Processed: Proposed patch/debdiff
Processing control commands: > tags 990748 + patch Bug #990748 [src:linuxptp] linuxptp: CVE-2021-3570 Ignoring request to alter tags of bug #990748 to the same tags previously set > tags 990749 + patch Bug #990749 [src:linuxptp] linuxptp: CVE-2021-3571 Ignoring request to alter tags of bug #990749 to the same tags previously set -- 990748: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990748 990749: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990749 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Proposed patch/debdiff
Processing control commands: > tags 990748 + patch Bug #990748 [src:linuxptp] linuxptp: CVE-2021-3570 Added tag(s) patch. > tags 990749 + patch Bug #990749 [src:linuxptp] linuxptp: CVE-2021-3571 Added tag(s) patch. -- 990748: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990748 990749: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990749 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
kodi-pvr-iptvsimple_7.6.5+ds1-1_source.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 06 Jul 2021 19:02:16 +0200 Source: kodi-pvr-iptvsimple Architecture: source Version: 7.6.5+ds1-1 Distribution: unstable Urgency: medium Maintainer: Debian Multimedia Maintainers Changed-By: Vasyl Gello Changes: kodi-pvr-iptvsimple (7.6.5+ds1-1) unstable; urgency=medium . * New upstream version 7.6.5+ds1 * Fix github links in d/watch * Add liblzma-dev as build-dep Checksums-Sha1: 6528fbc2b505eabe5b93ead4ee238fb3fbe6a6e0 2204 kodi-pvr-iptvsimple_7.6.5+ds1-1.dsc a304ba10f328475f3f52bd3ee98e83264c196afb 163504 kodi-pvr-iptvsimple_7.6.5+ds1.orig.tar.xz 46c76a881726a3c44e50c5817651b36c09f07dde 3240 kodi-pvr-iptvsimple_7.6.5+ds1-1.debian.tar.xz c86ac2fca88af4de16b7f12fd206c16556149fca 7075 kodi-pvr-iptvsimple_7.6.5+ds1-1_amd64.buildinfo Checksums-Sha256: 3069efd968d921c9b01c623dc9a40062994115be2a788e6bdee83e5e22c63ad9 2204 kodi-pvr-iptvsimple_7.6.5+ds1-1.dsc 6ec47bbb752d23857946c16116482cb5f415863721a96deafe90bdf993f79ede 163504 kodi-pvr-iptvsimple_7.6.5+ds1.orig.tar.xz c6cee52078f35748f0f00a905bb40957bfc23f17f232cc3319307d688b709a0d 3240 kodi-pvr-iptvsimple_7.6.5+ds1-1.debian.tar.xz b8461b7e9a3ceea81f3a26cf97ff3d9b2c6db7452009bb3489cd9844200c3ee2 7075 kodi-pvr-iptvsimple_7.6.5+ds1-1_amd64.buildinfo Files: a0d6d0ebc2f9cd7661bf9773bd0551d9 2204 libs optional kodi-pvr-iptvsimple_7.6.5+ds1-1.dsc 4fff48dda8a655c67e39bc9ff5085b7c 163504 libs optional kodi-pvr-iptvsimple_7.6.5+ds1.orig.tar.xz 3ba8f42fbb851a2c80a4fd703544f179 3240 libs optional kodi-pvr-iptvsimple_7.6.5+ds1-1.debian.tar.xz 077bf750a08c431b1fb1bf61bf1ea08e 7075 libs optional kodi-pvr-iptvsimple_7.6.5+ds1-1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAmDkjWYACgkQCBa54Yx2 K63ctQ/9HiJ10mG3RbPz/FeWThP2/jlno1+VUrcUq5UEZkfCboVF78ub2Sji4t0x BMrjtYSPo1Rco9HaaxD+yl9xqZAjIdWW4qP77LVkOavHDYDAEUsmw1VvUcIJE30N DCu1RNHq2ZbjNrQAGkAGrcYnK9Iv4SvqzpoND29Gg5/VsbgiDvNVRNE67yKuvPlU X6NjXKxYPGHJahv4ySbUj+jZkYSHxBlfj2ALf7taC7jN72O6BBaJl7Rgcbt76StA /Oy/DAU5h+qBfRlcDkZn9XT/AyWrS3FS1GgryA7QTWK/GmQ0Fdp95QitwTBnDG60 OWjqpj3QypbTnTut76YjvfPVM4JY2fGW2TCPkcrDdTumHvnN42xc8F2ZczOGuVsm 8f3Q5A0IP9rcxPaaZ3OeUX7+50FNR4F+d/44QqxS1Fu6KCE8vRbiZs/ntxLvU5tZ CkYZbzdJGp2dqjyH57KOxq4Ca4phjDg/HDsyPwaRiw+iiCjAW//FGfRrCROZL1js WbDSgWNLGVYGHcbH23pPQJEOrVZEJuOX93xJufD55UaHJgQdXn3cyckmobBsxHZn Ry4Bbm5xFKrd9nPexY9O80F1N5D1JCbK2BxR9ZiA+Jths3yZ9JmfbAGZXpOonQ2C RIC8trne46FxsKco3CeaHgMdl220piG5PMp12+A89D2W6GMMRV4= =AbCU -END PGP SIGNATURE- Thank you for your contribution to Debian.
kodi-inputstream-ffmpegdirect_1.21.3+ds1-1_source.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 06 Jul 2021 19:01:59 +0200 Source: kodi-inputstream-ffmpegdirect Architecture: source Version: 1.21.3+ds1-1 Distribution: unstable Urgency: medium Maintainer: Debian Multimedia Maintainers Changed-By: Vasyl Gello Changes: kodi-inputstream-ffmpegdirect (1.21.3+ds1-1) unstable; urgency=medium . * New upstream version 1.21.3+ds1 * Fix github ref * Downgrade ffmpeg required version to 4.1.6 Checksums-Sha1: d62cbe424534aef1fbdad0bdbf53fd444375a3b2 2553 kodi-inputstream-ffmpegdirect_1.21.3+ds1-1.dsc fd7ee7f28b347b03272d77c8ad98eec307807a3a 198736 kodi-inputstream-ffmpegdirect_1.21.3+ds1.orig.tar.xz 3e310895b2453eb7cebbc942f49d58abf479c9f5 2640 kodi-inputstream-ffmpegdirect_1.21.3+ds1-1.debian.tar.xz 0802a47d3fbb2b0e64671235a5576fab647375e3 10919 kodi-inputstream-ffmpegdirect_1.21.3+ds1-1_amd64.buildinfo Checksums-Sha256: 6812dbd4ea11d009818b66ca6b718ef59cae02e3a3efb5cd2b7d347ce393b3e7 2553 kodi-inputstream-ffmpegdirect_1.21.3+ds1-1.dsc be86bd7acddc5aed277f3e5db767050a728f84117f67b96ce8ead1a200489fed 198736 kodi-inputstream-ffmpegdirect_1.21.3+ds1.orig.tar.xz 4b40ec020627d46d0b25d4650253c446436ec0ce1d0667b376a9c046d38f8dbe 2640 kodi-inputstream-ffmpegdirect_1.21.3+ds1-1.debian.tar.xz b2382fd903086579cb11d7d6b1ac68822451f918ecace8dcd2f6170def4709e8 10919 kodi-inputstream-ffmpegdirect_1.21.3+ds1-1_amd64.buildinfo Files: 988b94ec62f921b5ae31b8d8f53f1eba 2553 libs optional kodi-inputstream-ffmpegdirect_1.21.3+ds1-1.dsc 179a2966eb069c08123f49a0efb6f298 198736 libs optional kodi-inputstream-ffmpegdirect_1.21.3+ds1.orig.tar.xz 236318d90f299e53f1f2b3dcac0745c9 2640 libs optional kodi-inputstream-ffmpegdirect_1.21.3+ds1-1.debian.tar.xz 069cabcce8021f190b14e64e2811932c 10919 libs optional kodi-inputstream-ffmpegdirect_1.21.3+ds1-1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAmDkjaAACgkQCBa54Yx2 K60vkw//XTdG0sU/qOGjQktFJvKmn24MSGE8cfqpsKH2HPPJPPYgFU2zGc+pY8V/ Vp1o8JbmZRoWhz1gva+wsoc2Lij8TZFYTMGy+d7AcBirsIY8A+hDa8h2LDjK5u1R JHdiZajafAE2a5SOl82RMlb9Aru8bFZov880Ohwk3QTQTSfCRs/Swgdyg5jiMWcA Xpj4jO22UF3dk+/KyYCNpfOW+wMMNZ9YUUAHC1aWdknVdJgHR2NDbD9koRGgiSqv I5QG22Nhm9D0ku5iFv0bWSY6w9cEqpfCZiaot8xM0spT+bU1Xl3o+acB8Cq+xoxf TuYZPZw96cLSyVB1573mUG9DL7QlAj844coWm2VXbQE9b3vKqCIpMyZuib5nlbtl 9Y3NLIil2/NLTEIslBp69VIObh7dbkiT0OziKxS25PhfSnYRD8U3lT5Zt3kGtQsa QzkHoJhk9w0qjZUQsimMq/KwRR95WU/SWvv2rUx2vrU/1U7ueWGjfo78E+G2Yiso T0IU9/Bz3zZ0lJJ82AGhexqR+jHjdyJUm9gEHSDhdiD+DS76eu9QqYQaKAW3dk/b 6A5tf7CIbfTnDqvHxgyuZ9YewkhpQOnSJR1Y0XAWz1jo3JuFyUhIzLAK+ihIND+p 7BQ0W2bYhLJvF/vj3fzg6ni78AB1z9N3GKA+Z041j1AhRmBxAus= =+gH7 -END PGP SIGNATURE- Thank you for your contribution to Debian.
Processing of kodi-inputstream-ffmpegdirect_1.21.3+ds1-1_source.changes
kodi-inputstream-ffmpegdirect_1.21.3+ds1-1_source.changes uploaded successfully to localhost along with the files: kodi-inputstream-ffmpegdirect_1.21.3+ds1-1.dsc kodi-inputstream-ffmpegdirect_1.21.3+ds1.orig.tar.xz kodi-inputstream-ffmpegdirect_1.21.3+ds1-1.debian.tar.xz kodi-inputstream-ffmpegdirect_1.21.3+ds1-1_amd64.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
Processing of kodi-pvr-iptvsimple_7.6.5+ds1-1_source.changes
kodi-pvr-iptvsimple_7.6.5+ds1-1_source.changes uploaded successfully to localhost along with the files: kodi-pvr-iptvsimple_7.6.5+ds1-1.dsc kodi-pvr-iptvsimple_7.6.5+ds1.orig.tar.xz kodi-pvr-iptvsimple_7.6.5+ds1-1.debian.tar.xz kodi-pvr-iptvsimple_7.6.5+ds1-1_amd64.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
Bug#990759: FW: [Linuxptp-devel] linuxptp: Fixes published for CVE-2021-3570 and CVE-2021-3571
Package: linuxptp Version: 3.1-2 CVE-2021-3570 CVE-2021-3571 -Original Message- From: Richard Cochran Sent: Tuesday, 6 July 2021 00:30 To: oss-secur...@lists.openwall.com Cc: linuxptp-us...@lists.sourceforge.net; linuxptp-de...@lists.sourceforge.net Subject: [Linuxptp-devel] linuxptp: Fixes published for CVE-2021-3570 and CVE-2021-3571 Dear list, Now that the embargo period has expired, I published fixes for: CVE-2021-3570 linuxptp: missing length check of forwarded messages CVE-2021-3571 linuxptp: wrong length of one-step follow-up in transparent clock The fixes have been published to SourceForge and to GitHub: https://sourceforge.net/projects/linuxptp/ https://github.com/richardcochran/linuxptp The tags with the fixes are as follows: v1.5.1 v1.6.1 v1.7.1 v1.8.1 v1.9.3 v2.0.1 v3.1.1 In addition, the head of the master branch (soon to be version 3.2) also includes the fixes. Although it is possible to apply the fix to versions 1.2, 1.3, and 1.4, those versions are obsolete and do not pass our CI tests. For this reason I decided to withdraw them instead. Thanks, Richard ___ Linuxptp-devel mailing list linuxptp-de...@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linuxptp-devel
Bug#990749: linuxptp: CVE-2021-3571
Source: linuxptp Version: 3.1-2 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for linuxptp. CVE-2021-3571[0]: | linuxptp: wrong length of one-step follow-up in transparent clock If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-3571 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3571 Please adjust the affected versions in the BTS as needed. Note, as for CVE-2021-3570 I set the severity here as well to RC thinking the fix needs to go into bullseye before the release. Let me know if I can help with a NMU. Regards, Salvatore
Processed: linuxptp: CVE-2021-3570
Processing control commands: > found -1 1.9.2-1 Bug #990748 [src:linuxptp] linuxptp: CVE-2021-3570 Marked as found in versions linuxptp/1.9.2-1. -- 990748: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990748 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#990748: linuxptp: CVE-2021-3570
Source: linuxptp Version: 3.1-2 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Control: found -1 1.9.2-1 Hi, The following vulnerability was published for linuxptp. CVE-2021-3570[0]: | linuxptp: missing length check of forwarded messages If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-3570 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3570 Please adjust the affected versions in the BTS as needed. Note, I did set the severity here straight to RC as I think the fix should go in bullseye. I can try to help with a NMU if needed. Regards, Salvatore
Bug#990737: Audacity's new privacy policy may need to be addressed
Regarding the following, written by "Paul Wise" on 2021-07-06 at 11:30 Uhr +0800: IIRC the telemetry is off by default when building from source and only the official upstream binaries are affected. Can confirm. I should have been explicit: check that the telemetry code is DFSG, or if it's not, switch to the fork. Thanks Paul, -- .''`. martin f. krafft @martinkrafft : :' : proud Debian developer `. `'` http://people.debian.org/~madduck `- Debian - when you have better things to do than fixing systems "ah, but a man's reach should exceed his grasp, or what's a heaven for?" -- robert browning digital_signature_gpg.asc Description: Digital GPG signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
