Re: [SECURITY] [DSA 3576-1] icedove security update

2016-05-13 Thread Hubert Chathi
On Sat, 14 May 2016 00:41:16 +0200, Davide Prina said: > To ckeck > $ grep icedove /var/log/dpkg.log [...] Or just run "apt-cache policy icedove", which will show you what version you have installed and what versions are available. You should see a couple of lines that

Re: [SECURITY] [DSA 3576-1] icedove security update

2016-05-13 Thread Davide Prina
please learn how to quote, so all can understand what is the question and what is the answer. Also break your line response to 75 character On 13/05/2016 23:17, Harris Paltrowitz wrote: I use Icedove on Jessie, and immediately after I received this email I ran apt-get update and apt-get

Re: [SECURITY] [DSA 3576-1] icedove security update

2016-05-13 Thread Harris Paltrowitz
Hi all, Sorry if this is a newbie-type question... I use Icedove on Jessie, and immediately after I received this email I ran apt-get update and apt-get upgrade, but no packages were updated. Thoughts? Thanks very much. -Harris On May 13, 2016, at 1:58 PM, Moritz Muehlenhoff

Re: Will Packaging BoringSSL Bring Any Trouble to the Security Team?

2016-05-13 Thread Elmar Stellnberger
Just wanted to tell that I am quite happy not to have boringSSL in Debian - main. I think it is depeerable there apart from the security risk of adopting the SSL package from a company which was largely funded by intelligence services and the Pentagon. I would rather like to see OpenBSD`s

Re: Will Packaging BoringSSL Bring Any Trouble to the Security Team?

2016-05-13 Thread Moritz Mühlenhoff
Moritz Mühlenhoff wrote: >> are introducing BoringSSL, a fork of OpenSSL by Google. The latest >> Android OS and its SDK no longer use OpenSSL and they use some APIs >> only provided by BoringSSL, hence we are bringing BoringSSL to Debian. >> You can see the ITP at

bug reports for grub need to be re-posted

2016-05-13 Thread Elmar Stellnberger
Hi! Would anyone mind to re-post the following bug reports at https://savannah.gnu.org/bugs/? I am just getting a obscure browser errors (can not establish a secure connection, time out, ... ) although I have tried it repeatedly and although my internet connection seems to work fine

Re: Will Packaging BoringSSL Bring Any Trouble to the Security Team?

2016-05-13 Thread Moritz Mühlenhoff
殷啟聰 schrieb: > Dear Debian Security Team, Our contact address is t...@security.debian.org, not debian-security... > The "android-tools" packaging team > > are introducing BoringSSL, a

External check

2016-05-13 Thread Raphael Geissert
CVE-2014-3498: RESERVED CVE-2016-1667: RESERVED CVE-2016-1668: RESERVED CVE-2016-1669: RESERVED CVE-2016-1670: RESERVED CVE-2016-1671: RESERVED -- The output might be a bit terse, but the above ids are known elsewhere, check the references in the tracker. The second part indicates the status