About the security issues affecting binutils in Wheezy

Dear maintainer(s), The Debian LTS team recently reviewed the security issue(s) affecting your package in Wheezy: https://security-tracker.debian.org/tracker/CVE-2017-9038 https://security-tracker.debian.org/tracker/CVE-2017-9039 https://security-tracker.debian.org/tracker/CVE-2017-9040

Wheezy update of postgresql-9.1?

Dear maintainer(s), The Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of postgresql-9.1: https://security-tracker.debian.org/tracker/CVE-2017-7484 https://security-tracker.debian.org/tracker/CVE-2017-7486 Would you like to take care of this

About the security issues affecting dwarfutils in Wheezy

Dear maintainer(s), The Debian LTS team recently reviewed the security issue(s) affecting your package in Wheezy: https://security-tracker.debian.org/tracker/CVE-2017-9052 https://security-tracker.debian.org/tracker/CVE-2017-9053 https://security-tracker.debian.org/tracker/CVE-2017-9054

Re: dropbear 2012.55-1.3+deb7u2 to fix CVE-2017-9079

Hi Guilhem, On Sat, 20 May 2017, Guilhem Moulin wrote: I did check that public key authentication is still working under 2012.55-1.3+deb7u2 (I didn't make any other check though). thanks a lot for that fix, I just uploaded your new version to wheezy-security. Later I will also send the DLA

Accepted dropbear 2012.55-1.3+deb7u2 (source amd64) into oldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 20 May 2017 20:49:16 +0200 Source: dropbear Binary: dropbear Architecture: source amd64 Version: 2012.55-1.3+deb7u2 Distribution: wheezy-security Urgency: high Maintainer: Gerrit Pape Changed-By: Guilhem

Wheezy update of miniupnpc?

Dear maintainer(s), The Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of miniupnpc: https://security-tracker.debian.org/tracker/CVE-2017-8798 Would you like to take care of this yourself? If yes, please follow the workflow we have defined

Wheezy update of puppet?

Dear maintainer(s), The Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of puppet: https://security-tracker.debian.org/tracker/CVE-2017-2295 Would you like to take care of this yourself? If yes, please follow the workflow we have defined

Wheezy update of lintian?

Dear maintainer(s), The Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of lintian: https://security-tracker.debian.org/tracker/CVE-2017-8829 Would you like to take care of this yourself? If yes, please follow the workflow we have defined

[SECURITY] [DLA 948-1] dropbear security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: dropbear Version: 2012.55-1.3+deb7u2 CVE ID : CVE-2017-9079 A vulnerability was found in Dropbear, a lightweight SSH2 server and client. CVE-2017-9079 Jann Horn discovered a local information leak in parsing

postgresql-9.1 and postgresql-8.4 in Wheezy

Hi Christoph, CVE-2017-7486 and CVE-2017-7484 are marked as "not-affected" for postgresql-9.1 in Jessie. Can you please confirm that the same package in Wheezy is not affected as well? Do you also have an idea whether CVE-2017-7484 affects postgresql-8.4 in Wheezy? Thanks! Thorsten

Wheezy update of mupdf?

Dear maintainer(s), The Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of mupdf: https://security-tracker.debian.org/tracker/CVE-2016-8728 https://security-tracker.debian.org/tracker/CVE-2016-8729 Would you like to take care of this yourself?

Re: postgresql-9.1 and postgresql-8.4 in Wheezy

Hi Thorsten I had a look into this and I'm not sure both statements are correct for Jessie. For CVE-2017-7486 I think the information in Jessie is wrong. The patched code is definitely there in wheezy at least. But maybe it is not triggered for some reason. For CVE-2017-7484 the code do not