[SECURITY] [DLA 1677-1] firefox-esr security update

2019-02-15 Thread Emilio Pozuelo Monfort
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: firefox-esr Version: 60.5.1esr-1~deb8u1 CVE ID : CVE-2018-18356 CVE-2019-5785 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary

Re: Bug#922384: jessie-pu: package gsoap/2.8.17-1+deb8u2

2019-02-15 Thread Chris Lamb
Hi Mattias, > I submitted this jessie update to the release team, but was informed to > contact you about it instead. What do I do? Indeed, they have sent you to the right place. :) As-per: https://wiki.debian.org/LTS/Development … we would fix CVE-2019-7659 via a jessie "LTS" security

Re: Bug#922384: jessie-pu: package gsoap/2.8.17-1+deb8u2

2019-02-15 Thread Emilio Pozuelo Monfort
On 15/02/2019 13:31, Chris Lamb wrote: > Hi Mattias, > >> I submitted this jessie update to the release team, but was informed to >> contact you about it instead. What do I do? > > Indeed, they have sent you to the right place. :) As-per: > > https://wiki.debian.org/LTS/Development > > … we

Re: Bug#922384: jessie-pu: package gsoap/2.8.17-1+deb8u2

2019-02-15 Thread Chris Lamb
Ben Hutchings wrote: > Given the reference to cookies in the upstream advisory, I think the > actual bug is […] Thanks for looking into this. For the avoidance of doubt I will not proceed with an upload. With my "front desk" hat on, I've also added a link in the data/ CVE/list to this thread

Re: Bug#922384: jessie-pu: package gsoap/2.8.17-1+deb8u2

2019-02-15 Thread Ben Hutchings
On Fri, 2019-02-15 at 13:39 +0100, Emilio Pozuelo Monfort wrote: > On 15/02/2019 13:31, Chris Lamb wrote: > > Hi Mattias, > > > > > I submitted this jessie update to the release team, but was informed to > > > contact you about it instead. What do I do? > > > > Indeed, they have sent you to the

Accepted firefox-esr 60.5.1esr-1~deb8u1 (source amd64 all) into oldstable

2019-02-15 Thread Emilio Pozuelo Monfort
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 14 Feb 2019 12:22:56 +0100 Source: firefox-esr Binary: firefox-esr iceweasel firefox-esr-dbg iceweasel-dbg firefox-esr-l10n-all iceweasel-l10n-all firefox-esr-l10n-ach iceweasel-l10n-ach firefox-esr-l10n-af iceweasel-l10n-af

Re: Bug#922384: jessie-pu: package gsoap/2.8.17-1+deb8u2

2019-02-15 Thread Mattias Ellert
fre 2019-02-15 klockan 17:56 +0100 skrev Chris Lamb: > Ben Hutchings wrote: > > > > Given the reference to cookies in the upstream advisory, I think the > > actual bug is > > […] > > Thanks for looking into this. For the avoidance of doubt I will not > proceed with an upload. > > With my

Re: Bug#922384: jessie-pu: package gsoap/2.8.17-1+deb8u2

2019-02-15 Thread Mattias Ellert
Hi! I submitted this jessie update to the release team, but was informed to contact you about it instead. What do I do? Mattias Vidarebefordrat meddelande Från: Debian Bug Tracking System Svara till: 922...@bugs.debian.org Till: Mattias Ellert Ämne: Bug#922384 closed

Re: Bug#922384: jessie-pu: package gsoap/2.8.17-1+deb8u2

2019-02-15 Thread Mattias Ellert
fre 2019-02-15 klockan 22:15 +0100 skrev Chris Lamb: > Hi Mattias, > > The patch was based on the suggested fix from upstream which uses int. > > But I agree ssize_t is a better choice. > > Thanks for attaching an updated debdiff. Can you run this past upstream? > > > Regards, What exactly do

Re: Bug#922384: jessie-pu: package gsoap/2.8.17-1+deb8u2

2019-02-15 Thread Chris Lamb
Hi Mattias, > What exactly do you want to run past upstream? It is not clear to me > what you are requesting here. Your change to the patch, no? :) Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org  chris-lamb.co.uk `-

Re: Bug#922384: jessie-pu: package gsoap/2.8.17-1+deb8u2

2019-02-15 Thread Chris Lamb
Hi Mattias, > The patch was based on the suggested fix from upstream which uses int. > But I agree ssize_t is a better choice. Thanks for attaching an updated debdiff. Can you run this past upstream? Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org 

Re: Bug#922384: jessie-pu: package gsoap/2.8.17-1+deb8u2

2019-02-15 Thread Mattias Ellert
lör 2019-02-16 klockan 00:12 +0100 skrev Chris Lamb: > Hi Mattias, > > > What exactly do you want to run past upstream? It is not clear to me > > what you are requesting here. > > Your change to the patch, no? :) > > > Regards, > OK. https://sourceforge.net/p/gsoap2/bugs/1236/