[SECURITY] [DLA 1256-1] firefox-esr security update

2018-01-24 Thread Emilio Pozuelo Monfort
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: firefox-esr Version: 52.6.0esr-1~deb7u1 CVE ID : CVE-2018-5089 CVE-2018-5091 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103

Accepted firefox-esr 52.6.0esr-1~deb7u1 (source amd64 all) into oldoldstable

2018-01-24 Thread Emilio Pozuelo Monfort
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 24 Jan 2018 17:18:20 +0100 Source: firefox-esr Binary: firefox-esr iceweasel firefox-esr-dbg iceweasel-dbg firefox-esr-dev iceweasel-dev firefox-esr-l10n-all iceweasel-l10n-all firefox-esr-l10n-ach iceweasel-l10n-ach

Re: pulling in other vulnerability databases

2018-01-24 Thread Paul Wise
On Thu, Jan 25, 2018 at 1:12 AM, Antoine Beaupré wrote: > Okay, so this is a broader, recurring problem we have with the security > tracker right now... From my perspective, I've always and only used CVEs > as unique identifiers for vulnerabilities in my work in the security > tracker. When that

pulling in other vulnerability databases

2018-01-24 Thread Antoine Beaupré
So picking one thing from this thread and adding the security tracker people in the loop, so we can focus on *one* topic here. :) On 2018-01-21 14:09:01, Paul Wise wrote: > On Fri, Jan 19, 2018 at 11:52 PM, Antoine Beaupré wrote: > >> I have found that Snyk had issues in its database that weren't

Re: jquery CVEs: no-dsa or unsupported?

2018-01-24 Thread Antoine Beaupré
On 2018-01-19 10:52:05, Antoine Beaupré wrote: > Hi! > > As part of an audit on my own website (!) running Bootstrap 3.3.4, I > have found that the jQuery release I was using (1.11.2) was vulnerable > to multiple security issues. This was detected by Sonarwhal, which in > turns uses Snyk.io to

Re: MySQL 5.5 EOL before Debian 8 LTS ends

2018-01-24 Thread Lars Tangvald
On 01/24/2018 08:02 AM, Moritz Mühlenhoff wrote: On Tue, Jan 23, 2018 at 11:41:57AM +0100, Lars Tangvald wrote: I can't find much of anything that has changed from 5.5 to 5.6 in terms of default behavior, except for NO_ENGINE_SUBSTITUTION being the default sql_mode