Hi Ben,
>> I plan to do the same with virtualbox-ose and squeeze if you allow me too.
>> (from 3.2.10 to 3.2.28).
>That's handled by the separate Debian LTS team at debian-...@list.debian.org
updating from 3.2.10 to 3.2.28 in a similar way to the one we did for -security
will fix all the CVEs
Hi Folks,
I did the update (I did some testing and everything seems good)
http://debomatic-amd64.debian.net/distribution#squeeze-lts/virtualbox-ose/3.2.28-dfsg-1+squeeze1/buildlog
I see Mike on the page mentioned on the wiki,
"virtualbox-ose (Mike Gabriel)"
so please Mike, can you get the
Hello Roger,
>Here you go. Build and runtime tested.
we should really patch also jessie, stretch and sid, right?
(and Ubuntu, if you want to send me debdiffs)
thanks!
G.
Hello Thorsten,
>I hope you don't mind that I added both of you to data/dla-needed.txt for
>the Wheezy update of mosquitto for CVE-2017-9868.
>
Roger, do you want to provide debdiffs?
thanks
G.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: mosquitto
Version: 0.15-2+deb7u1
CVE ID : CVE-2017-7650
Debian Bug :
CVE-2017-7650: Pattern based ACLs can be bypassed by clients that set their
username/client id to ‘#’ or ‘+’.
This allows locally or remotely
>Thanks Roger. Since this upload seems to have been forgotten, I just
>made the upload and will soon release the DLA.
thanks for caring, it got buried under 2k unread emails, it wasn't forgotten,
but I have really too much old work to fixup and I'm slowly recovering only now
G.
