On Fri, Sep 23, 2016 at 09:43:03PM +0200, Moritz Mühlenhoff wrote:
> On Fri, Sep 23, 2016 at 09:38:10PM +0200, Kurt Roeckx wrote:
> > So I would like to just upload the 1.0.1u version to
> > wheezy-security. If nobody complains that is what I will do.
>
> Then the version number in jessie would
Hi Hugo,
On Fri, Sep 23, 2016 at 11:08:20AM +0200, Hugo Lefeuvre wrote:
> Hi,
>
> I've had a look at the latest security issues for qemu, and it's quite
> unclear to me that qemu is affected by CVE-2016-7466 in wheezy. The affected
> source code seems to be absent, and the issue looks hard to
Hi,
I've had a look at the latest security issues for qemu, and it's quite
unclear to me that qemu is affected by CVE-2016-7466 in wheezy. The affected
source code seems to be absent, and the issue looks hard to reproduce.
Concerning CVE-2016-7170, an upstream approved patch has been released,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: dropbear
Version: 2012.55-1.3+deb7u1
CVE IDs: CVE-2016-7406 CVE-2016-7407
It was discovered that there were two issues in dropbear, a lightweight SSH2
server and client:
- CVE-2016-7406: Potential issues in exit
Hi,
The version in wheezy-security is currently 1.0.1e-2+deb7u21.
Recently I've changed the jessie version from 1.0.1k to 1.0.1t
without any problem.
Supporting the 1.0.1e now requires a great deal of extra work
because the patches just don't apply. If it's not because of the
reformatting of
On Fri, Sep 23, 2016 at 09:38:10PM +0200, Kurt Roeckx wrote:
> So I would like to just upload the 1.0.1u version to
> wheezy-security. If nobody complains that is what I will do.
Then the version number in jessie would be lower than in wheezy,
breaking updates.
Cheers,
Moritz
Hi,
2016-09-20 23:43 GMT+02:00 Chris Lamb :
> Hello dear maintainer(s),
>
> the Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of firefox-esr:
> https://security-tracker.debian.org/tracker/source-package/firefox-esr
>
>