In August 2023 I've worked on the below listed packages for Freexian
LTS/ELTS [1].
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
ELTS:
- amd64-microcode
- Release DLA-3511-1 with a new upstream version.
I have also participated in the (E)LTS meeting, helped co
In July 2023 I've worked on the below listed packages for Freexian
LTS/ELTS [1].
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS:
- amd64-microcode
- Release DLA-3511-1 with a new upstream version.
ELTS:
- python-reportlab
- triaged CVE-2023-33733 (no upd
* Salvatore Bonaccorso [2018-01-10 22:19]:
yes, if you fixed along as well CVE-2014-0350 but missed it in the
initial passing to bin/gen-* then you can add the CVE manually to
data/DLA/list to the respective entry (done so just a second ago).
Thanks!
And thanks a lot to Chris for being demand
* Chris Lamb [2018-01-10 21:25]:
Assuming you mean a DLA (!), yes please do so. If you are unsure of
the process, I can go ahead and handle that and the changes to the
security-tracker - it can be a little fiddly. :)
Done.
You would also remove the entry in data/dla-needed.txt
bin/gen-DLA
* Chris Lamb [2018-01-10 07:41]:
How are you getting on, Jochen? Please let me know what you need
from us.
I uploaded a new version (including the fix for CVE-2014-0350) to wheezy
and it was accepted.
- Should I send out the DSA already?
- Is it enough to add CVE-2014-0350 to security-trac
Hi Chris,
* Chris Lamb [2018-01-09 05:39]:
Any update on this? :)
I'm still unsure if adding isValidPath() is a ABI break:
++ static bool isValidPath(const std::string& path);
https://anonscm.debian.org/cgit/collab-maint/poco.git/commit/?h=wheezy/CVE-2017-1000472&id=b131b35b6a4a8477665
Hi Chris,
* Chris Lamb [2018-01-06 09:30]:
The Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of poco:
https://security-tracker.debian.org/tracker/source-package/poco
I've pushed a backported and tested version of the patch here:
https://