On Tue, 03 May 2016 at 10:47:31 -0400, Antoine Beaupré wrote:
> I agree, however I suspect most people using roundcube in production are
> probably using the backport... There's even a dangling backport in
> wheezy right now (0.9)... a little messy.
Sorry, I meant oldstable-backports not
Hi there,
On Mon, 02 May 2016 at 21:19:13 +0200, Markus Koschany wrote:
> Would you like to take care of this yourself?
Not replying in the name of team (however I'm the one who pushed for
Roundcube in jessie-backports and who is trying to taking care of it
there), unfortunately I don't have the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sat, 20 May 2017 20:49:16 +0200
Source: dropbear
Binary: dropbear
Architecture: source amd64
Version: 2012.55-1.3+deb7u2
Distribution: wheezy-security
Urgency: high
Maintainer: Gerrit Pape <p...@smarden.org>
Changed-By: G
Hi Ola,
Sorry for the delay, not sure if you got an answer yet; either way I'm
not answering on behalf of the team here.
On Sat, 11 Nov 2017 at 20:14:38 +0100, Ola Lundqvist wrote:
> Would you like to take care of this yourself?
>
> The proposed patch for later release will not apply cleanly to
Hi Holger,
On Fri, 24 Aug 2018 at 09:06:43 +, Holger Levsen wrote:
> On Fri, Aug 24, 2018 at 08:22:50AM +, Holger Levsen wrote:
>>> dropbear 2014.65-1+deb8u2 from jessie-security is vulnerable to
>>> CVE-2018-15599:
>>> dget -x
>>>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 06 Feb 2019 01:08:09 +0100
Source: netmask
Binary: netmask
Architecture: source amd64
Version: 2.3.12+deb8u1
Distribution: jessie-security
Urgency: medium
Maintainer: Guilhem Moulin
Changed-By: Guilhem Moulin
Description
Hi anarcat,
On Wed, 06 Feb 2019 at 14:13:23 -0500, Antoine Beaupré wrote:
> On 2019-02-06 01:59:58, Guilhem Moulin wrote:
>> * Upstream hasn't yet filed a CVE for this issue; I forwarded jmm's
>> instructions regarding this.
>
> Sorry, forwarded where? Did I miss somethi
:29:39.0 +0200
+++ netmask-2.3.12+deb8u1/debian/changelog 2019-02-06 01:08:09.0
+0100
@@ -1,3 +1,10 @@
+netmask (2.3.12+deb8u1) jessie-security; urgency=medium
+
+ * Fix buffer overflow vulnerability
+https://github.com/tlby/netmask/issues/3
+
+ -- Guilhem Moulin Wed, 06
On Wed, 01 May 2019 at 18:44:39 +0200, Markus Koschany wrote:
> Thank you very much. I didn't want to bother you and went ahead and
> uploaded your patch only an hour ago. I will issue the DLA now.
Aha, should have refreshed the page before sending this :-P Thanks!
--
Guilhem.
signature.asc
.)
+
+ -- Guilhem Moulin Wed, 01 May 2019 17:39:56 +0200
+
signing-party (1.1.10-3) unstable; urgency=medium
[ Guilhem Moulin ]
diff -Nru signing-party-1.1.10/debian/control
signing-party-1.1.10/debian/control
--- signing-party-1.1.10/debian/control 2014-11-08 02:02:16.0 +0100
+++ signing
: Cross-site scripting (XSS)
+vulnerability via HTML messages with malicious svg or math
+content. (Closes: #968216)
+
+ -- Guilhem Moulin Tue, 11 Aug 2020 18:38:40 +0200
+
roundcube (1.2.3+dfsg.1-4+deb9u6) stretch; urgency=high
* Backport security fix for CVE-2020-15562: Cross-Site
Hi Roberto,
On Tue, 11 Aug 2020 at 14:57:15 -0400, Roberto C. Sánchez wrote:
>>> Dear security team,
Should have been LTS team of course, bad templating from my side :-P
>> I'll take care of it shortly.
>>
> I have uploaded the updated, published the DLA to the mailing list and
> submitted a
content svg/namespace. (Closes: #978491)
+
+ -- Guilhem Moulin Mon, 28 Dec 2020 03:25:57 +0100
+
roundcube (1.2.3+dfsg.1-4+deb9u7) stretch-security; urgency=high
* Backport security fix for CVE-2020-16145: Cross-site scripting (XSS)
diff -Nru roundcube-1.2.3+dfsg.1/debian/patches/CVE-2020-35730
On Mon, 28 Dec 2020 at 12:10:46 +0530, Utkarsh Gupta wrote:
> On Mon, Dec 28, 2020 at 8:28 AM Guilhem Moulin wrote:
>> Debdiff tested and attached. I can upload if you'd like but would
>> appreciate if you could take care of the DLA :-)
>
> Yes, please. I can take care of
for CVE-2021-46144: Fix cross-site scripting (XSS) via HTML
+messages with malicious CSS content. (Closes: #1003027)
+
+ -- Guilhem Moulin Wed, 12 Jan 2022 12:56:32 +0100
+
roundcube (1.2.3+dfsg.1-4+deb9u9) stretch-security; urgency=high
* Non-maintainer upload by the LTS team.
diff -Nru
Hi Sylvain!
On Wed, 12 Jan 2022 at 15:48:51 +0100, Sylvain Beucler wrote:
> On 12/01/2022 14:15, Guilhem Moulin wrote:
>> In a recent post roundcube webmail upstream has announced the following
>> security fix for #1003027.
>>
>> CVE-2021-46144: Cross-site script
-
Debian LTS Advisory DLA-3555-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
September 05, 2023https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3560-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
September 10, 2023https://wiki.debian.org/LTS
During the month of August 2023 and on behalf of Freexian, I worked on the
following:
* DLA-3515-1 for cjose=0.6.1+dfsg1-1+deb10u1
[CVE-2023-37464]
https://lists.debian.org/msgid-search/?m=zmzs4jlh%2bwykb...@debian.org
* DLA-3551-1 for otrs2=6.0.16-2+deb10u1
[CVE-2019-11358,
-
Debian LTS Advisory DLA-3551-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
August 31, 2023 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3559-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
September 08, 2023https://wiki.debian.org/LTS
During the month of October 2023 and on behalf of Freexian, I worked on the
following:
python-urllib3
--
Uploaded 1.24.1-1+deb10u1 and issued DLA-3610-1
https://lists.debian.org/msgid-search/?m=zsknlpfmnhu4q...@debian.org
* CVE-2018-25091: The fix for CVE-2018-20060 did not cover
-
Debian LTS Advisory DLA-3630-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
October 24, 2023 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3577-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
September 22, 2023https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3589-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
September 29, 2023https://wiki.debian.org/LTS
During the month of September 2023 and on behalf of Freexian, I worked on the
following:
php7.3
--
Uploaded 7.3.31-1~deb10u5 and issued DLA-3555-1
https://lists.debian.org/msgid-search/?m=zpexm9jokfktz...@debian.org
* CVE-2023-3823: Security issue with external entity loading in XML
-
Debian LTS Advisory DLA-3590-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
September 29, 2023https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3610-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
October 08, 2023 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3611-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
October 08, 2023 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3252-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
December 31, 2022 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3258-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
December 31, 2022 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3260-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
January 01, 2023 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3222-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
December 05, 2022 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3221-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
December 05, 2022 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3235-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
December 11, 2022 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3237-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
December 12, 2022 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3205-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
November 25, 2022 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3206-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
November 26, 2022 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3271-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
January 15, 2023 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3270-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
January 15, 2023 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3291-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
January 29, 2023 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3299-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
January 30, 2023 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3285-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
January 28, 2023 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3284-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
January 28, 2023 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3287-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
January 28, 2023 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3289-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
January 28, 2023 https://wiki.debian.org/LTS
Hi,
During the month of December 2022 and on behalf of Freexian, I worked on
the following:
* DLA-3221-1, node-cached-path-relative (prototype pollution)
https://lists.debian.org/msgid-search/y40yr8jdg8vmg...@debian.org
* DLA-3222-1, node-fetch (information leak)
During the month of January 2023 and on behalf of Freexian, I worked on the
following:
* DLA-3270-1: net-snmp 5.7.3+dfsg-5+deb10u4
CVE-2022-44793 and CVE-2022-44792
https://lists.debian.org/msgid-search/Y8Nreff/4mms8...@debian.org
* DLA-3271-1: node-minimatch 3.0.4-3+deb10u1
-
Debian LTS Advisory DLA-3363-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
March 16, 2023https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3344-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
February 26, 2023 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3345-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
February 26, 2023 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3347-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
February 27, 2023 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3347-2debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
March 03, 2023https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3336-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
February 23, 2023 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3348-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
March 01, 2023https://wiki.debian.org/LTS
During the month of February 2023 and on behalf of Freexian, I worked on the
following:
* DLA-3336-1 for node-url-parse=1.2.0-2+deb10u2
CVE-2021-3664, CVE-2021-27515, CVE-2022-0512, CVE-2022-0639,
CVE-2022-0686 and CVE-2022-0691
-
Debian LTS Advisory DLA-3410-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
May 01, 2023 https://wiki.debian.org/LTS
During the month of April 2023 and on behalf of Freexian, I worked on the
following:
* DLA-3410-1 for openvswitch=2.10.7+ds1-0+deb10u4
CVE-2023-1668
https://lists.debian.org/msgid-search/?m=ze8ep8fiq5ztl...@debian.org
* Triage WordPress' outstanding CVEs and conclude no DLA is
During the month of March 2023 and on behalf of Freexian, I worked on the
following:
* DLA-3347-2 for spip=3.2.4-1+deb10u11
[Regression update for DLA-3347-1]
https://lists.debian.org/msgid-search/?m=zaj85ko1lavxw...@debian.org
* DLA-3363-1 for pcre2=10.32-5+deb10u1
-
Debian LTS Advisory DLA-3488-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
July 10, 2023 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3499-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
July 19, 2023 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3493-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
July 11, 2023 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3496-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
July 14, 2023 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3436-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
May 29, 2023 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3433-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
May 27, 2023 https://wiki.debian.org/LTS
During the month of May 2023 and on behalf of Freexian, I worked on the
following:
* DLA-3424-1 for python-ipaddress=1.0.17-1+deb10u1
CVE-2020-14422
https://lists.debian.org/msgid-search/?m=zglark8btpj4t...@debian.org
* DLA-3425-1 for sqlparse=0.2.4-1+deb10u1
CVE-2023-30608
-
Debian LTS Advisory DLA-3436-2debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
May 31, 2023 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3435-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
May 28, 2023 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3442-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
June 03, 2023 https://wiki.debian.org/LTS
During the month of July 2023 and on behalf of Freexian, I worked on the
following:
* DLA-3488-1 for node-tough-cookie=2.3.4+dfsg-1+deb10u1
[CVE-2023-26136]
https://lists.debian.org/msgid-search/?m=zkxrmnkoiqoif...@debian.org
* DLA-3493-1 for symfony=3.4.22+dfsg-2+deb10u2
-
Debian LTS Advisory DLA-3507-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
July 25, 2023 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3515-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
August 04, 2023 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3463-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
June 21, 2023 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3469-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
June 23, 2023 https://wiki.debian.org/LTS
During the month of June 2023 and on behalf of Freexian, I worked on the
following:
* DLA-3442-1 for nbconvert=5.4-2+deb10u1
[CVE-2021-32862: GHSL-2021-1013 to -1028]
https://lists.debian.org/msgid-search/?m=zhteirpktw6wr...@debian.org
* DLA-3458-1 for php7.3=7.3.31-1~deb10u4
-
Debian LTS Advisory DLA-3460-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
June 20, 2023 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3458-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
June 20, 2023 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3424-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
May 16, 2023 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3425-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
May 16, 2023 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3691-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
December 18, 2023 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3702-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
December 31, 2023 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3701-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
December 31, 2023 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3704-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
December 31, 2023 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3705-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
December 31, 2023 https://wiki.debian.org/LTS
During the month of December 2023 and on behalf of Freexian, I worked on the
following:
ncurses
---
Uploaded 6.1+20181013-2+deb10u5 and issued DLA-3682-1
https://lists.debian.org/msgid-search/?m=zwznc9mam3buc...@debian.org
* CVE-2021-39537: The tic(1) utility was susceptible to a
heap
-
Debian LTS Advisory DLA-3671-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
November 28, 2023 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3682-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
December 03, 2023 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3683-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
December 05, 2023 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3668-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
November 27, 2023 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3669-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
November 27, 2023 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3676-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
November 30, 2023 https://wiki.debian.org/LTS
On Thu, 30 Nov 2023 at 23:59:28 +0100, Guilhem Moulin wrote:
> -
> Debian LTS Advisory DLA-3676-1debian-lts@lists.debian.org
> https://www.debian.org/lts/security/ Guilh
During the month of November 2023 and on behalf of Freexian, I worked on the
following:
opensc
--
Uploaded 0.19.0-1+deb10u3 and issued DLA-3668-1
https://lists.debian.org/msgid-search/?m=zwpsqzcsk_2as...@debian.org
* CVE-2023-40660: Potential PIN bypass. The bypass was removed and
-
Debian LTS Advisory DLA-3678-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
December 30, 2023 https://wiki.debian.org/LTS
On Thu, 30 Nov 2023 at 23:59:28 +0100, Guilhem Moulin wrote:
> -
> Debian LTS Advisory DLA-3676-1debian-lts@lists.debian.org
> https://www.debian.org/lts/security/ Guilh
On Thu, 30 Nov 2023 at 19:47:42 -0500, Roberto C. Sánchez wrote:
> Yes, I would recommend two things.
Done, thanks Roberto!
--
Guilhem.
-
Debian LTS Advisory DLA-3723-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
January 27, 2024 https://wiki.debian.org/LTS
During the month of January 2024 and on behalf of Freexian, I worked on the
following:
php-phpseclib
-
Uploaded 2.0.30-2~deb10u2 and issued DLA-3718-1
https://lists.debian.org/msgid-search/?m=zbhgvxygvemfp...@debian.org
* CVE-2023-48795: Terrapin attack
phpseclib
-
-
Debian LTS Advisory DLA-3719-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
January 25, 2024 https://wiki.debian.org/LTS
-
Debian LTS Advisory DLA-3718-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
January 25, 2024 https://wiki.debian.org/LTS
1 - 100 of 115 matches
Mail list logo