FWIW, in Ubuntu, we had a similar issue trying to fix this CVE in ruby2.7,
and in the end we reverted the fix:
https://launchpad.net/ubuntu/+source/ruby2.7/2.7.0-5ubuntu1.10
Lucas Kanashiro.
Em qua., 7 de jun. de 2023 07:47, Utkarsh Gupta
escreveu:
> Hiya,
>
> On Wed, Jun 7, 2023 a
oberto and Santiago for supporting me during my
on-boarding, and also Emilio for helping me with the rust ecosystem in
Debian (not too familiar with it).
[1] https://gitlab.com/freexian/services/deblts-team/debian-lts/-/issues/63
Cheers!
--
Lucas Kanashiro
version 1.70.0+dfsg2-1 to
bullseye, this work will be used to update src:rustc-web. Next step is
to check whether we can backport this to buster and stretch.
[1] https://www.freexian.com/lts/
[2] https://www.freexian.com/lts/debian/#sponsors
--
Lucas Kanashiro
ebian/#sponsors
[3]
https://gitlab.com/freexian/services/deblts-team/debian-lts/-/issues/63#note_1998974134
<https://gitlab.com/freexian/services/deblts-team/debian-lts/-/issues/63#note_1998974134>
--
Lucas Kanashiro
e want to fix it before, just warn me to avoid duplicate work.
Cheers.
--
Lucas Kanashiro
that updates trickled down in stretch/jessie. Do
> let us know, however, if you want the LTS team to take care of it for
> wheezy.
>
> Thanks!
>
> A.
>
> --
> La destruction de la société totalitaire marchande n'est pas une affaire
> d'opinion. Elle est une nécessité
time to
tackle it pretty please also do a jessie one right ahead too, otherwise
it looks kinda skew and gives a false impression of your intentions.
Enjoy,
Rhonda
* Lucas Kanashiro [2017-08-30 22:42:27 CEST]:
> Hi all,
>
> Any news about this? Will maintainers take care of irssi CVEs in
:
> Hi,
> please give the thunderbird packages
>
> https://people.debian.org/~agx/icedove-lts/
>
> a try. I'll add a new enighmail soonish since the current version
> conflicts with the one in Wheezy.
> Cheers,
> -- Guido
>
>
--
Lucas Kanashiro
y the
Security Team to fix the mentioned CVEs in jessie, the debdiff is attached.
If someone has a different idea in mind share with me please.
Cheers.
[0] https://security-tracker.debian.org/tracker/source-package/irssi
2017-08-31 8:02 GMT-03:00 Lucas Kanashiro :
> Hi Rhonda,
>
> D
this looks kinda strange to me, and is just wasted efford
> because I will have to push them there if you don't.
>
> So long,
> Rhonda
>
>
> * Lucas Kanashiro [2017-09-04 18:54:45 CEST]:
>> Hi,
>>
>> After review the 4 CVEs [0] that affect irssi
, thanks for point me to that. I'll prepare
an upload to jessie and contact the release team (I'll Cc you).
Apologize for the missunderstanding.
Cheers.
--
Lucas Kanashiro
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi Frank,
You were faster than me, seems that you found the problem.
Probably I did not exercise this part of the source code in my tests,
thanks for the report and the provided patch.
I will apply your patch, run another round of tests and upload
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
On Wed, 2017-12-13 at 17:44 +, Chris Lamb wrote:
> Hi Lucas,
>
> > I will apply your patch, run another round of tests and upload the
> > fixed version.
>
> Any update on this? :) Feels bad (and bad "publicity" of sorts) to
> have known r
disks, create instances (some different
architectures), boot existent disks. Everything seems fine so far.
Cheers.
--
Lucas Kanashiro
signature.asc
Description: OpenPGP digital signature
] https://lists.debian.org/debian-lts-announce/2018/11/msg00019.html
Best regards,
--
Lucas Kanashiro
signature.asc
Description: OpenPGP digital signature
https://lists.debian.org/debian-lts-announce/2018/12/msg00019.html
Kind regards,
--
Lucas Kanashiro
signature.asc
Description: OpenPGP digital signature
superficial investigation with no
confirmation yet. This month I'll not have enough time to continue the
investigation.
I'd appreciate some review and testing, specially related to
CVE-2018-19968, the debdiff is attached if it helps.
Thanks in advance!
--
Lucas Kanashiro
diff -Nru
gt; I guess a ; is missing here :)
Great, sorry for being a victim of my lack of attention... I've never
used phpmyadmin (that's why I requested some testing) and my local tests
were so basic that they didn't catch this issue. Shame on me.
I'll fix it and perform some tests. Thanks for the review and the time
that you spent on this.
Cheers!
--
Lucas Kanashiro
x27;s
> fine, main thing is issues have been found before upload :)
>
>> I'll fix it and perform some tests. Thanks for the review and the time
>> that you spent on this.
> I am available for testing the updated package if needed.
>
> cheers,
> Hugo
>
--
Lucas Kanashiro
rs want
also to test it.
Cheers.
On 1/29/19 3:27 PM, Lucas Kanashiro wrote:
> Hugo,
>
> I just uploaded a new package fixing the issue that you pointed out here
> again: https://people.debian.org/~kanashiro/jessie_lts/phpmyadmin/
>
> I didn't perform any new testing yet, I
ixed. :)
>
> Good job,
>
> A.
>
> On 2019-01-29 15:27:59, Lucas Kanashiro wrote:
>> Hugo,
>>
>> I just uploaded a new package fixing the issue that you pointed out here
>> again: https://people.debian.org/~kanashiro/jessie_lts/phpmyadmin/
>>
>> I
-2018-19969: I was not able to confirm
yet whether the version in Jessie is affected or not.
[1] https://lists.debian.org/debian-lts-announce/2019/02/msg3.html
Best regards.
--
Lucas Kanashiro
signature.asc
Description: OpenPGP digital signature
Hi Ola,
I had a look in this package a couple of weeks ago and I found the same
problem. I discussed it with Antonio and I think that we can skip this
package instead of add a new dependency in wheezy. We guess that implement
a cookie_jar "by hand" is not a good idea :)
Cheers,
Em sex, 20 de mai
it up to you.
Thank you very much.
Lucas Kanashiro,
on behalf of the Debian LTS team.
PS: if you want the new packages are available here:
https://people.debian.org/~kanashiro/wheezy_lts/
--
Lucas Kanashiro
8ED6 C3F8 BAC9 DB7F C130 A870 F823 A272 9883 C97C
diff -Nru roundcube-0.7.2/d
that
worth work on CVE-2014-9587? Or should I leave this package and try to
work on another one?
Thanks a lot!
Cheers.
--
Lucas Kanashiro
8ED6 C3F8 BAC9 DB7F C130 A870 F823 A272 9883 C97C
signature.asc
Description: OpenPGP digital signature
> whole CSRF complex requires much more work IMO and unless you are
> already familiar with Roundcube and PHP it might not be the right
> package to start with. It's up to you.
>
Sure, so I guess I'll claim another package.
Thanks again.
--
Lucas Kanashiro
8ED6 C3F
r test the updated package before it gets released.
Thank you very much.
Lucas Kanashiro,
on behalf of the Debian LTS team.
PS: I intend to work on this package if you do not want to do it.
Regards,
--
Lucas Kanashiro
8ED6 C3F8 BAC9 DB7F C130 A870 F823 A272 9883 C97C
signature.asc
D
ur package. Just let us know whether you would
like to review and/or test the updated package before it gets released.
Thank you very much.
Lucas Kanashiro,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify wheth
r test the updated package before it gets released.
Thank you very much.
Lucas Kanashiro,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this f
r test the updated package before it gets released.
Thank you very much.
Lucas Kanashiro,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this f
nd/or test the updated package before it gets released.
Thank you very much.
Lucas Kanashiro,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this f
r test the updated package before it gets released.
Thank you very much.
Lucas Kanashiro,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this f
r test the updated package before it gets released.
Thank you very much.
Lucas Kanashiro,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this f
On 07/20/2016 05:55 PM, intrigeri wrote:
> Hi Lucas,
>
> Lucas Kanashiro wrote (20 Jul 2016 20:47:20 GMT) :
>> the Debian LTS team would like to fix the security issues which are
>> currently open in the Wheezy version of mat:
>> https://security-tracker.debian.org/
Hi,
I tried to help with front desk work today, but unfortunately I sent
some redundant emails because I did not realize that they had already
been sent. Sorry, I'll take more care before start to send these kind of
emails.
Regards.
--
Lucas Kanashiro
8ED6 C3F8 BAC9 DB7F C130 A870 F823
Sorry, I thought that I could help. I will not do any front desk work
again. Apologize.
Regards.
On Wed, Jul 20, 2016, 18:50 Chris Lamb wrote:
> > I tried to help with front desk work today
>
> May I ask why? There is a frontdesk "rota" to avoid duplicate work of
> this sort and, as you have n
able. Could we work
with that patch for version 3.1 (version in oldstable)?
[0] https://github.com/PowerDNS/pdns/pull/4134
Best regards,
--
Lucas Kanashiro
8ED6 C3F8 BAC9 DB7F C130 A870 F823 A272 9883 C97C
signature.asc
Description: OpenPGP digital signature
nto master branch and release it, this CVE is a minor issue.
Thanks for your fast feedback Christian.
Cheers,
--
Lucas Kanashiro
8ED6 C3F8 BAC9 DB7F C130 A870 F823 A272 9883 C97C
signature.asc
Description: OpenPGP digital signature
point.
>
I can try to help to rebase wheezy on latest 1.4.x, are you talking
about debian/wheezy or debian/wheezy-security branch?
Cheers,
--
Lucas Kanashiro
8ED6 C3F8 BAC9 DB7F C130 A870 F823 A272 9883 C97C
signature.asc
Description: OpenPGP digital signature
On 07/22/2016 03:43 PM, Lucas Kanashiro wrote:
> I can try to help to rebase wheezy on latest 1.4.x, are you talking
> about debian/wheezy or debian/wheezy-security branch?
>
My bad, I checked out the repo and I saw that the mentioned branch is
debian/wheezy :)
--
Lucas Kanashiro
re of this update, it's not a problem, we
will do our best with your package. Just let us know whether you would
like to review and/or test the updated package before it gets released.
Thank you very much.
Lucas Kanashiro,
on behalf of the Debian LTS team.
PS: A member of the LTS team m
On 07/27/2016 11:16 AM, Sebastian Harl wrote:
> On Wed, Jul 27, 2016 at 04:14:25PM +0200, Sebastian Harl wrote:
>> On Wed, Jul 27, 2016 at 10:40:13AM -0300, Lucas Kanashiro wrote:
>>> But we want your opinion. Would you like to take care of this yourself?
>> I'm happ
iting some feedback.
Best regards.
--
Lucas Kanashiro
8ED6 C3F8 BAC9 DB7F C130 A870 F823 A272 9883 C97C
diff -Nru libidn-1.25/debian/changelog libidn-1.25/debian/changelog
--- libidn-1.25/debian/changelog 2016-05-15 20:36:27.0 -0300
+++ libidn-1.25/debian/changelog 2016-07-28 16:11:30.0
ead to claim an DLA as documented. Should I wait for and
> synchronize with the DSA or should I come up with my own text?
>
I think you can go ahead with your own text if you are able to explain
the fixed vulnerabilities, helping users to understand them. If I am
wrong, please, correct me :
On 07/28/2016 05:55 PM, Lucas Kanashiro wrote:
> On 07/28/2016 05:02 PM, Sebastian Harl wrote:
>> Thanks. I updated dla-needed.
>>
>> The fixed packages are ready for upload now. Please find the full
>> debdiff (source and binary) attached to this email. Note th
45 matches
Mail list logo
