-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Fri, 31 Aug 2018 19:13:02 +0200
Source: libtirpc
Binary: libtirpc-dev libtirpc1
Architecture: source amd64
Version: 0.2.5-1+deb8u2
Distribution: jessie-security
Urgency: medium
Maintainer: Anibal Monsalve Salazar
Changed-By:
On 2018-08-31 16:18:39, Antoine Beaupré wrote:
> On 2018-08-31 21:30:14, Ola Lundqvist wrote:
>> Hi Antoine
>>
>> Thank you for the input this is valuable. I have some comments below.
>>
>> On Fri, 31 Aug 2018 at 21:03, Antoine Beaupré
>> wrote:
>>>
>>> On 2018-08-31 13:29:29, Ola Lundqvist
On 2018-08-31 13:29:29, Ola Lundqvist wrote:
> Hi all LTS contributors
>
> My question is whether removing default ciphers and introducing new
> options is acceptable so late in the release cyckle. My assumption is
> no, but let me know if you have another opinion. More details below.
A priori, I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: libtirpc
Version: 0.2.5-1+deb8u2
CVE ID : CVE-2018-14622
CVE-2018-14622
Fix for egmentation fault due to pointer becoming NULL.
For Debian 8 "Jessie", this problem has been fixed in version
0.2.5-1+deb8u2.
Package: spice
Version: 0.12.5-1+deb8u6
CVE ID : CVE-2018-10873
Debian Bug : #906315
A vulnerability was discovered in SPICE before version 0.14.1 where the
generated code used for demarshalling messages lacked sufficient bounds
checks. A malicious client or server,
On 2018-08-29 12:24:30, Brian May wrote:
> Antoine Beaupré writes:
>
>> Brian, are you sure you're getting those failures in jessie? Which
>> architecture? Here my tests were done in a VirtualBox VM using an up to
>> date Debian jessie amd64 box.
>
> My tests were done in a schroot. Not sure if I
Hi Antoine
Thank you for the input this is valuable. I have some comments below.
On Fri, 31 Aug 2018 at 21:03, Antoine Beaupré wrote:
>
> On 2018-08-31 13:29:29, Ola Lundqvist wrote:
> > Hi all LTS contributors
> >
> > My question is whether removing default ciphers and introducing new
> >
On 2018-08-29 12:23:54, Brian May wrote:
> Antoine Beaupré writes:
>
>> On 2018-08-08 17:35:52, Brian May wrote:
>>> If I got this right, we cannot use $(xyz) unless the value of xyz is
>>> trusted. Otherwise executing $(xyz) can result in the execution of code
>>> if xyz is something like "".
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Fri, 31 Aug 2018 20:44:48 +0200
Source: spice
Binary: spice-client libspice-server1 libspice-server1-dbg libspice-server-dev
Architecture: source amd64
Version: 0.12.5-1+deb8u6
Distribution: jessie-security
Urgency: medium
On 2018-08-31 21:30:14, Ola Lundqvist wrote:
> Hi Antoine
>
> Thank you for the input this is valuable. I have some comments below.
>
> On Fri, 31 Aug 2018 at 21:03, Antoine Beaupré wrote:
>>
>> On 2018-08-31 13:29:29, Ola Lundqvist wrote:
>> > Hi all LTS contributors
>> >
>> > My question is
Package: security-tracker
Severity: wishlist
X-Debbugs-Cc: debian-lts@lists.debian.org
Hi,
when working for the LTS team, I regularly need to download source
packages from the LTS version of Debian. My development machine
normally runs a newer Debian version, having deb-src URLs for Debian
Dear all,
On Fr 31 Aug 2018 23:30:53 CEST, Mike Gabriel wrote:
Package: spice
Version: 0.12.5-1+deb8u6
CVE ID : CVE-2018-10873
Debian Bug : #906315
A vulnerability was discovered in SPICE before version 0.14.1 where the
generated code used for demarshalling
Package: spice
Version: 0.12.5-1+deb8u6
CVE ID : CVE-2018-10873
Debian Bug : #906315
A vulnerability was discovered in SPICE before version 0.14.1 where the
generated code used for demarshalling messages lacked sufficient bounds
checks. A malicious client or server,
Package: mariadb-10.0
Version: 10.0.36-0+deb8u1
CVE ID : CVE-2018-3058 CVE-2018-3063 CVE-2018-3064 CVE-2018-3066
Debian Bug : 904121
Several issues have been discovered in the MariaDB database server. The
vulnerabilities are addressed by upgrading MariaDB to the new
Package: spice-gtk
Version: 0.25-1+deb8u1
CVE ID : CVE-2018-10873
Debian Bug : 906316
A vulnerability was discovered in SPICE before version 0.14.1 where the
generated code used for demarshalling messages lacked sufficient bounds
checks. A malicious client or server,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Fri, 31 Aug 2018 22:28:51 -0400
Source: php5
Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi
php5-cli php5-phpdbg php5-fpm libphp5-embed php5-dev php5-dbg php-pear
php5-curl php5-enchant php5-gd
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Fri, 31 Aug 2018 23:52:16 +0200
Source: spice-gtk
Binary: spice-client-gtk spice-client-glib-usb-acl-helper
libspice-client-glib-2.0-8 gir1.2-spice-client-glib-2.0
libspice-client-glib-2.0-dev libspice-client-gtk-2.0-4
Hello Matus
On Friday 31 August 2018 05:25 PM, Matus UHLAR - fantomas wrote:
> Hello,
>
> the debian bug 775720 for squirrelmail was closed by debian maintainer
> because squirrelmail was removed from archive.
>
> However, there were security 3 updates to squirrelmail since, and I've had
> to
Hi all LTS contributors
My question is whether removing default ciphers and introducing new
options is acceptable so late in the release cyckle. My assumption is
no, but let me know if you have another opinion. More details below.
If you have seen my email to ELTS then you may read faster. It is
Hello,
the debian bug 775720 for squirrelmail was closed by debian maintainer
because squirrelmail was removed from archive.
However, there were security 3 updates to squirrelmail since, and I've had
to fix the same bug (apply the same patch) 3 times after each update.
Does it sound logical to
On 2018-08-31 19:42:15, Abhijith PA wrote:
> Hello Matus
>
> On Friday 31 August 2018 05:25 PM, Matus UHLAR - fantomas wrote:
>> Hello,
>>
>> the debian bug 775720 for squirrelmail was closed by debian maintainer
>> because squirrelmail was removed from archive.
>>
>> However, there were
( Sorry for the duplicate, forgot to add )
Hello Matus
On Friday 31 August 2018 05:25 PM, Matus UHLAR - fantomas wrote:
> Hello,
>
> the debian bug 775720 for squirrelmail was closed by debian maintainer
> because squirrelmail was removed from archive.
>
> However, there were security 3
22 matches
Mail list logo
