Accepted jruby 1.5.1-1+deb6u1 (source all) into squeeze-lts

...@lists.alioth.debian.org Changed-By: Scott Kitterman freex...@kitterman.com Description: jruby - 100% pure-Java implementation of Ruby Changes: jruby (1.5.1-1+deb6u1) squeeze-lts; urgency=medium . * Add debian/patches 0008-CVE-2011-4838.patch and 0009-CVE-2012-5370.patch to resolve the respective CVEs

[SECURITY] [DLA 233-1] clamav security and upstream version update

Package: clamav Version: 0.98.7+dfsg-0+deb6u1 CVE ID : CVE-2014-9328 CVE-2015-1461 CVE-2015-1462 CVE-2015-1463 CVE-2015-2170 CVE-2015-2221 CVE-2015- CVE-2015-2668 Upstream published version 0.98.7. This update updates sqeeze-lts to the latest upstream

Accepted screen 4.0.3-14+deb6u1 (source amd64) into squeeze-lts

hanged-By: Scott Kitterman <sc...@kitterman.com> Description: screen - terminal multiplexor with VT100/ANSI terminal emulation Closes: 797624 Changes: screen (4.0.3-14+deb6u1) squeeze-lts; urgency=high . * Fix stack overflow due to too deep recursion (CVE-2015-6806). (Closes:

Accepted libphp-snoopy 2.0.0-1~deb6u1 (source all) into squeeze-lts

hanged-By: Scott Kitterman <sc...@kitterman.com> Description: libphp-snoopy - Snoopy is a PHP class that simulates a web browser Closes: 778634 Changes: libphp-snoopy (2.0.0-1~deb6u1) squeeze-lts; urgency=high . * Upload to squeeze-lts . libphp-snoopy (2.0.0-1) unstable; urgency=high

Re: Further Review Of MySQL 5.5 Packages [1]

On December 9, 2015 3:09:23 AM EST, Raphael Hertzog <hert...@debian.org> wrote: >On Tue, 08 Dec 2015, Scott Kitterman wrote: >> On December 8, 2015 5:25:05 PM EST, "Santiago Ruano Rincón" ><santiag...@riseup.net> wrote: >> >Is anyone against upload

Re: Further Review Of MySQL 5.5 Packages [1]

On December 9, 2015 2:51:47 PM EST, Raphael Hertzog wrote: >On Wed, 09 Dec 2015, Santiago Ruano Rincón wrote: >> https://titanpad.com/zPncgYnP05 > >I made a few changes. > >> This DLA includes information about the already uploaded packages to >> solve incompatibility issues.

Re: Further Review Of MySQL 5.5 Packages [1]

On December 10, 2015 3:27:14 AM EST, "Santiago Ruano Rincón" <santiag...@riseup.net> wrote: >El 09/12/15 a las 19:18, Scott Kitterman escribió: >> On December 9, 2015 2:51:47 PM EST, Raphael Hertzog ><hert...@debian.org> wrote: >... >> >What'

[SECURITY] [DLA 357-1] libphp-snoopy security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: libphp-snoopy Version: 2.0.0-1~deb6u1 CVE ID : CVE-2008-7313 CVE-2014-5008 Debian Bug : 778634 It was discovered that missing input sanitizing in Snoopy, a PHP class that simulates a web browser may result in

Re: Re: squeeze update of srtp?

On December 1, 2015 9:18:52 AM EST, Ben Hutchings <b...@decadent.org.uk> wrote: >On Tue, 2015-12-01 at 08:39 -0500, Scott Kitterman wrote: >> I checked this yesterday and the offending code isn't present in the >1.4  >> versions of srtp. > >Only because the range ch

Re: Re: squeeze update of srtp?

I checked this yesterday and the offending code isn't present in the 1.4 versions of srtp. Scott K

[SECURITY] [DLA 440-1] dansguardian package update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: dansguardian Version: 2.10.1.1-3+deb6u1 Debian Bug : 813894 As described in DLA-437-1, clamav has been updated to the most recent upstream version, 0.99. Due to a soname change in libclamav, packages depending on

Re: Non-security uploads for wheezy-lts

On Wednesday, March 02, 2016 02:09:28 PM Markus Koschany wrote: > Am 01.03.2016 um 15:45 schrieb Scott Kitterman: > > I understand that the plan is not to create a separate package suite for > > Wheezy as was done for Squeeze and to upload to wheezy-security instead. > >

Re: Supporting armel/armhf in wheezy-lts

On Monday, April 25, 2016 02:07:01 AM Luca Filipozzi wrote: > On Sun, Apr 24, 2016 at 09:55:10AM +0200, Raphael Hertzog wrote: > > Do you have some concrete suggestions? > > Decrease the separation by moving the funds management into Debian proper > (via a TO like SPI) and move to a bounty model

[SECURITY] [DLA 546-2] clamav version update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: clamav Version: 0.99.2+dfsg-0+deb7u2 DLA 546-1 was incorrectly released before updated clamav packages were available and there were subsequent issues with the acceptance of the package (which have since been corrected).

Re: [SECURITY] [DLA 546-1] clamav version update

On Sunday, July 10, 2016 06:46:52 PM Markus Koschany wrote: > On 10.07.2016 08:29, Bjoern Nyjorden wrote: > > Hi there, > > > > Are you able to advise as to when this update will be available? > > > > Looking forward to your feedback. > > Hello Bjoern, > > please ignore the DLA announcement

Re: [Pkg-clamav-devel] ClamAV Package on Wheezy

I'm going to take care of it. Scott K On July 3, 2016 9:04:48 AM EDT, Sebastian Andrzej Siewior wrote: >On 2016-06-30 09:36:18 [+0300], Klaipedaville on Google wrote: >> Hello there, >Hi, > >> It’s been almost half a year since I’ve been getting this "Clamav is

Re: [Pkg-clamav-devel] ClamAV Package on Wheezy

it again, please (as per my previous >[old] message down-below)? Is Clamav not available in packages any more >at all? Many thanks! > >Regards, >Dennis > >P.S. It looks like this "issue" is 'an every July come back occurrence' >isn't it? :) > > >From

Re: [Pkg-clamav-devel] Wheezy update of clamav?

Conveniently, upstream just released 0.99.4 that addresses this and some other issues. I'd suggest you let us get that into stable/oldstable first. Scott K On March 1, 2018 10:07:53 PM UTC, Sebastian Andrzej Siewior wrote: >On 2018-02-28 16:47:47 [-0500], Antoine

Re: [Pkg-clamav-devel] LTS update of clamav and call for advice

Comments inline. On Sunday, March 31, 2019 09:37:46 PM Ola Lundqvist wrote: > Hi > > I missed to include the clamav maintainers. Sorry about that. > > // Ola > > On Sun, 31 Mar 2019 at 21:21, Ola Lundqvist wrote: > > Dear maintainers, LTS team and Debian Secutiry team > > > > I have started

Re: [Pkg-clamav-devel] LTS update of clamav and call for advice

; // Ola > > On Sun, 31 Mar 2019 at 22:35, Scott Kitterman wrote: > > Comments inline. > > > > On Sunday, March 31, 2019 09:37:46 PM Ola Lundqvist wrote: > > > Hi > > > > > > I missed to include the clamav maintainers. Sorry about that.

Re: [Pkg-clamav-devel] LTS update of clamav and call for advice

hey are delared private so it should be ok. > > But you never know. > > > > It would be helpful if you can help me judge if any of the above means > > backwards incompatibility. > > > > I'm most worried about the following: > > - Socket change > &

Re: Test request Re: [Pkg-clamav-devel] LTS update of clamav and call for advice

an test that the package installs properly but I'm not sure I can > regression test it properly myself. > > Anyone who knows how to regression test it properly? > > Best regards > > // Ola > > On Mon, 15 Apr 2019 at 23:16, Scott Kitterman wrote: > > That sounds like