Re: Looking for issues affecting wheezy but fixed in squeeze

2016-01-29 Thread Guido Günther
Hi, On Thu, Jan 28, 2016 at 07:27:20PM +0100, Moritz Mühlenhoff wrote: > On Sat, Jan 23, 2016 at 02:22:22PM +0100, Guido Günther wrote: > > Hi, > > > > now that Wheezy LTS is approaching I wondered what would be the best > > places to help out fixing issues in Wheezy so that upgrading from > >

Re: squeeze update of prosody?

2016-01-29 Thread Guido Günther
Hi Sergei, On Fri, Jan 29, 2016 at 10:53:40AM +0300, Sergei Golovan wrote: > Hi Guido, > > On Thu, Jan 28, 2016 at 11:04 PM, Guido Günther wrote: > > Hello dear maintainer, > > > > the Debian LTS team would like to fix the security issues which are > > currently open in the

Re: squeeze update of openssh?

2016-01-29 Thread Antoine Beaupré
On 2016-01-23 06:50:51, Guido Günther wrote: > Hi Colin, > On Fri, Jan 15, 2016 at 02:01:44PM +, Colin Watson wrote: >> On Fri, Jan 15, 2016 at 02:50:33PM +0100, Yves-Alexis Perez wrote: >> > On ven., 2016-01-15 at 14:47 +0100, Guido Günther wrote: >> > > > I believe Yves-Alexis Perez is

Re: Fixing CVE-2014-9674 (freetype) in wheezy

2016-01-29 Thread Sébastien Delafond
Hi Guido, thanks for the debdiff. It looks good, except for the urgency which you'll want to set to "high" before uploading. Once that's done, I'll release the DSA. Cheers, --Seb On Jan/24, Guido Günther wrote: > Dear security team, > while looking into CVEs that are fixed in Jessie and

squeeze update of phpmyadmin?

2016-01-29 Thread Guido Günther
Hello dear maintainer, the Debian LTS team would like to fix the security issues which are currently open in the Squeeze version of phpmyadmin: https://security-tracker.debian.org/tracker/CVE-2016-2039 https://security-tracker.debian.org/tracker/CVE-2016-2041 Would you like to take care of this

Re: squeeze update of prosody?

2016-01-29 Thread Sergei Golovan
Hi Guido, On Fri, Jan 29, 2016 at 11:10 AM, Guido Günther wrote: > > I would be great to have a "maintainer blessed" patch for that > issue. Just send it to the list and we take care of the rest. Here are the .dsc and the .diff.gz for the fixed prosody package. Cheers! --

Re: squeeze update of openssh?

2016-01-29 Thread Antoine Beaupré
On 2016-01-23 06:50:51, Guido Günther wrote: > I had a look at RedHat's analysis[1] and at Squeeze, Wheezy and Jessie: > > * Squeeze and Wheezy don't run "xhost +si:localuser:`id -un`" from > xinit but we do so from Jessie on > * we have the security extension enabled > > however