Re: Wheezy update of graphite2?

2017-06-20 Thread Rene Engelhard
Hi, On Tue, Jun 20, 2017 at 12:16:17PM +0200, Raphael Hertzog wrote: > The Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of graphite2: > https://security-tracker.debian.org/tracker/source-package/graphite2 > > Last time we had issues, it

Re: Wheezy update of graphite2?

2017-06-20 Thread Rene Engelhard
Hi, On Tue, Jun 20, 2017 at 12:56:03PM +0200, Rene Engelhard wrote: > On Tue, Jun 20, 2017 at 12:16:17PM +0200, Raphael Hertzog wrote: > > The Debian LTS team would like to fix the security issues which are > > currently open in the Wheezy version of graphite2: > >

Wheezy update of icedove?

2017-06-20 Thread Raphael Hertzog
Dear maintainer(s), The Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of icedove: https://security-tracker.debian.org/tracker/source-package/icedove I expect that Guido will take care of this by switching to a newer upstream version. Is that

Wheezy update of graphite2?

2017-06-20 Thread Raphael Hertzog
Dear maintainer(s), The Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of graphite2: https://security-tracker.debian.org/tracker/source-package/graphite2 Last time we had issues, it looks like we switched to a new upstream release in jessie

Re: Wheezy update of libffi?

2017-06-20 Thread Matthias Klose
On 20.06.2017 14:30, Raphael Hertzog wrote: > Hello Matthias, > > The Debian LTS team would like to fix the security issue which is > currently open in the Wheezy version of libffi: > https://security-tracker.debian.org/tracker/CVE-2017-1000376 > > Would you like to take care of this yourself? >

Wheezy update of exim4?

2017-06-20 Thread Raphael Hertzog
Hello Andreas, The Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of exim4: https://security-tracker.debian.org/tracker/CVE-2017-1000369 Would you like to take care of this yourself? If yes, please follow the workflow we have defined here:

Wheezy update of libffi?

2017-06-20 Thread Raphael Hertzog
Hello Matthias, The Debian LTS team would like to fix the security issue which is currently open in the Wheezy version of libffi: https://security-tracker.debian.org/tracker/CVE-2017-1000376 Would you like to take care of this yourself? If yes, please follow the workflow we have defined here:

[SECURITY] [DLA 996-1] tomcat7 security update

2017-06-20 Thread Markus Koschany
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: tomcat7 Version: 7.0.28-4+deb7u14 CVE ID : CVE-2017-5664 Debian Bug : 864447 The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the

Accepted tomcat7 7.0.28-4+deb7u14 (source all) into oldoldstable

2017-06-20 Thread Markus Koschany
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 20 Jun 2017 22:23:35 +0200 Source: tomcat7 Binary: tomcat7-common tomcat7 tomcat7-user libtomcat7-java libservlet3.0-java libservlet3.0-java-doc tomcat7-admin tomcat7-examples tomcat7-docs Architecture: source all Version:

[SECURITY] [DLA 994-1] zziplib security update

2017-06-20 Thread Thorsten Alteholz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: zziplib Version: 0.13.56-1.1+deb7u1 CVE ID : CVE-2017-5974 CVE-2017-5975 CVE-2017-5976 CVE-2017-5978 CVE-2017-5979 CVE-2017-5980 CVE-2017-5981 CVE-2017-5974 Heap-based buffer overflow in the

[SECURITY] [DLA 995-1] swftools security update

2017-06-20 Thread Thorsten Alteholz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: swftools Version: 0.9.2+ds1-3+deb7u1 CVE ID : CVE-2017-8400 CVE-2017-8401 CVE-2017-8400 In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in the function png_load() in lib/png.c:755. This

Wheezy update of apache2?

2017-06-20 Thread Raphael Hertzog
Hello Arno & Stefan, The Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of apache2: https://security-tracker.debian.org/tracker/CVE-2017-3167 https://security-tracker.debian.org/tracker/CVE-2017-3169

About the security issues affecting ruby1.9.1 and ruby1.8 in Wheezy

2017-06-20 Thread Raphael Hertzog
Hello ruby maintainers, The Debian LTS team recently reviewed the security issue(s) affecting ruby1.8 and ruby1.9.1 in Wheezy: https://security-tracker.debian.org/tracker/CVE-2015-9096 We decided that we would not prepare a wheezy security update because the issue assumes that malicious content

About the security issues affecting postgresql-pljava in Wheezy

2017-06-20 Thread Raphael Hertzog
Hello Christoph & Peter, The Debian LTS team recently reviewed the security issue(s) affecting your package in Wheezy: https://security-tracker.debian.org/tracker/CVE-2016-0767 https://security-tracker.debian.org/tracker/CVE-2016-0768 https://security-tracker.debian.org/tracker/CVE-2016-2192 We

Re: Wheezy update of c-ares?

2017-06-20 Thread Gregor Jasny
Hello Raphael and LTS team, I am on holidays without access to a Debian machine and my keys until June 25th. If you have time and resources please go on and even fix unstable. In case you do, please upload your git repo changes to the collab-maint gbp based c-ares repo. For the last c-ares

Re: Wheezy update of apache2?

2017-06-20 Thread Stefan Fritsch
Hi Raphael, On Tuesday, 20 June 2017 16:38:12 CEST Raphael Hertzog wrote: > The Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of apache2: > https://security-tracker.debian.org/tracker/CVE-2017-3167 >

Accepted zziplib 0.13.56-1.1+deb7u1 (source amd64) into oldoldstable

2017-06-20 Thread Thorsten Alteholz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 20 Jun 2017 19:03:02 +0200 Source: zziplib Binary: zziplib-bin libzzip-0-13 libzzip-dev Architecture: source amd64 Version: 0.13.56-1.1+deb7u1 Distribution: wheezy-security Urgency: low Maintainer: LIU Qi

Accepted swftools 0.9.2+ds1-3+deb7u1 (source amd64) into oldoldstable

2017-06-20 Thread Thorsten Alteholz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 20 Jun 2017 20:03:02 +0200 Source: swftools Binary: swftools Architecture: source amd64 Version: 0.9.2+ds1-3+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Christian Welzel Changed-By: