Bug#907723: link package versions on security-tracker to source packages

2018-08-31 Thread Mike Gabriel
-2018-10873 -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de pgpJ0yLem6HwV.pgp Description

Re: [SECURITY] [DLA 1488-1 (invalid)] spice security update

2018-08-31 Thread Mike Gabriel
Dear all, On Fr 31 Aug 2018 23:30:53 CEST, Mike Gabriel wrote: Package: spice Version: 0.12.5-1+deb8u6 CVE ID : CVE-2018-10873 Debian Bug : #906315 A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling

[SECURITY] [DLA 1486-1] spice security update

2018-08-31 Thread Mike Gabriel
n be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net signature.asc Description: PGP signature

[SECURITY] [DLA 1489-1] spice-gtk security update

2018-08-31 Thread Mike Gabriel
ow to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sun

Accepted spice-gtk 0.25-1+deb8u1 (source amd64) into oldstable

2018-08-31 Thread Mike Gabriel
-spice-client-gtk-2.0 libspice-client-gtk-2.0-dev libspice-client-gtk-3.0-4 gir1.2-spice-client-gtk-3.0 libspice-client-gtk-3.0-dev python-spice-client-gtk Architecture: source amd64 Version: 0.25-1+deb8u1 Distribution: jessie-security Urgency: medium Maintainer: Liang Guo Changed-By: Mike Gabriel

Re: Wheezy update of smarty3?

2018-01-18 Thread Mike Gabriel
ike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de diff -Nru smarty3-3.1.21/debian/change

[SECURITY] [DLA 1562-1] poppler security update

2018-10-31 Thread Mike Gabriel
updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net

Accepted poppler 0.26.5-2+deb8u5 (source amd64 all) into oldstable

2018-11-01 Thread Mike Gabriel
libpoppler-qt5-1 libpoppler-qt5-dev libpoppler-cpp0 libpoppler-cpp-dev poppler-utils poppler-dbg Architecture: source amd64 all Version: 0.26.5-2+deb8u5 Distribution: jessie-security Urgency: medium Maintainer: Loic Minier Changed-By: Mike Gabriel Description: gir1.2-poppler-0.18 - GObject introspection

Re: poppler: CVE-2018-16646 denial-of-service via crafted file

2018-11-08 Thread Mike Gabriel
.debdiff). @Moritz: do you see any reason for holding it back at this moment? Thanks+Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail

[SECURITY] [DLA 1518-1] polarssl security update

2018-09-25 Thread Mike Gabriel
r polarssl packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8

Accepted polarssl 1.3.9-2.1+deb8u4 (source amd64) into oldstable

2018-09-25 Thread Mike Gabriel
Changed-By: Mike Gabriel Description: libpolarssl-dev - lightweight crypto and SSL/TLS library libpolarssl-runtime - lightweight crypto and SSL/TLS library libpolarssl7 - lightweight crypto and SSL/TLS library Changes: polarssl (1.3.9-2.1+deb8u4) jessie-security; urgency=medium . * Non

Re: [SECURITY] [DLA 1635-1] sssd security update

2019-01-18 Thread Mike Gabriel
Hi all, On Do 17 Jan 2019 13:34:29 CET, Mike Gabriel wrote: Package: sssd Version: 1.11.7-3+deb8u2 CVE ID : CVE-2019-3811 Debian Bug : 919051 A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root

Accepted libjpeg-turbo 1:1.3.1-12+deb8u1 (source all amd64) into oldstable

2019-01-22 Thread Mike Gabriel
Architecture: source all amd64 Version: 1:1.3.1-12+deb8u1 Distribution: jessie-security Urgency: medium Maintainer: Ondřej Surý Changed-By: Mike Gabriel Description: libjpeg-dev - Development files for the JPEG library [dummy package] libjpeg-turbo-progs - Programs for manipulating JPEG files

Accepted sssd 1.11.7-3+deb8u2 (source amd64) into oldstable

2019-01-17 Thread Mike Gabriel
-idmap0 libsss-idmap-dev libsss-nss-idmap0 libsss-nss-idmap-dev libsss-sudo python-libipa-hbac python-libsss-nss-idmap python-sss Architecture: source amd64 Version: 1.11.7-3+deb8u2 Distribution: jessie-security Urgency: medium Maintainer: Debian SSSD Team Changed-By: Mike Gabriel Description

[SECURITY] [DLA 1635-1] sssd security update

2019-01-17 Thread Mike Gabriel
S security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 ma

Accepted poppler 0.26.5-2+deb8u7 (source amd64 all) into oldstable

2018-12-12 Thread Mike Gabriel
libpoppler-qt5-1 libpoppler-qt5-dev libpoppler-cpp0 libpoppler-cpp-dev poppler-utils poppler-dbg Architecture: source amd64 all Version: 0.26.5-2+deb8u7 Distribution: jessie-security Urgency: medium Maintainer: Loic Minier Changed-By: Mike Gabriel Description: gir1.2-poppler-0.18 - GObject introspection

Re: poppler: CVE-2018-16646 denial-of-service via crafted file

2018-12-12 Thread Mike Gabriel
Hi Moritz, On Mi 12 Dez 2018 11:46:32 CET, Moritz Mühlenhoff wrote: On Thu, Nov 08, 2018 at 10:51:37AM +, Mike Gabriel wrote: Hi Moritz, On Di 06 Nov 2018 17:14:35 CET, Moritz Mühlenhoff wrote: > On Fri, Sep 28, 2018 at 08:32:25PM +0200, Markus Koschany wrote: > > Package

Re: Addressing FreeRDP security issues in Debian jessie (and stretch)

2018-12-12 Thread Mike Gabriel
Hi Moritz, On Di 11 Dez 2018 22:15:33 CET, Moritz Mühlenhoff wrote: On Tue, Dec 11, 2018 at 04:42:17PM +, Mike Gabriel wrote: From my understanding the potential remote code executions that are mentioned in the CVE descriptions are triggered by a malign server and the code executions

Re: Addressing FreeRDP security issues in Debian jessie (and stretch)

2018-12-11 Thread Mike Gabriel
Hi Moritz, On Mo 10 Dez 2018 22:30:34 CET, Moritz Mühlenhoff wrote: On Mon, Dec 10, 2018 at 05:44:51PM +, Mike Gabriel wrote: Hi, I'd like to discuss the possible pathways for getting FreeRDP fixed in Debian jessie LTS (and Debian stretch, too). debian-security@ldo is not the proper

Re: Addressing FreeRDP security issues in Debian jessie (and stretch)

2018-12-12 Thread Mike Gabriel
Hi Moritz, On Wednesday, 12 December 2018, Moritz Mühlenhoff wrote: > On Wed, Dec 12, 2018 at 03:46:10PM +0000, Mike Gabriel wrote: > > Hi Moritz, > > > > On Di 11 Dez 2018 22:15:33 CET, Moritz Mühlenhoff wrote: > > > > > On Tue, Dec 11, 2018 at

Addressing FreeRDP security issues in Debian jessie (and stretch)

2018-12-10 Thread Mike Gabriel
? If so, please share yours. The FreeRDP v1.1 backporting work (8-10 hours) would have to be outsourced to ThinCast in Austria (where most FreeRDP upstream devs work these days). Looking forward to your ideas and comments, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby mobile

Accepted libav 6:11.12-1~deb8u2 (source all amd64) into oldstable

2018-12-20 Thread Mike Gabriel
libavfilter-dev libswscale-dev libavresample-dev libavresample2 libavcodec-extra-56 libavcodec-extra Architecture: source all amd64 Version: 6:11.12-1~deb8u2 Distribution: jessie-security Urgency: medium Maintainer: Debian Multimedia Maintainers Changed-By: Mike Gabriel Description: libav-dbg

Bug#916912: [pre-approval] stretch-pu: package freerdp/1.1.0~git20140921.1.440916e+dfsg1-13+deb9u3

2018-12-20 Thread Mike Gabriel
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Dear Debian stretch Release Team, in Debian LTS, we are currently discussing a complex update of the freerdp (v1.1) package. The current status is this: * since March 2018

[SECURITY] [DLA 1611-1] libav security update

2018-12-20 Thread Mike Gabriel
debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net signature.asc Description: PGP signature

Accepted libav 6:11.12-1~deb8u3 (source all amd64) into oldstable

2018-12-20 Thread Mike Gabriel
libavfilter-dev libswscale-dev libavresample-dev libavresample2 libavcodec-extra-56 libavcodec-extra Architecture: source all amd64 Version: 6:11.12-1~deb8u3 Distribution: jessie-security Urgency: medium Maintainer: Debian Multimedia Maintainers Changed-By: Mike Gabriel Description: libav-dbg

[SECURITY] [DLA 1611-2] libav security update

2018-12-20 Thread Mike Gabriel
Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 ma

Accepted sqlite3 3.8.7.1-1+deb8u3 (source all amd64) into oldstable

2018-12-21 Thread Mike Gabriel
Urgency: medium Maintainer: Laszlo Boszormenyi (GCS) Changed-By: Mike Gabriel Description: lemon - LALR(1) Parser Generator for C or C++ libsqlite3-0 - SQLite 3 shared library libsqlite3-0-dbg - SQLite 3 debugging symbols libsqlite3-dev - SQLite 3 development files libsqlite3-tcl - SQLite

[SECURITY] [DLA 1613-1] sqlite3 security update

2018-12-21 Thread Mike Gabriel
urity advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@deb

[SECURITY] [DLA 1562-3] poppler regression update

2018-12-14 Thread Mike Gabriel
se updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunw

[SECURITY] [DLA 1562-2] poppler security update

2018-11-30 Thread Mike Gabriel
n be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net signature.asc Description: PGP signature

[libav LTS triaging] Re: Resource for PoCs found

2018-12-05 Thread Mike Gabriel
Hi again, hi Markus, On Do 06 Dez 2018 08:17:29 CET, Mike Gabriel wrote: Hi, today, I stumbled over a Git repo on Github containing many proof of contents for various open/closed CVEs: https://github.com/asarubbo/poc/ Probably, some of us already know that repo, but I thought, I'd

Resource for PoCs found

2018-12-05 Thread Mike Gabriel
Hi, today, I stumbled over a Git repo on Github containing many proof of contents for various open/closed CVEs: https://github.com/asarubbo/poc/ Probably, some of us already know that repo, but I thought, I'd share it anyway. Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7

not many tasks in dla-needed.txt, is extra CVE triaging required

2018-11-29 Thread Mike Gabriel
ke -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de pgpAWgjzCw_8b.pgp Description: Di

Re: unclaiming packages claimed for 3 weeks or more

2018-11-27 Thread Mike Gabriel
Hi Holger, On Mo 26 Nov 2018 21:42:15 CET, Holger Levsen wrote: so I just ran "./bin/review-update-needed --lts --unclaim 3w" again and it would unclaim src:salt from Mike Gabriel, as Mike has claimed it more than 3 weeks ago and has not stated anything in a note in data/dla-needed.

Accepted poppler 0.26.5-2+deb8u6 (source amd64 all) into oldstable

2018-11-28 Thread Mike Gabriel
libpoppler-qt5-1 libpoppler-qt5-dev libpoppler-cpp0 libpoppler-cpp-dev poppler-utils poppler-dbg Architecture: source amd64 all Version: 0.26.5-2+deb8u6 Distribution: jessie-security Urgency: medium Maintainer: Loic Minier Changed-By: Mike Gabriel Description: gir1.2-poppler-0.18 - GObject introspection

Please test FreeRDP v1.1 upload candidates (jessie + stretch)

2019-01-11 Thread Mike Gabriel
Hi all, for those who don't read Planet Debian, here my request to test proposed updates for FreeRDP in jessie + stretch: https://sunweavers.net/blog/node/81 light+love, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139

Re: Possible regression/problem with libssh2 update

2019-04-02 Thread Mike Gabriel
revision of the jessie package and will test later today with the PHP example given in #924965 msg-23. (Now, I need to run to an appointment). http://packages.sunweavers.net/debian/pool/main/libs/libssh2/ Greets, Mike -- DAS-NETZWERKTEAM c\o Technik- und Ökologiezentrum Eckernförde Mike

[SECURITY] [DLA 1730-2] libssh2 regression update

2019-04-02 Thread Mike Gabriel
frequently asked questions can be found at: https://wiki.debian.org/LTS [1] https://github.com/libssh2/libssh2/pull/327 -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian

Accepted libssh2 1.4.3-4.1+deb8u3 (source amd64) into oldstable

2019-04-02 Thread Mike Gabriel
-By: Mike Gabriel Description: libssh2-1 - SSH2 client-side library libssh2-1-dbg - SSH2 client-side library (debug package) libssh2-1-dev - SSH2 client-side library (development headers) Changes: libssh2 (1.4.3-4.1+deb8u3) jessie-security; urgency=medium . * CVE-2019-3859: Regression fix

[SECURITY] [DLA 1730-1] libssh2 security update

2019-03-26 Thread Mike Gabriel
tion about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30

Accepted libssh2 1.4.3-4.1+deb8u2 (source amd64) into oldstable

2019-03-26 Thread Mike Gabriel
-By: Mike Gabriel Description: libssh2-1 - SSH2 client-side library libssh2-1-dbg - SSH2 client-side library (debug package) libssh2-1-dev - SSH2 client-side library (development headers) Closes: 924965 Changes: libssh2 (1.4.3-4.1+deb8u2) jessie-security; urgency=medium . * Non-maintainer

Accepted openssh 1:6.7p1-5+deb8u8 (source amd64 all) into oldstable

2019-03-25 Thread Mike Gabriel
+deb8u8 Distribution: jessie-security Urgency: medium Maintainer: Debian OpenSSH Maintainers Changed-By: Mike Gabriel Description: openssh-client - secure shell (SSH) client, for secure access to remote machines openssh-client-udeb - secure shell client for the Debian installer (udeb) openssh

[SECURITY] [DLA 1728-1] openssh security update

2019-03-25 Thread Mike Gabriel
questions can be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net signature.asc Description: PGP signature

Accepted libav 6:11.12-1~deb8u6 (source all amd64) into oldstable

2019-03-30 Thread Mike Gabriel
libavfilter-dev libswscale-dev libavresample-dev libavresample2 libavcodec-extra-56 libavcodec-extra Architecture: source all amd64 Version: 6:11.12-1~deb8u6 Distribution: jessie-security Urgency: medium Maintainer: Debian Multimedia Maintainers Changed-By: Mike Gabriel Description: libav-dbg

[SECURITY] [DLA 1740-1] libav security update

2019-03-30 Thread Mike Gabriel
w to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian

w-i-p status for upcoming openssh upload to jessie LTS

2019-02-28 Thread Mike Gabriel
-i-p .debdiff to document work done on the jessie LTS upload proposal, but uploading does not make sense before CVE-2019-6111 receives a better fix. Greets, Mike -- DAS-NETZWERKTEAM c\o Technik- und Ökologiezentrum Eckernförde Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde mobile: +49

Re: Bug#923486: CVE-2019-6111 not fixed, file transfer of unwanted files by malicious SSH server still possible

2019-03-08 Thread Mike Gabriel
=3d896c157c722bc47adca51a58dca859225b5874 -- mike gabriel aka sunweaver (Debian Developer) mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net diff -Nru openssh-6.7p1/debian/changelog openssh-6.7p1

[SECURITY] [DLA 1723-1] cron security update

2019-03-21 Thread Mike Gabriel
eb8u2. We recommend that you upgrade your cron packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976

Accepted cron 3.0pl1-127+deb8u2 (source amd64) into oldstable

2019-03-21 Thread Mike Gabriel
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 21 Mar 2019 20:43:10 +0100 Source: cron Binary: cron Architecture: source amd64 Version: 3.0pl1-127+deb8u2 Distribution: jessie-security Urgency: medium Maintainer: Javier Fernández-Sanguino Peña Changed-By: Mike Gabriel

Re: Jessie update of cron?

2019-03-21 Thread Mike Gabriel
. @@ -149,7 +150,10 @@ +(CVE-2017-9525) + * Add d/NEWS altering to the new 1000 lines limit. + -+ -- Christian Kastner Sun, 17 Mar 2019 14:12:24 +0100 ++ [ Mike Gabriel ] ++ * debian/NEWS: Fix from unstable to jessie-security. ++ ++ -- Mike Gabriel Thu, 21 Mar 2019 20:43:10 +0100 + cron

Re: DLA-1654-1 libav missing?

2019-02-06 Thread Mike Gabriel
advisories. Yu'll be happy to know that with the current patchset, this is the only older advisory missing until the 2018 gap due to the mailing list crash. :) See also: https://salsa.debian.org/webmaster-team/webwml/merge_requests/53 A. Nice! Mike -- mike gabriel aka sunweaver (Debian

[SECURITY] [DLA 1654-1] libav security update

2019-02-06 Thread Mike Gabriel
er information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6

[SECURITY] [DLA 1666-1] freerdp security update

2019-02-09 Thread Mike Gabriel
Package: freerdp Version: 1.1.0~git20140921.1.440916e+dfsg1-13~deb8u3 CVE ID : CVE-2018-8786 CVE-2018-8787 CVE-2018-8788 CVE-2018-8789 Debian Bug : For the FreeRDP version in Debian jessie LTS a security and functionality update has recently been provided. FreeRDP is

Accepted freerdp 1.1.0~git20140921.1.440916e+dfsg1-13~deb8u3 (source amd64) into oldstable

2019-02-06 Thread Mike Gabriel
~deb8u3 Distribution: jessie-security Urgency: medium Maintainer: Debian Remote Maintainers Changed-By: Mike Gabriel Description: freerdp-x11 - RDP client for Windows Terminal Services (X11 client) freerdp-x11-dbg - RDP client for Windows Terminal Services (X11 client, debug symbo libfreerdp

[SECURITY] [DLA 1754-1] samba security update

2019-04-09 Thread Mike Gabriel
our system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net sig

[SECURITY] [DLA 1752-1] poppler security update

2019-04-08 Thread Mike Gabriel
at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net signature.asc Description: PGP signature

Accepted poppler 0.26.5-2+deb8u9 (source amd64 all) into oldstable

2019-04-08 Thread Mike Gabriel
libpoppler-qt5-1 libpoppler-qt5-dev libpoppler-cpp0 libpoppler-cpp-dev poppler-utils poppler-dbg Architecture: source amd64 all Version: 0.26.5-2+deb8u9 Distribution: jessie-security Urgency: medium Maintainer: Loic Minier Changed-By: Mike Gabriel Description: gir1.2-poppler-0.18 - GObject introspection

Re: Wheezy/ELTS samba update broken for i386 arch

2019-04-12 Thread Mike Gabriel
the i386 binaries. Thanks for doing this. Mike -- mike gabriel aka sunweaver (Debian Developer) mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net pgpyfIAcod_l6.pgp

Jessie update of cron?

2019-03-15 Thread Mike Gabriel
package before it gets released. You can also opt-out from receiving future similar emails in your answer and then the LTS Team will take care of cron updates for the LTS releases. Thank you very much. Mike Gabriel, on behalf of the Debian LTS team. PS: A member of the LTS team might start

Jessie update of otrs2?

2019-03-15 Thread Mike Gabriel
package before it gets released. You can also opt-out from receiving future similar emails in your answer and then the LTS Team will take care of otrs2 updates for the LTS releases. Thank you very much. Mike Gabriel, on behalf of the Debian LTS team. PS: A member of the LTS team might start

Jessie update of glib2.0?

2019-03-15 Thread Mike Gabriel
the updated package before it gets released. You can also opt-out from receiving future similar emails in your answer and then the LTS Team will take care of glib2.0 updates for the LTS releases. Thank you very much. Mike Gabriel, on behalf of the Debian LTS team. PS: A member of the LTS team might

Re: Jessie update of cron?

2019-03-15 Thread Mike Gabriel
over the wheezy cron pkg, too. After my internal openssh woes (which I still need to look into, in fact), I could need some easy to fix package. Thanks for noticing. Please ack that the take over is ok. Thanks! Mike -- mike gabriel aka sunweaver (Debian Developer) mobile: +49 (1520) 1976 148

Re: sqlalchemy security fix available for testing

2019-03-15 Thread Mike Gabriel
arrived in jessie-security, so that one of the paid contributors can handle the DLAnnouncement. Thanks! Mike -- DAS-NETZWERKTEAM c\o Technik- und Ökologiezentrum Eckernförde Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139 GnuPG

Re: Jessie update of cron?

2019-03-15 Thread Mike Gabriel
Hi Christian, On Fr 15 Mär 2019 15:11:11 CET, Christian Kastner wrote: Hi Mike, On 2019-03-15 14:52, Mike Gabriel wrote: Dear maintainer(s), The Debian LTS team would like to fix the security issues which are currently open in the Jessie version of cron: https://security-tracker.debian.org

Re: sqlalchemy security fix available for testing

2019-03-15 Thread Mike Gabriel
Hi Sylvain, On Fr 15 Mär 2019 15:35:07 CET, Mike Gabriel wrote: HI Sylvain, On Di 12 Mär 2019 15:17:01 CET, Sylvain Beucler wrote: Hi, I made a fix for sqlalchemy available for testing (CVE-2019-7164/7548): https://people.debian.org/~beuc/lts/sqlalchemy/ Upstream author Mike Bayer warns

Re: RFT and RFC: Updates for evolution{,-data-server}

2019-04-24 Thread Mike Gabriel
"signature spoofing". This means that evolution-data-server is unaffected and only evolution needs to be fixed. Your choice of priority sounds good to me. Mike -- DAS-NETZWERKTEAM c\o Technik- und Ökologiezentrum Eckernförde Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde mobile: +49

Accepted systemd 215-17+deb8u12 (source amd64) into oldstable

2019-04-24 Thread Mike Gabriel
systemd Maintainers Changed-By: Mike Gabriel Description: gir1.2-gudev-1.0 - libgudev-1.0 introspection data libgudev-1.0-0 - GObject-based wrapper library for libudev libgudev-1.0-dev - libgudev-1.0 development files libpam-systemd - system and service manager - PAM module libsystemd-daemon

[SECURITY] [DLA 1762-1] systemd security update

2019-04-24 Thread Mike Gabriel
ur system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net signature.asc Description: PGP signature

Accepted samba 2:4.2.14+dfsg-0+deb8u12 (source amd64 all) into oldstable

2019-04-09 Thread Mike Gabriel
-modules libpam-smbpass libsmbclient libsmbclient-dev winbind libpam-winbind libnss-winbind samba-dbg libwbclient0 libwbclient-dev ctdb Architecture: source amd64 all Version: 2:4.2.14+dfsg-0+deb8u12 Distribution: jessie-security Urgency: medium Maintainer: Debian Samba Maintainers Changed-By: Mike

Re: systemd/jessie: Problems with postgresql-9.4 after upgrade (215-17+deb8u11 => 215-17+deb8u12)

2019-04-25 Thread Mike Gabriel
Hi Sedat, On Do 25 Apr 2019 09:55:43 CEST, Sedat Dilek wrote: On Thu, Apr 25, 2019 at 9:51 AM Mike Gabriel wrote: Hi Sedat, (Cc:-ing debian-lts mailing list) On Do 25 Apr 2019 09:07:40 CEST, Sedat Dilek wrote: > Hi, > > we have upgraded systemd on some of our Debian/jessi

Re: systemd/jessie: Problems with postgresql-9.4 after upgrade (215-17+deb8u11 => 215-17+deb8u12)

2019-04-25 Thread Mike Gabriel
,3 +1,12 @@ +systemd (215-17+deb8u12) jessie-security; urgency=medium + + * Non-maintainer upload by the LTS team. + * CVE-2017-18078: tmpfiles: refuse to chown()/chmod() files which are +hardlinked, unless protected_hardlinks sysctl is on. + * CVE-2019-3842: pam-systemd: use secure_getenv() rat

Re: systemd/jessie: Problems with postgresql-9.4 after upgrade (215-17+deb8u11 => 215-17+deb8u12)

2019-04-25 Thread Mike Gabriel
Hi, On Do 25 Apr 2019 09:55:43 CEST, Sedat Dilek wrote: On Thu, Apr 25, 2019 at 9:51 AM Mike Gabriel wrote: Hi Sedat, (Cc:-ing debian-lts mailing list) On Do 25 Apr 2019 09:07:40 CEST, Sedat Dilek wrote: > Hi, > > we have upgraded systemd on some of our Debian/jessie systems:

Accepted systemd 215-17+deb8u13 (source amd64) into oldstable

2019-04-25 Thread Mike Gabriel
systemd Maintainers Changed-By: Mike Gabriel Description: gir1.2-gudev-1.0 - libgudev-1.0 introspection data libgudev-1.0-0 - GObject-based wrapper library for libudev libgudev-1.0-dev - libgudev-1.0 development files libpam-systemd - system and service manager - PAM module libsystemd-daemon

[SECURITY] [DLA 1762-2] systemd regression update

2019-04-26 Thread Mike Gabriel
in version 215-17+deb8u13. We recommend that you upgrade your systemd packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian

Accepted 389-ds-base 1.3.3.5-4+deb8u6 (source all amd64) into oldstable

2019-05-06 Thread Mike Gabriel
-security Urgency: medium Maintainer: Debian 389ds Team Changed-By: Mike Gabriel Description: 389-ds - 389 Directory Server suite - metapackage 389-ds-base - 389 Directory Server suite - server 389-ds-base-dbg - 389 Directory Server suite - server debugging symbols 389-ds-base-dev - 389

[SECURITY] [DLA 1779-1] 389-ds-base security update

2019-05-06 Thread Mike Gabriel
at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net signature.asc Description: PGP signature

Re: [SECURITY] [DLA 1762-1] systemd security update

2019-04-26 Thread Mike Gabriel
Hi, On Friday, 26 April 2019, Klimov, Evgeny wrote: > Hello Mike, and a good day to you. > > Our project uses Debian (Jessie so far) as the platform, and since > yesterday’s rebuilds with the updated systemd packages (systemd > 215-17+deb8u12), our working directories created via tmpfiles are

Accepted qt4-x11 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2 (source amd64 all) into oldstable

2019-05-12 Thread Mike Gabriel
-By: Mike Gabriel Description: libqt4-assistant - transitional package for Qt 4 assistant module libqt4-core - transitional package for Qt 4 core non-GUI runtime libraries libqt4-dbg - Qt 4 library debugging symbols libqt4-dbus - Qt 4 D-Bus module libqt4-declarative - Qt 4 Declarative module libqt4

[SECURITY] [DLA 1786-1] qt4-x11 security update

2019-05-13 Thread Mike Gabriel
d that you upgrade your qt4-x11 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG F

Accepted doxygen 1.8.8-5+deb8u1 (source amd64 all) into oldstable

2019-05-31 Thread Mike Gabriel
: Matthias Klose Changed-By: Mike Gabriel Description: doxygen- Documentation system for C, C++, Java, Python and other languages doxygen-dbg - Debug symbols for doxygen doxygen-doc - Documentation for doxygen doxygen-gui - GUI configuration tool for doxygen doxygen-latex - Documentation system

[SECURITY] [DLA 1812-1] doxygen security update

2019-05-31 Thread Mike Gabriel
in version 1.8.8-5+deb8u1. We recommend that you upgrade your doxygen packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Deve

[SECURITY] [DLA 1809-1] libav security update

2019-05-29 Thread Mike Gabriel
es to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net sig

Re: Jessie update of simplesamlphp?

2019-05-29 Thread Mike Gabriel
Hi again, On Mi 29 Mai 2019 12:16:56 CEST, Mike Gabriel wrote: [...] I will remove the package from dla-needed.txt again for now. I just saw that Chris Lamb already did that earlier. Mike -- mike gabriel aka sunweaver (Debian Developer) mobile: +49 (1520) 1976 148 landline: +49 (4354

Re: Jessie update of simplesamlphp?

2019-05-29 Thread Mike Gabriel
HI Thijs, On Di 28 Mai 2019 18:17:39 CEST, Thijs Kinkhorst wrote: On Tue, May 28, 2019 16:01, Chris Lamb wrote: Mike Gabriel wrote: The Debian LTS team would like to fix the security issues which are currently open in the Jessie version of simplesamlphp: Which CVE is/was this for? I am

Triaging request for golang-go.crypto

2019-05-29 Thread Mike Gabriel
-- mike gabriel aka sunweaver (Debian Developer) mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net pgpCaKfls6qSi.pgp Description: Digitale PGP-Signatur

Accepted libav 6:11.12-1~deb8u7 (source all amd64) into oldstable

2019-05-29 Thread Mike Gabriel
libavfilter-dev libswscale-dev libavresample-dev libavresample2 libavcodec-extra-56 libavcodec-extra Architecture: source all amd64 Version: 6:11.12-1~deb8u7 Distribution: jessie-security Urgency: medium Maintainer: Debian Multimedia Maintainers Changed-By: Mike Gabriel Description: libav-dbg

Jessie update of mupdf?

2019-05-28 Thread Mike Gabriel
the updated package before it gets released. You can also opt-out from receiving future similar emails in your answer and then the LTS Team will take care of mupdf updates for the LTS releases. Thank you very much. Mike Gabriel, on behalf of the Debian LTS team. PS: A member of the LTS team might

Jessie update of libspring-java?

2019-05-28 Thread Mike Gabriel
va updates for the LTS releases. Thank you very much. Mike Gabriel, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https://salsa.debian.org/security-tr

Jessie update of miniupnpd?

2019-05-28 Thread Mike Gabriel
and/or test the updated package before it gets released. You can also opt-out from receiving future similar emails in your answer and then the LTS Team will take care of miniupnpd updates for the LTS releases. Thank you very much. Mike Gabriel, on behalf of the Debian LTS team. PS: A member of the LTS

Jessie update of simplesamlphp?

2019-05-28 Thread Mike Gabriel
and/or test the updated package before it gets released. You can also opt-out from receiving future similar emails in your answer and then the LTS Team will take care of simplesamlphp updates for the LTS releases. Thank you very much. Mike Gabriel, on behalf of the Debian LTS team. PS

<    1   2