Re: policykit-1 CVE-2018-19788 in jessie

Hi Santiago, On Thursday 20 December 2018 01:00 AM, Santiago Ruano Rincón wrote: > Dear Maintainers, > > (It seems my first attempt to send this mail failed. Sorry if you > received it twice) > > As opposed to stretch, I have been unable to reproduce CVE-2018-19788 in > jessie. i.e. systemctl co

Re: policykit-1 CVE-2018-19788 in jessie

On Thu, Dec 20, 2018 at 03:11:49PM +0530, Abhijith PA wrote: > Hi Santiago, > > On Thursday 20 December 2018 01:00 AM, Santiago Ruano Rincón wrote: > > Dear Maintainers, > > > > (It seems my first attempt to send this mail failed. Sorry if you > > received it twice) > > > > As opposed to stretch

Bug#916912: [pre-approval] stretch-pu: package freerdp/1.1.0~git20140921.1.440916e+dfsg1-13+deb9u3

Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Dear Debian stretch Release Team, in Debian LTS, we are currently discussing a complex update of the freerdp (v1.1) package. The current status is this: * since March 2018 free

Re: HEADS UP: upcoming change to libgcrypt and other gnupg libraries for Enigmail backport

On 2018-12-20 Daniel Kahn Gillmor wrote: [...] > On Wed 2018-12-19 11:59:46 -0500, Antoine Beaupré wrote: >> On 2018-12-18 14:34:06, Emilio Pozuelo Monfort wrote: >>> libgcrypt is a bit more worrying, even after dropping most of the noise: >>> $ diff libgcrypt20-1.*/ | filterdiff -x '*.pc/*' -x '

Re: proposed removal of Enigmail from jessie/LTS

On Wed, Dec 19, 2018 at 05:03:26PM +, Holger Levsen wrote: > I mostly worried that you didnt test all dependent packages and that we > essentially might break those when trying to support a package no > customer has expressed need for. But then I also suppose such breakage > could be fixed...

Re: openssl 1.0 support on stretch LTS

On 2018/12/13 20:59, Emilio Pozuelo Monfort wrote: > On 06/12/2018 05:11, Haruki TSURUMOTO wrote: >> Hi, >> my questions intents >> Will get openssl1.0 package security-update by LTS team from 2020 to >> 2022-mid? >> (Only selected packages are supported in LTS surely) >> Debian stretch has two ope

Re: Xen 4.4 updates vs. Xen Stretch backport

Hi, Holger, > Holger Levsen hat am 19. Dezember 2018 um 16:33 > geschrieben: > On Fri, Dec 07, 2018 at 01:32:49PM +0100, Peter Dreuw wrote: > > go to https://salsa.debian.org/security-tracker-team as a logged in user > and you will see a button "request access" (unless you are already a > membe

Re: proposed removal of Enigmail from jessie/LTS

fwiw, i agree with jmm that encouraging users to upgrade to stable is the best outcome here. The question is, what are we doing to the folks who (for whatever reason) can't make that switch. On Thu 2018-12-20 17:01:30 +0100, Moritz Mühlenhoff wrote: > If suddenly all kinds of core libraries are g