External check

2019-01-15 Thread Security Tracker
CVE-2018-1000873: TODO: check, could affect any of the src-jackson* packages CVE-2018-20096: TODO: check CVE-2018-20097: TODO: check CVE-2018-20098: TODO: check CVE-2019-2422: RESERVED CVE-2019-2426: RESERVED CVE-2019-5010: RESERVED -- The output might be a bit terse, but the above ids are

Re: "-fstack-clash-protection" option

2019-01-15 Thread Hideki Yamane
On Tue, 15 Jan 2019 12:06:10 +0100 Florian Weimer wrote: > > I've read systemd's vulnerability article [1] and then I have > > a question, do we have any plan to enable "-fstack-clash-protection" > > by default? I cannot find any discussion about it. > > There's a bug report requesting a

Re: arno-iptables-firewall 2.0.3-1~rc4

2019-01-15 Thread Samuel Henrique
Hello Sven, $gbp buildpackage --git-pbuilder --git-dist=stretch > > on branch debian/master fails with > > [...] > The following packages have unmet dependencies: > pbuilder-satisfydepends-dummy : Depends: debhelper (>= 12) but it is > not going to be installed > Unable to resolve dependencies!

Re: libewf.so.2 to libewf.so.3

2019-01-15 Thread Aleksey Kravchenko
Hello, The same situation is with libssl1.1/libssl1.0 [1]. I would recommend to follow its way, to avoid pitfalls: src:libewf/20140606-7, stripped-down: - libewf2-dev - libewf2 src:libewf3/20171104-2, new package for unstable: - libewf-dev (Conflicts: libewf2-dev, without Replaces) - libewf3 -

Re: arno-iptables-firewall 2.0.3-1~rc4

2019-01-15 Thread Sven Geuer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hello Samuel, On Monday, 14.01.2019, 21:08 + Samuel Henrique wrote: > Hello Sven, > > 1. prepare a 2.0.3-1~bpo9+1. This would only require DH level to be > > rolled back to 11. > > > > I'm lost here, why do we need to roll back to DH 11? I

[SECURITY] [DSA 4367-2] systemd regression update

2019-01-15 Thread Salvatore Bonaccorso
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4367-2 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 15, 2019

libewf.so.2 to libewf.so.3

2019-01-15 Thread Hilko Bengen
Hello, Aleksey Kravchenko and I have been working on updating libewf to from 20140608 to 20171104 to, among other things, gain Python3 bindings. Unfortunately, there are a few incompatible API/ABI changes which are correctly marked by a SONAME bump from 2 to 3. This in turn would normally require

Re: "-fstack-clash-protection" option

2019-01-15 Thread Florian Weimer
* Hideki Yamane: > I've read systemd's vulnerability article [1] and then I have > a question, do we have any plan to enable "-fstack-clash-protection" > by default? I cannot find any discussion about it. There's a bug report requesting a build flags change: