Re: dla-needed/imagemagick entry

2019-05-05 Thread Hugo Lefeuvre
Hi Markus, > We contacted the security team directly without CCing the lts mailing > list. However they didn't reply to us. OK, Roberto forwarded the discussion to me. > > I think the security team opted for targeted fixes in the imagemagick case, > > at least for CVE-2019-9956 (claims remote

Re: dla-needed/imagemagick entry

2019-05-05 Thread Markus Koschany
Am 05.05.19 um 15:01 schrieb Hugo Lefeuvre: [...] > Good idea. I plan to work on CVE-2019-9956, CVE-2019-10650 and possibly > CVE-2019-11598. Do you think an upload ~ next week-end would be feasible > for you? > > cheers, > Hugo Sure, that should be feasible. Cheers, Markus signature.asc

dla-needed/imagemagick entry

2019-05-05 Thread Hugo Lefeuvre
Hi Markus and Roberto, I just had a look at imagemagick in jessie and did some quick triage. I saw the following notes in dla-needed: NOTE: 20190408: Still waiting on security team response to inquiries from (apo) and (roberto) Did you CC debian-lts? I can't find the e-mail you're

Accepted librecad 2.0.4-1+deb8u1 (source amd64 all) into oldstable

2019-05-05 Thread Markus Koschany
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 05 May 2019 21:00:57 +0200 Source: librecad Binary: librecad librecad-data Architecture: source amd64 all Version: 2.0.4-1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian Science Maintainers Changed-By:

[SECURITY] [DLA 1776-1] librecad security update

2019-05-05 Thread Markus Koschany
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: librecad Version: 2.0.4-1+deb8u1 CVE ID : CVE-2018-19105 Debian Bug : 928477 A vulnerability was found in LibreCAD, a computer-aided design system, which could be exploited to crash the application or cause

Re: dla-needed/imagemagick entry

2019-05-05 Thread Markus Koschany
Hi, Am 05.05.19 um 14:34 schrieb Hugo Lefeuvre: > Hi Markus and Roberto, > > I just had a look at imagemagick in jessie and did some quick triage. > > I saw the following notes in dla-needed: > > NOTE: 20190408: Still waiting on security team response to inquiries > from (apo) and

Re: dla-needed/imagemagick entry

2019-05-05 Thread Roberto C . Sánchez
Hi Hugo, On Sun, May 05, 2019 at 02:34:34PM +0200, Hugo Lefeuvre wrote: > Hi Markus and Roberto, > > I just had a look at imagemagick in jessie and did some quick triage. > > I saw the following notes in dla-needed: > > NOTE: 20190408: Still waiting on security team response to inquiries >

Re: dla-needed/imagemagick entry

2019-05-05 Thread Hugo Lefeuvre
Hi Roberto, > > Did you CC debian-lts? I can't find the e-mail you're referring to :) > > > I did not. In a few minutes I will bounce you the message from that > discussion (there are 5 or 6). I won't bounce them to the list, though, > as I suspect they will get flagged as spam. Thanks for

RFT: Linux 3.16.66 package

2019-05-05 Thread Ben Hutchings
I uploaded a snapshot of the jessie-security branch of linux, with the version 3.16.66-1~git20190503.2fd62fa, to people.debian.org: https://people.debian.org/~benh/packages/jessie-security/ There are source and binaries for amd64 and i386, along with a signed .changes file. Let me know if you