[pkg-horde] Bug#813590: WIP (was: Fwd: Proposed changes to jessie)

Mathieu Parent math.parent at gmail.com
Wed Feb 24 21:40:21 UTC 2016


I've proposed the changes to -security, without response yet.

See below.

---------- Forwarded message ----------
From: Mathieu Parent <math.parent at gmail.com>
Date: 2016-02-24 22:24 GMT+01:00
Subject: Re: Proposed changes to jessie
To: team at security.debian.org

2016-02-04 15:04 GMT+01:00 Mathieu Parent <math.parent at gmail.com>:
> Hello,

Pinging again.

> I have prepared security fixes for two Horde packages:
> - php-horde: https://bugs.debian.org/813573#26 XSS vulnerability in menu bar
Debdiff at: http://anonscm.debian.org/cgit/pkg-horde/PEAR/php-horde.git/diff/?id2=47c6d6e6ad0836d657eee75e36ef8dbd19c843d2&id=112b45b0403df87828e6cd620eb0e3d4fc3c7fa9

> - php-horde-core: https://bugs.debian.org/813590#23 XSS in
> Horde_Core_VarRenderer_Html
Debdiff at: http://anonscm.debian.org/cgit/pkg-horde/PEAR/php-horde-core.git/diff/?id2=d79e0d5424ba76351cde56701e061f91d241ec09&id=a98c8cb02edaaa0378771a7f21855aaafc883785

> Can I upload the two packages (this is already fixed in sid)?

Waiting for your answer.

> I have also prepared a ctdb regression update, which fix CTDB behavior
> under Linux after the fix for CVE-2015-8543:
> - https://bugs.debian.org/813406#25 ctdb, raw sockets and CVE-2015-8543

See http://anonscm.debian.org/cgit/pkg-samba/ctdb.git/commit/?h=debian-jessie&id=ec4e506686578cdf13b36ce18ec98cc5307b4e64

> Can I upload it?


> Can I make the same to wheezy once jessie is uploaded?


I think keeping those issues in place is not good.

Mathieu Parent

More information about the pkg-horde-hackers mailing list