Accepted libav 6:11.12-1~deb8u2 (source all amd64) into oldstable

2018-12-20 Thread Mike Gabriel
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 19 Dec 2018 14:31:49 +0100 Source: libav Binary: libav-tools libav-dbg libav-doc libavutil54 libavcodec56 libavdevice55 libavformat56 libavfilter5 libswscale3 libavutil-dev libavcodec-dev libavdevice-dev libavformat-dev

Re: policykit-1 CVE-2018-19788 in jessie

2018-12-20 Thread Moritz Muehlenhoff
On Thu, Dec 20, 2018 at 03:11:49PM +0530, Abhijith PA wrote: > Hi Santiago, > > On Thursday 20 December 2018 01:00 AM, Santiago Ruano Rincón wrote: > > Dear Maintainers, > > > > (It seems my first attempt to send this mail failed. Sorry if you > > received it twice) > > > > As opposed to

Re: HEADS UP: upcoming change to libgcrypt and other gnupg libraries for Enigmail backport

2018-12-20 Thread Andreas Metzler
On 2018-12-20 Daniel Kahn Gillmor wrote: [...] > On Wed 2018-12-19 11:59:46 -0500, Antoine Beaupré wrote: >> On 2018-12-18 14:34:06, Emilio Pozuelo Monfort wrote: >>> libgcrypt is a bit more worrying, even after dropping most of the noise: >>> $ diff libgcrypt20-1.*/ | filterdiff -x '*.pc/*' -x

Bug#916912: [pre-approval] stretch-pu: package freerdp/1.1.0~git20140921.1.440916e+dfsg1-13+deb9u3

2018-12-20 Thread Mike Gabriel
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Dear Debian stretch Release Team, in Debian LTS, we are currently discussing a complex update of the freerdp (v1.1) package. The current status is this: * since March 2018

Re: proposed removal of Enigmail from jessie/LTS

2018-12-20 Thread Moritz Mühlenhoff
On Wed, Dec 19, 2018 at 05:03:26PM +, Holger Levsen wrote: > I mostly worried that you didnt test all dependent packages and that we > essentially might break those when trying to support a package no > customer has expressed need for. But then I also suppose such breakage > could be fixed...

Re: openssl 1.0 support on stretch LTS

2018-12-20 Thread Haruki TSURUMOTO
On 2018/12/13 20:59, Emilio Pozuelo Monfort wrote: > On 06/12/2018 05:11, Haruki TSURUMOTO wrote: >> Hi, >> my questions intents >> Will get openssl1.0 package security-update by LTS team from 2020 to >> 2022-mid? >> (Only selected packages are supported in LTS surely) >> Debian stretch has two

Re: proposed removal of Enigmail from jessie/LTS

2018-12-20 Thread Daniel Kahn Gillmor
fwiw, i agree with jmm that encouraging users to upgrade to stable is the best outcome here. The question is, what are we doing to the folks who (for whatever reason) can't make that switch. On Thu 2018-12-20 17:01:30 +0100, Moritz Mühlenhoff wrote: > If suddenly all kinds of core libraries are

Re: Xen 4.4 updates vs. Xen Stretch backport

2018-12-20 Thread Peter Dreuw
Hi, Holger, > Holger Levsen hat am 19. Dezember 2018 um 16:33 > geschrieben: > On Fri, Dec 07, 2018 at 01:32:49PM +0100, Peter Dreuw wrote: > > go to https://salsa.debian.org/security-tracker-team as a logged in user > and you will see a button "request access" (unless you are already a >

[SECURITY] [DLA 1611-1] libav security update

2018-12-20 Thread Mike Gabriel
Package: libav Version: 6:11.12-1~deb8u2 CVE ID : CVE-2014-9317 CVE-2015-6761 CVE-2015-6818 CVE-2015-6820 CVE-2015-6821 CVE-2015-6822 CVE-2015-6825 CVE-2015-6826 CVE-2015-8216 CVE-2015-8217 CVE-2015-8363 CVE-2015-8364

Accepted libav 6:11.12-1~deb8u3 (source all amd64) into oldstable

2018-12-20 Thread Mike Gabriel
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 20 Dec 2018 22:56:40 +0100 Source: libav Binary: libav-tools libav-dbg libav-doc libavutil54 libavcodec56 libavdevice55 libavformat56 libavfilter5 libswscale3 libavutil-dev libavcodec-dev libavdevice-dev libavformat-dev

[SECURITY] [DLA 1611-2] libav security update

2018-12-20 Thread Mike Gabriel
Package: libav Version: 6:11.12-1~deb8u3 CVE ID : CVE-2015-6822 CVE-2015-6823 CVE-2015-6824 Two more security issues have been corrected in the libav multimedia library. This is a follow-up announcement for DLA-1611-1. CVE-2015-6823 The allocate_buffers function in

Re: policykit-1 CVE-2018-19788 in jessie

2018-12-20 Thread Abhijith PA
Hi Santiago, On Thursday 20 December 2018 01:00 AM, Santiago Ruano Rincón wrote: > Dear Maintainers, > > (It seems my first attempt to send this mail failed. Sorry if you > received it twice) > > As opposed to stretch, I have been unable to reproduce CVE-2018-19788 in > jessie. i.e. systemctl