Accepted postgresql-9.1 9.1.24lts2-0+deb7u2 (source amd64 all) into oldoldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 07 Feb 2018 16:04:12 +0100 Source: postgresql-9.1 Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-9.1 postgresql-9.1-dbg postgresql-client-9.1 postgresql-server-dev-9.1 postgresql-doc-9.1

Re: [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Readd krb5 to dla-needed.txt

On Wed, 7 Feb 2018, Brian May wrote: Abhijith PA writes: On Wednesday 07 February 2018 12:38 PM, Brian May wrote: Markus Koschany writes: +krb5 + NOTE: lts-do-not-call +-- What does lts-do-not-call mean? See

[SECURITY] [DLA-1271-1] postgresql-9.1 security update

Package: postgresql-9.1 Version: 9.1.24lts2-0+deb7u2 CVE ID : CVE-2018-1053 A vulnerabilities has been found in the PostgreSQL database system: CVE-2018-1053 Tom Lane discovered that pg_upgrade, a tool used to upgrade PostgreSQL database clusters, creates

python-crypto / pycryptodome / CVE-2018-6594

Hello, According to the upstream bug report: https://github.com/dlitz/pycrypto/issues/253 "This bug is prevalent. It exists in PyCryptodome and libgcrypt (if used directly to encrypt messages)." Anyone know what the connection is between these python libraries and libgcrypt? Should libgcrypt be

Re: [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] add python2.6, 2.7 and claim 2.7

Abhijith PA writes: >> Do you have any objections to marking python2.6 and python2.7 as no-DSA >> in wheezy too? > > No, I don't have any objection. :) > I tried to reproduce this CVE with the given POC from upstream bug > report. But 8 out of 10 I didn't see any. As

krb5 security vulnerabilities

CVE-2018-5709 points to https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow CVE-2018-5710 points to https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Denial%20Of%20Service(DoS) Both these pages have the same text: "We have removed

Re: Bug#889285: bind9: CVE-2017-3139 affects debian too: assertion failure in validator.c:1858

On Sat, Feb 03, 2018 at 05:17:01PM +0100, Salvatore Bonaccorso wrote: > > The bug was about CVE-2017-3137, it's never a good idea to mix up > things ;-). This is true. However, it appears that Ondrej Zary's comment to #860225 on 2017-09-02 is in fact related to CVE-2017-3139. Since one of the

Re: python-crypto / pycryptodome / CVE-2018-6594

Hi Brian On Thu, Feb 08, 2018 at 08:20:22AM +1100, Brian May wrote: > Hello, > > According to the upstream bug report: > https://github.com/dlitz/pycrypto/issues/253 > > "This bug is prevalent. It exists in PyCryptodome and libgcrypt (if used > directly to encrypt messages)." > > Anyone know

Re: MySQL 5.5 EOL before Debian 8 LTS ends

Hi, On 01/23/2018 10:32 PM, Markus Koschany wrote: Am 23.01.2018 um 11:41 schrieb Lars Tangvald: Hi, On 01/22/2018 04:35 PM, Markus Koschany wrote: [...] I also think it makes sense to take a smaller step and upgrade from 5.5 to 5.6. Are there any known issues with 5.6 or can you share any

Re: Upload mailman

Hi, On Wed, February 7, 2018 06:02, Abhijith PA wrote: > I prepared a LTS security update for mailman. Debdiff is attached. > link: > https://mentors.debian.net/debian/pool/main/m/mailman/mailman_2.1.15-1+deb7u3.dsc Looks good to me. Cheers, Thijs