Package: openssh-client
Version: 1:4.7p1-10
Severity: important
Tags: security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
--- Please enter the report below this line. ---
I have the packages openssh-blacklist and openssh-blacklist-extra installed.
If I run ssh-vulnkey -a I get
Package: netfilter-persistent
Version: 1.0.4+nmu2
Severity: grave
Tags: security
Justification: renders package unusable
Dear Maintainer,
* What led up to the situation?
Upgrading from jessie to stretch.
On two Debian systems, netfilter-persistent worked fine in jessie but randomly
fails to
0.90.1-3lenny2
Regards
David
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGUz4818/WetbTC/oRAjD0AJ9rBEbt9t2XLKjRIEj6H/+GiamuvgCghtGR
ueNfFwjp6zvEMh+WG4WN3LY=
=40Rd
-END PGP SIGNATURE-
___
Secure
Invitationnbsp;: I apologise
Par votre hôte David Thompson:
Date: dimanche 17 mai 2009
Heure: 16h 00 - 17h 00 (GMT+00:00)
Rue: Dear Friend, I apologise for intruding into your
privacy.Again,don't be angry with me if you see
Package: pidgin
Version: 2.6.1-1
Severity: grave
Tags: security
Justification: user security hole
PIDGIN 2.5.9 has a CVE filled in it -
http://www.pidgin.im/news/security/?id=34
-- System Information:
Debian Release: 5.0.2
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386
Package: pidgin
Version: pidgin prior to 2.5.9 HAS SECURITY ISSUE CVE-2009-2694
Severity: critical
Tags: security
Justification: root security hole
pidgin prior to 2.5.9 HAS SECURITY ISSUE CVE-2009-2694
http://www.pidgin.im/news/security/?id=34
-- System Information:
Debian Release: 5.0.2
Package: python-libcloud
Severity: grave
Tags: security
Justification: user security hole
libcloud fails to perform ssl validation on https connections.
This means that users of this module, who which perform api requests using
https urls / connections are at risk to mitm attacks.
See
Package: epiphany-browser
Severity: grave
Tags: security
Justification: user security hole
epiphany-browser as found in squeeze does not check remote ssl certificate
validity for https connections.
Here is a test url: (WHICH SHOULD FAIL)
/repository/revisions/16880/diff/branches/spip-2.1/
5:
http://core.spip.org/projects/spip/repository/revisions/16884/diff/branches/spip-2.1/
Regards
David
-- System Information:
Debian Release: 6.0
APT prefers unstable
APT policy: (600, 'unstable'), (500, 'testing'), (500, 'stable'), (150
already done all the needed work ;-). Would you agree if I upload
this package to unstable when it's ready?
Regards
David
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (600, 'unstable'), (500, 'testing'), (500, 'stable'), (150,
'experimental')
Architecture
report
after further investigation or get directly in touch with the security
team when ready.
Regards
David
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (600, 'unstable'), (500, 'testing'), (500, 'stable'), (150,
'experimental')
Architecture: amd64 (x86_64
Package: spip
Version: 2.1.13-1
Severity: grave
Tags: security upstream
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
Upstream, just released a new version, fixing two cross-site scripting
vulnerabilities.
The stable security update is ready [rt.debian.org #3837].
- -- System
Package: spip
Version: 2.1.14-2
Severity: grave
Tags: security upstream
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
Upstream just released a new version, fixing two cross-site scripting
vulnerabilities.
The stable security update is ready [rt.debian.org #3837] and I'll
update the
.
Regards
David
- -- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-3-amd64 (SMP w/1 CPU core)
Locale: LANG
Package: java-package
Version: 0.50+nmu1
Severity: grave
Tags: security
Trying to install java 7u11 (to get rid of latest 0 day vulnerability), I get
following output :
make-jpkg ./jdk-7u11-linux-i586.tar.gz
Creating temporary directory: /tmp/make-jpkg.PhqdadauR6
Loading plugins:
As of 1.1.2, darktable embeds a (very slightly modified) copy of libraw.
There is some discussion in Debian bug #682980; it looks like at least for the
medium-term this embedding will continue.
d
___
Secure-testing-team mailing list
to prepare the four needed packages (for squeeze, wheezy,
sid and experimental), and will open a ticket for the first two ASAP.
Regards
David
signature.asc
Description: Digital signature
___
Secure-testing-team mailing list
Secure-testing-team
dealt with the
security team in RT #4575, and pre-versions are made available on ravel:
http://people.debian.org/~taffit/spip/
Regards
David
signature.asc
Description: Digital signature
___
Secure-testing-team mailing list
Secure-testing-team
(so I’ll request
two pu shortly).
Regards
David
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (110, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.12-1-rt-amd64 (SMP w/2 CPU
://contrib.spip.net/Alerte-SPIP-2-0-25-SPIP-2-1-26-SPIP-3-0-16-sont-gavees
2: http://people.debian.org/~taffit/spip/
Regards
David
signature.asc
Description: Digital signature
___
Secure-testing-team mailing list
Secure-testing-team@lists.alioth.debian.org
/53da201749f8f362323ef278bf338f1d9f7a925a
Thanks in advance for updating the Debian package.
Regards
David
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500,
'oldstable'), (100, 'experimental
were, just focused on some parts I’m currently packaging).
Regards
David
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (110, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16-2
/MootoolsFileManager/mootools-filemanager/Backend/Assets/getid3
Please consider fixing that in time for Jessie.
Regards
David
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (110, 'experimental')
Architecture: amd64 (x86_64)
Foreign
in unstable and testing) instead.
Regards
David
signature.asc
Description: Digital signature
___
Secure-testing-team mailing list
Secure-testing-team@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
, the
secure URI munging algorithm has changed to do a proper HMAC.”
You may wish to maintain this package inside the PHP PEAR Maintainers
team and take advantage of the pkg-php-tools helper.
Regards
David
-- System Information:
Debian Release: jessie/sid
APT prefers stable-updates
APT policy
/zf2/issues/7243
Regards
David
signature.asc
Description: Digital signature
___
Secure-testing-team mailing list
Secure-testing-team@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
: no
commits in their repository for three years) of doctrine (packaging of
version 2 happens in the php-doctrine-* name space).
Please consider depending (at least) on php-seclib instead of the
embedded copy.
Regards
David
signature.asc
Description: Digital signature
most existing PHP classes used as dependencies are
currently symlinked. You may consider including them from where they
belong instead.
Regards
David
signature.asc
Description: Digital signature
___
Secure-testing-team mailing list
Secure-testing-team
.
Regards
David
signature.asc
Description: Digital signature
___
Secure-testing-team mailing list
Secure-testing-team@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
.
This bug will soon force the auto-removal of this package from testing,
and unless someone steps up to adopt it (#748604), we may also remove it
from unstable.
Regards
David
signature.asc
Description: PGP signature
___
Secure-testing-team mailing list
meter" was fixed.
1: https://sourceforge.net/p/tcpdf/code/ci/master/tree/CHANGELOG.TXT
The upstream bug report [2] is not public, so I don’t have much
information about the issue, the fix, nor it’s actual severity.
2: https://sourceforge.net/p/tcpdf/bugs/1005/
Regards
David
sig
Package: openjdk-7-jre-headless
Version: 7u111-2.6.7-1~deb8u1
Severity: important
Tags: security
When trying to upgrade openjdk-7-jre I get error :
Setting up openjdk-7-jre-headless:amd64 (7u111-2.6.7-1~deb8u1) ...
/var/lib/dpkg/info/openjdk-7-jre-headless:amd64.postinst: 19:
(and we’ll do our best
to support it during Jessie lifetime). Reverse dependencies already had
an important bug report about zendframework removal for Stretch a while
ago.
Regards
David
signature.asc
Description: PGP signature
___
Secure-testing-team mailing
Package: network-manager-openvpn
Version: 1.2.8-2
Severity: important
Tags: security
My openvpn server pushes a redirect-gateway def1
When used from CLI, openvpn respects it.
When importing configuration to network-manage, I end up with a
ip route show
default via 192.168.0.254 dev wlan0 proto
to a proper
lists.d.o list. CCing the previous list, which carries the relevant subset
of traffic.
For the only sake of tracking the usual lists procedure, it would be
needed if third parties could comment on here.
Thanks,
David, your Debian Listmaster of the Day
Package: backuppc
Version: 3.1.0-4
Severity: critical
Tags: security
Justification: root security hole
When using an SSH key and Rsync with BackupPC on a system with multiple users,
Users (as opposed to admins) have the ability to change the ClientNameAlias on
machines they are listed as
36 matches
Mail list logo
