On Mar/11, Stephan Beck wrote:
Is there any reason for the circumstance that this DSA3177-1 (March
10) is being sent after DSA3181-1, and not, as it would be expected,
between the announce dates of DSA3176-1 (February 26) and DSA3178-1
(March 2)? Just curious.
None other than the fact I've
On 2015-03-31, Guillaume Delacour g...@iroqwa.org wrote:
Upstream confirm me that the fix is correct for this CVE. The
package uploaded on mentors was not modified since my first mail and
is ready for upload if anybody can/want upload it to stable.
I'm waiting for CVE assignments from MITRE,
On 2015-04-13, Henrique de Moraes Holschuh h...@debian.org wrote:
The use of bin-NMUs for this is causing utter havock here due to
multi-arch:
[...]
(obviously a straight apt upgrade run or aptitude upgrade run will
give similar results).
Indeed; this is tracked via
On 2016-02-01, Grant Murphy wrote:
> Cool thanks. I'm currently getting a 404 from this URL -
> https://security-tracker.debian.org/tracker/data/json is this
> related?
The JSON API was disabled this week-end, because it was causing a huge
load on security-tracker.d.o,
I think we'd want to make tracker_server aware of the not-affected
status, but I'll wait for a second opinion...
Cheers,
--Seb
On 2016-02-01, Sébastien Delafond wrote:
> The JSON API was disabled this week-end, because it was causing a
> huge load on security-tracker.d.o, thus impacting the rest of the
> functionalities. It will be restored shortly.
The JSON API is back, after putting in a crude caching
On 2016-04-05, donoban wrote:
> Why this took so long? Roundcube team fixed this 2015-12-26:
>
> https://roundcube.net/news/2015/12/26/updates-1.1.4-and-1.0.8-released
>
> And it also seems a easy fix to backport:
>
>
On 2016-03-01, Mike Gabriel wrote:
> @Security Team: Shall we (LTS contributors) handle wheezy-security
> updates like described below until Debian wheezy LTS comes into play?
>
>o Pick a package that has open CVE issues in wheezy, e.g. from
> above list
>o
After some discussion about what no-dsa really means, I've added 2 new
sub-states to the tracker, and they can be used as follows:
CVE-2018-10012345
- foo (bug #9876543)
[stretch] - shadow (Minor issue, later)
[jessie] - shadow (Minor issue, later)
On 2017-05-31, Philipp Hahn wrote:
> for my project I need the information which CVE is fixed by which
> Debian package. I do that by reading the DSA list. I tried
> lib/python/bugs.py first, but at the end wrote my own parser based on
> some simple regular expressions.
), Moritz Muehlenhoff
(jmm), Salvatore Bonaccorso (carnil), Sébastien Delafond (seb), and
Yves-Alexis Perez (corsac).
We'd like to thank the Mini-DebConf organizers for providing the
facilities for our sprint, as well as all donors to the Debian project
who helped to cover a large part of our expenses
Hi,
the Debian Security team periodically gets requests and/or bug reports
about the OVAL exports, and our general stance is that although we can't
provide support for them, I'll gladly review and accept PRs on the OVAL
generation code if people are interested in fixing whatever issues they
12 matches
Mail list logo