Hi,
>As you have seen, Seb took the coordination for jessie- and
>stretch-security.
… and…
>Thanks for uploading. I'll send the DLA announcement out now…
Thanks for that. I spent yesterday mostly offline.
bye,
//mirabilos
--
Beware of ritual lest you forget the meaning behind it.
yeah but i
Hi Thorsten,
> >Thanks for uploading. I'll send the DLA announcement out now…
>
> Thanks for that. I spent yesterday mostly offline.
That's what Sundays are for. :) For completeness, here was what was
sent:
https://lists.debian.org/debian-lts-announce/2017/08/msg8.html
Thanks again :)
Hi Thorsten,
> […]
Thanks for uploading. I'll send the DLA announcement out now…
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Hi Thorsten,
On Sat, Aug 12, 2017 at 05:26:22PM +, Thorsten Glaser wrote:
> Hi LTS team,
>
> >>On Sat, Aug 12, 2017 at 12:36:57PM +0200, SC)bastien Delafond wrote:
>
> >>>For wheezy, you'll need to check directly with the Debian LTS team, that
> >>>can be reached via debian-...@lists.debian.
Hi Thorsten,
> is the distribution in the changelog set correctly
Yep.
> How do I upload, i.e. to what queue do I dput, and do I use -sa?
Can I link you to:
https://wiki.debian.org/LTS/Development
If there is something missing there let us know and we'll add it; thus
saving the "next" perso
Hi LTS team,
>>On Sat, Aug 12, 2017 at 12:36:57PM +0200, SC)bastien Delafond wrote:
>>>For wheezy, you'll need to check directly with the Debian LTS team, that
>>>can be reached via debian-...@lists.debian.org.
is the attached debdiff ok to upload? (Specifically, is the distribution
in the chang
Salvatore Bonaccorso dixit:
>For the security-upload s/stretch/stretch-security/ but that was
>already commented by Moritz :)
OK, will do.
>On Sat, Aug 12, 2017 at 12:36:57PM +0200, SC)bastien Delafond wrote:
>>
>> > Since I do not upload to past releases often: do I just dput them,
>> > or do I
Hi
On Sat, Aug 12, 2017 at 12:36:57PM +0200, Sébastien Delafond wrote:
> On Aug/12, Thorsten Glaser wrote:
> > I’m attaching one for stretch, and if it pleases you, I’ll do them in
> > the same vain for jessie and wheezy and upload them. (As I said, they
> > will all look identical, the code has n
On Sat, Aug 12, 2017 at 12:36:57PM +0200, Sébastien Delafond wrote:
> On Aug/12, Thorsten Glaser wrote:
> > I’m attaching one for stretch, and if it pleases you, I’ll do them in
> > the same vain for jessie and wheezy and upload them. (As I said, they
> > will all look identical, the code has not c
On Aug/12, Thorsten Glaser wrote:
> I’m attaching one for stretch, and if it pleases you, I’ll do them in
> the same vain for jessie and wheezy and upload them. (As I said, they
> will all look identical, the code has not changed in quite a while…
> the file in question did not change *at all*, and
Sébastien Delafond dixit:
>Would you be able to produce debdiffs for jessie and stretch, so we can
>review them and give you the go-ahead to upload to security-master ?
OK, now that I’m waiting on the multi-hour testsuite results on sid.
(It’s mostly that, due to the extra checks, the testsuite n
Sébastien Delafond dixit:
>On Aug/11, Thorsten Glaser wrote:
>> For {,{,old}old}stable-security, this should suffice:
>> [...]
>
>Would you be able to produce debdiffs for jessie and stretch, so we can
>review them and give you the go-ahead to upload to security-master ?
Yes, although they’d look
On Aug/11, Thorsten Glaser wrote:
> For {,{,old}old}stable-security, this should suffice:
> [...]
Would you be able to produce debdiffs for jessie and stretch, so we can
review them and give you the go-ahead to upload to security-master ?
Cheers,
--Seb
tags 871810 + patch pending
thanks
Salvatore Bonaccorso dixit:
>Severity: grave
Probably not as severe, the attack vector seems minimal.
>[0] https://security-tracker.debian.org/tracker/CVE-2017-12836
>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12836
>[1] http://www.openwall.co
Processing commands for cont...@bugs.debian.org:
> tags 871810 + patch pending
Bug #871810 [src:cvs] cvs: CVE-2017-12836: CVS and ssh command injection
Added tag(s) pending and patch.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
871810: https://bugs.debian.org/
Source: cvs
Version: 2:1.12.13+real-9
Severity: grave
Tags: upstream security
Justification: user security hole
Hi,
the following vulnerability was published for cvs.
CVE-2017-12836[0]:
CVS and ssh command injection
If you fix the vulnerability please also make sure to include the
CVE (Common V
16 matches
Mail list logo
