CVE-2015-5352: openSSH in squeeze not affected(?)

2015-07-16 Thread Mike Gabriel
Dear SSH maintainers, dear LTS team, I just spent quite some time with reading openSSH code related to checking if CVE-2015-5352 [1] needs to be fixed in Debian squeeze LTS. The upstream commit for fixing CVE-2015-5352 is at [2]. The fix addresses an issue with the ForwardX11Timeout option

[SECURITY] [DLA 272-1] python-django security update

2015-07-16 Thread Raphael Hertzog
Package: python-django Version: 1.2.3-3+squeeze13 CVE ID : CVE-2015-2317 CVE-2015-5143 CVE-2015-5144 Several vulnerabilities were discovered in Django, a high-level Python web development framework: CVE-2015-2317 Daniel Chatfield discovered that python-django, a

Re: VirtualBox support in squeeze LTS

2015-07-16 Thread Moritz Mühlenhoff
On Thu, Jul 16, 2015 at 05:42:58PM +0100, Ben Hutchings wrote: I believe there was a general decision that squeeze LTS would not be supported as a virtualisation host Non, not in general. so KVM, Xen, libvirt and QEMU are on the 'not supported' list. KVM, libvirt and qemu were excluded since

VirtualBox support in squeeze LTS

2015-07-16 Thread Ben Hutchings
I believe there was a general decision that squeeze LTS would not be supported as a virtualisation host, so KVM, Xen, libvirt and QEMU are on the 'not supported' list. However, virtualbox-ose is not on that list, and it has many CVEs reported against it and unfixed. Should it be added to the

squeeze update of squid3?

2015-07-16 Thread Ben Hutchings
Hello dear maintainer(s), the Debian LTS team would like to fix the security issues which are currently open in the Squeeze version of squid3: https://security-tracker.debian.org/tracker/TEMP-000-AD2264 Would you like to take care of this yourself? We are still understaffed so any help is

squeeze update of openjdk-6?

2015-07-16 Thread Ben Hutchings
Hello dear maintainer(s), the Debian LTS team would like to fix the security issues which are currently open in the Squeeze version of openjdk-6: https://security-tracker.debian.org/tracker/CVE-2015-2590 https://security-tracker.debian.org/tracker/CVE-2015-2601

squeeze update of virtualbox-ose?

2015-07-16 Thread Ben Hutchings
Hello dear maintainer(s), the Debian LTS team would like to fix the security issues which are currently open in the Squeeze version of virtualbox-ose: https://security-tracker.debian.org/tracker/CVE-2012-3221 https://security-tracker.debian.org/tracker/CVE-2013-3792

Re: squeeze update of cacti?

2015-07-16 Thread Paul Gevers
Hi, On 16-07-15 20:40, Ben Hutchings wrote: Would you like to take care of this yourself? Yes. There are probably more CVE's involved, although they are not assigned yet. I am already communicating with the security team about this. Paul signature.asc Description: OpenPGP digital signature

squeeze update of apache2?

2015-07-16 Thread Ben Hutchings
Hello dear maintainer(s), the Debian LTS team would like to fix the security issues which are currently open in the Squeeze version of apache2: https://security-tracker.debian.org/tracker/CVE-2015-3183 Would you like to take care of this yourself? We are still understaffed so any help is always

squeeze update of libidn?

2015-07-16 Thread Ben Hutchings
Hello dear maintainer(s), the Debian LTS team would like to fix the security issues which are currently open in the Squeeze version of libidn: https://security-tracker.debian.org/tracker/CVE-2015-2059 Would you like to take care of this yourself? We are still understaffed so any help is always

squeeze update of fuseiso?

2015-07-16 Thread Ben Hutchings
Hello dear maintainer(s), the Debian LTS team would like to fix the security issues which are currently open in the Squeeze version of fuseiso: https://security-tracker.debian.org/tracker/TEMP-0779047-E29D8E https://security-tracker.debian.org/tracker/TEMP-0779047-8CABD5 Would you like to take