Bug#1072653: dns-root-data 2024041801~deb11u1 flagged for acceptance
package release.debian.org tags 1072653 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: dns-root-data Version: 2024041801~deb11u1 Explanation: update root hints; update expired security information
Bug#1072239: intel-microcode 3.20240514.1~deb12u1 flagged for acceptance
package release.debian.org tags 1072239 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: intel-microcode Version: 3.20240514.1~deb12u1 Explanation: mitigate for INTEL-SA-01051 [CVE-2023-45733], INTEL-SA-01052 [CVE-2023-46103], INTEL-SA-01036 [CVE-2023-45745, CVE-2023-47855] and unspecified functional issues on various Intel processors
Bug#1072238: intel-microcode 3.20240514.1~deb11u1 flagged for acceptance
package release.debian.org tags 1072238 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: intel-microcode Version: 3.20240514.1~deb11u1 Explanation: mitigate for INTEL-SA-01051 [CVE-2023-45733], INTEL-SA-01052 [CVE-2023-46103], INTEL-SA-01036 [CVE-2023-45745, CVE-2023-47855] and unspecified functional issues on various Intel processors
Bug#1070108: bullseye-pu: package org-mode/9.4.0+dfsg-1+deb11u2
Control: tag -1 = bullseye pending On Thu, Jun 06, 2024 at 07:54:04AM +0800, Sean Whitton wrote: > Hmm, I uploaded it when I filed the bug. I just checked and I got an > ACCEPTED for this version number. So you did; sorry. It was linked instead to the emacs request, so I've fixed that. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1036083: galera-4 26.4.18-0+deb11u1 flagged for acceptance
package release.debian.org tags 1036083 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: galera-4 Version: 26.4.18-0+deb11u1 Explanation: new upstream bugfix release; update upstream release signing key; prevent date-related test failures
Bug#1072035: dns-root-data 2024041801~deb12u1 flagged for acceptance
package release.debian.org tags 1072035 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: dns-root-data Version: 2024041801~deb12u1 Explanation: update root hints; update expired security information
Bug#1069639: galera-4 26.4.18-0+deb12u1 flagged for acceptance
package release.debian.org tags 1069639 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: galera-4 Version: 26.4.18-0+deb12u1 Explanation: new upstream bugfix release; update upstream release signing key; prevent date-related test failures
Bug#1070108: bullseye-pu: package org-mode/9.4.0+dfsg-1+deb11u2
Control: tag -1 confirmed Hi, On Tue, Apr 30, 2024 at 09:16:06AM +0100, Sean Whitton wrote: > This is security update for CVEs marked no-dsa by the secteam. > It backports a series of upstream commits for CVE-2024-30203, CVE-2024-30204 > and CVE-2024-30205. Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1072239: bookworm-pu: package intel-microcode/3.20240514.1~deb12u1
Control: tag -1 confirmed Hi, On Thu, May 30, 2024 at 04:37:22PM -0300, Henrique de Moraes Holschuh wrote: > As requested by the security team, I would like to bring the microcode > update level for Intel processors in Bullseye and Bookworm to match what > we have in Sid and Trixie. This is the bug report for Bookworm, a > separate one will be filled for Bullseye. Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1072238: bullseye-pu: package intel-microcode/3.20240514.1~deb11u1
Control: tag -1 confirmed Hi, On Thu, May 30, 2024 at 03:56:03PM -0300, Henrique de Moraes Holschuh wrote: > As requested by the security team, I would like to bring the microcode > update level for Intel processors in Bullseye and Bookworm to match what > we have in Sid and Trixie. This is the bug report for Bullseye, a > separate one will be filled for Bookworm. Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1072248: bullseye-pu: package runc/1.0.0~rc93+ds1-5+deb11u4
Control: tag -1 confirmed Hi, On Fri, May 31, 2024 at 01:07:48AM +0200, Daniel Leidert wrote: > This proposed update fixes all the outstanding CVEs in runc that have already > been fixed in Buster, Bookworm, and Trixie/Sid. The affected CVEs are: > > - - CVE-2021-43784 > - - CVE-2023-25809 > - - CVE-2023-27561/CVE-2023-28642 > Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1072653: bullseye-pu: package dns-root-data/2024041802~deb11u1
Hi, On Sat, Jun 01, 2024 at 01:35:19AM +0200, Marco d'Itri wrote: > On May 30, Emilio Pozuelo Monfort wrote: > > > This looks reasonable to me. Should a similar update be proposed for > > bullseye? > Yes, uploaded. What you've actually uploaded for bullseye differs in version number: +dns-root-data (2024041802~deb11u1) bullseye; urgency=medium This is greater than the proposed bookworm update, causing upgrades to fail. Please upload again with 2024041801~deb11u1 and I will reject the incorrect one. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1071417: org-mode 9.4.0+dfsg-1+deb11u2 flagged for acceptance
package release.debian.org tags 1071417 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: org-mode Version: 9.4.0+dfsg-1+deb11u2 Explanation: protect against unsafe remote resources [CVE-2024-30203 CVE-2024-30204 CVE-2024-30205]
Bug#1069943: emacs 27.1+1-3.1+deb11u4 flagged for acceptance
package release.debian.org tags 1069943 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: emacs Version: 27.1+1-3.1+deb11u4 Explanation: fix memory leak in patch for CVE-2022-48337
Bug#1069802: bullseye-pu: package galera-4 26.4.18-0+deb11u1
Control: tag -1 confirmed On Fri, May 24, 2024 at 11:27:12PM -0700, Otto Kekäläinen wrote: > I uploaded now with 'dput --delayed=7 ftp-master *.changes' as it is > unlikely this will get any further review, nor need it as it is just a > regular new minor upstream release. You can reschedule with no delay. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1069639: Acknowledgement (bookworm-pu: package galera-4 26.4.18-0+deb12u1)
Control: tag -1 confirmed On Fri, May 24, 2024 at 11:04:01PM -0700, Otto Kekäläinen wrote: > I uploaded now with 'dput --delayed=7 ftp-master *.changes' as it is > unlikely this will get any further review, nor need it as it is just a > regular new minor upstream release. You can reschedule with no delay. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Planning for 12.6/11.10
Hi, The final bullseye point release 11.10 (and therefore also 12.6 for versioning) should be soon after 10th June, when security team support will end. Please indicate availability for: Saturday 15th June Saturday 22nd June Saturday 29th June Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1070137: bullseye-pu: package cloud-init/22.4.2-1
On Sat, May 25, 2024 at 10:42:42AM -0700, Noah Meyerhans wrote: > Yes, we will need to add that in a bookworm stable update. I expect > we'll want a separate spu bug to track that, correct? Yes please. -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1068695: json-smart 2.2-2+deb12u1 flagged for acceptance
package release.debian.org tags 1068695 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: json-smart Version: 2.2-2+deb12u1 Explanation: fix excessive recursion leading to stack overflow [CVE-2023-1370]; fix denial of service via crafted request [CVE-2021-31684]
Bug#1068694: json-smart 2.2-2+deb11u1 flagged for acceptance
package release.debian.org tags 1068694 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: json-smart Version: 2.2-2+deb11u1 Explanation: fix excessive recursion leading to stack overflow [CVE-2023-1370]; fix denial of service via crafted request [CVE-2021-31684]
Re: Question about non-maintainer proposed-updates
Hi, On Tue, Apr 23, 2024 at 10:27:15PM +0100, Samuel Henrique wrote: > So the question is, does the release team consider it ok to push > proposed-updates without having to go through the package maintainer (given we > follow the regular process for p-u uploads)? Yes. We're looking for several things: * minimal changes, wherever practical * maintainer input if available * upstream input if available * testing, not just limited to the fix itself Updates in stable distributions can have consequence where you least expect them, which is why we are generally cautious. The easiest requests to say "yes" to are those where the propser has tested thoroughly and documented how they did so. > In case the release team says we have to reach out to the maintainer, would it > be possible to provide some rough guidelines? For example: "cc'ing the > maintainer on the release.d.o p-u bug report is all that's needed", or "open > up > a bug against the package indicating your intention to do a p-u upload". "Reasonable efforts". Mailing the original bug report, copying on the proposed update bug and waiting a few days to a couple of weeks is reasonable. > Would the answer be the same for any type of p-u upload? I assume a no-dsa CVE > fix and a regular bug fix would fall into the same bucket (that's why I've > made > the email subject generic). Yes. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1069943: bullseye-pu: package emacs/27.1+1-3.1+deb11u3
Control: tag -1 confirmed Control: retitle -1 bullseye-pu: package emacs/27.1+1-3.1+deb11u4 On Sun, May 19, 2024 at 11:30:26AM +0100, Sean Whitton wrote: > How should we proceed? Please go ahead. Since the test package Adam built installs correctly, which was the original symptom, I'm satisfied that users will be able to install it as well or we will get better reports to inform a regression update. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1070137: bullseye-pu: package cloud-init/22.4.2-1
Control: tag -1 confirmed On Thu, May 16, 2024 at 11:05:50AM -0700, Noah Meyerhans wrote: > > diff --git a/debian/changelog b/debian/changelog > index 9bd33d11..bc3b921c 100644 > --- a/debian/changelog > +++ b/debian/changelog > @@ -1,3 +1,9 @@ > +cloud-init-22.4.2 (22.4.2-2~bpo11+1) bullseye-security; urgency=medium That should be 22.4.2-2~deb11u1 and targetting bullseye. Otherwise please go ahead. How will users upgrading from bullseye to bookworm get back to the normal cloud-init package? Do you plan to have versioned replaces in reverse so apt transitions them back? Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1070158: qtbase-opensource-src 5.15.2+dfsg-9+deb11u1 flagged for acceptance
package release.debian.org tags 1070158 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: qtbase-opensource-src Version: 5.15.2+dfsg-9+deb11u1 Explanation: security fixes [CVE-2022-25255 CVE-2023-24607 CVE-2023-32762 CVE-2023-32763 CVE-2023-33285 CVE-2023-34410 CVE-2023-37369 CVE-2023-38197 CVE-2023-51714 CVE-2024-25580]
Bug#1064029: mailman3 3.3.8-2~deb12u2 flagged for acceptance
package release.debian.org tags 1064029 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: mailman3 Version: 3.3.8-2~deb12u2 Explanation: depend alternatively on cron-daemon; fix postgresql:// url in post-installation script
Bug#1055656: ms-gsl 4.0.0-2+deb12u1 flagged for acceptance
package release.debian.org tags 1055656 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: ms-gsl Version: 4.0.0-2+deb12u1 Explanation: mark not_null constructors as noexcept
Bug#1070158: distro-info-data 0.51+deb11u6 flagged for acceptance
package release.debian.org tags 1070158 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: distro-info-data Version: 0.51+deb11u6 Explanation: declare intentions for bulllseye/bookworm; fix past data; add Ubuntu 24.10
Bug#1070137: bullseye-pu: package cloud-init/22.4.2-1
Control: tag -1 moreinfo Hi, On Tue, Apr 30, 2024 at 11:21:01AM -0700, Noah Meyerhans wrote: > There are pros and cons to each option. Given bullseye's age and > cloud-init's blast radius (a regression could potentially disrupt the > provisioning process of cloud VMs, which is particularly disruptive in > such environments) I lean toward option (2) above, as it minimizes the > changes. The obvious drawback is that we now have two versions of > cloud-init in the bullseye repositories, which was not the case > previously. The cloud team is committed to supporting this situation > for the duration of the bullseye LTS lifetime. I think I lean towards option 2 as well. I assume the versioning is calendar-based not semantic, so it's hard to know how disruptive 20.x -> 22.x would be, and meaningful testing across all the platforms it could be deployed on is unrealistic. Can you attach proposed debian/control and debian/changelog files please? Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1069880: bullseye-pu: package cpu/1.4.3-14~deb11u1
Control: tag -1 confirmed On Fri, Apr 26, 2024 at 12:01:33PM +0200, Andreas Beckmann wrote: > The last QA upload four years ago fixed a FTBFS (multiple definitions of > a global variable) by replacing that variable with an extern declaration > and zero definitions. This didn't result in a linker error (missing > symbol) because it happens in a plugin library and thus is only detected > at runtime when the plugin gets loaded (i.e. always). > So let's ship the plugin with *one* definition of the global variable > ;-) Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1069943: bullseye-pu: package emacs/27.1+1-3.1+deb11u3
Control: tag -1 moreinfo Hi, On Sat, Apr 27, 2024 at 12:34:45PM +0100, Sean Whitton wrote: > This update also has the effect of rolling in changes already in > oldstable-security earlier than the usual point release copy, as > oldstable-security has deb11u2, while oldstable still has deb11u1. The security release hasn't been accepted into bullseye yet because there were reports of it being broken on mips64el. There was a bug but I'm afraid I don't have a reference to it. Do you know if your version solves the issue? If it does I can accept the security first for you to rebase against if that helps with the diffs. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1070158: bullseye-pu: package distro-info-data/0.51+deb11u6
On Sun, May 12, 2024 at 11:55:45AM +, stefa...@debian.org wrote: > Hi Jonathan (2024.05.12_10:56:13_+) > > Control: tag -1 confirmed > > > > On Tue, Apr 30, 2024 at 08:58:52PM -0400, Stefano Rivera wrote: > > > 1. bullseye and bookworm LTS & ELTS. > > > 2. Ubuntu 24.10 Oracular Oriole > > > > Please go ahead, but if you'd prefer to wait until the final date for > > bullseye is determined feel free to wait and amend. > > It was uploaded when I filed the bug. So it was, sorry. > I'd say accept it now, and if we miss getting bullseye's final EoL in, > we can do it via LTS. Ok. -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1070761: bart-cuda 0.6.00-1+deb11u1 flagged for acceptance
package release.debian.org tags 1070761 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: bart-cuda Version: 0.6.00-1+deb11u1 Explanation: fix build test failures by relaxing a floating-point comparison
Bug#1070723: bart 0.6.00-3+deb11u1 flagged for acceptance
package release.debian.org tags 1070723 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: bart Version: 0.6.00-3+deb11u1 Explanation: fix build test failures by relaxing a floating-point comparison
Bug#1070154: bullseye-pu: qtbase-opensource-src/5.15.2+dfsg-9+deb11u1
Control: tag -1 confirmed On Tue, Apr 30, 2024 at 11:26:17PM +, Thorsten Alteholz wrote: > The attached debdiff for qtbase-opensource-src fixes several CVEs in > Bullseye. All CVEs are marked as no-dsa by the security team. Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1070799: bullseye-pu: package rustc-web/1.70.0+dfsg1-7~deb11u1
Control: tag -1 confimed moreinfo Hi, On Thu, May 09, 2024 at 12:36:16PM +0200, Emilio Pozuelo Monfort wrote: > rustc-web is needed to keep supporting firefox-esr/thunderbird on bullseye, > for the upcoming ESR 128 releases. Instead of updating rustc-mozilla, I > decided to backport the newer rustc-web (adopting that name) from bookworm. > The backport is clean, just a changelog bump. I'm attaching the debdiff from > the bookworm update to this one. Should rustc-mozilla be removed from oldstable as well as rustc-web introduced? -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1070158: bullseye-pu: package distro-info-data/0.51+deb11u6
Control: tag -1 confirmed On Tue, Apr 30, 2024 at 08:58:52PM -0400, Stefano Rivera wrote: > 1. bullseye and bookworm LTS & ELTS. > 2. Ubuntu 24.10 Oracular Oriole Please go ahead, but if you'd prefer to wait until the final date for bullseye is determined feel free to wait and amend. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1067544: libmicrohttpd 0.9.72-2+deb11u1 flagged for acceptance
package release.debian.org tags 1067544 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: libmicrohttpd Version: 0.9.72-2+deb11u1 Explanation: fix out of bounds read with crafted POST requests [CVE-2023-27371]
Bug#1068082: intel-microcode 3.20240312.1~deb11u1 flagged for acceptance
package release.debian.org tags 1068082 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: intel-microcode Version: 3.20240312.1~deb11u1 Explanation: fixes for INTEL-SA-INTEL-SA-00972 [CVE-2023-39368], INTEL-SA-INTEL-SA-00982 [CVE-2023-38575], INTEL-SA-INTEL-SA-00898 [CVE-2023-28746], INTEL-SA-INTEL-SA-00960 [CVE-2023-22655] and INTEL-SA-INTEL-SA-01045 [CVE-2023-43490]
Bug#1064550: libjwt 1.10.2-1+deb11u1 flagged for acceptance
package release.debian.org tags 1064550 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: libjwt Version: 1.10.2-1+deb11u1 Explanation: fix a timing side channel via strcmp() [CVE-2024-25189]
Bug#1070157: distro-info-data 0.58+deb12u2 flagged for acceptance
package release.debian.org tags 1070157 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: distro-info-data Version: 0.58+deb12u2 Explanation: declare intentions for bulllseye/bookworm; fix past data; add Ubuntu 24.10
Bug#1066842: extrepo-data 1.0.3+deb12u1 flagged for acceptance
package release.debian.org tags 1066842 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: extrepo-data Version: 1.0.3+deb12u1 Explanation: update repository information
Bug#1068695: bookworm-pu: package json-smart/2.2-2+deb12u1
Control: tag -1 confirmed Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1066842: Updating extrepo-offline-data in Debian Stable (debdiff)
On Tue, Apr 23, 2024 at 09:10:54AM +0200, Thomas Goirand wrote: > diff -Nru extrepo-data-1.0.3/debian/changelog > extrepo-data-1.0.3+deb12u1+1/debian/changelog > --- extrepo-data-1.0.3/debian/changelog 2022-10-13 16:27:28.0 > +0200 > +++ extrepo-data-1.0.3+deb12u1+1/debian/changelog 2024-04-23 > 09:03:00.0 +0200 > @@ -1,3 +1,10 @@ > +extrepo-data (1.0.3+deb12u1+1) bookworm; urgency=medium > + > + * Update the repo data from the Debian unstable branch. > + * Fix d/copyright mime syntax. > + > + -- Thomas Goirand Tue, 23 Apr 2024 09:03:00 +0200 There's a stray "+1" in the version, should be 1.0.3+deb12u1. Is this actually a backport of current unstable though? In which case it should include the changelog from 1.0.4 and be 1.0.4~deb12u1. With one fix or the other, go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1065053: bullseye-pu: package nvidia-graphics-drivers-tesla-470/470.239.06-1~deb11u1
On Thu, Feb 29, 2024 at 10:19:45AM +0100, Andreas Beckmann wrote: > nvidia-graphics-drivers-tesla-470 (470.239.06-1~deb12u1) bookworm; > urgency=medium > > * Rebuild for bookworm. > > -- Andreas Beckmann Thu, 29 Feb 2024 02:41:42 +0100 > > nvidia-graphics-drivers-tesla-470 (470.239.06-1) unstable; urgency=medium > > * New upstream long term support branch release 470.239.06 (2024-02-22). > * Fixed CVE-2024-0074, CVE-2024-0078, CVE-2022-42265. (Closes: #1064989) > https://nvidia.custhelp.com/app/answers/detail/a_id/5520 > * Improved compatibility with recent Linux kernels. > > [ Andreas Beckmann ] > * Refresh patches. > > -- Andreas Beckmann Wed, 28 Feb 2024 02:22:39 +0100 > > nvidia-graphics-drivers (470.239.06-1) bullseye; urgency=medium > > * New upstream long term support branch release 470.239.06 (2024-02-22). > * Fixed CVE-2024-0074, CVE-2024-0078, CVE-2022-42265. (Closes: #1064983) > https://nvidia.custhelp.com/app/answers/detail/a_id/5520 > * Improved compatibility with recent Linux kernels. > > [ Andreas Beckmann ] > * Refresh patches. > * Upload to bullseye. > > -- Andreas Beckmann Thu, 29 Feb 2024 00:25:42 +0100 Is this apparent duplication correct? Sorry not to have spotted it before. -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1067148: hovercraft 2.7-2+deb11u1 flagged for acceptance
package release.debian.org tags 1067148 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: hovercraft Version: 2.7-2+deb11u1 Explanation: depend on python3-setuptools
Bug#1065268: phpseclib 1.0.19-3+deb11u2 flagged for acceptance
package release.debian.org tags 1065268 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: phpseclib Version: 1.0.19-3+deb11u2 Explanation: force system dependency loading; guard isPrime() and randomPrime() for BigInteger [CVE-2024-27354]; limit OID length in ASN1 [CVE-2024-27355]; fix BigInteger getLength()
Bug#1065266: php-phpseclib 2.0.30-2+deb11u2 flagged for acceptance
package release.debian.org tags 1065266 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: php-phpseclib Version: 2.0.30-2+deb11u2 Explanation: force system dependency loading; guard isPrime() and randomPrime() for BigInteger [CVE-2024-27354]; limit OID length in ASN1 [CVE-2024-27355]; fix BigInteger getLength()
Bug#1065079: php-doctrine-annotations 1.11.2-1+deb11u1 flagged for acceptance
package release.debian.org tags 1065079 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: php-doctrine-annotations Version: 1.11.2-1+deb11u1 Explanation: force system dependency loading
Bug#1065077: php-zend-code 4.0.0-2+deb11u1 flagged for acceptance
package release.debian.org tags 1065077 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: php-zend-code Version: 4.0.0-2+deb11u1 Explanation: force system dependency loading
Bug#1065076: php-proxy-manager 2.11.1+1.0.3-1+deb11u1 flagged for acceptance
package release.debian.org tags 1065076 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: php-proxy-manager Version: 2.11.1+1.0.3-1+deb11u1 Explanation: force system dependency loading
Bug#1065075: symfony 4.4.19+dfsg-2+deb11u5 flagged for acceptance
package release.debian.org tags 1065075 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: symfony Version: 4.4.19+dfsg-2+deb11u5 Explanation: force system dependency loading; DateTypTest: ensure submitted year is accepted choice
Bug#1065070: php-composer-xdebug-handler 1.4.5-1+deb11u1 flagged for acceptance
package release.debian.org tags 1065070 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: php-composer-xdebug-handler Version: 1.4.5-1+deb11u1 Explanation: force system dependency loading
Bug#1069704: bookworm-pu: package xscreensaver/6.06+dfsg1-3+deb12u1
On Tue, Apr 23, 2024 at 08:29:06PM +0200, Tormod Volden wrote: > On Tue, Apr 23, 2024 at 7:05 PM Jonathan Wiltshire wrote: > > > > Thanks for the upload. Once built I intend to release it through the > > stable-updates mechanism, but the announcement will carry your name. Any > > comments on the following text? > > > > | The XScreenSaver package as released in Debian 12 includes an "out-of-date > > | software warning", which is displayed prior to each unlock operation. > > | This update disables such warnings. > > | > > | Users can rest assured that XScreenSaver remains supported by Debian > > | for the lifetime of the stable distribution. > > > > Thanks a lot for processing this update. Your suggested text is very > well formulated, I have nothing to add. Amusingly it turns out our template example is the last xscreensaver update, so I've just used that. It says the same things anyway. Should be published tonight or tomorrow. -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1069704: bookworm-pu: package xscreensaver/6.06+dfsg1-3+deb12u1
Thanks for the upload. Once built I intend to release it through the stable-updates mechanism, but the announcement will carry your name. Any comments on the following text? | The XScreenSaver package as released in Debian 12 includes an "out-of-date | software warning", which is displayed prior to each unlock operation. | This update disables such warnings. | | Users can rest assured that XScreenSaver remains supported by Debian | for the lifetime of the stable distribution. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1057107: libssh2 1.9.0-2+deb11u1 flagged for acceptance
package release.debian.org tags 1057107 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: libssh2 Version: 1.9.0-2+deb11u1 Explanation: fix out of bounds memory check in _libssh2_packet_add [CVE-2020-22218]
Bug#1068947: curl 7.74.0-1.3+deb11u12 flagged for acceptance
package release.debian.org tags 1068947 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: curl Version: 7.74.0-1.3+deb11u12 Explanation: fix memory leak when HTTP/2 server push is aborted [CVE-2024-2398]
Bug#1069704: xscreensaver 6.06+dfsg1-3+deb12u1 flagged for acceptance
package release.debian.org tags 1069704 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: xscreensaver Version: 6.06+dfsg1-3+deb12u1 Explanation: disable warning about old versions
Bug#1069704: bookworm-pu: package xscreensaver/6.06+dfsg1-3+deb12u1
Control: tag -1 confirmed On Tue, Apr 23, 2024 at 08:37:21AM +0200, Tormod Volden wrote: > Bug #1069617: xscreensaver 6.06 shows upstream upgrade warning from 2024-05-04 Urgh, I thought this was long since dealt with. Please go ahead urgently. I presume you've taken steps to avoid it creeping back into future releases? Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1065053: bullseye-pu: package nvidia-graphics-drivers-tesla-470/470.239.06-1~deb11u1
Control: tag -1 confirmed Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1065053: bullseye-pu: package nvidia-graphics-drivers-tesla-470/470.239.06-1~deb11u1
Control: tag -1 confirmed Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1067106: bullseye-pu: package nvidia-settings/470.239.06-1
Control: tag -1 confirmed Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1065268: bullseye-pu: package phpseclib/1.0.19-3+deb11u2
Control: tag -1 confirmed Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1065266: bullseye-pu: package php-phpseclib/2.0.30-2+deb11u2
Control: tag -1 confirmed Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1065079: bullseye-pu: package php-doctrine-annotations/1.11.2-1+deb11u1
Control: tag -1 confirmed Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1065077: bullseye-pu: package php-zend-code/4.0.0-2+deb11u1
Control: tag -1 confirmed Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1065076: bullseye-pu: package php-proxy-manager/2.11.1+1.0.3-1+deb11u1
Control: tag -1 confirmed Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1065075: bullseye-pu: package symfony/4.4.19+dfsg-2+deb11u5
Control: tag -1 confirmed Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1065071: bullseye-pu: package php-symfony-contracts/1.1.10-2+deb11u1
Control: tag -1 confirmed On Thu, Feb 29, 2024 at 12:30:50PM +0100, David Prévot wrote: > This is a follow up from composer/DSA-5632-1, similar to #1065058 in > bookworm. Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1065070: bookworm-pu: package php-composer-xdebug-handler/1.4.5-1+deb11u1
Control: tag -1 confirmed On Thu, Feb 29, 2024 at 12:25:45PM +0100, David Prévot wrote: > This is a follow up from composer/DSA-5632-1, similar to #1065057 in > bookworm. Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1069253: libapache2-mod-auth-openidc 2.4.9.4-0+deb11u4 flagged for acceptance
package release.debian.org tags 1069253 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: libapache2-mod-auth-openidc Version: 2.4.9.4-0+deb11u4 Explanation: fix mising input validation leading to DoS [CVE-2024-24814]
Bug#1068514: imlib2 1.7.1-2+deb11u1 flagged for acceptance
package release.debian.org tags 1068514 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: imlib2 Version: 1.7.1-2+deb11u1 Explanation:
Bug#1065743: postfix 3.5.25-0+deb11u1 flagged for acceptance
package release.debian.org tags 1065743 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: postfix Version: 3.5.25-0+deb11u1 Explanation: upstream bugfix release
Bug#1068118: amavisd-new 2.11.1-5+deb11u1 flagged for acceptance
package release.debian.org tags 1068118 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: amavisd-new Version: 2.11.1-5+deb11u1 Explanation: handle multiple boundary parameters that contain conflicting values [CVE-2024-28054]
Bug#1064550: bullseye-pu: libjwt/1.10.2-1+deb11u1
Control: tag -1 confirmed On Sat, Feb 24, 2024 at 12:49:21AM +, Thorsten Alteholz wrote: > The attached debdiff for libjwt fixes CVE-2024-25189 in Bullseye. It is > marked as no-dsa by the security team. > The fix is straightfoward and should not make any problems. Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1057107: bullseye-pu: package libssh2/1.9.0-2
Control: tag -1 confirmed On Tue, Dec 19, 2023 at 07:52:02PM -0500, Nicolas Mora wrote: > Hello, > > Thank you for the feedback, the new attached debdiff should fix these. > > Thanks! Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1068514: bullseye-pu: package imlib2/1.7.1-2
Control: tag -1 confirmed On Sat, Apr 06, 2024 at 10:55:25PM +0200, Markus Koschany wrote: > Fixing CVE-2024-25447, CVE-2024-25448 and CVE-2024-25450 in bullseye. > Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1067148: bullseye-pu: package hovercraft/2.7-2+deb11u1
Control: tag -1 confirmed
On Tue, Mar 19, 2024 at 11:55:34AM +0100, Andreas Beckmann wrote:
> @@ -25,6 +25,7 @@ Package: hovercraft
> Architecture: all
> Depends: python3-docutils,
> libjs-impress (>= 1.0.0~),
> + python3-setuptools,
> ${misc:Depends},
> ${python3:Depends},
> ${sphinxdoc:Depends}
This alignment looks funny; with it fixed please go ahead.
Thanks,
--
Jonathan Wiltshire j...@debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1067544: bullseye-pu: libmicrohttpd/0.9.72-2+deb11u1.debdiff
Control: tag -1 confirmed On Sat, Mar 23, 2024 at 12:01:09PM +, Thorsten Alteholz wrote: > The attached debdiff for libmicrohttpd fixes CVE-2023-27371 in Bullseye. It > is marked as no-dsa by the security team. Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1068082: bullseye-pu: package intel-microcode/3.20240312.1~deb11u1
Control: tag -1 confirmed On Sat, Mar 30, 2024 at 07:50:45AM -0300, Henrique de Moraes Holschuh wrote: > As requested by the security team, I would like to bring the microcode > update level for Intel processors in Bullseye and Bookworm to match what > we have in Sid and Trixie. This is the bug report for Bullseye, a > separate one will be filled for Bookmorm. Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1068694: bullseye-pu: package json-smart/2.2-2+deb11u1
Control: tag -1 confirmed On Tue, Apr 09, 2024 at 10:01:11AM +0200, Andreas Beckmann wrote: > +++ b/debian/patches/0004-CVE-2021-31684-Fix-indexOf.patch > @@ -0,0 +1,27 @@ > +From: HAPPY Well if that doesn't tickle my antennae nothing will :) Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1069297: bullseye-pu: package reportbug/7.10.3+deb11u2
Control: tag -1 confirmed On Fri, Apr 19, 2024 at 04:03:37PM +0200, Andreas Beckmann wrote: > After the release of bookworm, we should rotate the release codenames in > reportbug/bullseye again to keep reportbug/bullseye useful. Fixed in > sid/bookworm via #1034260. Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1069253: bullseye-pu: package libapache2-mod-auth-openidc/2.4.9.4-0+deb11u4
Control: tag -1 confirmed On Thu, Apr 18, 2024 at 09:44:59PM +0200, Moritz Schlarb wrote: > Backported the patch to fix CVE-2024-24814. > Does not require DSA as per #1064183#28. Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1068947: bullseye-pu: package curl/7.74.0-1.3+deb11u12
Control: tag -1 confirmed On Sat, Apr 13, 2024 at 11:36:17PM -0300, Guilherme Puida Moreira wrote: > 1. Fix CVE-2024-2398 Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1069286: dcmtk 3.6.7-9~deb12u1 flagged for acceptance
package release.debian.org tags 1069286 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: dcmtk Version: 3.6.7-9~deb12u1 Explanation: clean up properly on purge
Bug#1069274: pdudaemon 0.0.8.58.g597052b-1+deb12u1 flagged for acceptance
package release.debian.org tags 1069274 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: pdudaemon Version: 0.0.8.58.g597052b-1+deb12u1 Explanation: depend on python3-aiohttp
Bug#1069262: u-boot 2023.01+dfsg-2+deb12u1 flagged for acceptance
package release.debian.org tags 1069262 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: u-boot Version: 2023.01+dfsg-2+deb12u1 Explanation: fix orion-timer for booting sheevaplug and related platforms
Bug#1069252: libapache2-mod-auth-openidc 2.4.12.3-2+deb12u1 flagged for acceptance
package release.debian.org tags 1069252 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: libapache2-mod-auth-openidc Version: 2.4.12.3-2+deb12u1 Explanation: fix mising input validation leading to DoS [CVE-2024-24814]
Bug#1068836: yapet 2.6-2~deb12u1 flagged for acceptance
package release.debian.org tags 1068836 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: yapet Version: 2.6-2~deb12u1 Explanation: do not call EVP_CIPHER_CTX_set_key_length() in crypt/blowfish and crypt/aes
Bug#1051024: igtf-policy-bundle 1.128-1~deb12u1 flagged for acceptance
package release.debian.org tags 1051024 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: igtf-policy-bundle Version: 1.128-1~deb12u1 Explanation: address CAB Forum S/MIME policy change; apply accumulated updates to trust anchors
Bug#1068242: libtool 2.4.7-7~deb12u1 flagged for acceptance
package release.debian.org tags 1068242 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: libtool Version: 2.4.7-7~deb12u1 Explanation: conflict with libltdl3-dev; fix check for += operator in func_append
Re: Re-planning for 12.6
On Sun, Apr 21, 2024 at 05:44:48PM +0100, Andy Simpkins wrote: > > On 21/04/2024 01:57, Steve McIntyre wrote: > > On Sat, Apr 20, 2024 at 05:41:13PM +0100, Jonathan Wiltshire wrote: > > > On Thu, Apr 18, 2024 at 10:58:41PM +0100, Steve McIntyre wrote: > > > > Hiya! > > > > > > > > Not wanting to pester *too* much, but where are we up to? > > > > > > > Right now I can still have 27th April on the cards but we're missing FTP > > > and > > > press. It's next week, we'd have to know this weekend and get frozen. > > > Mark indicated "maybe" and no answer from press. > > > > > > If that date works please reply urgently otherwise we're looking into May > > > and possibly just skipping to line up with the final bullseye anyway. > > It works for me, I guess. Dunno about other folks. > > > > I can still do 27th but as I have already stated Isy is now unavailable > until July due to exams. > > Please can we make a decision by Tuesday otherwise I'll end up doing > something else Too late now in any case. SRMs will regroup and decide whether we push for one in May or just wait for June anyway. -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Re: Re-planning for 12.6
On Thu, Apr 18, 2024 at 10:58:41PM +0100, Steve McIntyre wrote: > Hiya! > > Not wanting to pester *too* much, but where are we up to? > Right now I can still have 27th April on the cards but we're missing FTP and press. It's next week, we'd have to know this weekend and get frozen. Mark indicated "maybe" and no answer from press. If that date works please reply urgently otherwise we're looking into May and possibly just skipping to line up with the final bullseye anyway. -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1068411: schleuder 4.0.3-7+deb12u1 flagged for acceptance
package release.debian.org tags 1068411 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: schleuder Version: 4.0.3-7+deb12u1 Explanation: fix argument parsing insufficient validation; fix importing keys from attachments sent by Thunderbird and handle mails without further content; look for keywords only at the start of mail; validate downcased email addresses when checking subscribers; consider From header for finding reply addresses
Bug#1068654: bioawk 1.0-4+deb12u1 flagged for acceptance
package release.debian.org tags 1068654 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: bioawk Version: 1.0-4+deb12u1 Explanation: disable parallel builds to fix random failures
Bug#1068574: icinga2 2.13.6-2+deb12u1 flagged for acceptance
package release.debian.org tags 1068574 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: icinga2 Version: 2.13.6-2+deb12u1 Explanation: fix segmentation fault on ppc64el
Bug#1068344: curl 7.88.1-10+deb12u6 flagged for acceptance
package release.debian.org tags 1068344 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: curl Version: 7.88.1-10+deb12u6 Explanation: do not keep default protocols when deselected [CVE-2024-2004]; fix memory leak [CVE-2024-2398]
Bug#1056936: glewlwyd 2.7.5-3+deb12u1 flagged for acceptance
package release.debian.org tags 1056936 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: glewlwyd Version: 2.7.5-3+deb12u1 Explanation: fix potential buffer overflow during FIDO2 credential validation [CVE-2023-49208]; fi xopen redirection via redirect_uri [CVE-2024-25715]
Bug#1068574: bookworm-pu: package icinga2/2.13.6-2+deb12u1
Control: tag -1 confirmed Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1055966: openvpn-dco-dkms 0.0+git20231103-1~deb12u1 flagged for acceptance
package release.debian.org tags 1055966 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: openvpn-dco-dkms Version: 0.0+git20231103-1~deb12u1 Explanation: build for Linux >= 6.5; install compat-include directory; fix refcount imbalance
Bug#1055802: qtbase-opensource-src 5.15.8+dfsg-11+deb12u1 flagged for acceptance
package release.debian.org tags 1055802 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: qtbase-opensource-src Version: 5.15.8+dfsg-11+deb12u1 Explanation: fix regression in patch for CVE-2023-24607; avoid using system CA certificates when not wanted [CVE-2023-34410]; fix buffer overflow [CVE-2023-37369]; fix infinite loop in XML recursive entity expansion [CVE-2023-38197]
