On 31.03.24 15:51, Sean Whitton wrote:
Finally, do you you have any notes on testing?
I couldn't run the testsuite during package build, so I created a Jessie
and Stretch VM, run the network configure script and manually started
the testsuite.
Thorsten
can you please be a bit more verbose about what help you need?
Thorsten
On Mon, 18 Mar 2024, Emilio Pozuelo Monfort wrote:
One solution which has been discussed in the past is to import a full copy
of stable towards stable-security at the beginning of each release cycle,
but that is currently not possible since security-master is a Ganeti VM
and the disk requireme
Hi,
On 10.12.23 17:11, Boyuan Yang wrote:
Looking at https://lts-team.pages.debian.net/wiki/Development.html , it seems
that only CVE-related bugs or major bugs are actively handled. Now I am
wondering (1) if the current non-CVE bugfix would qualify for a separate
package upload in Debian Buster
Hi Chime,
On 05.12.23 17:13, Chime Hart wrote:
Hi All: Maybe I should ask this in Debian Accessibility, but I notice
in Debian SID, last 2 days or so since urlview got updated, its layout
when finding matches are different.
urlview got a new maintainer/upstream (in CC:) and development picke
On 10.10.23 11:53, Bastien Roucariès wrote:
All of that said, it is interesting to me that fairly recently (at the
end of August) the ring package in buster was updated to fix 23 CVEs,
but this particular CVE was left open. Perhaps it would be worthwhile to
find out from Thorsten (who prepar
Hi Markus,
On Tue, 13 Jun 2023, Markus Koschany wrote:
The following source packages were rejected:
(...)
those packages should have been build now.
Thorsten
Hi Markus,
On 14.05.23 09:50, Markus Koschany wrote:
Could you just manually inject these packages into the security
archive please?
there were others missing as well, but I hope I got all ...
Thorsten
Hi Thomas,
On Fri, 19 Feb 2021, Thomas Goirand wrote:
If it's just an update of the upstream code without any change, IMO you
should just go ahead and upload.
I just sent the DLA. As all tests from the testsuite passed, I am quite
confident that everything is fine.
Thorsten
Hi Sylvain,
On Wed, 17 Feb 2021, Salvatore Bonaccorso wrote:
On Wed, Feb 17, 2021 at 01:37:43PM +0100, Sylvain Beucler wrote:
Yesterday (2021-02-16 16:57Z) I uploaded qemu_2.8+dfsg-6+deb9u13 to
security-master.
yes, unfortunately:
20210216171008|qemu_2.8+dfsg-6+deb9u13_source.changes|Error w
Hi everybody,
On Mon, 15 Feb 2021, Thorsten Alteholz wrote:
your suggestion sounds good. If nobody objects, I would upload version
2.6.10.
the new version is available at:
https://people.debian.org/~alteholz/packages/to-be-tested/openvswitch-2.6.10/
Maybe somebody is able to test the
Hi Thomas,
On Mon, 15 Feb 2021, Thomas Goirand wrote:
I would advise upgrading to 2.6.10. Anything
older than Stretch doesn't have any upstream support. Your thoughts? Can
anyone from the team do it?
your suggestion sounds good. If nobody objects, I would upload versi
Hi Emilio,
thanks a lot for working on this.
On Tue, 7 Jul 2020, Emilio Pozuelo Monfort wrote:
CVE-2019-11187/gosa fixed in jessie and buster but no-dsa in stretch (Minor
issue)
This seems to have been fixed via opu.
CVE-2019-3866/mistral fixed in jessie and buster but no-dsa in stretch (M
Hi Utkarsh,
On Wed, 18 Mar 2020, Utkarsh Gupta wrote:
I saw you recently add freeradius to dla-needed.txt.
you seem to have missed the commit where I removed it again.
Thorsten
On Sun, 1 Mar 2020, Roberto C. Sánchez wrote:
The rationale behind the no-dsa decision for stretch/buster
is unkown to me.
Even upstream said in the announcement [1] (linked from the security
tracker) that it is only a minor vulnerability.
As far as the other CVEs, it is my pra
On Sun, 1 Mar 2020, Emilio Pozuelo Monfort wrote:
I think we can all agree that the problem here is that there was an unexpected
issue (a security upload getting rejected) that required sort of immediate work
from a third party (an ftp-master).
I would like to add here, that the CVE in quest
On Sun, 26 Jan 2020, Roberto Lumbreras wrote:
I've worked on the Jessie security fix for another of my packages, iperf3.
... I will take care of this as well.
Thorsten
Hi everybody,
I am already in contact with Roberto and I will take care of the upload.
Thorsten
Hi everybody,
sorry for the hassle, I am preparing a fix ...
Thorsten
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Sorry for the noise, but the fixed version in Jessie is:
1.0.6-7+deb8u2
On Thu, 18 Jul 2019, Thorsten Alteholz wrote:
Package: bzip2
Version: 1.0.6-4+deb7u2
CVE ID : CVE-2019-12900
The original fix for CVE-2019
Hi everybody,
I finally managed to upload a new try for bind9 in Jessie. It is again
version 1:9.9.5.dfsg-9+deb8u18 and available at:
https://people.debian.org/~alteholz/packages/jessie-lts/bind9/
It contains a fix for CVE-2018-5743 including the "atomic" patch. Please
give it a try and tel
Hi Roberto,
thanks a lot for your tests. It seems to be that I am not finished yet.
Thorsten
Hi everybody,
due to the awful lot of changes, I uploaded a preliminary version
1:9.9.5.dfsg-9+deb8u18 of bind9 to:
https://people.debian.org/~alteholz/packages/jessie-lts/bind9/
It contains a fix for CVE-2018-5743. Please give it a try and tell me
about any problems you met.
Thanks!
Thor
Hi everybody,
I uploaded version 1.12.1+g01b65bf-4+deb8u16 of wireshark to:
https://people.debian.org/~alteholz/packages/jessie-lts/wireshark/
I also uploaded version 1.12.1+g01b65bf-4+deb8u6~deb7u13 of wireshark to:
https://people.debian.org/~alteholz/packages/wheezy-elts/wireshark/
Please
Hi Markus,
On Wed, 21 Nov 2018, Markus Koschany wrote:
I just had a look at the openssl update. I suggest to remove the
CVE-2018-0735.patch because it is not applied and the fix for
CVE-2018-0735 is part of your CVE-2018-5407+2018-0735.patch now.
oh, yes, I forgot to remove that.
Otherwise t
Hi everybody,
I uploaded version 1.0.1t-1+deb8u10 of openssl to:
https://people.debian.org/~alteholz/packages/jessie-lts/openssl/
Please give it a try and tell me about any problems you met.
Thanks!
Thorsten
* CVE-2018-0735
Samuel Weiser reported a timing vulnerability in the OpenSS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Oops, sorry, I mixed up the versions. The correct version, where this
issue has been fixed, is
2.0.7-2+deb8u2
Thorsten
On Wed, 19 Sep 2018, Thorsten Alteholz wrote:
Package: suricata
Version: 2.0.7-2+deb8u1
CVE ID
Hi everybody,
I uploaded version 14.03.9-5+deb8u3 of slurm-llnl to:
https://people.debian.org/~alteholz/packages/jessie-lts/slurm-llnl/
Please give it a try and tell me about any problems you met.
Thanks!
Thorsten
* CVE-2018-7033
Fix for issue in accounting_storage/mysql plugin by a
nd/or test the updated package before it gets released.
You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of symfony updates
for the LTS releases.
Thank you very much.
Thorsten Alteholz,
on behalf of the Debian LTS team.
PS: A member
Hi everybody,
for the sake of completeness: all configurations for Jessie LTS have been
done.
The dak configuration says: 'AllowSourceOnlyUploads "true";'.
Anyway, arch:all packages need to be uploaded.
Thorsten
Hi Roberto,
I installed your package, did an "a2enmod auth_digest" and got an:
root@test-wheezy-amd64-extern:~/apache2/roberto2# /etc/init.d/apache2 start
[] Starting web server: apache2Segmentation fault
Action 'start' failed.
The Apache error log may have more information.
failed!
runnin
Hi Ola,
On Sun, 1 Apr 2018, Ola Lundqvist wrote:
The two CVEs are still reported as unfixed however. I just checked a minute
ago.
Please check by running the triage script yourself to see it.
I did:
debian@devel:~/debian-security/security-tracker$ bin/lts-cve-triage.py
--skip-dla-needed --ex
Hi Ola,
On Sun, 1 Apr 2018, Ola Lundqvist wrote:
I have not seen an email about that this package has been accepted by the
FTP archieve, neither can I find the fixed version in the archives. Can you
please check what went wrong?
oops, I didn't notice that my internet connection broke during th
Hi everybody,
I uploaded version 1.12.1+g01b65bf-4+deb8u6~deb7u10 of wireshark to:
https://people.debian.org/~alteholz/packages/wheezy-lts/wireshark/
It contains patches for:
CVE-2018-7322, CVE-2018-7323, CVE-2018-7324, CVE-2018-7332,
CVE-2018-7334, CVE-2018-7335, CVE-2018-7336, CVE-2018-7337,
Hi everybody,
I uploaded version 1:2.1.7-7+deb7u2 of dovecot to:
https://people.debian.org/~alteholz/packages/wheezy-lts/dovecot/
It contains patches for CVE-2017-14461, CVE-2017-15130 and CVE-2017-15132.
Please give it a try and tell me about any problems you met.
Thanks!
Thorsten
On Wed, 7 Feb 2018, Brian May wrote:
Abhijith PA writes:
On Wednesday 07 February 2018 12:38 PM, Brian May wrote:
Markus Koschany writes:
+krb5
+ NOTE: lts-do-not-call
+--
What does lts-do-not-call mean?
See security-tracker/data/packages/lts-do-not-call .
krb5 doesn't appear to
Hi Adrian,
On Sat, 27 Jan 2018, Adrian Zaugg wrote:
Do you intend to fix clamav, which has currently 7 open security
vulnerabilities, which I believe are also present in the version of
clamav from wheezy?
yes, the package is on our todo-list.
Thorsten
Hi everybody,
I uploaded version 1.12.1+g01b65bf-4+deb8u6~deb7u9 of wireshark to:
https://people.debian.org/~alteholz/packages/wheezy-lts/wireshark/
It contains patches for CVE-2018-5334, CVE-2018-5335 and CVE-2018-5336.
Please give it a try and tell me about any problems you met.
Thanks!
Th
iew and/or test the updated package before it gets released.
You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of mercurial updates
for the LTS releases.
Thank you very much.
Thorsten Alteholz,
on behalf of the Debian LTS team.
PS: A mem
Hi Kurt,
I added you for CVE-2017-3737 to dla-needed.txt.
If there is no need for an update, please tell the LTS team.
Thanks!
Thorsten
r test the updated package before it gets released.
You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of evince updates
for the LTS releases.
Thank you very much.
Thorsten Alteholz,
on behalf of the Debian LTS team.
PS: A member of th
r test the updated package before it gets released.
You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of erlang updates
for the LTS releases.
Thank you very much.
Thorsten Alteholz,
on behalf of the Debian LTS team.
PS: A member of the LTS
iew and/or test the updated package before it gets released.
You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of openafs updates
for the LTS releases.
Thank you very much.
Thorsten Alteholz,
on behalf of the Debian LTS team.
PS: A mem
Hi Guido,
On Thu, 30 Nov 2017, Guido Günther wrote:
I've tested the package with libvirt (that relies on it for XML parsing)
and did not encounter any issues.
great, thanks for the test!
Thorsten
Hi everybody,
I uploaded version 2.8.0+dfsg1-7+wheezy11 of libxml2 to:
https://people.debian.org/~alteholz/packages/wheezy-lts/libxml2/
Please give it a try and tell me about any problems you met.
Thanks!
Thorsten
CVE-2017-16931
parser.c in libxml2 before 2.9.5 mishandles parameter-ent
he updated package before it gets released.
You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of rsync updates
for the LTS releases.
Thank you very much.
Thorsten Alteholz,
on behalf of the Debian LTS team.
PS: A member of the LTS team m
to review and/or test the updated package before it gets released.
You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of python-werkzeug updates
for the LTS releases.
Thank you very much.
Thorsten Alteholz,
on behalf of the Debian LTS
iew and/or test the updated package before it gets released.
You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of suricata updates
for the LTS releases.
Thank you very much.
Thorsten Alteholz,
on behalf of the Debian LTS team.
PS: A mem
nd/or test the updated package before it gets released.
You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of puppet updates
for the LTS releases.
Thank you very much.
Thorsten Alteholz,
on behalf of the Debian LTS team.
PS: A member
r test the updated package before it gets released.
You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of spip updates
for the LTS releases.
Thank you very much.
Thorsten Alteholz,
on behalf of the Debian LTS team.
PS: A member of th
Hi Rhonda,
as the irssi issues are already fixed upstream[1], I added you to
dla-needed.txt for it.
If you don't want to take care of this update, please tell us and then the
LTS Team will handle it.
Thorsten
[1]
https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68
Hi Dylan,
On Sun, 24 Sep 2017, Dylan Aïssi wrote:
Sorry, I am completely snowed under with private life. So, please go
ahead with libofx.
ok, I will take care of it.
Thorsten
Hi Dylan,
The Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of libofx:
https://security-tracker.debian.org/tracker/source-package/libofx
Would you like to take care of this yourself?
If yes, please follow the workflow we have defined here:
Hi Nikos,
thanks a lot for the debdiff. I uploaded the package now and will write
the DLA.
Thanks!
Thorsten
Hi Shujie,
did you already find some time to test the new package?
Best regards
Thorsten
On Wed, 19 Jul 2017, Thorsten Alteholz wrote:
Hi Shujie,
On Wed, 19 Jul 2017, Shujie Zhang wrote:
Are we getting backport of the fix in Wheezy?
I uploaded a new version to [1]. Do you mind checking
Hi Shujie,
On Wed, 19 Jul 2017, Shujie Zhang wrote:
Are we getting backport of the fix in Wheezy?
I uploaded a new version to [1]. Do you mind checking it and telling me
whether the regression has been fixed?
Thanks
Thorsten
[1] https://people.debian.org/~alteholz/packages/wheezy-lts/bind
Hi everybody,
I uploaded version 9.8.4.dfsg.P1-6+nmu2+deb7u17 of bind9 to:
https://people.debian.org/~alteholz/packages/wheezy-lts/bind9/amd64/
Please give it a try and tell me about any problems you met. It would be
nice if you could especially test TSIG.
Thanks!
Thorsten
* CVE-2017-3142
Hi Petter,
On Sun, 2 Jul 2017, Petter Reinholdtsen wrote:
Should this update be announced on the announcement list? Does it need
a DLA? The security team tagged it no-dsa. I can build, test and
upload, but am unsure abount the announcing part.
yes, any LTS upload needs a DLA after the packa
iew and/or test the updated package before it gets released.
You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of libtorrent-rasterbar
updates
for the LTS releases.
Thank you very much.
Thorsten Alteholz,
on behalf of the Debian LTS
Hi,
I hope you don't mind that I added both of you to data/dla-needed.txt for
the Wheezy update of mosquitto for CVE-2017-9868.
Thanks!
Thorsten
Hi Alberto,
On Sun, 2 Jul 2017, Alberto Gonzalez Iniesta wrote:
Those bugs didn't affect the 2.2 series of OpenVPN.
Only CVE-2017-7520 applied to 2.2.x.
ah, great, thanks for the info. So I marked both as not-affected for
Wheezy in the security tracker.
Thorsten
r test the updated package before it gets released.
You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of nasm updates
for the LTS releases.
Thank you very much.
Thorsten Alteholz,
on behalf of the Debian LTS team.
PS: A member of the LTS
ust let us know whether you would
like to review and/or test the updated package before it gets released.
You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of pspp updates
for the LTS releases.
Thank you very much.
Thorsten Alteholz,
on
r test the updated package before it gets released.
You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of rkhunter updates
for the LTS releases.
Thank you very much.
Thorsten Alteholz,
on behalf of the Debian LTS team.
PS: A member of th
Hi Alberto,
the next batch of CVEs for openvpn is coming:
CVE-2017-7508
CVE-2017-7521
Do you want to prepare the Wheezy version again?
Thorsten
r test the updated package before it gets released.
You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of mpg123 updates
for the LTS releases.
Thank you very much.
Thorsten Alteholz,
on behalf of the Debian LTS team.
PS: A member of th
et us know whether you would
like to review and/or test the updated package before it gets released.
You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of libmtp updates
for the LTS releases.
Thank you very much.
Thorsten Alteholz,
on beh
Hi Roberto,
On Sun, 25 Jun 2017, Roberto C. Sánchez wrote:
Unless I receive reports of problems with the packages I have prepared,
I intend to upload them in one week.
I tested the packages (only the non-mpm version) and from my point of view
everything is fine.
Thorsten
Hi Christoph,
ok, thanks for the clarification.
On Wed, 24 May 2017, Christoph Berg wrote:
postgresql-9.1 in wheezy is affected from my understanding of when
pg_user_mappings was introduced.
Do you want to do the wheezy-security upload for CVE-2017-7486, or shall
the LTS team take care of it
Hi Guido,
On Thu, 25 May 2017, Guido Günther wrote:
I've tested the package on a nameserver authoritive for some zones also
using dnssec and on a caching configuration using IPv4 and IPv6 with no
ill effects so far.
thanks a lot for testing, your results are good to know.
Thorsten
Hi Christoph,
CVE-2017-7486 and CVE-2017-7484 are marked as "not-affected" for
postgresql-9.1 in Jessie.
Can you please confirm that the same package in Wheezy is not affected as
well?
Do you also have an idea whether CVE-2017-7484 affects postgresql-8.4 in
Wheezy?
Thanks!
Thorsten
Hi Guilhem,
On Sat, 20 May 2017, Guilhem Moulin wrote:
I did check that public key authentication is still working under
2012.55-1.3+deb7u2 (I didn't make any other check though).
thanks a lot for that fix, I just uploaded your new version to
wheezy-security. Later I will also send the DLA ..
Hi everybody,
I uploaded version 9.8.4.dfsg.P1-6+nmu2+deb7u16 of bind9 to:
https://people.debian.org/~alteholz/packages/wheezy-lts/bind9/amd64/
Please give it a try and tell me about any problems you met.
Thanks!
Thorsten
* Dns64 with "break-dnssec yes;" can result in a assertion failure.
Hi Chris,
On Tue, 9 May 2017, Chris Lamb wrote:
some of them for over 3 weeks:
jasper
hmm, there seems to be a problem with your script. The last upload of
jasper was only two weeks ago.
Thorsten
nd/or test the updated package before it gets released.
You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of libxstream-java updates
for the LTS releases.
Thank you very much.
Thorsten Alteholz,
on behalf of the Debian LTS team.
PS: A
nd/or test the updated package before it gets released.
You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of mysql-workbench updates
for the LTS releases.
Thank you very much.
Thorsten Alteholz,
on behalf of the Debian LTS team.
PS: A
ector-java
updates
for the LTS releases.
Thank you very much.
Thorsten Alteholz,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this file:
https://anonscm.
or the LTS releases.
Thank you very much.
Thorsten Alteholz,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this file:
https://anonscm.debian.org/viewvc/secure-te
Hi everybody,
I uploaded version 1.900.1-13+deb7u6 of jasper to:
https://people.debian.org/~alteholz/packages/wheezy-lts/jasper/amd64/
Please give it a try and tell me about any problems you met. If you use
jasper for your own projects, I would be also interested whether you can
still build i
Hi Guido,
On Mon, 27 Feb 2017, Guido Günther wrote:
I've tested the packages on a authoritative name as well as on a
recursive name server including DNS64 but no RPZ and all looks good!
great, thanks a lot for testing!
Thorsten
Hello Jörg,
On Sat, 25 Feb 2017, Jörg Frings-Fürst wrote:
the Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of sane-backends:
https://security-tracker.debian.org/tracker/CVE-2017-6318
Would you like to take care of this yourself?
Yes, I d
Thank you very much.
Thorsten Alteholz,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this file:
https://anonscm.debian.org/viewvc/secure-testing/data/dla-neede
S releases.
Thank you very much.
Thorsten Alteholz,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this file:
https://anonscm.debian.org/viewvc/secure-testin
iew and/or test the updated package before it gets released.
You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of libquicktime updates
for the LTS releases.
Thank you very much.
Thorsten Alteholz,
on behalf of the Debian LTS team.
PS: A
iew and/or test the updated package before it gets released.
You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of ghostscript updates
for the LTS releases.
Thank you very much.
Thorsten Alteholz,
on behalf of the Debian LTS team.
PS: A
r test the updated package before it gets released.
You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of mupdf updates
for the LTS releases.
Thank you very much.
Thorsten Alteholz,
on behalf of the Debian LTS team.
PS: A member of th
r test the updated package before it gets released.
You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of sane-backends updates
for the LTS releases.
Thank you very much.
Thorsten Alteholz,
on behalf of the Debian LTS team.
PS: A member of th
or the LTS releases.
Thank you very much.
Thorsten Alteholz,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this file:
https://anonscm.debian.org/viewvc/secu
e LTS Team will take care of tnef updates
for the LTS releases.
Thank you very much.
Thorsten Alteholz,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this f
Hi Sebastian,
On Sat, 25 Feb 2017, Sebastian Reichel wrote:
I think stable and oldstable are not affected, since r_read_* was
not yet introduced in their versions.
you are right, but doesn't the problem still exist? For example in stable
the missing check is now in libr/util/mem.c:r_mem_copye
he updated package before it gets released.
You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of radare2 updates
for the LTS releases.
Thank you very much.
Thorsten Alteholz,
on behalf of the Debian LTS team.
PS: A member of the LTS
Hi everybody,
I uploaded version 9.8.4.dfsg.P1-6+nmu2+deb7u15 of bind9 to:
https://people.debian.org/~alteholz/packages/wheezy-lts/bind9/amd64/
Please give it a try and tell me about any problems you met. This time it
would be great to test bind9 with DNS64 and Response Policy Zones (RPZ).
T
Hi Ola,
On Tue, 21 Feb 2017, Ola Lundqvist wrote:
Have you sent a DLA regarding this? I have not seen one myself but I may have
missed it.
yes, I sent it yesterday at about 22:30, but you are right, it didn't
appear at debian-lts-announce. So I resent it now ...
Thorsten
On Tue, 21 Feb 2017, Emilio Pozuelo Monfort wrote:
PS: has someone notified the maintainer before triaging this issue? i
didn't see a mail go through...
AFAIK we handle php5 ourselves.
Yes, I added it to lts-do-not-call.
Thorsten
Hi Guido,
On Sat, 28 Jan 2017, Guido Günther wrote:
Looks good here on a recursive server and on one with DNSSEC enabled.
great, thanks a lot for testing!
Thorsten
Hi everybody,
I uploaded version 9.8.4.dfsg.P1-6+nmu2+deb7u14 of bind9 to:
https://people.debian.org/~alteholz/packages/wheezy-lts/bind9/amd64/
Please give it a try and tell me about any problems you met. It would be
great to test bind9 as a recursive server and/or with DNSSEC.
Thanks!
Thor
best with your package. Just let us know whether you would
like to review and/or test the updated package before it gets released.
You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of pdns updates
for the LTS releases.
Thank you very much.
review and/or test the updated package before it gets released.
You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of libplist updates
for the LTS releases.
Thank you very much.
Thorsten Alteholz,
on behalf of the Debian LTS team.
PS
Hi everybody,
I uploaded version 5.4.45-0+deb7u6 of php5 to:
https://people.debian.org/~alteholz/packages/wheezy-lts/php5/amd64/
Please give it a try and tell me about any problems you met.
Thanks!
Thorsten
* CVE-2016-5385
PHP through 7.0.8 does not attempt to address RFC 3875 secti
Hi everybody,
I uploaded version 1.900.1-13+deb7u5 of jasper to:
https://people.debian.org/~alteholz/packages/wheezy-lts/jasper/amd64/
Please give it a try and tell me about any problems you met.
As upstream is basically doing only bugfixes now, I would suggest to not
proceed with patching th
1 - 100 of 221 matches
Mail list logo
