Author: alteholz
Date: 2017-02-23 11:31:43 + (Thu, 23 Feb 2017)
New Revision: 49142
Modified:
data/dla-needed.txt
Log:
add munin
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-02-23 11:24:25 UTC (rev 49141)
Author: alteholz
Date: 2017-02-21 07:11:57 + (Tue, 21 Feb 2017)
New Revision: 49092
Modified:
data/packages/lts-do-not-call
Log:
no need to ask maintainer for php5
Modified: data/packages/lts-do-not-call
===
---
)
+++ data/dla-needed.txt 2017-02-10 18:52:03 UTC (rev 48838)
@@ -14,7 +14,7 @@
NOTE: update needs testing in
https://lists.debian.org/87fukh7hcq@curie.anarc.at
NOTE: ready to upload after smoke tests, read the above thread.
--
-bind9
+bind9 (Thorsten Alteholz)
--
bitlbee (Thorsten
Author: alteholz
Date: 2017-01-15 16:03:27 + (Sun, 15 Jan 2017)
New Revision: 48085
Modified:
data/CVE/list
Log:
mark lxc CVE as no-dsa like in jessie
Modified: data/CVE/list
===
--- data/CVE/list 2017-01-15 15:57:07
Author: alteholz
Date: 2017-01-15 16:07:52 + (Sun, 15 Jan 2017)
New Revision: 48086
Modified:
data/CVE/list
Log:
mark qt4-x11 CVE as no-dsa like in jessie
Modified: data/CVE/list
===
--- data/CVE/list 2017-01-15
44085)
+++ data/dla-needed.txt 2016-08-22 09:33:41 UTC (rev 44086)
@@ -29,6 +29,8 @@
--
linux (Ben Hutchings)
--
+lshell (Thorsten Alteholz)
+--
mat
NOTE: the fix for this issue:
https://security-tracker.debian.org/tracker/TEMP-0826101-4D75EC
is not available yet. It will be available
44086)
+++ data/dla-needed.txt 2016-08-22 09:44:58 UTC (rev 44087)
@@ -11,7 +11,7 @@
--
asterisk (Thorsten Alteholz)
--
-chicken
+chicken (Thorsten Alteholz)
--
gnupg (Santiago R.R.)
--
___
Secure-testing-commits mailing list
Secure-testing
:45 UTC (rev 49315)
@@ -10,9 +10,6 @@
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
--
-bind9 (Thorsten Alteholz)
- NOTE: test package at
https://people.debian.org/~alteholz/packages/wheezy-lts/bind9/amd64/
---
calibre
NOTE: We will need to investigate the issue much
)
--
-radare2 (Thorsten Alteholz)
- NOTE: the vulnerability still exists, but is just in a different function
---
sane-backends (Jörg Frings-Fürst)
--
shadow (Balint Reczey)
___
Secure-testing-commits mailing list
Secure-testing-commits
)
@@ -121,8 +121,6 @@
NOTE: from my point of view backporting the introduction of these new
members to this old
NOTE: version is way to invasive and such this should be marked as
--
-tnef (Thorsten Alteholz)
---
web2py
NOTE: added 2017-02-25, please give maintainer some time to respond
Author: alteholz
Date: 2016-08-31 20:16:52 + (Wed, 31 Aug 2016)
New Revision: 44245
Modified:
data/CVE/list
Log:
mark CVE-2016-5102 as like in Jessie
Modified: data/CVE/list
===
--- data/CVE/list 2016-08-31 20:15:38
===
--- data/dla-needed.txt 2016-08-31 19:59:59 UTC (rev 44243)
+++ data/dla-needed.txt 2016-08-31 20:15:38 UTC (rev 44244)
@@ -70,8 +70,6 @@
--
tomcat7 (Markus Koschany)
--
-wget (Thorsten Alteholz)
---
wordpress
NOTE: Proposed patch for CVE-2015-8834 doesn't seem
Author: alteholz
Date: 2016-09-05 18:14:32 + (Mon, 05 Sep 2016)
New Revision: 44346
Modified:
data/CVE/list
Log:
9pfs seems to be used in the wild
Modified: data/CVE/list
===
--- data/CVE/list 2016-09-05 18:05:04 UTC
Author: alteholz
Date: 2016-09-01 18:45:55 + (Thu, 01 Sep 2016)
New Revision: 44257
Modified:
data/dla-needed.txt
Log:
add tiff again
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-09-01 18:35:26 UTC (rev
(rev 44259)
+++ data/dla-needed.txt 2016-09-01 18:56:59 UTC (rev 44260)
@@ -27,6 +27,8 @@
--
linux (Ben Hutchings)
--
+mactelnet (Thorsten Alteholz)
+--
mailman
NOTE: Thijs Kinkhorst said on debian-lts that he wants to have a look
--
___
Secure
44308)
+++ data/dla-needed.txt 2016-09-04 15:34:57 UTC (rev 44309)
@@ -29,6 +29,8 @@
https://marc.info/?l=oss-security=146685931517961=2 claims
that 0.47 & 1.0 are affected and wheezy has 0.48.
--
+libtomcrypt
+--
mactelnet (Thorsten Alteholz)
--
mat (Jonas Me
)
+++ data/dla-needed.txt 2016-09-04 15:27:51 UTC (rev 44307)
@@ -20,6 +20,8 @@
--
imagemagick (Ben Hutchings)
--
+libgd2 (Thorsten Alteholz)
+--
libical (Ola Lundqvist)
NOTE: issues are currently not public, but
https://marc.info/?l=oss-security=146685931517961=2 claims
)
+++ data/dla-needed.txt 2016-09-04 15:41:52 UTC (rev 44310)
@@ -31,6 +31,8 @@
--
libtomcrypt
--
+linux (Ben Hutchings)
+--
mactelnet (Thorsten Alteholz)
--
mat (Jonas Meurer)
___
Secure-testing-commits mailing list
Secure-testing-commits
Author: alteholz
Date: 2016-09-04 15:26:48 + (Sun, 04 Sep 2016)
New Revision: 44306
Modified:
data/CVE/list
Log:
mark CVE-2016-7103 as in Wheezy like in Jessie
Modified: data/CVE/list
===
--- data/CVE/list 2016-09-04
Author: alteholz
Date: 2016-09-04 15:25:38 + (Sun, 04 Sep 2016)
New Revision: 44305
Modified:
data/CVE/list
Log:
mark CVE-2016-7116 as in Wheezy like in Jessie
Modified: data/CVE/list
===
--- data/CVE/list 2016-09-04
)
+++ data/dla-needed.txt 2016-09-04 15:29:29 UTC (rev 44308)
@@ -20,6 +20,8 @@
--
imagemagick (Ben Hutchings)
--
+jsch
+--
libgd2 (Thorsten Alteholz)
--
libical (Ola Lundqvist)
___
Secure-testing-commits mailing list
Secure-testing-commits
44216)
+++ data/dla-needed.txt 2016-08-29 18:26:52 UTC (rev 44217)
@@ -75,6 +75,8 @@
--
tomcat7 (Markus Koschany)
--
+wget (Thorsten Alteholz)
+--
wordpress
NOTE: Proposed patch for CVE-2015-8834 doesn't seem to work for Wheezy. DB
upgrade fails
:11 UTC (rev 44241)
+++ data/dla-needed.txt 2016-08-31 18:25:07 UTC (rev 44242)
@@ -70,6 +70,8 @@
--
tomcat7 (Markus Koschany)
--
+tryton-server (Mathias Behrle)
+--
wget (Thorsten Alteholz)
--
wordpress
___
Secure-testing-commits mailing list
UTC (rev 45101)
+++ data/dla-needed.txt 2016-10-06 06:41:18 UTC (rev 45102)
@@ -82,7 +82,7 @@
NOTE: Potentially affected by all qemu CVE-s:
NOTE: https://lists.debian.org/debian-lts/2016/09/msg00014.html
--
-redis (Thorsten Alteholz)
+redis (Chris Lamb)
--
samba
NOTE: patch for CVE-2016
(rev 45075)
@@ -13,8 +13,6 @@
--
bash
--
-bind9 (Thorsten Alteholz)
---
c-ares (Markus Koschany)
--
freeimage
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman
45096)
@@ -92,5 +92,3 @@
tiff3
NOTE: 20160912: Open reproducible issues. No patches available.
--
-zendframework (Thorsten Alteholz)
---
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http
45096)
+++ data/dla-needed.txt 2016-10-05 20:50:53 UTC (rev 45097)
@@ -46,6 +46,8 @@
https://marc.info/?l=oss-security=146685931517961=2 claims
that 0.47 & 1.0 are affected and wheezy has 0.48.
--
+libxvmc (Thorsten Alteholz)
+--
linux (Ben Hutchings)
--
mat (Jonas Meurer)
@@ -80,6 +
)
+++ data/dla-needed.txt 2016-09-18 15:09:58 UTC (rev 44716)
@@ -54,6 +54,8 @@
NOTE: Kurt Roeckx considers CVE-2016-2177 and CVE-2016-2178 to be low
NOTE: priority issues and will fix them after the next release of OpenSSL.
--
+php5 (Thorsten Alteholz)
+--
phpmyadmin (Ola Lundqvist)
--
qemu
UTC (rev 44726)
+++ data/dla-needed.txt 2016-09-18 17:55:51 UTC (rev 44727)
@@ -76,7 +76,7 @@
wordpress (Markus Koschany)
NOTE: Proposed patch for CVE-2015-8834 doesn't seem to work for Wheezy. DB
upgrade fails.
--
-zendframework
+zendframework (Thorsten Alteholz)
--
zookeeper (Markus
to be low
NOTE: priority issues and will fix them after the next release of OpenSSL.
--
-php5 (Thorsten Alteholz)
- NOTE: At least CVE-2016-4538 of the outstanding CVEs are vulnerable
---
phpmyadmin (Ola Lundqvist)
--
qemu (Hugo Lefeuvre)
___
Secure
UTC (rev 44658)
+++ data/dla-needed.txt 2016-09-16 17:40:12 UTC (rev 44659)
@@ -30,8 +30,6 @@
NOTE: Latest issue is CVE-2016-7393, it would be a good time to release
accumulated fixes
NOTE: (See debian-lts ML)
--
-libgd2 (Thorsten Alteholz)
---
libical (Ola Lundqvist)
NOTE: issues
-2016-6897
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-08-27 09:10:12 UTC (rev 44173)
+++ data/dla-needed.txt 2016-08-27 10:18:36 UTC (rev 44174)
@@ -29,8 +29,6 @@
--
linux (Ben Hutchings)
--
-lshell (Thorsten
44178)
+++ data/dla-needed.txt 2016-08-27 13:09:18 UTC (rev 44179)
@@ -11,7 +11,7 @@
--
asterisk (Thorsten Alteholz)
--
-chicken (Thorsten Alteholz)
+chicken
--
eog (Balint Reczey)
--
___
Secure-testing-commits mailing list
Secure-testing-commits
Author: alteholz
Date: 2016-08-27 21:27:48 + (Sat, 27 Aug 2016)
New Revision: 44190
Modified:
data/dla-needed.txt
Log:
add infos from debian-lts@
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-08-27 21:11:35
@@
--
linux (Ben Hutchings)
--
-mactelnet (Thorsten Alteholz)
---
mat (Jonas Meurer)
NOTE: the fix for this issue:
https://security-tracker.debian.org/tracker/TEMP-0826101-4D75EC
is not available yet. It will be available in next upstream release (already
-09-27 17:24:53 UTC (rev 44926)
+++ data/dla-needed.txt 2016-09-27 18:20:48 UTC (rev 44927)
@@ -11,6 +11,8 @@
--
asterisk (Thorsten Alteholz)
--
+bind9 (Thorsten Alteholz)
+--
chicken (Balint Reczey)
NOTE: See report 87twdrpcyx@prune.linuxpenguins.xyz
NOTE: Wheezy probably vulnerable
Author: alteholz
Date: 2016-10-01 15:42:25 + (Sat, 01 Oct 2016)
New Revision: 44959
Modified:
data/dla-needed.txt
Log:
add samba
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-10-01 15:25:23 UTC (rev 44958)
Author: alteholz
Date: 2016-10-01 15:25:23 + (Sat, 01 Oct 2016)
New Revision: 44958
Modified:
data/CVE/list
Log:
patch for CVE-2016-2115 intentionally removed again
Modified: data/CVE/list
===
--- data/CVE/list
45658)
+++ data/dla-needed.txt 2016-10-27 10:26:42 UTC (rev 45659)
@@ -9,7 +9,7 @@
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
--
-asterisk (Thorsten Alteholz)
+asterisk
--
dwarfutils
NOTE: New round of CVEs not seemingly covered by DLA 669-1
+54,6 @@
--
libxtst (Emilio Pozuelo)
--
-libxvmc (Thorsten Alteholz)
---
mingw32 (Stephen Kitt)
--
nspr (Ola Lundqvist)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin
)
+++ data/dla-needed.txt 2016-10-19 20:28:00 UTC (rev 45466)
@@ -27,7 +27,7 @@
irssi
NOTE: rhonda@d.o is preparing an upload.
--
-jasper
+jasper (Thorsten Alteholz)
--
kde-runtime
NOTE: We may not need to update, but I'm leaning toward fixing
CVE-2016-7787, see #839865
Author: alteholz
Date: 2016-10-20 14:14:32 + (Thu, 20 Oct 2016)
New Revision: 45477
Modified:
data/embedded-code-copies
Log:
vlc uses embedded copy of ffmpeg
Modified: data/embedded-code-copies
===
---
45436)
@@ -44,8 +44,6 @@
NOTE: Upstream will provide new point-releases fixing open security issues
in the next months.
NOTE: (See debian-lts ML)
--
-libgd2 (Thorsten Alteholz)
---
libical (Ola Lundqvist)
NOTE: issues are currently not public, but
https://marc.info/?l=oss-security
Author: alteholz
Date: 2016-10-20 17:43:21 + (Thu, 20 Oct 2016)
New Revision: 45478
Modified:
data/CVE/list
Log:
add infos about CVE-2016-2848 for bind9
Modified: data/CVE/list
===
--- data/CVE/list 2016-10-20 14:14:32
Author: alteholz
Date: 2016-10-20 17:51:10 + (Thu, 20 Oct 2016)
New Revision: 45479
Modified:
data/DLA/list
Log:
Reserve DLA-672-1 for bind9
Modified: data/DLA/list
===
--- data/DLA/list 2016-10-20 17:43:21 UTC (rev
Author: alteholz
Date: 2016-11-26 21:47:15 + (Sat, 26 Nov 2016)
New Revision: 46586
Modified:
data/CVE/list
Log:
take care of some jasper issues
Modified: data/CVE/list
===
--- data/CVE/list 2016-11-26 20:02:32 UTC (rev
Author: alteholz
Date: 2016-11-17 21:42:00 + (Thu, 17 Nov 2016)
New Revision: 46294
Modified:
data/CVE/list
Log:
mark CVE-2016-8625 as no-dsa like in Jessie (the fix is too invasive)
Modified: data/CVE/list
===
---
2016-11-17 21:24:33 UTC (rev 46292)
+++ data/dla-needed.txt 2016-11-17 21:39:20 UTC (rev 46293)
@@ -11,9 +11,6 @@
--
asterisk
--
-curl (Thorsten Alteholz)
- NOTE: not all patches seem to be in the final state
---
dokuwiki
NOTE: upstream marked CVE-2016-7965 as WONTFIX
45892)
+++ data/dla-needed.txt 2016-11-02 19:13:06 UTC (rev 45893)
@@ -18,6 +18,7 @@
NOTE: Jessie has the same upstream version
--
curl (Thorsten Alteholz)
+ NOTE: not all patches seem to be in the final state
--
dwarfutils
NOTE: New round of CVEs not seemingly covered by DLA 669-1
)
+++ data/dla-needed.txt 2016-11-02 10:21:07 UTC (rev 45882)
@@ -11,7 +11,7 @@
--
asterisk
--
-bind9
+bind9 (Thorsten Alteholz)
--
bsdiff (Chris Lamb)
NOTE: Maintainer prepared a patch
https://anonscm.debian.org/git/collab-maint/bsdiff.git/log
@@
libwmf (Balint Reczey)
NOTE: Patch is available in bug #842090, probably needs NMU in unstable
--
-libxml2 (Thorsten Alteholz)
---
linux
--
mysql-5.5
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http
:19 UTC (rev 45910)
@@ -11,8 +11,6 @@
--
asterisk
--
-bind9 (Thorsten Alteholz)
---
bsdiff (Chris Lamb)
NOTE: Maintainer prepared a patch
https://anonscm.debian.org/git/collab-maint/bsdiff.git/log/
NOTE: Jessie has the same upstream version
-02 06:32:32 UTC (rev 45866)
+++ data/dla-needed.txt 2016-11-02 07:23:11 UTC (rev 45867)
@@ -13,6 +13,8 @@
--
bsdiff
--
+curl (Thorsten Alteholz)
+--
dwarfutils
NOTE: New round of CVEs not seemingly covered by DLA 669-1.
--
___
Secure-testing
)
+++ data/dla-needed.txt 2016-10-16 19:39:34 UTC (rev 45389)
@@ -46,7 +46,7 @@
NOTE: Upstream will provide new point-releases fixing open security issues
in the next months.
NOTE: (See debian-lts ML)
--
-libgd2
+libgd2 (Thorsten Alteholz)
--
libical (Ola Lundqvist)
NOTE: issues
)
+++ data/dla-needed.txt 2016-10-14 17:55:17 UTC (rev 45319)
@@ -55,7 +55,7 @@
--
libxi (Emilio Pozuelo)
--
-libxml2
+libxml2 (Thorsten Alteholz)
--
libxrandr Hugo Lefeuvre)
--
___
Secure-testing-commits mailing list
Secure-testing-commits
17:55:17 UTC (rev 45319)
+++ data/dla-needed.txt 2016-10-14 17:56:59 UTC (rev 45320)
@@ -80,8 +80,6 @@
nss (Ola Lundqvist)
NOTE: No need to contact maintainer, Mike already opted out with firefox-esr
--
-pacemaker (Thorsten Alteholz)
---
php5 (Thorsten Alteholz)
--
phpmyadmin (Ola Lundqvist
/dla-needed.txt 2016-12-10 17:13:13 UTC (rev 46955)
@@ -30,8 +30,6 @@
--
imagemagick
--
-jasper (Thorsten Alteholz)
---
libav (Hugo Lefeuvre)
NOTE: Upstream should provide new point-releases fixing open security issues
in the next months.
NOTE: Lots of CVEs are open, this is going to take
Author: alteholz
Date: 2016-12-10 22:08:16 + (Sat, 10 Dec 2016)
New Revision: 46961
Modified:
data/dla-needed.txt
Log:
there was a jasper upload some minutes ago
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt
Author: alteholz
Date: 2016-12-10 22:04:01 + (Sat, 10 Dec 2016)
New Revision: 46959
Modified:
data/CVE/list
Log:
marked as no-dsa
Modified: data/CVE/list
===
--- data/CVE/list 2016-12-10 21:10:13 UTC (rev 46958)
+++
Author: alteholz
Date: 2016-12-10 22:07:41 + (Sat, 10 Dec 2016)
New Revision: 46960
Modified:
data/CVE/list
Log:
workaround for jasper temporary entry
Modified: data/CVE/list
===
--- data/CVE/list 2016-12-10 22:04:01
===
--- data/dla-needed.txt 2016-12-16 21:17:39 UTC (rev 47149)
+++ data/dla-needed.txt 2016-12-16 21:44:47 UTC (rev 47150)
@@ -88,8 +88,6 @@
--
otrs2
--
-php5 (Thorsten Alteholz)
---
phpmyadmin (Brian May)
--
potrace
UTC (rev 48081)
+++ data/dla-needed.txt 2017-01-15 12:47:40 UTC (rev 48082)
@@ -18,7 +18,7 @@
NOTE: This change is invasive and need extra testing. We should
NOTE: wait until it has been fixed in one of stable and sid.
--
-bind (Thorsten Alteholz)
+bind9 (Thorsten Alteholz)
--
botan1.10
Author: alteholz
Date: 2017-01-15 12:22:10 + (Sun, 15 Jan 2017)
New Revision: 48078
Modified:
data/CVE/list
Log:
mark CVE-2017-5356 as no-dsa like in jessie
Modified: data/CVE/list
===
--- data/CVE/list 2017-01-15
Author: alteholz
Date: 2017-01-15 12:30:36 + (Sun, 15 Jan 2017)
New Revision: 48081
Modified:
data/dla-needed.txt
Log:
add libplist
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-01-15 12:29:25 UTC (rev 48080)
)
+++ data/dla-needed.txt 2016-11-30 14:52:22 UTC (rev 46660)
@@ -19,7 +19,7 @@
--
gst-plugins-good0.10 (Emilio Pozuelo)
--
-hdf5
+hdf5 (Thorsten Alteholz)
--
icedove (Guido Günther)
--
___
Secure-testing-commits mailing list
Secure-testing-commits
+
+ * Making sure that queries on debian-...@lists.debian.org get an answer.
+
+Who is in charge ?
+--
+
+From 02-01 to 08-01:
+From 09-01 to 15-01:Thorsten Alteholz <alteh...@debian.org>
+From 16-01 to 22-01:
+From 23-01 to 29-01:
+From 30-01 to 05-02:
+From 06-02 to 12-02:
+F
47621)
@@ -29,8 +29,6 @@
NOTE: Incomplete/Incorrect fix as per
https://lists.debian.org/debian-lts/2016/12/msg00077.html
NOTE: Subject of announce mail also contained typo (DLA-574-1 vs. DLA-547-1)
--
-hdf5 (Thorsten Alteholz)
---
ikiwiki
NOTE: The maintainer (Simon) think we shall de
)
+++ data/dla-needed.txt 2016-12-31 16:42:52 UTC (rev 47623)
@@ -36,7 +36,7 @@
--
imagemagick (Emilio Pozuelo)
--
- jasper (Thorsten Alteholz)
+jasper (Thorsten Alteholz)
--
libav (Hugo Lefeuvre)
NOTE: Upstream should provide new point-releases fixing open security issues
in the next
Author: alteholz
Date: 2016-12-16 21:45:17 + (Fri, 16 Dec 2016)
New Revision: 47151
Modified:
data/dla-needed.txt
Log:
there is more todo
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-12-16 21:44:47 UTC (rev
Author: alteholz
Date: 2017-01-14 22:35:29 + (Sat, 14 Jan 2017)
New Revision: 48070
Modified:
data/dla-needed.txt
Log:
add wordpress
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-01-14 22:31:49 UTC (rev
Author: alteholz
Date: 2017-01-14 22:31:49 + (Sat, 14 Jan 2017)
New Revision: 48069
Modified:
data/dla-needed.txt
Log:
add xen
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-01-14 22:31:19 UTC (rev 48068)
+++
2017-01-14 22:19:49 UTC (rev 48067)
+++ data/dla-needed.txt 2017-01-14 22:31:19 UTC (rev 48068)
@@ -18,6 +18,8 @@
NOTE: This change is invasive and need extra testing. We should
NOTE: wait until it has been fixed in one of stable and sid.
--
+bind (Thorsten Alteholz)
+--
botan1.10 (Hugo
:53 UTC (rev 49897)
+++ data/dla-needed.txt 2017-03-21 19:02:02 UTC (rev 49898)
@@ -128,6 +128,8 @@
--
suricata (Chris Lamb)
--
+tnef (Thorsten Alteholz)
+--
web2py (Brian May)
--
xbmc
___
Secure-testing-commits mailing list
Secure-testing-commits
Author: alteholz
Date: 2017-03-21 19:05:09 + (Tue, 21 Mar 2017)
New Revision: 49899
Modified:
data/CVE/list
Log:
adding fix of regression only to one CVE
Modified: data/CVE/list
===
--- data/CVE/list 2017-03-21 19:02:02
of view backporting the introduction of these new
members to this old
NOTE: version is way to invasive and such this should be marked as
--
-tnef (Thorsten Alteholz)
---
tzdata (Emilio Pozuelo)
--
web2py (Brian May)
___
Secure-testing-commits
50011)
+++ data/dla-needed.txt 2017-03-24 21:49:07 UTC (rev 50012)
@@ -107,7 +107,7 @@
--
python3.2
--
-qbittorrent
+qbittorrent (Thorsten Alteholz)
--
qemu (Guido Günther)
NOTE: Need further triaging as some of the issues looks minor. However
Author: alteholz
Date: 2017-03-28 20:17:56 + (Tue, 28 Mar 2017)
New Revision: 50144
Modified:
data/CVE/list
Log:
mark CVE-2017-6800 as not affected for Wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2017-03-28
upstream by private email -- Raphael
Hertzog
--
-libytnef (Thorsten Alteholz)
---
linux
--
logback
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure
:19:47 UTC (rev 50145)
+++ data/dla-needed.txt 2017-03-28 20:24:27 UTC (rev 50146)
@@ -42,7 +42,6 @@
NOTE: upstream version (#851989). Jessie / Wheezy should do the same.
--
jasper (Thorsten Alteholz)
- NOTE: no upstream fixes yet
--
libav (Hugo Lefeuvre)
NOTE: Upstream should provide new
Author: alteholz
Date: 2017-03-25 17:00:51 + (Sat, 25 Mar 2017)
New Revision: 50052
Modified:
data/CVE/list
Log:
mark CVE-2017-6306 as not affected for Wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2017-03-25
Author: alteholz
Date: 2017-03-15 14:36:16 + (Wed, 15 Mar 2017)
New Revision: 49703
Modified:
data/CVE/list
Log:
according to Ubuntu php5 is affected as well
Modified: data/CVE/list
===
--- data/CVE/list 2017-03-15
Author: alteholz
Date: 2017-03-20 14:46:33 + (Mon, 20 Mar 2017)
New Revision: 49851
Modified:
data/CVE/list
Log:
whezy and jessie are not affected by CVE-2017-6415
Modified: data/CVE/list
===
--- data/CVE/list
Author: alteholz
Date: 2017-03-20 13:27:47 + (Mon, 20 Mar 2017)
New Revision: 49846
Modified:
data/CVE/list
Log:
whezy and jessie are not affected by CVE-2017-6319
Modified: data/CVE/list
===
--- data/CVE/list
Author: alteholz
Date: 2017-03-20 14:40:24 + (Mon, 20 Mar 2017)
New Revision: 49849
Modified:
data/CVE/list
Log:
whezy is not affected by CVE-2017-6387
Modified: data/CVE/list
===
--- data/CVE/list 2017-03-20 14:26:01
)
+++ data/dla-needed.txt 2017-04-03 17:41:22 UTC (rev 50304)
@@ -101,7 +101,7 @@
--
qemu-kvm (Guido Günther)
--
-radare2
+radare2 (Thorsten Alteholz)
--
samba (Roberto C. Sánchez)
NOTE: Candidate package is prepared and review/testing has been requested
-16 20:36:32 UTC (rev 50703)
@@ -41,8 +41,6 @@
NOTE: Pinged on 2017-02-06
https://github.com/libical/libical/issues/253#issuecomment-277580552 (lamby)
NOTE: Unclear, which reproducer belongs to which bug.
--
-libosip2 (Thorsten Alteholz)
---
libplist
NOTE: 20170324: more information
. Asked the
NOTE: putty maintainer for help/advice, but no response yet. -- Jonas Meurer
--
-qbittorrent (Thorsten Alteholz)
---
qemu (Guido Günther)
NOTE: Need further triaging as some of the issues looks minor. However at
NOTE: least one issue looks major so it needs a DLA
UTC (rev 50700)
+++ data/dla-needed.txt 2017-04-16 17:20:12 UTC (rev 50701)
@@ -13,6 +13,8 @@
apng2gif
NOTE: 24031017: No upstream patch available yet. Have pinged bug#.
--
+bind9 (Thorsten Alteholz)
+--
ca-certificates
NOTE: maintainer will handle the upload, see
https://lists.debian.org
50701)
+++ data/dla-needed.txt 2017-04-16 17:30:08 UTC (rev 50702)
@@ -41,7 +41,7 @@
NOTE: Pinged on 2017-02-06
https://github.com/libical/libical/issues/253#issuecomment-277580552 (lamby)
NOTE: Unclear, which reproducer belongs to which bug.
--
-libosip2
+libosip2 (Thorsten Alteholz
)
+++ data/dla-needed.txt 2017-04-17 17:34:35 UTC (rev 50729)
@@ -34,7 +34,7 @@
icedove
NOTE: 45.8 is waiting in NEW but.
--
-icu
+icu (Thorsten Alteholz)
--
imagemagick (Markus Koschany)
--
___
Secure-testing-commits mailing list
Secure-testing
===
--- data/dla-needed.txt 2017-04-24 07:32:32 UTC (rev 50980)
+++ data/dla-needed.txt 2017-04-24 07:38:04 UTC (rev 50981)
@@ -62,7 +62,7 @@
mcollective
NOTE: See https://lists.debian.org/debian-lts/2017/03/msg8.html
--
-minicom
+minicom (Thorsten Alteholz)
NOTE: Maintainer contacted at 2017
49423)
+++ data/dla-needed.txt 2017-03-05 22:00:46 UTC (rev 49424)
@@ -96,6 +96,8 @@
--
qemu-kvm (Guido Günther)
--
+radare2 (Thorsten Alteholz)
+--
sane-backends (Jörg Frings-Fürst)
--
slurm-llnl
___
Secure-testing-commits mailing list
Secure
:59 UTC (rev 49883)
+++ data/dla-needed.txt 2017-03-21 14:45:13 UTC (rev 49884)
@@ -119,8 +119,6 @@
--
qemu-kvm (Guido Günther)
--
-radare2 (Thorsten Alteholz)
---
sane-backends (Jörg Frings-Fürst)
--
slurm-llnl
___
Secure-testing-commits mailing
(Guido Günther)
--
-radare2 (Thorsten Alteholz)
---
sane-backends (Jörg Frings-Fürst)
--
slurm-llnl
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure
54025)
+++ data/dla-needed.txt 2017-07-28 13:40:34 UTC (rev 54026)
@@ -81,7 +81,7 @@
--
libgd2
--
-libquicktime
+libquicktime (Thorsten Alteholz)
--
libraw (Emilio Pozuelo)
NOTE: Maintainer contacted 2017-06-05.
___
Secure-testing-commits mailing
-needed.txt 2017-08-13 10:09:34 UTC (rev 54714)
+++ data/dla-needed.txt 2017-08-13 14:21:19 UTC (rev 54715)
@@ -66,16 +66,16 @@
NOTE: Maintainer plan to do the update. The issue is not urgent according to
NOTE: the maintainer.
--
-jasper (Thorsten Alteholz)
+jasper
NOTE: 20170629, no patch
54715)
+++ data/dla-needed.txt 2017-08-13 14:40:12 UTC (rev 54716)
@@ -38,6 +38,8 @@
NOTE: 20170510, patch available, however not yet applied upstream.
NOTE: 20170706: no change upstream, patch disputed.
--
+extplorer (Thorsten Alteholz)
+--
exiv2
NOTE: 20170702, no upstream fix yet, so
)
+++ data/dla-needed.txt 2017-08-12 16:49:34 UTC (rev 54689)
@@ -96,7 +96,7 @@
NOTE: 20170708: patch now available (lamby)
NOTE: 20170723: not all patches available
--
-libgd2
+libgd2 (Thorsten Alteholz)
--
libmad
--
___
Secure-testing-commits
: 20170708: patch now available (lamby)
NOTE: 20170723: not all patches available
--
-libgd2 (Thorsten Alteholz)
---
libmad
--
libraw (Emilio Pozuelo)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http
+10,6 @@
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
--
-bind9 (Thorsten Alteholz)
---
ca-certificates (Antoine Beaupré)
NOTE: 2017-03-27: maintainer will handle the upload, see
https://lists.debian.org/1acb8e97-8c9f-8b54-348c-0c12f53a8...@pbandjelly.org
NOTE: 2017
401 - 500 of 760 matches
Mail list logo