this case. In the unlikely case that they are
> totally hostile, you have to use your own judgment but I don't expect
> that to happen.
>
Thanks very much for the feedback. I will do as you suggest and request
that upstream review the patches.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
Hi Markus,
On Mon, May 09, 2016 at 05:09:30PM +0200, Markus Koschany wrote:
> Hello Roberto, welcome on board!
>
Thanks!
> Am 08.05.2016 um 05:34 schrieb Roberto C. Sánchez:
> > Hi All,
> >
> > I'm still "in-training" and I thought I would attempt to pre
Hi Antoine,
On Mon, May 09, 2016 at 05:09:30PM +0200, Markus Koschany wrote:
> Hello Roberto, welcome on board!
>
> Am 08.05.2016 um 05:34 schrieb Roberto C. Sánchez:
>
> > I pulled the patch for CVE-2015-4844 from the upstream jdk8u project
> > (based on the commit
ything just yet. ;)
>
That works for me. I'm busy enough that I won't be offended if you
don't get back to me for a few days :-)
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
signature.asc
Description: Digital signature
repository, but
it appears to not have been fixed upstream yet.
I built the package in a wheezy chroot, signed the resulting package,
and uploaded it (along with the debdiff between the prior version and my
updated package) to the above location.
Regards,
-Roberto
--
Roberto C. Sá
he control file is autogenerated).
>
> Thoughts?
>
> If no-one objects, I will upload that soon.
>
It looks good to me.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
signature.asc
Description: Digital signature
here is likely a reasonable difference between files like .bash_history
(which are meant to be used/accessed only by the creating user) and
files which are possibly or likely to be shared amongst a group of
users. This case seems to be of the latter form.
Regards,
-Roberto
--
Roberto C. Sánchez
Package: icu
Version: 4.8.1.1-12+deb7u4
CVE ID : CVE-2015-2632 CVE-2015-4844 CVE-2016-0494
Several security issues have been identified and corrected in ICU, the
International Components for Unicode C and C++ library, in Debian Wheezy.
CVE-2015-2632
Buffer overflow
On Mon, Jun 20, 2016 at 06:57:22AM -0400, Roberto C. Sánchez wrote:
> Hi Markus,
>
> Thanks very much for the feedback. I will do as you suggest and request
> that upstream review the patches.
>
I received a favorable response from upstream, so I have uploaded the
ICU packag
eone else has claimed it first.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
signature.asc
Description: Digital signature
'`.
> : :' : Chris Lamb
> `. `'` la...@debian.org / chris-lamb.co.uk
>`-
>
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
signature.asc
Description: Digital signature
ckages
cause the problems you are seeing. You could look at the packages in
the list and decide if you need to back up the configurations and then
purge them completely.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
signature.asc
Descript
ad. I would appreciate it if someone could review my work
and confirm that I have the next steps correct.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
diff -Nru sqlite3-3.7.13/debian/changelog sqlite3-3.7.13/debian/changelog
--- sqlite3-3.7.13/debi
On Sun, Jul 24, 2016 at 04:26:20PM -0400, Roberto C. Sánchez wrote:
> FYI, I did the last LTS update of ICU earlier this month, so I think I
> will be able to easily prepare another update. I went ahead and claimed
> it in dla-needed.txt, but if the maintainer or someone else would like
AFT**DRAFT**DRAFT**DRAFT**DRAFT**DRAFT**DRAFT**DRAFT**DRAFT*
**
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
signature.asc
Description: Digital signature
the updated package before it gets released.
You can also opt-out from receiving future similar emails in your answer
and then the LTS Team will take care of libevent updates for the LTS
releases.
Thank you very much.
Roberto C. Sánchez,
on behalf of the Debian LTS team.
PS: I have already registered
As I've not received any feedback on the below RFC, I intend to make the
upload in ~12 hours.
Regards,
-Roberto
On Fri, Feb 03, 2017 at 06:57:13PM -0500, Roberto C. Sánchez wrote:
> Greetings all,
>
> I have finished preparing an LTS upload of php5 (5.4.45-0+deb7u7) and
> you
an additional patch, verified fix, and
ensured unit test passed
- CVE-2016-3142, CVE-2016-4342, CVE-2016-9934, CVE-2016-9935,
CVE-2016-10158: integrated/backported upstream fixes, verified
fixes, and ensured unit tests passed
Regards,
-Roberto
--
Roberto C. Sánchez
take it over in dla-needed.txt as well. Best of luck.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
signature.asc
Description: Digital signature
vant, possibly others:
>
> https://bugs.php.net/bug.php?id=70436
>
> https://bugs.php.net/bug.php?id=72681
>
> Has anyone™ had a chance to look at these?
I can commit to taking a look a these in the next day or so.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
to
explain with a bit of detail.
Regards,
-Roberto
--
Roberto C. Sánchez
I actually sent my August report yesterday where I mentioned that this
is nearly complete :-)
I just have to build the package, sign it, and then publish the DLA. I
should be able to get to it in the next day or so.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
com/show_bug.cgi?id=1373462
> NOTE: http://www.openwall.com/lists/oss-security/2016/09/06/2
>
Thanks for the explanation. It looks like someone already annotated
icu, so I will keep this in mind for next time.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
ill.
Regards,
-Roberto
[0] https://wiki.debian.org/LTS/Development
[1] https://security-tracker.debian.org/tracker/
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
ed in a very detailed and methodical way in the
advisory. Later on today I will work on replicating the exploit using
the latest 5.5.52 packages from Ubuntu to confirm that this version in
fact does fix the vulnerability.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
>
Brian,
I have read over what you wrote and I have made some refinements and
added a couple of additional notes based on what I think would have been
helpful to me given my specific experience.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
signature.asc
Description: Digital signature
On Wed, Sep 14, 2016 at 09:07:32AM -0400, Roberto C. Sánchez wrote:
>
> That is not to say that they couldn't have addressed the vulnerabilities
> without contacting David to tell him that they had done say. That said,
> the exploit is explained in a very detailed and me
the package as well?
I don't want to duplicate effort, so I will wait to hear back from you
before doing anything else.
Regards,
-Roberto
--
Roberto C. Sánchez
signature.asc
Description: Digital signature
omeone is registered
> on this update in this file:
> https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup
>
>
> Regards,
>
> --
> ,''`.
> : :' : Chris Lamb
> `. `'` la...@debian.org / chris-lamb.co.uk
>`-
>
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
signature.asc
Description: Digital signature
6:0.8.18-1+deb7u1 would be considered higher than 6:0.8.18-1, the correct
version number to use would be 6:0.8.18-0+deb7u1.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
Regards,
-Roberto
--
Roberto C. Sánchez
signature.asc
Description: Digital signature
ent correctly
I believe that the short answer to your question is, "yes the same issue
occurs in wheezy."
Do you plan to address this issue, or is there something that I can to
do help speed the process along?
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
On Thu, Oct 27, 2016 at 12:35:16PM +0200, Moritz Muehlenhoff wrote:
> On Thu, Oct 27, 2016 at 06:31:43AM -0400, Roberto C. Sánchez wrote:
> > On Thu, Oct 27, 2016 at 08:54:39AM +0200, Moritz Muehlenhoff wrote:
> > >
> > > Salvatore mentioned that the same b
upstream? I guess that with seeing the
evince problem in Jessie with both ghostscript 9.06~dfsg-2+deb8u2 and
9.06~dfsg-2+deb8u3 I wasn't certain that the fault is completely with
ghostscript.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
know if you need help with the regression
test.
> @Roberto: note, +deb8u1 -> +deb8u3 to see the regression, not the
> intermittent +deb8u2.
>
Of course, I was able to confirm it between +deb8u1 and +deb8u3 on
Jessie.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.co
Package: ghostscript
Version: 9.05~dfsg-6.3+deb7u4
Debian Bug : 840691
The update for ghostscript issued as DLA-674-1 caused regressions for
certain Postscript document viewers (evince, zathura). Updated packages
are now available to address this problem. For reference, the
On Thu, Oct 27, 2016 at 11:43:01PM +0200, Francesco Poli wrote:
> On Thu, 27 Oct 2016 18:17:20 +0200 Salvatore Bonaccorso wrote:
>
> [...]
> > On Thu, Oct 27, 2016 at 09:50:02AM -0400, Roberto C. Sánchez wrote:
> > > Is your plan to release this as a -2 regression update t
e original advisory text for the sake of completeness.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
e to contact upstream regarding this issue? Can I help
in any way?
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
signature.asc
Description: Digital signature
ackport the proper fixes.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
Hi Guido,
Thanks for the feedback.
On Mon, Nov 28, 2016 at 08:13:26AM +0100, Guido Günther wrote:
> Hi Roberto,
> On Mon, Nov 28, 2016 at 01:02:38AM -0500, Roberto C. Sánchez wrote:
> > Greetings all,
> >
> > I have prepared an update of ImageMagick that takes the work B
On Mon, Nov 28, 2016 at 01:57:16PM +, Holger Levsen wrote:
> On Mon, Nov 28, 2016 at 06:44:07AM -0500, Roberto C. Sánchez wrote:
> > > If you're asking for code review posting a debdiff to the list might
> > > help people to pick it up.
> > Quite right:
> &
://security-tracker.debian.org/tracker/source-package/imagemagick
[1] http://people.debian.org/~roberto/imagemagick_6.7.7.10-5+deb7u8.dsc
[2]
http://people.debian.org/~roberto/imagemagick_6.7.7.10-5+deb7u8_amd64.changes
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
,
-Roberto
--
Roberto C. Sánchez
-2 regression update to the previous
DSA? I assume that is what you plan to do, but I wanted to confirm to
be certain.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
oduced after
6.7.7.10)
The feedback I am seeking here is:
1. Is my interperation of the applicability of the patch correct?
2. Is what I am proposing the correct way to resolve the issue so that
it no longer appears as vulnerable in the security tracker?
Regards,
-Roberto
--
Roberto C. Sánche
Hi Raphael,
Thanks for the feedback.
On Fri, Oct 28, 2016 at 10:32:06AM +0200, Raphael Hertzog wrote:
> Hi,
>
> On Thu, 27 Oct 2016, Roberto C. Sánchez wrote:
> > https://security-tracker.debian.org/tracker/TEMP-0836171-53B142
> > https://bugs.debian.org/836171
> >
he wheezy packages using the same debdiff,
save for an appropriately tweaked changelog entry, to security-master.
Once your regression announcement is out for the DSA, I will follow-up
with one for the DLA.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
Hi Raphael,
On Fri, Dec 16, 2016 at 11:29:00AM +0100, Raphael Hertzog wrote:
> Hi Roberto,
>
> On Thu, 15 Dec 2016, Roberto C. Sánchez wrote:
> > @@ -1704,7 +1704,7 @@
> > char path[256];
> > char* myPath = path;
> > con
ttp://bugs.icu-project.org/trac/changeset/35699
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
signature.asc
Description: Digital signature
Package: icu
Version: 4.8.1.1-12+deb7u6
CVE ID : CVE-2014-9911 CVE-2016-7415
Debian Bug : 838694
Brief introduction
CVE-2014-9911
Michele Spagnuolo discovered a buffer overflow vulnerability which
might allow remote attackers to cause a denial of service or
;
an upload is forthcoming
Regards,
-Roberto
--
Roberto C. Sánchez
ed positive feedback on the testing, I
will then upload that version of the package and release the DLA.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
Hi Raphael,
On Tue, Nov 29, 2016 at 12:14:10PM +0100, Raphael Hertzog wrote:
> Hi,
>
> On Mon, 28 Nov 2016, Roberto C. Sánchez wrote:
> > Quite right:
> > http://people.debian.org/~roberto/imagemagick_6.7.7.10-5+deb7u7_6.7.7.10-5+deb7u8.diff
>
> Somme comments:
>
On Tue, Nov 29, 2016 at 01:33:54PM +0100, Raphael Hertzog wrote:
> On Tue, 29 Nov 2016, Roberto C. Sánchez wrote:
> > Hi Raphael,
> >
> > On Tue, Nov 29, 2016 at 12:14:10PM +0100, Raphael Hertzog wrote:
> > > Hi,
> > >
> > > On Mon, 28 Nov 201
Package: imagemagick
Version: 8:6.7.7.10-5+deb7u8
CVE ID : CVE-2014-9805 CVE-2014-9806 CVE-2014-9807 CVE-2014-9808
CVE-2014-9809 CVE-2014-9810 CVE-2014-9811 CVE-2014-9812
CVE-2014-9813 CVE-2014-9814 CVE-2014-9815 CVE-2014-9816
* php5: multiple issues
Regards,
-Roberto
--
Roberto C. Sánchez
gt; >> https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup
> >
> >
> > --
> > Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.
>
>
>
> --
> --- Inguza Technology AB --- MSc in Information Technology
> / o...@inguza.comFolkebogatan 26\
> | o...@debian.org 654 68 KARLSTAD|
> | http://inguza.com/Mobile: +46 (0)70-332 1551 |
> \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
> ---
>
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
, I think.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
signature.asc
Description: Digital signature
On Tue, Dec 27, 2016 at 04:38:59PM -0500, Antoine Beaupré wrote:
> On 2016-12-26 18:55:31, Roberto C. Sánchez wrote:
> > All,
> >
> > I recently saw that php5, squid, and squid3 have LTS-specific
> > repositories on git.debian.org. Since imagemagick appears to have a
package, I
feel it prudent to solicit comments and suggestions on this.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
signature.asc
Description: Digital signature
amba-3.6.6/source3/lib
-I.. -D_SAMBA_BUILD_=3 -D_SAMBA_BUILD_=3 -fPIC -c modules/vfs_dirsort.c -o
modules/vfs_dirsort.o
make[2]: *** [modules/vfs_dirsort.o] Error 1
The resolution for this one is not obvious to me. I intend to dig into
it, but if anyone has a suggestion, I welcome it.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
signature.asc
Description: Digital signature
>
> The 3.6 branch was in maintenance mode since 2012-12-11, i.e after 3.6.10.
> So it is probably better to only cherry-pick the fixes and continue
> like Roberto did.
>
OK. I will continue working on integrating the patch from upstream.
> I can help the testing.
>
I will announce when I have packages available for testing.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
Hello.
Samba announced an update a few hours ago to address this problem:
* BUG 12721: Fix regression with "follow symlinks = no".
That appears to correspond to #858564. I am not sure if the fix has any
effect on #858590.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.co
On Fri, Mar 24, 2017 at 04:04:08PM +0100, Moritz Muehlenhoff wrote:
> On Fri, Mar 24, 2017 at 03:55:23PM +0100, Guido Günther wrote:
> > Hi Roberto,
> > On Fri, Mar 24, 2017 at 10:45:44AM -0400, Roberto C. Sánchez wrote:
> > > On Fri, Mar 24, 2017 at 03:16:28PM +01
ail.com>
>
> mail. These should apply more cleanly.
Quite right. I missed that.
The good thing is I am only on patch 6 at this point and I haven't
encountered any difficult failures. I will switch to the patches from
Mathieu.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people
for samba now.
There are 37 individual patches in jessie's CVE-2017-2619.patch, and not
all apply cleanly to 3.6.6 in wheezy. That said, I will wait on
uploading until those bugs are resolved and I have incorportated their
fixes.
Regards,
-Roberto
--
Roberto C. Sánchez
http://peopl
e packages,
and publish the DLA.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
samba_3.6.6-6+deb7u11_3.6.6-6+deb7u12.diff.xz
Description: application/xz
signature.asc
Description: Digital signature
unity to speak up in case there was something I
overlooked.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
signature.asc
Description: Digital signature
--
Roberto C. Sánchez
signature.asc
Description: Digital signature
and tested final package, uploaded, and released advisory
- libevent: Took initial steps on this package until Bálint Réczey spoke
up to say that he was becoming co-maintainer and wanted to perform the
LTS update
Regards,
-Roberto
--
Roberto C. Sánchez
ages could use
some testing as well. I will try to do some testing, but give the scope
of the changes (~850 lines of diff in total) more testing would
certainly be a good thing.
Also, I would appreciate any suggestions/feedback on minimizing the
prereq patch.
Regards,
-Roberto
--
Roberto C. Sánc
uming that you have otherwise built/tested in a wheezy environment).
>
> How do I upload, i.e. to what queue do I dput, and do I use -sa?
>
You can dput to security-master like a normal security update and -sa
would likely get the upload rejected as the .orig.tar.gz is alre
, CVE-2017-12429 (so far; I will
complete the remaining patches as part of my work in August)
Regards,
-Roberto
--
Roberto C. Sánchez
signature.asc
Description: Digital signature
one of you take care of it?
>
>
> Best wishes,
>
> --
> ,''`.
> : :' : Chris Lamb, Debian Project Leader
> `. `'` la...@debian.org / chris-lamb.co.uk
>`-
>
--
Roberto C. Sánchez
signature.asc
Description: Digital signature
gt;
All the open ncurses issues are marked no-dsa for jessie and stretch.
Should we do the same for wheezy?
Regards,
-Roberto
--
Roberto C. Sánchez
signature.asc
Description: Digital signature
Package: tiff3
Version: 3.9.6-11+deb7u7
CVE ID : CVE-2017-9936
Debian Bug : 866113
A vulnerabilitie has been discovered in the libtiff library and the
included tools, which may result in denial of service or the execution
of arbitrary code.
CVE-2017-9936
A
Package: tiff
Version: 4.0.2-6+deb7u15
CVE ID : CVE-2017-9936 CVE-2017-10688
Debian Bug : 866113 866611
Two vulnerabilities have been discovered in the libtiff library and the
included tools, which may result in denial of service or the execution
of arbitrary code.
uldn't be able to guarantee its
> quality.
> I'm also concerned about side effects of installing it.
>
I would also be concerned by that.
> Please advise if there is any better alternative before I continue with
> that.
>
You are almost certainly best served by using the offic
a covert timing channel
(closes: #831902).
-- Laszlo Boszormenyi (GCS) <g...@debian.org> Thu, 21 Jul 2016 15:51:59 +
If you request that whomever provided you those descriptions give you
the accompanying CVE IDs you will be able to confirm that they are in
fact fixed in the currrent openssh in wheezy.
Regards,
-Roberto
--
Roberto C. Sánchez
: prepared update 2.2.22-13+deb7u9, including patches for
CVE-2017-3167, CVE-2017-3169, CVE-2017-7668, and CVE-2017-7679
Regards,
-Roberto
--
Roberto C. Sánchez
signature.asc
Description: Digital signature
ue had to do with Xen and with booting the guest
VMs. All in all, though, a dist-upgrade to a new release is far more
risky than a security update to a small number of packages.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
Package: apache2
Version: 2.2.22-13+deb7u9
CVE ID : CVE-2017-3167 CVE-2017-3169 CVE-2017-7668 CVE-2017-7679
Several vulnerabilities have been found in the Apache HTTPD server.
CVE-2017-3167
Emmanuel Dreyfus reported that the use of ap_get_basic_auth_pw() by
On Tue, Jun 27, 2017 at 10:17:46AM -0400, Antoine Beaupré wrote:
> On 2017-06-25 16:56:46, Roberto C. Sánchez wrote:
> > Hi all,
> >
> > I have prepared an update for apache2 and I would like to request some
> > testing. The packages are here:
> >
>
his.
>
Yeah, that seems an odd thing to do on such an old branch.
> but then any Apache release is... a patchy release. ;)
>
> *rimshot*
>
For some reason, that is still funny to me after many years.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~robe
ill OK to use verbatim text from a DSA in a DLA? It seems like
that should be OK, and it is something I do sometimes, as the DSAs are
frequently published first and I feel like sharing the same summary text
regarding a particular vulnerability keeps everything consistent.
--
Roberto C. Sánchez
On Tue, Aug 08, 2017 at 10:53:22AM -0300, Guido Günther wrote:
> Hi,
> On Mon, Aug 07, 2017 at 03:47:41PM -0400, Roberto C. Sánchez wrote:
> > On Mon, Aug 07, 2017 at 04:36:40PM -0300, Guido Günther wrote:
> > > Hi,
> > > On Mon, Aug 07, 2017 at 08:13:24PM +
On Mon, Aug 07, 2017 at 04:36:40PM -0300, Guido Günther wrote:
> Hi,
> On Mon, Aug 07, 2017 at 08:13:24PM +0200, Sébastien Delafond wrote:
> > On Aug/07, Roberto C. Sánchez wrote:
> > > Would there be a willingness to allow remote participation via
> > > laptop+webc
ching
schedule). However, I had to cancel my plans several weeks ago so I am
not there in Montreal. Would there be a willingness to allow remote
participation via laptop+webcam?
Regards,
-Roberto
--
Roberto C. Sánchez
Thorsten with investigation
of test failure
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
signature.asc
Description: Digital signature
ill updated dla-needed.txt
with my findings so far.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
Package: imagemagick
Version: 8:6.7.7.10-5+deb7u15
CVE ID : CVE-2017-9261 CVE-2017-9262 CVE-2017-9405 CVE-2017-9407
CVE-2017-9409 CVE-2017-9439 CVE-2017-9500 CVE-2017-9501
Debian Bug : 863833 863834 864087 864089 864090 864274
This update fixes
am asking for
some additional testing.
Unless I receive reports of problems with the packages I have prepared,
I intend to upload them in one week.
Regards,
-Roberto
--
Roberto C. Sánchez
signature.asc
Description: Digital signature
/~roberto/imagemagick_6.7.7.10-5+deb7u14_amd64.changes
I will wait until Saturday before making an upload. If no problems are
reported before then, I will upload the packages as they currently are.
Regards,
-Roberto
--
Roberto C. Sánchez
signature.asc
Description: Digital signature
On Tue, May 23, 2017 at 10:31:30PM -0400, Roberto C. Sánchez wrote:
> Hi all,
>
> I have prepared version 6.7.7.10-5+deb7u14 of imagemagick. The update
> includes a total of 32 patches. I would appreciate it if those who use
> imagemagick heavily could test these packages and re
,
-Roberto
--
Roberto C. Sánchez
signature.asc
Description: Digital signature
which did not necessarily have assigned CVE IDs)
Regards,
-Roberto
--
Roberto C. Sánchez
signature.asc
Description: Digital signature
Package: tiff3
Version: 3.9.6-11+deb7u8
CVE ID : CVE-2017-11335
Debian Bug : 868513
A heap based buffer overflow has been discovered in the tiff2pdf
utility, part of the Tag Image File Format (TIFF) library.
A PlanarConfig=Contig image can cause an out-of-bounds write
Package: tiff
Version: 4.0.2-6+deb7u16
CVE ID : CVE-2017-11335 CVE-2017-12944 CVE-2017-13726 CVE-2017-13727
Debian Bug : 868513 872607 873880 873879
Several vulnerabilities have been discovered in the Tag Image File
Format (TIFF) library and its associated tools.
Package: imagemagick
Version: 6.7.7.10-5+deb7u16
CVE ID : CVE-2017-8352 CVE-2017-9144 CVE-2017-9501 CVE-2017-10928
CVE-2017-10995 CVE-2017-11141 CVE-2017-11170 CVE-2017-11188
CVE-2017-11352 CVE-2017-11360 CVE-2017-11446 CVE-2017-11448
1 - 100 of 506 matches
Mail list logo
