability via a crafted
Package: libwmf
Version: 0.2.8.4-6.2+deb6u1
CVE ID : CVE-2015-0848 CVE-2015-4588
Debian Bug : #787644
The following vulnerabilities were discovered in the Windows Metafile
conversion library when reading BMP images embedded into WMF files:
CVE-2015-0848
A heap
...@debian.org
Changed-By: Guido Günther a...@sigxcpu.org
Description:
librack-ruby - A modular Ruby webserver interface
librack-ruby1.8 - A modular Ruby webserver interface (Ruby 1.8)
librack-ruby1.9.1 - A modular Ruby webserver interface (Ruby 1.9.1)
Changes:
librack-ruby (1.1.0-4+squeeze3
Package: librack-ruby
Version: 1.1.0-4+squeeze3
CVE ID : CVE-2015-3225
There is a potential denial of service vulnerability in Rack, a modular
Ruby webserver interface.
Carefully crafted requests can cause a `SystemStackError` and cause a
denial of service attack by
=1227243
+ * CVE-2015-0848: Only DecodeImage if pixel is one byte
+Fix taken from Redhat BZ
+https://bugzilla.redhat.com/show_bug.cgi?id=1227243
+
+ -- Guido Günther a...@sigxcpu.org Fri, 19 Jun 2015 13:48:03 +0200
+
libwmf (0.2.8.4-6.1) unstable; urgency=high
* Non-maintainer
), and the members
of the LTS team will take care of the rest. However please make sure to
submit a tested package.
Thank you very much.
Guido Günther,
on behalf of the Debian LTS team.
--
To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas
), and the members
of the LTS team will take care of the rest. However please make sure to
submit a tested package.
Thank you very much.
Guido Günther,
on behalf of the Debian LTS team.
--
To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas
Hi,
On Mon, Jun 15, 2015 at 04:53:00PM +0200, Michael Banck wrote:
Hello,
The VENOM vulnerability is unfixed in squeeze (except for
squeeze-backports):
https://security-tracker.debian.org/tracker/CVE-2015-3456
Even though qemu is not supported in squeeze-lts, I propose to fix this
package. Just let us know whether you would
like to review and/or test the updated package before it gets released.
Thank you very much.
Guido Günther,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether
Hi,
On Wed, Jun 03, 2015 at 04:12:55PM +0200, Holger Levsen wrote:
Hi Javi,
On Mittwoch, 3. Juni 2015, Javi Merino wrote:
Source: mercurial
Version: 1.6.4-1+deb6u1
there was no DLA for this upload, could you please prepare one and send it to
the list?! Thanks already.
See the list.
Hi Javi,
On Wed, May 27, 2015 at 12:16:38PM +0100, Javi Merino wrote:
[Dropping python-apps-team]
Hi debian-lts,
On Tue, May 12, 2015 at 10:15:38PM +0900, Javi Merino wrote:
Hi Raphael,
On Mon, May 11, 2015 at 08:42:23PM +0200, Raphael Hertzog wrote:
Hello dear maintainer(s),
Hi,
from what I can see the squeeze version of mongodb is not affected by
the above CVE since
void BSONElement::validate() const {
switch( type() ) {
case DBRef:
case Code:
case Symbol:
case String: {
int x = valuestrsize();
if ( x
On Mon, Jun 29, 2015 at 10:53:41PM +0200, Raphael Hertzog wrote:
Hi,
On Fri, 26 Jun 2015, Guido Günther wrote:
With lots of packages in dla-needed.txt it's easier to focus on CVEs of
packages that are not being worked on at all.
Looks fine to me.
for pkg in tracker.iterate_packages
Hi Mike,
On Thu, Jul 02, 2015 at 09:05:52AM +, Mike Gabriel wrote:
Hi Guido,
On Mi 01 Jul 2015 09:05:36 CEST, Guido Günther wrote:
On Tue, Jun 30, 2015 at 09:14:14PM +, Mike Gabriel wrote:
Hi Guido,
I just saw that you are co-maintainer of pykerberos. I realized after I had
On Sun, Jun 28, 2015 at 02:12:48PM +0200, Santiago Ruano Rincón wrote:
[..snip..]
Apart from that I noticed this behaviour change due to the fix for
CVE-2013-0269 (based on [1]):
Squeeze version:
# cat EOF | ruby1.9.1
On Tue, Jun 30, 2015 at 09:14:14PM +, Mike Gabriel wrote:
Hi Guido,
I just saw that you are co-maintainer of pykerberos. I realized after I had
already put my name behind the package name in dla-needed.txt.
As you are also on the LTS team, do you want to continue with uploading the
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+dulwich (0.6.1-1+deb6u1) squeeze-lts; urgency=high
+
+ * CVE-2015-0838: Fix buffer overflow in C version of apply_delta()
+
+ -- Guido Günther a...@sigxcpu.org Tue, 26 May 2015 21:46:59 +0200
+
dulwich (0.6.1-1) unstable; urgency=low
Hi,
On Sun, Aug 16, 2015 at 02:37:28PM +1000, Craig Small wrote:
Awesome. So you're happy to build of the git branch then?
I hope I can manage. If not I'll call again ;)
Cheers,
-- Guido
On Sat, Aug 15, 2015 at 02:10:56PM +1000, Craig Small wrote:
On Fri, Aug 14, 2015 at 10:11:19PM +0200, Guido Günther wrote:
Are you planning to introduce a new upstream version or to backport the
fixes? Squeeze is currently in sync with Wheezy, we could try to keep it
like that. Do you have
On Thu, Aug 20, 2015 at 10:04:56AM +0200, Ben Hutchings wrote:
On Thu, 2015-08-20 at 10:09 +0300, Sebastian Dröge wrote:
Hi,
On Mi, 2015-08-19 at 23:29 +0200, b...@decadent.org.uk wrote:
Hello dear maintainer(s),
the Debian LTS team would like to fix the security issues which are
Hi Craig,
On Fri, Aug 14, 2015 at 06:28:55PM +1000, Craig Small wrote:
On Wed, Aug 12, 2015 at 03:00:32PM +0200, Guido Günther wrote:
the Debian LTS team would like to fix the security issues which are
currently open in the Squeeze version of wordpress:
https://security-tracker.debian.org
Hi Jan,
On Wed, Aug 12, 2015 at 03:24:46PM +0200, Jan Ingvoldstad wrote:
On 08/12/2015 03:00 PM, Guido Günther wrote:
Hello dear maintainers,
the Debian LTS team would like to fix the security issues which are
currently open in the Squeeze version of wordpress:
https://security
with your package. Just let us know whether you would
like to review and/or test the updated package before it gets released.
Thank you very much.
Guido Günther,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify
Package: lighttpd
Version: 1.4.28-2+squeeze1.7
CVE ID : CVE-2014-3566
Debian Bug : #765702
This update allows to disable SSLv3 in lighttpd in order to protect
against the POODLE attack. SSLv3 is now disabled by default and can be
reenabled (if needed) using the
: 1.4.28-2+squeeze1.7
Distribution: squeeze-lts
Urgency: medium
Maintainer: Debian lighttpd maintainers
pkg-lighttpd-maintain...@lists.alioth.debian.org
Changed-By: Guido Günther a...@sigxcpu.org
Description:
lighttpd - A fast webserver with minimal memory footprint
lighttpd-doc - Documentation
the updated package before it gets released.
Thank you very much.
Guido Günther,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this file:
https://anonscm.debian.org
the updated package before it gets released.
Thank you very much.
Guido Günther,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this file:
https
Hi,
On Sun, Nov 01, 2015 at 03:42:31PM -0500, Sam Hartman wrote:
> I'll admit that squeeze isn't something I use or have infrastructure
> for.
> My recommendation though is that you hold off on a krb5 update for a
> week or two regardless unless you want to do two in quick succession.
Thanks for
Hi,
On Wed, Nov 04, 2015 at 05:44:36PM +0100, Raphael Hertzog wrote:
> [ Many people are on copy, please trim the list as appropriate when you reply
> ]
>
> On Wed, 19 Aug 2015, Moritz Muehlenhoff wrote:
> > These need to be discussed, since they will be a significant
> > time drain (e.g. are
an.com/services/debian-lts-details.html#join for
> details about requirement for paid contributors).
>
> Thus putting the respective maintainers/maintainance team in copy (Mike
> Hommey for iceweasel, Guido Günther for multiple package, Christop Göhre for
> Icedove,
> Aurelie
Hi,
On Thu, Nov 05, 2015 at 09:10:26AM +0100, David Ayers wrote:
> Yet we could in theory live with backports of newer versions, as I
> assume the problem is that these are packages that are not supported
> upstream. But I'm not sure how much that would buy, since the versions
> of libvirt in sid
libkadm5clnt-mit7 libk5crypto3 libkdb5-4
libkrb5support0 libkrb53
Architecture: source all amd64
Version: 1.8.3+dfsg-4squeeze10
Distribution: squeeze-lts
Urgency: medium
Maintainer: Sam Hartman <hartm...@debian.org>
Changed-By: Guido Günther <a...@sigxcpu.org>
Description:
krb5-admin-server -
Package: krb5
Version: 1.8.3+dfsg-4squeeze10
CVE ID : CVE-2015-2695 CVE-2015-2697
Several vulnerabilities were discovered in krb5, the MIT implementation
of Kerberos. The Common Vulnerabilities and Exposures project identifies
the following problems:
CVE-2015-2695
Hi,
On Thu, Nov 05, 2015 at 09:00:51PM +0100, Florian Weimer wrote:
> * Mike Hommey:
>
> > On ABI stability, both NSPR and NSS have a very strict policy. NSPR
> > receives very few ABI changes, and it's only adding new functions. NSS
> > has much more ABI changes, but also only adding new
Hi,
On Sat, Aug 15, 2015 at 12:17:44PM +0200, Moritz Mühlenhoff wrote:
> On Wed, Aug 12, 2015 at 06:23:25PM +0200, Guido Günther wrote:
> > Hi,
> > I wanted some color in debian/CVE/list so I hacked up some very simple
> > highlighting
> > for emacs:
> >
> >
,
or even with a pointer to your packaging repository), and the members
of the LTS team will take care of the rest. However please make sure to
submit a tested package.
Thank you very much.
Guido Günther,
on behalf of the Debian LTS team.
-maintain...@lists.alioth.debian.org
Changed-By: Guido Günther a...@sigxcpu.org
Description:
python-kerberos - A GSSAPI interface module for Python
Changes:
pykerberos (1.1+svn4895-1+deb6u2) squeeze-lts; urgency=medium
.
* [8afa7e6] Make checkPassword behave as advertised. Don't verify
package. Just let us know whether you would
like to review and/or test the updated package before it gets released.
Thank you very much.
Guido Günther,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether
Hi,
On Fri, Sep 11, 2015 at 11:00:19AM +0200, Guido Günther wrote:
> Hello dear maintainers,
>
> the Debian LTS team would like to fix the security issues which are
> currently open in the Squeeze version of network-manager:
> https://security-tracker.debian.org/tracker/CVE-201
, it's not a problem, we
will do our best with your package. Just let us know whether you would
like to review and/or test the updated package before it gets released.
Thank you very much.
Guido Günther,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working
Hi,
On Sun, Sep 27, 2015 at 10:42:20AM +0200, Salvatore Bonaccorso wrote:
> Hi Gudio,
>
> On Sun, Sep 27, 2015 at 10:17:14AM +0200, Guido Günther wrote:
> > Hi,
> >
> > for the glibc update I'm preparing three issues that don't have a CVE
> > assigned yet so the
Package: nss
Version: 3.12.8-1+squeeze12
CVE ID : CVE-2015-2721 CVE-2015-2730
Several vulnerabilities have been discovered in nss, the Mozilla Network
Security Service library. The Common Vulnerabilities and Exposures project
identifies the following problems:
Package: eglibc
Version: 2.11.3-4+deb6u7
CVE ID : CVE-2014-8121
Bug-Reference : 779587
Several vulnerabilities have been discovered in eglibc that
may lead to a privilege escalation or denial of service.
Glibc pointer guarding weakness
A weakness in the dynamic
of Mozilla-related packages
<pkg-mozilla-maintain...@lists.alioth.debian.org>
Changed-By: Guido Günther <a...@sigxcpu.org>
Description:
libnss3-1d - Network Security Service libraries
libnss3-1d-dbg - Debugging symbols for the Network Security Service libraries
libnss3-dev - Devel
Version: 2.11.3-4+deb6u7
Distribution: squeeze-lts
Urgency: medium
Maintainer: GNU Libc Maintainers <debian-gl...@lists.debian.org>
Changed-By: Guido Günther <a...@sigxcpu.org>
Description:
eglibc-source - Embedded GNU C Library: sources
glibc-doc - Embedded GNU C Library: Documentati
.
+
+ -- Guido Günther <a...@sigxcpu.org> Sat, 26 Sep 2015 14:29:48 +0200
+
nss (3.12.8-1+squeeze7) squeeze-security; urgency=high
* Non-maintainer upload by the Security Team.
diff --git a/debian/patches/CVE-2015-2721.patch
b/debian/patches/CVE-2015-2721.patch
new file mode 100644
index 0
Hi,
On Mon, Sep 28, 2015 at 07:43:33PM +0200, Peter Spiess-Knafl wrote:
> Hi LTS team!
>
> I am trying to support one of my packages in squeeze-lts. I am having
> difficulties in creating a chroot environment for that. Is there a
> tutorial for doing that?
With recent git-pbuilder (as in from
the updated package before it gets released.
Thank you very much.
Guido Günther,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this file:
https://anonscm.debian.org
Hi Paul,
On Fri, Dec 11, 2015 at 01:08:58PM +0100, Paul Gevers wrote:
> Hi
>
> On 11-12-15 10:50, Guido Günther wrote:
> > the Debian LTS team would like to fix the security issues which are
> > currently open in the Squeeze version of cacti:
> > https://security-tra
Hi Troy,
On Tue, Dec 15, 2015 at 12:18:28PM -0700, Troy Heber wrote:
> On 12/11/15 11:21, Guido Günther wrote:
>
> > the Debian LTS team would like to fix the security issues which are
> > currently open in the Squeeze version of dwarfutils:
> > https://security-tracke
Hi,
On Wed, Dec 16, 2015 at 02:58:08PM -0700, Troy Heber wrote:
> On 12/16/15 18:44, Guido Günther wrote:
> >
> > It doesn't segfault but I added this note to dla-needed (so I remember
> > why I think it's affected):
> >
> > dwarfutils
> >
Hi Antoine,
On Thu, Dec 31, 2015 at 05:33:30PM -0500, Antoine Beaupré wrote:
> hi
>
> right now, the security tracker shows CVEs marked as "end-of-life" as
> "vulnerable", and in the open issue list. a good example is the redmine
> package:
>
>
Hi,
On Thu, Dec 31, 2015 at 10:12:04AM +0100, Raphael Hertzog wrote:
> Hi,
>
> On Wed, 30 Dec 2015, Guido Günther wrote:
> > In order to track the status of packaging improvements we make related
> > to debian-lts I'd like to propose the "ease-lts" u
Hi Moritz,
On Mon, Dec 14, 2015 at 06:04:33PM +0100, Moritz Muehlenhoff wrote:
> On Wed, Nov 25, 2015 at 11:58:19AM +0100, Florian Weimer wrote:
> > * Guido Günther:
> >
> > > On Thu, Nov 05, 2015 at 09:00:51PM +0100, Florian Weimer wrote:
> > >> * Mike Hommey:
Hi,
In order to track the status of packaging improvements we make related
to debian-lts I'd like to propose the "ease-lts" usertag:
https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=ease-lts;users=debian-lts@lists.debian.org
For issues related to prepare wheezy LTS the "prep-wheezy-lts":
Hi Thorsten,
On Mon, Dec 28, 2015 at 11:13:32PM +0100, Thorsten Alteholz wrote:
> Hi everybody,
>
> can someone please have a look at the diff for passenger=2.2.11debian-2 in
> Squeeze that should solve CVE-2015-7519[1] and nod?
>
> Thanks!
> Thorsten
>
>
> [1]
of Mozilla-related packages
<pkg-mozilla-maintain...@lists.alioth.debian.org>
Changed-By: Guido Günther <a...@sigxcpu.org>
Description:
libnss3-1d - Network Security Service libraries
libnss3-1d-dbg - Debugging symbols for the Network Security Service libraries
libnss3-dev - Devel
Previous mail was without subject, sorry!
Hi,
I'm currently preparing fixes for nss and wonder if the security team
already has a plan forward for CVE-2015-4000? Using the upstream patch
would change defaults in a stable release. I think I'd be good to do the
same for all currently supported
Hi,
I'm currently preparing fixes for nss and wonder if the security team
already has a plan forward for CVE-2015-4000? Using the upstream patch
would change defaults in a stable release. I think I'd be good to do the
same for all currently supported releases.
Cheers
-- Guido
Hallo Martin,
On Sat, Nov 28, 2015 at 09:54:46PM +0100, Martin Pitt wrote:
> Hello Guido,
>
> Guido Günther [2015-11-23 18:03 +0100]:
> > Traceback (most recent call last):
> > File "", line 6, in
> > ImportError: No module named GDebi.Cache
> > bl
On Wed, Jun 08, 2016 at 02:32:55PM +0200, Raphael Hertzog wrote:
> Hi,
>
> On Tue, 07 Jun 2016, Guido Günther wrote:
> > I'm not happy with this either. We could try to support it on a best
> > effor basis if this helps anything. I assume most people are running not
> >
Hi,
On Sat, May 28, 2016 at 11:35:18AM +0200, Salvatore Bonaccorso wrote:
> Hi
>
> The upcoming libxml2 security update is little more bigger than usual,
> thus we want to expose the package a bit for additional testing. If
> you find a problem introduced by updating to these packages, please
>
Hi Ola,
On Thu, May 26, 2016 at 11:27:42PM +0200, Ola Lundqvist wrote:
> Hi ruby-activerecord-3.2 maintainer(s) and Debian LTS team
>
> This is my third package contribution to Debian LTS. I'm doing this as a
> training exercise and this is why the maintainer have not been asked to
> this for me.
Dear enigmail maintainers,
I'm currently looking into updating Icedove in Wheezy-LTS to the esr
version 45[1]. Since Enigmail is a often used extension I wanted to
update this to a compatible version as well (as was done with prior ESR
releases).
Looking at 1.9 in sid it requires gnupg2. I justed
Hi,
On Sat, May 21, 2016 at 12:16:07AM +0200, Santiago Ruano Rincón wrote:
> Hi,
>
> I've prepared a eglibc package for wheezy, available at
>
> deb https://people.debian.org/~santiago/debian santiago-wheezy/
> deb-src https://people.debian.org/~santiago/debian santiago-wheezy/
>
>
Hi Mike,
On Thu, May 26, 2016 at 10:29:22PM +0900, Mike Hommey wrote:
> On Sun, May 22, 2016 at 07:34:29PM +0200, Guido Günther wrote:
> > Hi Mike,
> > I'm currently looking into building icedove 45 for Wheezy-LTS. I wonder
> > if I should do the same for Iceweasel or
Hi Ola,
On Thu, May 26, 2016 at 11:27:42PM +0200, Ola Lundqvist wrote:
> Hi ruby-activerecord-3.2 maintainer(s) and Debian LTS team
>
> This is my third package contribution to Debian LTS. I'm doing this as a
> training exercise and this is why the maintainer have not been asked to
> this for me.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: mozilla-devscripts
Version: 0.32+deb7u1
Debian Bug : 825508
In preparation of the upcoming switch to Icedove 45 the
mozilla-devscripts package was updated to generate correct
dependencies for rebuilt extensions.
For
On Thu, May 26, 2016 at 10:29:22PM +0900, Mike Hommey wrote:
> On Sun, May 22, 2016 at 07:34:29PM +0200, Guido Günther wrote:
> > Hi Mike,
> > I'm currently looking into building icedove 45 for Wheezy-LTS. I wonder
> > if I should do the same for Iceweasel or if you intend to
Hi Ola,
On Sat, Jun 18, 2016 at 12:15:15AM +0200, Ola Lundqvist wrote:
[..snip..]
> So I have now gone through the ~7 MB diff between nss and found changes
> regarding the following:
> - ASN1 parsing issue. See also CVE-2016-1950
> - A lot of changes from getenv to some secure variant.
> - A
Hi,
On Sun, Jun 19, 2016 at 03:36:15PM +0200, Salvatore Bonaccorso wrote:
> Hi Guido,
>
> On Sun, Jun 19, 2016 at 02:40:01PM +0200, Guido Günther wrote:
> > On Thu, May 26, 2016 at 10:29:22PM +0900, Mike Hommey wrote:
> > > On Sun, May 22, 2016 at 07:34:29PM +0200, Guido G
Hi dkg,
On Fri, May 27, 2016 at 10:30:00AM -0400, Daniel Kahn Gillmor wrote:
> Hi Guido--
>
> On Fri 2016-05-27 07:16:40 -0400, Guido Günther wrote:
> > I'm currently looking into updating Icedove in Wheezy-LTS to the esr
> > version 45[1].
>
> thanks for your work on
Hi,
On Fri, Jan 15, 2016 at 01:35:37PM +, Ben Hutchings wrote:
> On Fri, 2016-01-15 at 11:46 +0100, Mike Gabriel wrote:
> > Hello dear maintainer(s),
> >
> > the Debian LTS team would like to fix the security issues which are
> > currently open in the Squeeze version of openssh:
> >
Hi,
On Tue, Jun 28, 2016 at 08:55:32AM +0100, Chris Lamb wrote:
> > so that you stop doing the same mistake over and over.
>
> I think it might be unfair to characterise this as "over and over" when it
> has occured twice AFAIK, especially when the file is not even in the same
> repository..
>
On Tue, Jun 28, 2016 at 08:41:08AM +0200, Raphael Hertzog wrote:
> On Mon, 27 Jun 2016, Chris Lamb wrote:
> > Package: movabletype-opensource
>
> $ grep movabletype-opensource security-support-ended.deb7
> movabletype-opensource 5.1.4+dfsg-4+deb7u3 2016-02-06 Not supported in
>
Hi,
On Fri, Feb 05, 2016 at 08:44:37PM +, James Cowgill wrote:
> Hi!
>
> On Fri, 2016-02-05 at 14:24 +0100, Guido Günther wrote:
> > Hi,
> > On Mon, Feb 01, 2016 at 09:51:54AM +0100, Sébastien Delafond wrote:
> > > On Jan/31, Guido Günther wrote:
> > >
Hi,
On Mon, Feb 08, 2016 at 11:02:41PM +0100, Santiago Ruano Rincón wrote:
> Hi,
>
> I've committed to https://anonscm.debian.org/cgit/publicity/announcements.git/
> the first draft for the announcement about the Squeeze LTS EOF. Please,
> take a look on it.
Reads great!
>
> I haven't
Hi,
On Fri, Feb 12, 2016 at 03:51:45PM -0500, Antoine Beaupré wrote:
> On 2016-02-11 15:37:27, Vincent Blut wrote:
> > On Thu, Feb 11, 2016 at 02:02:52PM -0500, Antoine Beaupré wrote:
> >>On 2016-02-10 17:33:37, Vincent Blut wrote:
> >>> Ok, it’s done. Please could you review and eventually upload
Hi,
On Thu, Jan 28, 2016 at 07:27:20PM +0100, Moritz Mühlenhoff wrote:
> On Sat, Jan 23, 2016 at 02:22:22PM +0100, Guido Günther wrote:
> > Hi,
> >
> > now that Wheezy LTS is approaching I wondered what would be the best
> > places to help out fixing issues in Wh
Hi Sergei,
On Fri, Jan 29, 2016 at 10:53:40AM +0300, Sergei Golovan wrote:
> Hi Guido,
>
> On Thu, Jan 28, 2016 at 11:04 PM, Guido Günther <a...@sigxcpu.org> wrote:
> > Hello dear maintainer,
> >
> > the Debian LTS team would like to fix the security is
let us know whether you would
like to review and/or test the updated package before it gets released.
Note that I marked several issues as no-dsa (basically what you marked
as low impact upstream since this all made sense to me).
Thank you very much.
Guido Günther,
on behalf of the Debian LTS
On Tue, Jan 26, 2016 at 10:08:24PM +0100, Guido Günther wrote:
> Hi,
> I see many packages marked:
>
> [squeeze] - foo (not supported in Squeeze LTS)
>
> shouldn't that be
>
> [squeeze] - foo (not supported in Squeeze LTS)
>
> since no
Hi,
On Mon, Feb 29, 2016 at 03:25:46PM +, Mike Gabriel wrote:
> For this, we can run bin/lts-needs-forward-port.py from the secure-testing
> repo and see what issues we fixed in squeeze and port those fixes to the
> package version in wheezy-security. Package updates must be coordinated with
>
Hi Luciano,
On Thu, Dec 10, 2015 at 06:27:54PM +0100, Luciano Bello wrote:
> On Saturday 28 November 2015 14.16.33 Guido Günther wrote:
> > I've attached the patches for review. These also add some minimal
> > autopkgtest to exercise the ASN1 parser (affected by the above CVEs).
>
Hi Colin,
On Fri, Jan 15, 2016 at 02:01:44PM +, Colin Watson wrote:
> On Fri, Jan 15, 2016 at 02:50:33PM +0100, Yves-Alexis Perez wrote:
> > On ven., 2016-01-15 at 14:47 +0100, Guido Günther wrote:
> > > > I believe Yves-Alexis Perez is handing this.
> > >
On Mon, Jan 25, 2016 at 09:14:21PM +1100, Brian May wrote:
[..snip..]
> > Did you check that the new upstream version is backwards compatible in
> > terms of usage?
>
> Yes. It is mostly bug fixes and several new features, such as SNI
> support. I did a diff, and compared.
That matches what I
/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+polarssl (1.2.9-1~deb7u6) wheezy-security; urgency=high
+
+ * Non-maintainer upload by the LTS Security Team.
+ * CVE-2015-5291: Remote attack on clients using session tickets or SNI
+
+ -- Guido Günther <a...@sigxcpu.org> Sat, 23 Jan 2016
not a problem, we
will do our best with your package. Just let us know whether you would
like to review and/or test the updated package before it gets released.
Thank you very much.
Guido Günther,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any
Hi,
I see many packages marked:
[squeeze] - foo (not supported in Squeeze LTS)
shouldn't that be
[squeeze] - foo (not supported in Squeeze LTS)
since no-dsa implies that the bug migh be fixed eventually in a later
update?
Cheers,
-- Guido
for
+CVE-2014-9673 since they overlap. Closes: #777656
+
+ -- Guido Günther <a...@sigxcpu.org> Sun, 24 Jan 2016 19:41:13 +0100
+
freetype (2.4.9-1.1+deb7u2) wheezy-security; urgency=high
* Non-maintainer upload.
diff --git a/debian/patches-freetype/CVE-2014-9673.patch b/debian/p
Hi Santiago,
On Wed, Feb 17, 2016 at 11:21:04AM +0100, santiag...@riseup.net wrote:
> Package: gtk+2.0
> Version: 2.20.1-2+deb6u1
> CVE ID : CVE-2013-7447
> Debian Bug : 799275
This doesn't seem to be reflected in data/CVE/list. Did you forget to
commit your changes?
nded.py
@@ -0,0 +1,79 @@
+#!/usr/bin/python
+# vim: set fileencoding=utf-8 :
+#
+# Copyright 2016 Guido Günther <a...@sigxcpu.org>
+#
+# This file is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software F
Hi,
On Wed, Feb 17, 2016 at 01:39:41PM -0500, Antoine Beaupré wrote:
> On 2016-02-17 12:13:35, Guido Günther wrote:
> > When triaging LTS issues I always have to look up what we still support
> > and what not. Attached script simplifies this a bit:
> >
> > $ bin/sup
Hi Santiago,
On Wed, Feb 17, 2016 at 07:16:20PM +0100, Santiago Ruano Rincón wrote:
> Hi Guido,
>
> El 17/02/16 a las 17:13, Guido Günther escribió:
> > Hi Santiago,
> > On Wed, Feb 17, 2016 at 11:21:04AM +0100, santiag...@riseup.net wrote:
> > > Package
On Thu, Feb 18, 2016 at 09:35:14AM -0500, Antoine Beaupré wrote:
> On 2016-02-18 02:26:28, Guido Günther wrote:
> > Hi,
> > On Wed, Feb 17, 2016 at 01:39:41PM -0500, Antoine Beaupré wrote:
> >> On 2016-02-17 12:13:35, Guido Günther wrote:
> >> > When triaging
On Tue, Mar 01, 2016 at 07:15:28AM +, Mike Gabriel wrote:
[..snip..]
> >>Issues that are unfixed in wheezy but fixed in squeeze:
> >>* aptdaemon-> CVE-2015-1323
> >>* cakephp -> TEMP-000-698CF7
> >>* dhcpcd -> CVE-2012-6698 CVE-2012-6699 CVE-2012-6700
On Wed, Mar 16, 2016 at 02:27:15PM +1100, Brian May wrote:
> Guido Günther <a...@sigxcpu.org> writes:>
>
> > Sid has Xen 4.6 and looking at the CVEs that affect sid the patches
> > don't seem to be applied so the tracker looks correct, there's plenty of
> >
1 - 100 of 382 matches
Mail list logo
