Request for review xdg-utils 1.0.2+cvs20100307-2+deb6u1

. The .dsc file (source package) can be obtained from [1]. Thanks! Mike [1] http://packages.it-zukunft-schule.de/debian/pool/main/x/xdg-utils/xdg-utils_1.0.2+cvs20100307-2+deb6u1.dsc -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF

Request for review: xorg-server 2:1.7.7-18+deb6u2 (CVE-2015-0255)

some feedback, Mike [1] http://packages.it-zukunft-schule.de/debian/pool/main/x/xorg-server/xorg-server_1.7.7-18+deb6u2.dsc -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org

Accepted xorg-server 2:1.7.7-18+deb6u3 (source all amd64) into squeeze-lts

: source all amd64 Version: 2:1.7.7-18+deb6u3 Distribution: squeeze-lts Urgency: medium Maintainer: Debian X Strike Force debia...@lists.debian.org Changed-By: Mike Gabriel sunwea...@debian.org Description: xdmx - distributed multihead X server xdmx-tools - Distributed Multihead X tools xnest

Accepted xorg-server 2:1.7.7-18+deb6u2 (source all amd64) into squeeze-lts

: source all amd64 Version: 2:1.7.7-18+deb6u2 Distribution: squeeze-lts Urgency: high Maintainer: Debian X Strike Force debia...@lists.debian.org Changed-By: Mike Gabriel sunwea...@debian.org Description: xdmx - distributed multihead X server xdmx-tools - Distributed Multihead X tools xnest

Re: Accepted fuse 2.8.4-1.1+deb6u1 (source amd64) into squeeze-lts

Hi László, On Fr 05 Jun 2015 21:03:03 CEST, László Böszörményi (GCS) wrote: Hi all, On Thu, Jun 4, 2015 at 11:18 AM, Mike Gabriel mike.gabr...@das-netzwerkteam.de wrote: On Mi 03 Jun 2015 16:12:19 CEST, Holger Levsen wrote: On Dienstag, 2. Juni 2015, Laszlo Boszormenyi wrote: Source

Accepted wordpress 3.6.1+dfsg-1~deb6u6 (source all) into squeeze-lts

Changed-By: Mike Gabriel sunwea...@debian.org Description: wordpress - weblog manager wordpress-l10n - weblog manager - language files Closes: 770425 783347 783554 Changes: wordpress (3.6.1+dfsg-1~deb6u6) squeeze-lts; urgency=medium . [ Mike Gabriel ] * Non-maintainer upload

Re: squeeze update of fuse?

Hi Laszlo, - Original message - On Mon, Jun 1, 2015 at 3:36 PM, Mike Gabriel mike.gabr...@das-netzwerkteam.de wrote: On  Mo 01 Jun 2015 11:44:27 CEST, László Böszörményi (GCS) wrote: I consider this my fault - I had the assumption that Thorsten will or already did this. As he

Re: squeeze update of fuse?

is great!!!). Regards, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb

Re: Debian squeeze LTS, a last release

that the Debian project is so well documented, because asking all the relevant questions would be more time consuming than reading good documentation.] Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr

Re: bin/genDLA proposal: auto-commit requested DLA numbers (was: Re: [SECURITY] [DLA 265-1] unattended-upgrades security update)

Hi Raphael, On Fr 03 Jul 2015 21:19:14 CEST, Raphael Hertzog wrote: On Fri, 03 Jul 2015, Mike Gabriel wrote: I just discussed this with Moritz Mühlenhoff on #debian-security. His request is to leave all genDSA specific stuff in the genD{S,L}A script untouched. What about the attached patch

Re: [SECURITY] [DLA 265-1] unattended-upgrades security update

Hi Holger, On Fr 03 Jul 2015 12:48:06 CEST, Holger Levsen wrote: Hi, On Freitag, 3. Juli 2015, Mike Gabriel wrote: The only way I can think of in terms of making this more fool proof, I guess, is by rejecting mails to debian-lts-announce if o a used DLA has not been reserved via

Re: [SECURITY] [DLA 265-1] unattended-upgrades security update

-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb pgpD6YCUlUBhe.pgp Description: Digitale PGP

Re: [SECURITY] [DLA 265-1] unattended-upgrades security update

On Fr 03 Jul 2015 13:08:25 CEST, Christian Mack wrote: Hello Am 03.07.2015 um 13:03 schrieb Mike Gabriel: Hi Holger, On Fr 03 Jul 2015 12:48:06 CEST, Holger Levsen wrote: Hi, On Freitag, 3. Juli 2015, Mike Gabriel wrote: The only way I can think of in terms of making this more fool

Accepted libxml2 2.7.8.dfsg-2+squeeze12 (source amd64 all) into squeeze-lts

: squeeze-lts Urgency: medium Maintainer: Debian XML/SGML Group debian-xml-sgml-p...@lists.alioth.debian.org Changed-By: Mike Gabriel sunwea...@debian.org Description: libxml2- GNOME XML library libxml2-dbg - Debugging symbols for the GNOME XML library libxml2-dev - Development files for the GNOME

debdiff for CVE-2015-3206 (pykerberos)

/pykerberos/commit/02d13860b25fab58e739f0e000bed0067b7c6f9c [2] https://security-tracker.debian.org/tracker/CVE-2015-3206 -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de

Re: squeeze update of remind?

of the update. Have been a CVE number assigned already? Ana ooopss... Sorry! Only found/read this mail now. I have just uploaded a fix for the above issue to squeeze-lts. Hope that was ok. Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID

[SECURITY] [DLA 289-1] remind security update

provided. -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net signature.asc Description: Digital signature

Re: squeeze update of remind?

Dear Ana, - Original message - On Fri, Aug 07, 2015 at 11:17:57AM +, Mike Gabriel wrote: Hi Ana, On  Mi 29 Jul 2015 23:13:39 CEST, Ana Guerrero Lopez wrote: On Wed, Jul 29, 2015 at 04:45:37PM +0200, Santiago Ruano Rincón wrote: Hello dear maintainer(s

CVE-2015-5352: openSSH in squeeze not affected(?)

mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb pgp7D8FunZ8Um.pgp Description: Digitale PGP-Signatur

Re: VirtualBox support in squeeze LTS

on the wiki, "virtualbox-ose (Mike Gabriel)" so please Mike, can you get the packaging and followup with the upload? You can dget them easily from DoM, or ask me to put them everywhere else I don't know that LTS stuff enough to learn it and do things correctly. I would appreciate to

Re: libemail-address-perl, no "squeeze update of ..." mail sent, yet

Hi Raphael, On Di 29 Sep 2015 13:55:06 CEST, Raphael Hertzog wrote: On Tue, 29 Sep 2015, Mike Gabriel wrote: Is there a reason that no "squeeze update of ..." mail has been sent for libemail-address-perl, yet, (i.e., when triaging the latest security issue in that package)? Ye

Accepted vorbis-tools 1.4.0-1+deb6u1 (source amd64) into squeeze-lts

pkg-xiph-ma...@lists.alioth.debian.org> Changed-By: Mike Gabriel <sunwea...@debian.org> Description: vorbis-tools - several Ogg Vorbis tools vorbis-tools-dbg - several Ogg Vorbis tools (debug files) Closes: 771363 776086 797461 Changes: vorbis-tools (1.4.0-1+deb6u1) squeeze-lts; ur

Re: [SECURITY] [DLA 317-1] vorbis-tools security update

HI Raphael, On Di 29 Sep 2015 11:45:19 CEST, Raphael Hertzog wrote: Hello Mike, On Tue, 29 Sep 2015, Mike Gabriel wrote: Package: vorbis-tools Version: 1.4.0-1+deb6u1 This package seems to have never been uploaded to squeeze-lts... You are supposed to wait until you get

libemail-address-perl, no "squeeze update of ..." mail sent, yet

ke -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb pgptW_0f7VawL.pgp Description

Re: libemail-address-perl, no "squeeze update of ..." mail sent, yet

Hi again, On Di 29 Sep 2015 15:06:23 CEST, Mike Gabriel wrote: Hi Raphael, On Di 29 Sep 2015 13:55:06 CEST, Raphael Hertzog wrote: On Tue, 29 Sep 2015, Mike Gabriel wrote: Is there a reason that no "squeeze update of ..." mail has been sent for libemail-address-perl, yet, (

Re: libemail-address-perl, no "squeeze update of ..." mail sent, yet

Hi again, On Di 29 Sep 2015 15:06:23 CEST, Mike Gabriel wrote: Hi Raphael, On Di 29 Sep 2015 13:55:06 CEST, Raphael Hertzog wrote: On Tue, 29 Sep 2015, Mike Gabriel wrote: Is there a reason that no "squeeze update of ..." mail has been sent for libemail-address-perl, yet, (

Accepted libemail-address-perl 1.889-2+deb6u2 (source all) into squeeze-lts

ain...@lists.alioth.debian.org> Changed-By: Mike Gabriel <sunwea...@debian.org> Description: libemail-address-perl - RFC 2822 Address Parsing and Creation Changes: libemail-address-perl (1.889-2+deb6u2) squeeze-lts; urgency=medium . * Non-maintainer upload by the Debian LTS Te

Re: Marking TEMP-* issues as resolved

at change (or such)? The commit directly after the above mail seems to be rev36841, but that only contains references to upstream fixes, not a reference from data/CVE/list to a DLA in data/DLA/list. Just curious and eager to learn more about the workflow of Debian security and LTS, Mike

Re: squeeze update of wordpress?

on fixing wordpress in squeeze-lts now. Regards, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das

[SECURITY] [DLA 321-1] wordpress security update

lists. -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net signature.asc Description: Digital signature

[SECURITY] [DLA 323-1] fuseiso security update

running the fuseiso executable. This issue was discovered by Florian Weimer of Red Hat Product Security Team. The issue got resolved by checking the resulting length of an absolute path name and by bailing out if the platform's PATH_MAX value gets exceeded. -- mike gabriel

[SECURITY] [DLA 322-1] commons-httpclient security update

by the SSL initialization code in commons-httpclient. This upload fixes this issue by respecting the configured SO_TIMEOUT during SSL handshakes with the server. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1259892 -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148

Re: squeeze update of fuseiso?

the reproducer ISO images at hand. Greets, Mike [1] https://bugzilla.redhat.com/show_bug.cgi?id=862211 [2] https://bugzilla.redhat.com/show_bug.cgi?id=861358 -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das

Accepted fuseiso 20070708-2+deb6u1 (source amd64) into squeeze-lts

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 01 Oct 2015 05:52:08 +0200 Source: fuseiso Binary: fuseiso Architecture: source amd64 Version: 20070708-2+deb6u1 Distribution: squeeze-lts Urgency: medium Maintainer: David Paleino <da...@debian.org> Changed-By: Mike G

Accepted commons-httpclient 3.1-9+deb6u2 (source all) into squeeze-lts

: Debian Java Maintainers <pkg-java-maintain...@lists.alioth.debian.org> Changed-By: Mike Gabriel <sunwea...@debian.org> Description: libcommons-httpclient-java - A Java(TM) library for creating HTTP clients libcommons-httpclient-java-doc - Documentation for libcommons-httpclient-java Cl

Re: squeeze update of vorbis-tools?

update of vorbis-tools during this week. light+love, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel

[SECURITY] [DLA 380-1] libvncserver security update

ver/commit/804335f9d296440bb708ca844f5d89b58b50b0c6 -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net signature.asc Description: Digital signature

Re: squeeze update of tiff?

ZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/mailxchange/kronolith/fb.php?u=m.gabriel%40das-netzwerkteam.de pgp_42zjuAAts.pgp De

Re: Security update of Gosa

. Greets, Mike -- mike gabriel aka sunweaver (Debian Developer) mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net pgpidsAkHdQ2g.pgp Description: Digitale PGP-Signatur

squeeze update of openssh?

and/or test the updated package before it gets released. Thank you very much. Mike Gabriel, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https

Re: squeeze update of openssh?

ted by one of those TEMP issues, the other one (X11 SECURITY / ssh -X issue) should get fixed IMHO. Greets, Mike -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, h

Re: isc-dhcp-server in squeeze-lst broken after update

dback on the provided .debdiff is welcome. I will rebuild my chroots, test removing again the CFLAGS export in debian/rules and test the resulting packages once more. /me sighs and deeply apologizes, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148

Re: isc-dhcp-server in squeeze-lst broken after update

out and addressed with next upload first. I will upload +squeeze10 with attached .debdiff later today. Any feedback on the provided .debdiff is welcome. Thanks+Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.g

Re: isc-dhcp-server in squeeze-lst broken after update

sc-dhcp.pkg/isc-dhcp_4.1.1-P1-15+squeeze9_4.1.1-P1-15+squeeze10.debdiff -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/mailxc

Re: isc-dhcp-server in squeeze-lst broken after update

Hi Ben, On Mo 18 Jan 2016 12:47:51 CET, Ben Hutchings wrote: On Mon, 2016-01-18 at 05:08 +, Mike Gabriel wrote: Hi Ben, hi all, On  So 17 Jan 2016 23:42:19 CET, Ben Hutchings wrote: > On Sun, 2016-01-17 at 13:10 +0100, Olivier Dousse wrote: > > Hi Mike, > > > >

Accepted isc-dhcp 4.1.1-P1-15+squeeze10 (source amd64 all) into squeeze-lts

-dbg dhcp3-server dhcp3-client dhcp3-relay dhcp3-common dhcp3-dev Architecture: source amd64 all Version: 4.1.1-P1-15+squeeze10 Distribution: squeeze-lts Urgency: medium Maintainer: Debian ISC DHCP maintainers <pkg-dhcp-de...@lists.alioth.debian.org> Changed-By: Mike Gabriel <sunwea...@d

[SECURITY] [DLA 385-1] isc-dhcp security update

are affected. We recommend that you upgrade your isc-dhcp packages to version 4.1.1-P1-15+squeeze9 (Debian squeeze LTS). -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http

Accepted isc-dhcp 4.1.1-P1-15+squeeze9 (source amd64 all) into squeeze-lts

-dbg dhcp3-server dhcp3-client dhcp3-relay dhcp3-common dhcp3-dev Architecture: source amd64 all Version: 4.1.1-P1-15+squeeze9 Distribution: squeeze-lts Urgency: medium Maintainer: Debian ISC DHCP maintainers <pkg-dhcp-de...@lists.alioth.debian.org> Changed-By: Mike Gabriel <sunwea...@d

Re: triaging CVE-2016-1503+1504

actions: try exploit, ask upstream, second opinion. did you contact upstream about that alread? I don't want to bother them again. Cheers, -- Guido No, I haven't contacted upstream, yet. Nor have I tried the exploit on dhcpcd in Debian squeeze(-lts). Greets, Mike -- mike gabriel aka sunweaver

Accepted gosa 2.6.11-3+squeeze5 (source all) into squeeze-lts

gosa-plugin-uw-imap gosa-plugin-webdav Architecture: source all Version: 2.6.11-3+squeeze5 Distribution: squeeze-lts Urgency: medium Maintainer: Debian Edu Packaging Team <debian-edu-pkg-t...@lists.alioth.debian.org> Changed-By: Mike Gabriel <sunwea...@debian.org> Description: gosa

Accepted lxc 0.7.2-1+deb6u1 (source amd64) into squeeze-lts

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 04 Dec 2015 16:17:06 +0100 Source: lxc Binary: lxc Architecture: source amd64 Version: 0.7.2-1+deb6u1 Distribution: squeeze-lts Urgency: medium Maintainer: Guido Trotter <ultrot...@debian.org> Changed-By: Mike Gabriel &

[SECURITY] [DLA 442-1] lxc security update

() function that prevents lxc from doing mounts onto symbolic links. -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net signature.asc Description

working for wheezy-security until wheezy-lts starts

g workflow can be very similar to what we are used to. For the interim phase until the 26th of April 2016, however, we need to run a modified approach. Request for feedback and comments... (I have some concrete proposals in mind, but I want to check, if these issues have already been solv

Re: working for wheezy-security until wheezy-lts starts

VE-2015-6749 """ I think these would be adressed via stable point release updates in wheezy/jessie rather than going via the security team. Yeah, if at all. I just listed them for completeness sake. Mike -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net pgpilfX2MIOoU.pgp Description: Digitale PGP-Signatur

maintainer feedback on CVE-2014-8350 (smarty3)

://github.com/smarty-php/smarty/commit/279bdbd3521cd717cae6a3ba48f1c3c6823f439d.patch -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das

Re: working for wheezy-security until wheezy-lts starts

On Di 01 Mär 2016 08:44:08 CET, Guido Günther wrote: On Tue, Mar 01, 2016 at 07:15:28AM +, Mike Gabriel wrote: [..snip..] >>Issues that are unfixed in wheezy but fixed in squeeze: >>* aptdaemon-> CVE-2015-1323 >>* cakephp -> TEMP-0

Re: Wheezy update of freerdp?

Koschany, on behalf of the Debian LTS team. I'd appreciate, if the the wheezy LTS team could handle the security upload of freerdp(v1). Thanks! Mike -- mike gabriel aka sunweaver (Debian Developer) mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139 GnuPG Fingerprint: 9BFB AEE8 6C0A

Re: Wheezy update of smarty3?

will take over fixing the open CVE for smarty3 on wheezy during the week in the course of getting the other versions fixed, too. Ping me again in a week, if no upload has occurred. Thanks, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby mobile: +49 (1520) 1976 148 landline: +49

Re: Wheezy update of smarty3?

Hi Chris, On Sunday, January 14, 2018, Chris Lamb wrote: > Hey Mike, > > > I will take over fixing the open CVE for smarty3 on wheezy during the > > week in the course of getting the other versions fixed, too. > > > > Ping me again in a week, if no upload has occurred. > > Hey, how are you

Re: Wheezy update of smarty3?

code gets executed. Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de pgpSmcO

Accepted smarty3 3.1.10-2+deb7u3 (source all) into oldoldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 30 Jan 2018 17:52:14 +0100 Source: smarty3 Binary: smarty3 Architecture: source all Version: 3.1.10-2+deb7u3 Distribution: wheezy-security Urgency: medium Maintainer: Mike Gabriel <mike.gabr...@das-netzwerkteam.de> C

Getting phpldapadmin (CVE-2018-12869) fixed

it up until then, I will continue my work that I already started today. The other open issue for phpldapadmin (no-dsa, actually) CVE-2017-11107 is easy to fix (Ubuntu has a patch for it). Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby mobile: +49 (1520) 1976 148

Re: Jessie update of network-manager-vpnc?

Hi Michael, On Sa 21 Jul 2018 01:22:50 CEST, Michael Biebl wrote: Am 21.07.2018 um 00:13 schrieb Mike Gabriel: Dear maintainer(s), The Debian LTS team would like to fix the security issues which are currently open in the Jessie version of network-manager-vpnc: https://security

[SECURITY] [DLA 1454-1] network-manager-vpnc security update

eb8u1. We recommend that you upgrade your network-manager-vpnc packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer

Re: Getting phpldapadmin (CVE-2018-12869) fixed

Hi Brian, On Do 16 Aug 2018 09:15:11 CEST, Brian May wrote: Mike Gabriel writes: Unfortunately, I can only continue working on this when back from vacation (13th Aug). I will remove my name from the package in dla-needed.txt and if noone else has picked it up until then, I will continue my

Jessie update of libxml2?

us know whether you would like to review and/or test the updated package before it gets released. You can also opt-out from receiving future similar emails in your answer and then the LTS Team will take care of libxml2 updates for the LTS releases. Thank you very much. Mike Gabriel, on behalf

Accepted gosa 2.7.4+reloaded2-1+deb8u3 (source all) into oldstable

+reloaded2-1+deb8u3 Distribution: jessie-security Urgency: medium Maintainer: Debian Edu Packaging Team Changed-By: Mike Gabriel Description: gosa - Web Based LDAP Administration Program gosa-desktop - Desktop integration for GOsa² gosa-dev - GOsa² development utilities gosa-help-de

[SECURITY] [DLA 1436-1] gosa security update

essie", this problem has been fixed in version 2.7.4+reloaded2-1+deb8u3. We recommend that you upgrade your gosa packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS

Jessie update of network-manager-vpnc?

and/or test the updated package before it gets released. You can also opt-out from receiving future similar emails in your answer and then the LTS Team will take care of network-manager-vpnc updates for the LTS releases. Thank you very much. Mike Gabriel, on behalf of the Debian LTS team. PS

Re: Jessie update of mutt?

HI Antonio, On Sa 21 Jul 2018 06:41:21 CEST, Antonio Radici wrote: On Thu, Jul 19, 2018 at 04:06:06PM +0200, Mike Gabriel wrote: Dear maintainer(s), The Debian LTS team would like to fix the security issues which are currently open in the Jessie version of mutt: https://security

Re: Jessie update of network-manager-vpnc?

Hi Michael, On Saturday, July 21, 2018, Michael Biebl wrote: > Am 21.07.2018 um 00:13 schrieb Mike Gabriel: > > Dear maintainer(s), > > > > The Debian LTS team would like to fix the security issues which are > > currently open in the Jessie version of network-manager

Jessie update of vim-syntastic?

the updated package before it gets released. You can also opt-out from receiving future similar emails in your answer and then the LTS Team will take care of vim-syntastic updates for the LTS releases. Thank you very much. Mike Gabriel, on behalf of the Debian LTS team. PS: A member of the LTS

Jessie update of clamav?

know whether you would like to review and/or test the updated package before it gets released. You can also opt-out from receiving future similar emails in your answer and then the LTS Team will take care of clamav updates for the LTS releases. Thank you very much. Mike Gabriel, on behalf

Jessie update of phpldapadmin?

the updated package before it gets released. You can also opt-out from receiving future similar emails in your answer and then the LTS Team will take care of phpldapadmin updates for the LTS releases. Thank you very much. Mike Gabriel, on behalf of the Debian LTS team. PS: A member of the LTS

Jessie update of resiprocate?

the updated package before it gets released. You can also opt-out from receiving future similar emails in your answer and then the LTS Team will take care of resiprocate updates for the LTS releases. Thank you very much. Mike Gabriel, on behalf of the Debian LTS team. PS: A member of the LTS team

Jessie update of twig?

the updated package before it gets released. You can also opt-out from receiving future similar emails in your answer and then the LTS Team will take care of twig updates for the LTS releases. Thank you very much. Mike Gabriel, on behalf of the Debian LTS team. PS: A member of the LTS team has already

Jessie update of mutt?

the updated package before it gets released. You can also opt-out from receiving future similar emails in your answer and then the LTS Team will take care of mutt updates for the LTS releases. Thank you very much. Mike Gabriel, on behalf of the Debian LTS team. PS: A member of the LTS team might

Jessie update of sam2p?

know whether you would like to review and/or test the updated package before it gets released. You can also opt-out from receiving future similar emails in your answer and then the LTS Team will take care of sam2p updates for the LTS releases. Thank you very much. Mike Gabriel, on behalf

Jessie update of ruby-zip?

the updated package before it gets released. You can also opt-out from receiving future similar emails in your answer and then the LTS Team will take care of ruby-zip updates for the LTS releases. Thank you very much. Mike Gabriel, on behalf of the Debian LTS team. PS: A member of the LTS team

Re: Jessie update of phpldapadmin?

Hi Fabio, On Do 19 Jul 2018 16:34:36 CEST, Fabio Tranchitella wrote: Dear Mike, On 19/07/2018 16:25, Mike Gabriel wrote: Dear maintainer(s), The Debian LTS team would like to fix the security issues which are currently open in the Jessie version of phpldapadmin: https://security

Re: Jessie update of clamav?

Hi all, On Do 19 Jul 2018 21:18:13 CEST, Sebastian Andrzej Siewior wrote: On 2018-07-19 17:06:30 [+0200], Mike Gabriel wrote: The Debian LTS team would like to fix the security issues which are currently open in the Jessie version of clamav: https://security-tracker.debian.org/tracker/CVE

[SECURITY] [DLA 1483-1] 389-ds-base security update

in version 1.3.3.5-4+deb8u2. We recommend that you upgrade your 389-ds-base packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian

Accepted 389-ds-base 1.3.3.5-4+deb8u2 (source all amd64) into oldstable

-security Urgency: medium Maintainer: Debian 389ds Team Changed-By: Mike Gabriel Description: 389-ds - 389 Directory Server suite - metapackage 389-ds-base - 389 Directory Server suite - server 389-ds-base-dbg - 389 Directory Server suite - server debugging symbols 389-ds-base-dev - 389

[SECURITY] [DLA 1488-1] spice security update

n be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net signature.asc Description: PGP signature

Accepted spice 0.12.5-1+deb8u6 (source amd64) into oldstable

Maintainer: Liang Guo Changed-By: Mike Gabriel Description: libspice-server-dev - Header files and development documentation for spice-server libspice-server1 - Implements the server side of the SPICE protocol libspice-server1-dbg - Debugging symbols for libspice-server1 spice-client - Implements

Bug#907723: link package versions on security-tracker to source packages

-2018-10873 -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de pgpJ0yLem6HwV.pgp Description

Re: [SECURITY] [DLA 1488-1 (invalid)] spice security update

Dear all, On Fr 31 Aug 2018 23:30:53 CEST, Mike Gabriel wrote: Package: spice Version: 0.12.5-1+deb8u6 CVE ID : CVE-2018-10873 Debian Bug : #906315 A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling

[SECURITY] [DLA 1486-1] spice security update

n be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net signature.asc Description: PGP signature

[SECURITY] [DLA 1489-1] spice-gtk security update

ow to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sun

Accepted spice-gtk 0.25-1+deb8u1 (source amd64) into oldstable

-spice-client-gtk-2.0 libspice-client-gtk-2.0-dev libspice-client-gtk-3.0-4 gir1.2-spice-client-gtk-3.0 libspice-client-gtk-3.0-dev python-spice-client-gtk Architecture: source amd64 Version: 0.25-1+deb8u1 Distribution: jessie-security Urgency: medium Maintainer: Liang Guo Changed-By: Mike Gabriel

Re: Wheezy update of smarty3?

ike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de diff -Nru smarty3-3.1.21/debian/change

[SECURITY] [DLA 1562-1] poppler security update

updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net

Accepted poppler 0.26.5-2+deb8u5 (source amd64 all) into oldstable

libpoppler-qt5-1 libpoppler-qt5-dev libpoppler-cpp0 libpoppler-cpp-dev poppler-utils poppler-dbg Architecture: source amd64 all Version: 0.26.5-2+deb8u5 Distribution: jessie-security Urgency: medium Maintainer: Loic Minier Changed-By: Mike Gabriel Description: gir1.2-poppler-0.18 - GObject introspection

Re: poppler: CVE-2018-16646 denial-of-service via crafted file

.debdiff). @Moritz: do you see any reason for holding it back at this moment? Thanks+Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail

[SECURITY] [DLA 1518-1] polarssl security update

r polarssl packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8

Accepted polarssl 1.3.9-2.1+deb8u4 (source amd64) into oldstable

Changed-By: Mike Gabriel Description: libpolarssl-dev - lightweight crypto and SSL/TLS library libpolarssl-runtime - lightweight crypto and SSL/TLS library libpolarssl7 - lightweight crypto and SSL/TLS library Changes: polarssl (1.3.9-2.1+deb8u4) jessie-security; urgency=medium . * Non

Re: [SECURITY] [DLA 1635-1] sssd security update

Hi all, On Do 17 Jan 2019 13:34:29 CET, Mike Gabriel wrote: Package: sssd Version: 1.11.7-3+deb8u2 CVE ID : CVE-2019-3811 Debian Bug : 919051 A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root

Accepted libjpeg-turbo 1:1.3.1-12+deb8u1 (source all amd64) into oldstable

Architecture: source all amd64 Version: 1:1.3.1-12+deb8u1 Distribution: jessie-security Urgency: medium Maintainer: Ondřej Surý Changed-By: Mike Gabriel Description: libjpeg-dev - Development files for the JPEG library [dummy package] libjpeg-turbo-progs - Programs for manipulating JPEG files

Accepted sssd 1.11.7-3+deb8u2 (source amd64) into oldstable

-idmap0 libsss-idmap-dev libsss-nss-idmap0 libsss-nss-idmap-dev libsss-sudo python-libipa-hbac python-libsss-nss-idmap python-sss Architecture: source amd64 Version: 1.11.7-3+deb8u2 Distribution: jessie-security Urgency: medium Maintainer: Debian SSSD Team Changed-By: Mike Gabriel Description

[SECURITY] [DLA 1635-1] sssd security update

S security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 ma

  1   2   3   4   >