Re: OpenSSL for wheezy

2016-09-23 Thread Kurt Roeckx
On Fri, Sep 23, 2016 at 09:43:03PM +0200, Moritz Mühlenhoff wrote: > On Fri, Sep 23, 2016 at 09:38:10PM +0200, Kurt Roeckx wrote: > > So I would like to just upload the 1.0.1u version to > > wheezy-security. If nobody complains that is what I will do. > > Then the version number in jessie would

Re: Wheezy update for qemu ?

2016-09-23 Thread Guido Günther
Hi Hugo, On Fri, Sep 23, 2016 at 11:08:20AM +0200, Hugo Lefeuvre wrote: > Hi, > > I've had a look at the latest security issues for qemu, and it's quite > unclear to me that qemu is affected by CVE-2016-7466 in wheezy. The affected > source code seems to be absent, and the issue looks hard to

Wheezy update for qemu ?

2016-09-23 Thread Hugo Lefeuvre
Hi, I've had a look at the latest security issues for qemu, and it's quite unclear to me that qemu is affected by CVE-2016-7466 in wheezy. The affected source code seems to be absent, and the issue looks hard to reproduce. Concerning CVE-2016-7170, an upstream approved patch has been released,

[SECURITY] [DLA 634-1] dropbear security update

2016-09-23 Thread Chris Lamb
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: dropbear Version: 2012.55-1.3+deb7u1 CVE IDs: CVE-2016-7406 CVE-2016-7407 It was discovered that there were two issues in dropbear, a lightweight SSH2 server and client: - CVE-2016-7406: Potential issues in exit

OpenSSL for wheezy

2016-09-23 Thread Kurt Roeckx
Hi, The version in wheezy-security is currently 1.0.1e-2+deb7u21. Recently I've changed the jessie version from 1.0.1k to 1.0.1t without any problem. Supporting the 1.0.1e now requires a great deal of extra work because the patches just don't apply. If it's not because of the reformatting of

Re: OpenSSL for wheezy

2016-09-23 Thread Moritz Mühlenhoff
On Fri, Sep 23, 2016 at 09:38:10PM +0200, Kurt Roeckx wrote: > So I would like to just upload the 1.0.1u version to > wheezy-security. If nobody complains that is what I will do. Then the version number in jessie would be lower than in wheezy, breaking updates. Cheers, Moritz

Re: Wheezy update of firefox-esr?

2016-09-23 Thread Bálint Réczey
Hi, 2016-09-20 23:43 GMT+02:00 Chris Lamb : > Hello dear maintainer(s), > > the Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of firefox-esr: > https://security-tracker.debian.org/tracker/source-package/firefox-esr > >