Am 06.11.18 um 20:09 schrieb Moritz Muehlenhoff:
> Hi,
> if you fix any issues which were formerly tagged in a DLA, make sure
> to remove the no-dsa in CVE/list as well, e.g. in the DLA-1568-1 for curl.
I was about to do that, as usual, but when someone else does it four
minutes after I
Hi,
if you fix any issues which were formerly tagged in a DLA, make sure
to remove the no-dsa in CVE/list as well, e.g. in the DLA-1568-1 for curl.
Cheers,
Moritz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
October 2018 marked my 9th month as a Debian LTS paid contributor. I
had 14 hours of backlog, but due to some personal emergency situations
I couldn't spend much time. All I did was:
mupdf: marked CVE-2018-18662 as not affected.
libspring-java:
On Tue, Nov 06, 2018 at 08:16:21PM +0100, Markus Koschany wrote:
> Am 06.11.18 um 20:09 schrieb Moritz Muehlenhoff:
> > Hi,
> > if you fix any issues which were formerly tagged in a DLA, make
> > sure
> > to remove the no-dsa in CVE/list as well, e.g. in the DLA-1568-1 for curl.
>
> I was about
On Tue 2018-11-06 10:08:26 -0500, Antoine Beaupré wrote:
> i think it should be possible to do a) - as "gpg2" of course. it would
> require modifications to enigmail to call that binary instead of legacy
> 1.4, but it might just work without breaking too much stuff as people
> probably don't rely
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Mon, 05 Nov 2018 22:13:45 +0100
Source: cargo
Binary: cargo cargo-doc
Architecture: source amd64 all
Version: 0.25.0-2~deb8u1
Distribution: jessie-security
Urgency: medium
Maintainer: Rust Maintainers
Changed-By: Emilio Pozuelo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: curl
Version: 7.38.0-4+deb8u13
CVE ID : CVE-2016-7141 CVE-2016-7167 CVE-2016-9586
CVE-2018-16839 CVE-2018-16842
Debian Bug : 848958 837945 836918
Several vulnerabilities were discovered in cURL,
On Tue, Nov 06, 2018 at 02:25:37PM +0700, Daniel Kahn Gillmor wrote:
> On Tue 2018-10-30 11:46:35 -0400, Antoine Beaupré wrote:
> > 5. backport the required GnuPG patchset from stretch to jessie
> fwiw, i don't see how this is going to work, since jessie has only gpg
> 1.4.18 and 2.0.26 -- modern
On Sun, 28 Oct 2018, Wouter Verhelst wrote:
> On Sun, Oct 28, 2018 at 01:14:13AM +, Ben Hutchings wrote:
> > Debian can't afford to pay developers in general, and previous
> > proposals to pay specific developers were not well received.
>
> That was over a decade ago. The circumstances at the
On Tue 2018-10-30 11:46:35 -0400, Antoine Beaupré wrote:
> 5. backport the required GnuPG patchset from stretch to jessie
fwiw, i don't see how this is going to work, since jessie has only gpg
1.4.18 and 2.0.26 -- modern enigmail requires gnupg 2.0.14 at least, so
that rules out the 1.4 series.
Hi,
On 05/11/2018 16:26, Emilio Pozuelo Monfort wrote:
> LLVM (and the necessary deps) were accepted. Unfortunately I run into some
> trouble while bootstrapping rustc and cargo. I tried some different ways and
> finally fixed the first one (bootstrap using upstream binaries). I am
> uploading
>
On 2018-11-06 10:57:12, Holger Levsen wrote:
> On Tue, Nov 06, 2018 at 02:25:37PM +0700, Daniel Kahn Gillmor wrote:
>> On Tue 2018-10-30 11:46:35 -0400, Antoine Beaupré wrote:
>> > 5. backport the required GnuPG patchset from stretch to jessie
>> fwiw, i don't see how this is going to work, since
On Fri, Sep 28, 2018 at 08:32:25PM +0200, Markus Koschany wrote:
> Package: poppler
> X-Debbugs-CC: t...@security.debian.org
> Severity: important
> Tags: security
>
> Hi,
>
> The following vulnerability was published for poppler.
>
> CVE-2018-16646[0]:
> | In Poppler 0.68.0, the
13 matches
Mail list logo