> On Feb 9, 2019, at 6:19 AM, Holger Levsen wrote:
> On Sat, Feb 09, 2019 at 02:54:43PM +0100, Ola Lundqvist wrote:
>> I can also add that I have looked into this for myself and the number of
>> needed dependencies is rather large. So it is not just certbot that need an
>> update, we also
Hi Holger and Brad
Here is a little more extensive list of dependencies:
python-certbot (of course as it is the one providing certbot)
python3-acme (>= 0.26.0~) - not in jessie, available in backports
python3-configargparse - not in jessie, available in backports
python3-cryptography (>= 1.2) -
I can also add that I have looked into this for myself and the number of
needed dependencies is rather large. So it is not just certbot that need an
update, we also need to include quite a few other packages too.
On Sat, 9 Feb 2019 at 09:37, Ian Campbell wrote:
> [[ Resending to
On Sat, Feb 09, 2019 at 02:54:43PM +0100, Ola Lundqvist wrote:
> I can also add that I have looked into this for myself and the number of
> needed dependencies is rather large. So it is not just certbot that need an
> update, we also need to include quite a few other packages too.
I do not see that anyone else have answered this so I'll try to do that.
If nothing else is stated the LTS team plan to support all packages
regardless of whether upstream have declared it as end of life or not.
Regarding php5 I think it is a must to do so, since transition to php7 is
CVE ID : CVE-2018-8786 CVE-2018-8787 CVE-2018-8788 CVE-2018-8789
Debian Bug :
For the FreeRDP version in Debian jessie LTS a security and functionality
update has recently been provided. FreeRDP is
many many thanks for your work on this, including and especially this
some comments below, where I dont say anything I mean 'yay"! :)
On Sat, Feb 09, 2019 at 03:55:44AM +0100, Laura Arjona Reina wrote:
> * The /lts/security//index.*.html files show the last advisory for
Thanks for looking into that Ola.
I think we could work around the python3-sphinx problem. It’s just used for
building the docs and python3-sphinx (>= 1.6) is not in Stretch despite the
Certbot package being updated there. It seems to me like something similar
could be done here.
Here are the reverse dependencies for that.
apt-rdepends -r python3-cryptography
Reading package lists... Done
Building dependency tree
Reading state information... Done
Reverse Depends: python3-openssl
On 2019-02-07 at 11:44:45 -0500, Antoine Beaupré wrote:
> Recently, python-gnupg was triaged for maintenance in Debian LTS, which
> brought my attention to this little wrapper around GnuPG that I'm
> somewhat familiar with.
> Debian is marked as "vulnerable" for CVE-2019-6690 in Jessie
[[ Resending to correct debian-lts, I forgot the "lists." bit... ]]
On Fri, 2019-02-08 at 11:18 -0800, Brad Warren wrote:
> To provide a little more information as an upstream maintainer of
> Certbot, the lack of an upgrade here will affect a lot of Debian
> Jessie users.
> Let’s Encrypt
Mail list logo