[SECURITY] [DLA 2919-1] python2.7 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2919-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Anton Gladky February 12, 2022 https://wiki.debian.org/LTS - - Package: python2.7 Version: 2.7.13-2+deb9u6 CVE ID : CVE-2021-3177 CVE-2021-4189 Two issues have been discovered in python2.7: CVE-2021-3177 Python has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input. CVE-2021-4189 A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library when using it in PASV (passive) mode. The flaw lies in how the FTP client trusts the host from PASV response by default. An attacker could use this flaw to setup a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This could lead to FTP client scanning ports which otherwise would not have been possible. . Instead of using the returned address, ftplib now uses the IP address we're already connected to. For the rare user who wants an old behavior, set a `trust_server_pasv_ipv4_address` attribute on your `ftplib.FTP` instance to True. For Debian 9 stretch, these problems have been fixed in version 2.7.13-2+deb9u6. We recommend that you upgrade your python2.7 packages. For the detailed security status of python2.7 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/python2.7 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmIIAncACgkQ0+Fzg8+n /wZuIw/+OiuwUuPTvw9K+5rw1h1Rme/llzRWopNoPh8wJ+mhz8VOJ9O0gkdRqphu zpA8JjP+6Nip0cBLQsDlfs/3Oz8H3mZdh7f3SwIlaFqR/U0Y7/SvyL31NwVc84i6 zsQPeXU3Z6Ox8EEUg5B3UCiaaeaOoTQayXCoGPx72i+wOiLSIwK7Aq7H04PBmfSJ hWL6p7O+B+KiwlGcgK9oX+cGa84SoZFrSsSY8ftY/ZDdtTlbGLZn6y1yPtsszsxf sMS0PMN9iOCqeSBqelSldLVV8eSFmdE1nvR3NMfX8jNHp8Q8DKkRhlzR6w6O6FFL 8gGWrg7IZL1D6nblYwGoGWcZDftcDl26cayLVTg9NsHmTGTH5PYPz6/43VRK5qz6 66naV0S38f0CgcfHhuiBG3D+u1VOAe8DSlmgCmf52Iqu+1xbE+PM3WyOhDwSI11Z EllRe4+s1tnojc7U3EOkpd/JbxFp7wWYtSCkpYmDfGXhFy1Er4oKGPAZURymFtBK IEiTE42RqqfC77kwxoqz++W0VEx/JDKOMHT0zcxtip1G9aYtCMM6nt5fsrxwxZNY CyL7QVEeVtn4qum2Z1BwDaUJZpdf0nDAgmoQWgXAt0LZ9zevVNG9wv0XgQacUnLG AGCjRWwl77dgeYrJMlItYLFRoFReEnh+YuRbbvgIcZwBr1tSrOk= =3cDu -END PGP SIGNATURE-
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2919-1 for python2.7
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 3972c4a8 by Anton Gladky at 2022-02-12T13:26:02+01:00 Reserve DLA-2919-1 for python2.7 - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -9402,7 +9402,6 @@ CVE-2021-4189 [ftplib should not use the host from the PASV response] - python2.7 [bullseye] - python2.7 (Python 2.7 in Bullseye not covered by security support) [buster] - python2.7 (Minor issue) - [stretch] - python2.7 (Minor issue) NOTE: https://bugs.python.org/issue43285 NOTE: https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e (master) NOTE: https://github.com/python/cpython/commit/7dcb4baa4f0fde3aef5122a8e9f6a41853ec9335 (v3.9.3) @@ -66169,7 +66168,6 @@ CVE-2021-3177 (Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in - python3.5 - python2.7 2.7.18-2 [buster] - python2.7 (Minor issue) - [stretch] - python2.7 (Minor issue) NOTE: https://bugs.python.org/issue42938 NOTE: https://github.com/python/cpython/pull/24239 NOTE: https://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html = data/DLA/list = @@ -1,3 +1,6 @@ +[12 Feb 2022] DLA-2919-1 python2.7 - security update + {CVE-2021-3177 CVE-2021-4189} + [stretch] - python2.7 2.7.13-2+deb9u6 [12 Feb 2022] DLA-2918-1 debian-edu-config - security update {CVE-2021-20001} [stretch] - debian-edu-config 1.929+deb9u5 = data/dla-needed.txt = @@ -64,10 +64,6 @@ pgbouncer (Emilio) pjproject (Abhijith PA) NOTE: 20211230: patch available for the no-dsa issue, check its NOTE (pochu) -- -python2.7 (Anton) - NOTE: 20220112: 3 postponed CVEs (Beuc) - NOTE: 20220206: WIP https://salsa.debian.org/lts-team/packages/python2.7/ (Anton) --- samba NOTE: 20211128: WIP https://salsa.debian.org/lts-team/packages/samba/ NOTE: 20211212: Fix is too large, coordination with ELTS-upload (anton) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3972c4a864dbd9d6150654d226611bd8be13bfa2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3972c4a864dbd9d6150654d226611bd8be13bfa2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: ignore CVE-2020-8492 for stretch
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 512f1354 by Anton Gladky at 2022-02-12T12:29:15+01:00 LTS: ignore CVE-2020-8492 for stretch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -139256,7 +139256,7 @@ CVE-2020-8492 (Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, [jessie] - python3.4 (Minor issue) - python2.7 2.7.18-2 (low; bug #970099) [buster] - python2.7 (Minor issue) - [stretch] - python2.7 (Minor issue) + [stretch] - python2.7 (Too destructive to backport. Though the patch is partly ready. https://salsa.debian.org/lts-team/packages/python2.7/-/blob/master/debian/patches/CVE-2020-8492.patch) [jessie] - python2.7 (Minor issue) NOTE: https://bugs.python.org/issue39503 NOTE: https://github.com/python/cpython/pull/18284 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/512f1354232185708f62f9ff240653306c7744d8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/512f1354232185708f62f9ff240653306c7744d8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Re: RFS faber - build dependency for boost-python
Hi Steffen, thanks for your work and packaging effort. I will take a deeper look into the package within the next few days. On behalf of the Debian Boost Team. Best regards Anton Am Di., 8. Feb. 2022 um 18:07 Uhr schrieb Steffen Möller : > > Hello, > > This is about > > https://salsa.debian.org/python-team/packages/faber > > I had asked the Debian boost folks already to comment on that package > but have not heard back. Faber is a build tool that the upstream boost > community has elevated as the next thing for their Python interface. But > it can also be used as a substitute for make. > > Anyway. Could someone please have a look that I have not borked to > smoothen the transition through NEW? Please feel free to upload. > > Many thanks! > > Best, > Steffen >
[Git][security-tracker-team/security-tracker][master] LTS: status update
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 2568fb02 by Anton Gladky at 2022-02-06T21:30:55+01:00 LTS: status update - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -76,7 +76,7 @@ pjproject (Abhijith PA) -- python2.7 (Anton) NOTE: 20220112: 3 postponed CVEs (Beuc) - NOTE: 20220124: WIP + NOTE: 20220206: WIP https://salsa.debian.org/lts-team/packages/python2.7/ (Anton) -- samba (Utkarsh Gupta) NOTE: 20211128: WIP https://salsa.debian.org/lts-team/packages/samba/ @@ -86,6 +86,7 @@ samba (Utkarsh Gupta) -- ujson (Anton) NOTE: 20220121: please reheck, at least the mentioned function is available in Stretch + NOTE: 20220206: https://salsa.debian.org/lts-team/packages/ujson Investigating, whether affected or not (Anton) -- varnish NOTE: 20220130: also fix no-dsa issues. (utkarsh) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2568fb027e557c1abb4f6fd95ee8f0f14e2acbf6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2568fb027e557c1abb4f6fd95ee8f0f14e2acbf6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Markus Blatt: Advocate
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 For nm.debian.org, at 2022-02-04: I support Markus Blatt 's request to become a Debian Maintainer. I have reviewed and uploaded following packages, prepared by Markus Blatt: opm-common, opm-grid, opm-material, opm-models, opm-simulators opm-upscaling and I consider him as having sufficient technical competence. I have communicated with Markus Blatt (key ABE52C516431013C5874107C3F71FE0770D47FFB) and I know Markus Blatt can be trusted to have upload rights for their own packages, right now. -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmH9YBUACgkQ0+Fzg8+n /wa/XA//Qywc60DijZKRnQDdDwOF765xnxiTfapMkanUPPUzxX2gFdbHyW2YJUGx GtnQ3qlCaIkMFj/Vk4Tw8gwGO0dIqHgznNxSgogATEWe/fxlZc8CX42fn1g3Tb3a TO+FSPvtuYhXRY5AcVVaqdvnaR9fwk84lunFafchxLdqimnwkOxTv6imlgz2V0ND hBS3JYOJ34mTFRzVIKXy2jGnXzghIhNzPIJFHHrNEBoCY5jIby04ygINF29v9ph3 JKvLUUUOhw355XTdvxLLyOQELKEsD6xp6UrRU2Es5a2bVnyILc+PsS+5MfnOO7W9 bAfrY7vA0yRnwqYL5vIQXuav212iUCqmzfe3CsqseLrDq4D6k0+tntKb0X3ZDwbo N78Jl/jzex+5QecWKRltvP3tG9HPXNdjDLA3We2iCWpIQzQf3IuyrjY20Oh2Py0a TOkP5kJCwU/Rdxerw/dqxcp7GcWJ/WeJ6Yy/cZ0aI3tl1JqwsnmKXJ1nfVVxjDsE /QfCCgPDIapJgGeukKXSINO3MKP2ZwEADCtmtLcJsEreYOy+rCxCJJTseuQlBxUd JPhob0+tSowzWWbsTtxXTji3vQGdR3EDoQv9RPC1v539Ft7o/g9UnSrnHUrDysnr j5toxc3ES6sb3BX0kztJ5gINTyz7eVcCUa0tEX7xpEF7+GxtUM4= =PruX -END PGP SIGNATURE- Anton Gladky (via nm.debian.org) For details and to comment, visit https://nm.debian.org/process/1008/ -- https://nm.debian.org/process/1008/
[Git][security-tracker-team/security-tracker][master] LTS: take gif2apng
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 68b5e71d by Anton Gladky at 2022-02-04T15:26:46+01:00 LTS: take gif2apng - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -39,7 +39,7 @@ firmware-nonfree (Markus Koschany) flatpak NOTE: 20220113: upcoming DSA; non-trivial backport (Beuc) -- -gif2apng +gif2apng (Anton) NOTE: 20220114: orphaned package with inactive upstream, maybe coordinate with Debian QA to write our own patches (Beuc) NOTE: 20220114: CVEs unrelated to apng2gif's (Beuc) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68b5e71d9c2a25c19a9393cc201f66c88181724c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68b5e71d9c2a25c19a9393cc201f66c88181724c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[SECURITY] [DLA 2907-1] apache2 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2907-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Anton Gladky February 01, 2022 https://wiki.debian.org/LTS - - Package: apache2 Version: 2.4.25-3+deb9u12 CVE ID : CVE-2021-44224 CVE-2021-44790 Two vulnerabilities have been discovered in the Apache HTTP server: CVE-2021-44224 When operating as a forward proxy, Apache was depending on the setup suspectable to denial of service or Server Side Request forgery. CVE-2021-44790 A buffer overflow in mod_lua may result in denial of service or potentially the execution of arbitrary code. For Debian 9 stretch, these problems have been fixed in version 2.4.25-3+deb9u12. We recommend that you upgrade your apache2 packages. For the detailed security status of apache2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache2 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmH5o6AACgkQ0+Fzg8+n /waQSA//fTkCFFZZ/s0vp91MOaNIMjOh8TYgohRuYSlM6AN9Iq49L5mhFfrcXiD9 dG/oYNRHVw7cTgjIi2Uj3p+UCP/WmdfDPV4kyPAMSfeviJks0rlGE7qTvgFr11pL OcJBe6tR2P/MrLJhQkV5ThgBZjHgQ31todCw7dnoVg2rip8oeeEiY1JbPUvo5gYg 3zXTENYKMf7yxGNkQEfSLOC80fCsUAxR+szqdfx0li4h6+3aI7gkufVszn2YpalQ KEOJk7/0rvhdMIkZVaNVQERhyiiPVQ1meeX2aW6onhvmMp/JepkL30afVhcOSWbr QQYSsYfj/NpjOIYLc8NCRUFdB0cPlRtTETOJTDk2dkBNrESztGPA1procz5RscAR EuyPAqwDivd+SVhsXc0p6UPpEK24GB2mJTLQAdbw5I/4oREQNQIJ4Pttqtm/WurJ ecOVZ1/CxbBr2/tUh56DTmXWTWvH714aAlcgpU+sJROz2/VBLFagpg/pxIAu9mM1 SY6GQYqEtfK7wl8lbn0lrVMh9bco+iNlCZB1amXcsSKKYFeUeHcDPjPvtMZIzg/c l1hgE4D0t2LoEiCX7btPCWvmAyP3j+XMqsnKbH9NHL2fQcIZgq0B+nc2m4TThmI1 hY8BT2ltvJn+aFGNaD2lgpffzSQ7eZmR+mP4mqE2m/wQDKDIuTs= =BHJi -END PGP SIGNATURE-
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2907-1 for apache2
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 3ac67d6a by Anton Gladky at 2022-02-01T21:31:12+01:00 Reserve DLA-2907-1 for apache2 Signed-off-by: Anton Gladky gl...@debian.org - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[01 Feb 2022] DLA-2907-1 apache2 - security update + {CVE-2021-44224 CVE-2021-44790} + [stretch] - apache2 2.4.25-3+deb9u12 [01 Feb 2022] DLA-2906-1 python-django - security update {CVE-2022-22818 CVE-2022-23833} [stretch] - python-django 1:1.10.7-2+deb9u15 = data/dla-needed.txt = @@ -18,10 +18,6 @@ ansible NOTE: 20210411: after that LTS. (apo) NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/ -- -apache2 (Anton) - NOTE: 20220109: WIP https://salsa.debian.org/lts-team/packages/apache2 (Anton) - NOTE: 20220124: WIP --- apng2gif NOTE: 20211229: CVE-2017-6960 was fixed in DLAs for wheezy and jessie NOTE: 20211229: but is unfixed in stretch, plus 2 additional CVEs (bunk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ac67d6a7060b39e5f6fb1dd8193ef6435c28484 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ac67d6a7060b39e5f6fb1dd8193ef6435c28484 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Re: RFS: opm-common/2021.10-3 [QA] -- Tools for Eclipse reservoir simulation files
Uploaded as well. I had almost no questions about your technical packaging level. I would encourage you to apply to a DM-role, if you are interested. I will definitely advocate your application and then give you permissions to upload opm-stuff if you apply. Cheers Anton Am Fr., 28. Jan. 2022 um 09:17 Uhr schrieb Markus Blatt : > > Hi Anton, > > thanks a lot for the work. Highly appreciated. > > Did you also upload opm-upscaling to NEW? > > opm-upscaling/2021.10-1 https://salsa.debian.org/science-team/opm-upscaling > > Did not receibve any notification and can't see. Maybe it just needs more > time for processing? > > Markus > > Am Thu, Jan 27, 2022 at 07:14:45PM +0100 schrieb Anton Gladky: > >Hi Markus, > > > >done! > > > >Best regards > > > >Anton > > > >Am Mi., 26. Jan. 2022 um 14:44 Uhr schrieb Markus Blatt : > >> > >> Hi, > >> Am Wed, Jan 26, 2022 at 07:26:09AM +0100 schrieb Anton Gladky: > >> > > >> >I will upload it in the evening. Please prepare all other involved > >> >packages if any. Thanks. Regards > >> > > >> > >> cool. Thanks in advance. > >> > >> Source uploads needed for migration to testing: > >> - opm-common/2021.10-3 https://salsa.debian.org/science-team/opm-common > >> - opm-material/2021.10-2 https://salsa.debian.org/science-team/opm-material > >> - opm-models/2021.10-2 https://salsa.debian.org/science-team/opm-models > >> > >> > >> These are the ones that were rejected by ftpmaster and copyright should be > >> fixed now. > >> Please upload to new > >> - opm-grid/2021.10-1 https://salsa.debian.org/science-team/opm-grid > >> - opm-simulators/2021.10-1 > >> https://salsa.debian.org/science-team/opm-simulators > >> - opm-upscaling/2021.10-1 > >> https://salsa.debian.org/science-team/opm-upscaling > >> > >> Cheers, > >> > >> Markus > >> > >> > >> > > >> >Am Di., 25. Jan. 2022 um 00:00 Uhr schrieb Markus Blatt > >> >: > >> >> > >> >> Hi, > >> >> > >> >> I am looking for a sponsor for my package "opm-common" to do a source > >> >> upload: > >> >> > >> >> * Package name: opm-common > >> >> Version : 2021.10-3 > >> >> Upstream Author : o...@opm-project.org > >> >> * URL : http://opm-project.org > >> >> * License : GPL-2.0+, GPL-3.0+, ODBL-1.0 and DBCL-1.0 > >> >> * Vcs : https://salsa.debian.org/science-team/opm-common > >> >> Section : libs > >> >> > >> >> The package was still not good enough. > >> >> We had limited the architectures in d/control to 64bit, but not in > >> >> d/tests/control and > >> >> that would have prevented the source package from migrating to testing > >> >> as the autopkgtests > >> >> for 32bit would still be executed and fail due to missing binary > >> >> packages. > >> >> > >> >> After a fruitful discussions on the mentors list, see > >> >> https://lists.debian.org/debian-mentors/2022/01/msg00185.html, I have > >> >> now > >> >> > >> >> - used "Architecture: any" in d/control to let buildd try to build all > >> >> (32bit builds will fail due to failing ctest) > >> >> - limited to 64bit architectures in d/tests/control to prevent failing > >> >> autopkgtest > >> >> > >> >> I hope that this will allow for migration to testing. > >> >> > >> >> Thanks a lot. > >> >> > >> >> Cheers, > >> >> > >> >> Markus > >> >> > >> > > >> > >> -- > >> > >> Dr. Markus Blatt - HPC-Simulation-Software & Services > >> http://www.dr-blatt.de > >> Pedettistr. 38, 85072 Eichstätt, Germany, USt-Id: DE279960836 > >> Tel.: +49 (0) 160 97590858 > > > > -- > > Dr. Markus Blatt - HPC-Simulation-Software & Services http://www.dr-blatt.de > Pedettistr. 38, 85072 Eichstätt, Germany, USt-Id: DE279960836 > Tel.: +49 (0) 160 97590858
Re: RFS: opm-common/2021.10-3 [QA] -- Tools for Eclipse reservoir simulation files
Hi Markus, done! Best regards Anton Am Mi., 26. Jan. 2022 um 14:44 Uhr schrieb Markus Blatt : > > Hi, > Am Wed, Jan 26, 2022 at 07:26:09AM +0100 schrieb Anton Gladky: > > > >I will upload it in the evening. Please prepare all other involved > >packages if any. Thanks. Regards > > > > cool. Thanks in advance. > > Source uploads needed for migration to testing: > - opm-common/2021.10-3 https://salsa.debian.org/science-team/opm-common > - opm-material/2021.10-2 https://salsa.debian.org/science-team/opm-material > - opm-models/2021.10-2 https://salsa.debian.org/science-team/opm-models > > > These are the ones that were rejected by ftpmaster and copyright should be > fixed now. > Please upload to new > - opm-grid/2021.10-1 https://salsa.debian.org/science-team/opm-grid > - opm-simulators/2021.10-1 > https://salsa.debian.org/science-team/opm-simulators > - opm-upscaling/2021.10-1 https://salsa.debian.org/science-team/opm-upscaling > > Cheers, > > Markus > > > > > >Am Di., 25. Jan. 2022 um 00:00 Uhr schrieb Markus Blatt : > >> > >> Hi, > >> > >> I am looking for a sponsor for my package "opm-common" to do a source > >> upload: > >> > >> * Package name: opm-common > >> Version : 2021.10-3 > >> Upstream Author : o...@opm-project.org > >> * URL : http://opm-project.org > >> * License : GPL-2.0+, GPL-3.0+, ODBL-1.0 and DBCL-1.0 > >> * Vcs : https://salsa.debian.org/science-team/opm-common > >> Section : libs > >> > >> The package was still not good enough. > >> We had limited the architectures in d/control to 64bit, but not in > >> d/tests/control and > >> that would have prevented the source package from migrating to testing as > >> the autopkgtests > >> for 32bit would still be executed and fail due to missing binary packages. > >> > >> After a fruitful discussions on the mentors list, see > >> https://lists.debian.org/debian-mentors/2022/01/msg00185.html, I have now > >> > >> - used "Architecture: any" in d/control to let buildd try to build all > >> (32bit builds will fail due to failing ctest) > >> - limited to 64bit architectures in d/tests/control to prevent failing > >> autopkgtest > >> > >> I hope that this will allow for migration to testing. > >> > >> Thanks a lot. > >> > >> Cheers, > >> > >> Markus > >> > > > > -- > > Dr. Markus Blatt - HPC-Simulation-Software & Services http://www.dr-blatt.de > Pedettistr. 38, 85072 Eichstätt, Germany, USt-Id: DE279960836 > Tel.: +49 (0) 160 97590858
Re: [Yade-users] [Question #700411]: Aborted (core dumped) occured when I use the Hertz-Minlin contact law with non-zero krot and eta
Question #700411 on Yade changed: https://answers.launchpad.net/yade/+question/700411 Anton Gladky posted a new comment: It would also be good if you compile yade with debug symbols, so we can get more information about the crash. Could you also please create an issue on gitlab [1] with this information about this problem? [1] https://gitlab.com/yade-dev/trunk/-/issues Thanks Anton -- You received this question notification because your team yade-users is an answer contact for Yade. ___ Mailing list: https://launchpad.net/~yade-users Post to : yade-users@lists.launchpad.net Unsubscribe : https://launchpad.net/~yade-users More help : https://help.launchpad.net/ListHelp
Re: RFS: opm-common/2021.10-3 [QA] -- Tools for Eclipse reservoir simulation files
Hi Markus, I will upload it in the evening. Please prepare all other involved packages if any. Thanks. Regards Anton Am Di., 25. Jan. 2022 um 00:00 Uhr schrieb Markus Blatt : > > Hi, > > I am looking for a sponsor for my package "opm-common" to do a source upload: > > * Package name: opm-common > Version : 2021.10-3 > Upstream Author : o...@opm-project.org > * URL : http://opm-project.org > * License : GPL-2.0+, GPL-3.0+, ODBL-1.0 and DBCL-1.0 > * Vcs : https://salsa.debian.org/science-team/opm-common > Section : libs > > The package was still not good enough. > We had limited the architectures in d/control to 64bit, but not in > d/tests/control and > that would have prevented the source package from migrating to testing as the > autopkgtests > for 32bit would still be executed and fail due to missing binary packages. > > After a fruitful discussions on the mentors list, see > https://lists.debian.org/debian-mentors/2022/01/msg00185.html, I have now > > - used "Architecture: any" in d/control to let buildd try to build all (32bit > builds will fail due to failing ctest) > - limited to 64bit architectures in d/tests/control to prevent failing > autopkgtest > > I hope that this will allow for migration to testing. > > Thanks a lot. > > Cheers, > > Markus >
[Git][security-tracker-team/security-tracker][master] LTS: take ujson, update status (WIP)
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 534e3c92 by Anton Gladky at 2022-01-24T19:24:53+01:00 LTS: take ujson, update status (WIP) - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -20,6 +20,7 @@ ansible -- apache2 (Anton) NOTE: 20220109: WIP https://salsa.debian.org/lts-team/packages/apache2 (Anton) + NOTE: 20220124: WIP -- apache-log4j1.2 -- @@ -98,13 +99,14 @@ prosody (Sylvain Beucler) -- python2.7 (Anton) NOTE: 20220112: 3 postponed CVEs (Beuc) + NOTE: 20220124: WIP -- samba (Utkarsh Gupta) NOTE: 20211128: WIP https://salsa.debian.org/lts-team/packages/samba/ NOTE: 20211212: Fix is too large, coordination with ELTS-upload NOTE: 20220110: fix applied, but will need a second opinion. (utkarsh) -- -ujson +ujson (Anton) NOTE: 20220121: please reheck, at least the mentioned function is available in Stretch -- vim (Emilio) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/534e3c9255cadfe2449a18c899ae5762deaf6920 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/534e3c9255cadfe2449a18c899ae5762deaf6920 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Re: opm-upscaling_2021.10-1_amd64.changes REJECTED
I would propose to put those two names with a small comment to make it traceable and transparent. Anton Am Sa., 22. Jan. 2022 um 21:27 Uhr schrieb Markus Blatt : > > Hi Anton, > > that sounds great. What would you prefer: > > 1. Mention the old names where approriate as copyright holders or > 2. Change the comment in the copyright file to indicate the name changes: > ... Equinor ASA, ... NORCE... >Note that Statoil ASA was renamed to Equinor AS in 2018 and Uni Research > AS, International Research Institute of Stavanger AS (IRIS) et al >merged in 2018 and became NORCE. In the source files sometimes the old > names or former >institutions are mentioned in the copyright notices. > > Markus > > Am Sat, Jan 22, 2022 at 08:35:29PM +0100 schrieb Anton Gladky: > >Hi Markus, > > > >please prepare update, push into salsa and I will reuploaded > >rejected packages. > > > >Thanks Thorsten for your work! > > > > > >Anton > > > >Am Sa., 22. Jan. 2022 um 20:22 Uhr schrieb Markus Blatt : > >> > >> Hi, > >> > >> Thanks a lot for the review Thorsten. > >> > >> actually they are called Equinor AS now: > >> https://www.equinor.com/en/news/16may2018-changes-name-equinor.html > >> > >> I thought that mentioning the new name would be ok. It is unfortunate that > >> this was never changed in the files of upstream. > >> > >> How should we/I proceed? > >> > >> Cheers, > >> > >> Markus > >> > >> Am Sat, Jan 22, 2022 at 07:00:08PM + schrieb Thorsten Alteholz: > >> > > >> >Hi Markus, > >> > > >> >please also mention at least Statoil ASA in your debian/copyright. > >> > > >> >Thanks! > >> > Thorsten > >> > > >> > > >> > > >> >=== > >> > > >> >Please feel free to respond to this email if you don't understand why > >> >your files were rejected, or if you upload new files which address our > >> >concerns. > >> > > >> > > >> > >> -- > >> > >> Dr. Markus Blatt - HPC-Simulation-Software & Services > >> http://www.dr-blatt.de > >> Pedettistr. 38, 85072 Eichstätt, Germany, USt-Id: DE279960836 > >> Tel.: +49 (0) 160 97590858 > > > > -- > > Dr. Markus Blatt - HPC-Simulation-Software & Services http://www.dr-blatt.de > Pedettistr. 38, 85072 Eichstätt, Germany, USt-Id: DE279960836 > Tel.: +49 (0) 160 97590858 -- debian-science-maintainers mailing list debian-science-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
Re: opm-upscaling_2021.10-1_amd64.changes REJECTED
Hi Markus, please prepare update, push into salsa and I will reuploaded rejected packages. Thanks Thorsten for your work! Anton Am Sa., 22. Jan. 2022 um 20:22 Uhr schrieb Markus Blatt : > > Hi, > > Thanks a lot for the review Thorsten. > > actually they are called Equinor AS now: > https://www.equinor.com/en/news/16may2018-changes-name-equinor.html > > I thought that mentioning the new name would be ok. It is unfortunate that > this was never changed in the files of upstream. > > How should we/I proceed? > > Cheers, > > Markus > > Am Sat, Jan 22, 2022 at 07:00:08PM + schrieb Thorsten Alteholz: > > > >Hi Markus, > > > >please also mention at least Statoil ASA in your debian/copyright. > > > >Thanks! > > Thorsten > > > > > > > >=== > > > >Please feel free to respond to this email if you don't understand why > >your files were rejected, or if you upload new files which address our > >concerns. > > > > > > -- > > Dr. Markus Blatt - HPC-Simulation-Software & Services http://www.dr-blatt.de > Pedettistr. 38, 85072 Eichstätt, Germany, USt-Id: DE279960836 > Tel.: +49 (0) 160 97590858 -- debian-science-maintainers mailing list debian-science-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
Re: [SECURITY] [DLA 2879-1] lighttpd security update -> DLA=2887-1
Dear all, lighttpd security update was announced recently under the wrong DLA-number. The proper one is [DLA-2887-1]. Sorry for inconvenience. [DLA-2887-1] https://www.debian.org/lts/security/2022/dla-2887 Best regards Anton On 1/18/22 18:55, Anton Gladky wrote: > - > Debian LTS Advisory DLA-2879-1debian-lts@lists.debian.org > https://www.debian.org/lts/security/ Anton Gladky > January 14, 2022 https://wiki.debian.org/LTS > - > > Package: lighttpd > Version: 1.4.45-1+deb9u1 > CVE ID : CVE-2018-19052 > > One issue has been discovered in lighttpd: fast webserver with minimal memory > footprint. > > CVE-2018-19052: an issue was discovered in mod_alias_physical_handler in > mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal > of > a single directory above an alias target, with a specific mod_alias > configuration where the matched alias lacks a trailing '/' character, but the > alias target filesystem path does have a trailing '/' character. > > For Debian 9 stretch, this problem has been fixed in version > 1.4.45-1+deb9u1. > > We recommend that you upgrade your lighttpd packages. > > For the detailed security status of lighttpd please refer to > its security tracker page at: > https://security-tracker.debian.org/tracker/lighttpd > > Further information about Debian LTS security advisories, how to apply > these updates to your system and frequently asked questions can be > found at: https://wiki.debian.org/LTS OpenPGP_signature Description: OpenPGP digital signature
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2887-1 for lighttpd
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: f70c7a8a by Anton Gladky at 2022-01-18T18:57:21+01:00 Reserve DLA-2887-1 for lighttpd - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -4710,7 +4710,7 @@ CVE-2021-45610 (Certain NETGEAR devices are affected by a buffer overflow by an CVE-2021-45609 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) NOT-FOR-US: Netgear CVE-2021-45608 (Certain D-Link, Edimax, NETGEAR, TP-Link, Tenda, and Western Digital d ...) - NOT-FOR-US: D-Link, Edimax, NETGEAR, TP-Link, Tenda, and Western Digital devices + NOT-FOR-US: D-Link, Edimax, NETGEAR, TP-Link, Tenda, and Western Digital devices CVE-2021-45607 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2021-45606 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) @@ -213543,7 +213543,6 @@ CVE-2017-18351 RESERVED CVE-2018-19052 (An issue was discovered in mod_alias_physical_handler in mod_alias.c i ...) - lighttpd 1.4.52-1 (bug #913528) - [stretch] - lighttpd (Minor issue) [jessie] - lighttpd (Minor issue) NOTE: https://github.com/lighttpd/lighttpd1.4/commit/2105dae0f9d7a964375ce681e53cb165375f84c1 CVE-2018-19048 (Simditor through 2.3.21 allows DOM XSS via an onload attribute within ...) = data/DLA/list = @@ -1,3 +1,6 @@ +[18 Jan 2022] DLA-2887-1 lighttpd - security update + {CVE-2018-19052} + [stretch] - lighttpd 1.4.45-1+deb9u1 [17 Jan 2022] DLA-2886-1 slurm-llnl - security update {CVE-2019-12838 CVE-2020-12693 CVE-2020-27745 CVE-2021-31215} [stretch] - slurm-llnl 16.05.9-1+deb9u5 = data/dla-needed.txt = @@ -82,10 +82,6 @@ libraw (Abhijith PA) NOTE: 20211227: in stretch, plenty other unfixed CVEs (bunk) NOTE: 20220117: Fixed CVEs other than DLA-1734-1 (abhijith) -- -lighttpd (Anton) - NOTE: 20220111: a DSA is planned (Beuc) - NOTE: 20220113: version in stretch is not affected by CVE-2022-22707 (Anton) --- linux (Ben Hutchings) -- linux-4.19 (Ben Hutchings) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f70c7a8a2ee2755f31f2d149357cbc5baa27c394 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f70c7a8a2ee2755f31f2d149357cbc5baa27c394 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[SECURITY] [DLA 2879-1] lighttpd security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2879-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Anton Gladky January 14, 2022 https://wiki.debian.org/LTS - - Package: lighttpd Version: 1.4.45-1+deb9u1 CVE ID : CVE-2018-19052 One issue has been discovered in lighttpd: fast webserver with minimal memory footprint. CVE-2018-19052: an issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character. For Debian 9 stretch, this problem has been fixed in version 1.4.45-1+deb9u1. We recommend that you upgrade your lighttpd packages. For the detailed security status of lighttpd please refer to its security tracker page at: https://security-tracker.debian.org/tracker/lighttpd Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmHm/wMACgkQ0+Fzg8+n /wbkGRAAkBPd/YM8g/PqpkgpXhomSOlP+2ydhJFg8bgpCuC6XGvZeHZtGKV5QcgJ cTPRC7fGqHZ2C617h6gsuSRcpZxz7xkzyM2uQtlXCxKP8NIg56K4lzJ+Z23JjGE7 /2Dg8/7QVQ+HeLT0fWyaOYhRVjVgdlUCLfby+Lf+icMzGZ8yysT2bnLNwFn0QFiv WG580M0JFo3y/gFaI7G5PCAh5Qr/7gr0kOotl9tv4GOz18KMiBhrGMjnzOCD3bYm Hi0bP9jBv4mdN45yEeysJLlItr34XOjU9Q++bs83OJ48JqBlNpvnGyQFPTZaFs2I 3VasogDKZt3uOXOdk3aO9mAea9QsI8CTVkSqvUhDKQqEXYBmnAHbjyN7NB540WRB 2d+YSCCTKMoybL7mSNTo9fZAsJEKqXtllnJ4W9I3zK0KQC7Ks8SEoGj30eZkQK56 BYvVCfHB3IMLqgEx7M0QU4DN3n7lm7drwhISba1Z+1Y9OtfQZ8aP3oKqGdDb00jE 9uD4D3mKVnrAuZ6DI6/n+VhXGNtNjWkOp8tXP9uuFyizYXGChbex4JoUPgglvNm+ JGh/kYfyql1v19Pl1bcYa8zH+Y9z5rnLEA/4SmVA/MnsehkD0ftQFaL5qQZiHspH v2uz8uJ5MTcrI4zl43bznQ5Zw9dqKyS+cVTrnVwtvUJ+3gN5sq0= =Ejs6 -END PGP SIGNATURE-
[Yade-dev] Yade 2022.01a released
Dear Yade users and developers, As always at the beginning of the year we are releasing the new Yade version. Yade 2022.01a has just been released [1]! Thanks all developers and users for contributions! Special thanks to Janek for his contribution and preparing the release notes! Last year we started regular online meetings of Yade members. Feel free to join us (more details are here [2]). [1] https://gitlab.com/yade-dev/trunk/-/releases/2022.01a [2] https://lists.launchpad.net/yade-dev/msg15105.html Best regards Anton OpenPGP_signature Description: OpenPGP digital signature ___ Mailing list: https://launchpad.net/~yade-dev Post to : yade-dev@lists.launchpad.net Unsubscribe : https://launchpad.net/~yade-dev More help : https://help.launchpad.net/ListHelp
[Yade-users] Yade 2022.01a released
Dear Yade users and developers, As always at the beginning of the year we are releasing the new Yade version. Yade 2022.01a has just been released [1]! Thanks all developers and users for contributions! Special thanks to Janek for his contribution and preparing the release notes! Last year we started regular online meetings of Yade members. Feel free to join us (more details are here [2]). [1] https://gitlab.com/yade-dev/trunk/-/releases/2022.01a [2] https://lists.launchpad.net/yade-dev/msg15105.html Best regards Anton OpenPGP_signature Description: OpenPGP digital signature ___ Mailing list: https://launchpad.net/~yade-users Post to : yade-users@lists.launchpad.net Unsubscribe : https://launchpad.net/~yade-users More help : https://help.launchpad.net/ListHelp
[Git][security-tracker-team/security-tracker][master] LTS: take python2.7
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 6b5f8c60 by Anton Gladky at 2022-01-13T22:00:39+01:00 LTS: take python2.7 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -94,7 +94,7 @@ pillow (Emilio) pjproject NOTE: 20211230: patch available for the no-dsa issue, check its NOTE (pochu) -- -python2.7 +python2.7 (Anton) NOTE: 20220112: 3 postponed CVEs (Beuc) -- qt4-x11 (Utkarsh) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b5f8c60a08d809b9daa02412f5cbb860550c576 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b5f8c60a08d809b9daa02412f5cbb860550c576 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 4 commits: LTS: remove condor from dla-needed
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 3c2e56eb by Anton Gladky at 2022-01-13T21:45:09+01:00 LTS: remove condor from dla-needed - - - - - 5c9a0629 by Anton Gladky at 2022-01-13T21:45:12+01:00 Mark CVE-2021-45101 ignored for stretch - - - - - f47843c7 by Anton Gladky at 2022-01-13T21:45:15+01:00 Mark CVE-2022-22707 as not-affected for stretch - - - - - 47b68720 by Anton Gladky at 2022-01-13T21:45:15+01:00 LTS: take lighttpd - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -1653,6 +1653,7 @@ CVE-2022-22708 CVE-2022-22707 (In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded functi ...) {DSA-5040-1} - lighttpd + [stretch] - lighttpd (Vulnerable code not present; the issue was introduced in later versions) NOTE: https://redmine.lighttpd.net/issues/3134 NOTE: https://github.com/lighttpd/lighttpd1.4/commit/8c62a890e23f5853b1a562b03fe3e1bccc6e7664 CVE-2022-22706 @@ -6236,6 +6237,7 @@ CVE-2021-45102 (An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0004/ CVE-2021-45101 (An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, ...) - condor (bug #1002540) + [stretch] - condor (Patch is too destructive to backport it; Patch does not apply cleanly. Too many calls in patch, not existed in this version of the software) NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0003/ NOTE: https://github.com/htcondor/htcondor/commit/8b311dee6dee6be518e65381e020fb74848b552b (V8_8_14) CVE-2021-45099 (** DISPUTED ** The addon.stdin service in addon-ssh (aka Home Assistan ...) = data/dla-needed.txt = @@ -25,12 +25,6 @@ apng2gif NOTE: 20211229: CVE-2017-6960 was fixed in DLAs for wheezy and jessie NOTE: 20211229: but is unfixed in stretch, plus 2 additional CVEs (bunk) -- -condor (Anton) - NOTE: 20211216: full details embargoed - NOTE: 20211227: the fix is out and now available; cf: - NOTE: 20211227: https://github.com/htcondor/htcondor/commit/8b311dee. (utkarsh) - NOTE: 20220109: Prepare for upload (Anton) --- debian-archive-keyring NOTE: https://lists.debian.org/debian-lts/2021/08/msg00037.html NOTE: 20210920: Raphael answered. will backport today. (utkarsh) @@ -77,8 +71,9 @@ libraw (Abhijith PA) NOTE: 20211227: 7 CVEs that were fixed for jessie in DLA-1734-1 are unfixed NOTE: 20211227: in stretch, plenty other unfixed CVEs (bunk) -- -lighttpd +lighttpd (Anton) NOTE: 20220111: a DSA is planned (Beuc) + NOTE: 20220113: version in stretch is not affected by CVE-2022-22707 (Anton) -- linux (Ben Hutchings) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/78283c8aefc27afb91e3dd38fa82af699ae4b6bc...47b68720d7b032aeeec361d93a9526f251bef190 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/78283c8aefc27afb91e3dd38fa82af699ae4b6bc...47b68720d7b032aeeec361d93a9526f251bef190 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[SECURITY] [DLA 2876-1] vim security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2876-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Anton Gladky January 10, 2022 https://wiki.debian.org/LTS - - Package: vim Version: 2:8.0.0197-4+deb9u4 CVE ID : CVE-2017-17087 CVE-2019-20807 CVE-2021-3778 CVE-2021-3796 Multiple issues have been discovered in vim: an enhanced vi text editor: CVE-2017-17087 fileio.c in Vim sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership. CVE-2019-20807 Users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua). CVE-2021-3778 Heap-based Buffer Overflow with invalid utf-8 character was detected in regexp_nfa.c. CVE-2021-3796 Heap Use-After-Free memory error was detected in normal.c. A successful exploitation may lead to code execution. For Debian 9 stretch, these problems have been fixed in version 2:8.0.0197-4+deb9u4. We recommend that you upgrade your vim packages. For the detailed security status of vim please refer to its security tracker page at: https://security-tracker.debian.org/tracker/vim Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmHcqhoACgkQ0+Fzg8+n /wZilQ//WDE93KpT0jg1kuiTgqhXjdfF+CZVH5NrBkp95OmxkPRe97fwNqgE5Ufd KqNx/3CV80fWIMtlGRgIK/nMQhiLvmbBlCmaG2UEdgz1SSd5ToU9GvcZXNOy13ps C8GyGJfuzTMiqME20GfUKm6lIeHkyPbpAAIX/eFI/H3crkyHFqSYFGW/yDYjPvVs 9sF53kYeB7l8gqlKE+2jGownyNZYqmmo3eWakkTl/uCRnedxUEOstUY2woqkQwNe H5i+Ug5KEPBo6hk5rOPGa196Oqg3nVF2ZOwCDFVC41ODlhespavZCzyZVTXeTRSV uT4hymineqiPfFSs1qdJwBj3SOkbw3y3ml2d0TX1nTF/YBShELBS1BoL/PR0lgXz I2v8CbLZLSU036+82lMeic8ayBcT+KS13dBPZWH+afikxdNTfh37+5hb5tci+PAc cHf/10RNxVEXfpY2HufTIPKmFtAdezkrIDMRiCj1+7oty2EYAI7lwEHcombj4WEu zlXxN6U58OkCx3PvgRLm2hE22KmIsvJ1hFYRPtizhi/BIxtSb1vF77PV+kB9LYjk E73Sgrfe6830CQGDxveEQ/rts5moA1ZMHX+tz58z9NkgLmDj/rrpLYclwbm9XaP+ /5rm/OGf/IBbn6w8L0SDfPgjUzi9BF2PPHxcXaQEptJtT0vkW/s= =9KDF -END PGP SIGNATURE-
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2876-1 for vim
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 4e874c58 by Anton Gladky at 2022-01-10T22:11:39+01:00 Reserve DLA-2876-1 for vim - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -19742,7 +19742,6 @@ CVE-2021-3796 (vim is vulnerable to Use After Free ...) - vim 2:8.2.3455-1 (bug #994497) [bullseye] - vim 2:8.2.2434-3+deb11u1 [buster] - vim (Minor issue) - [stretch] - vim (Minor issue) NOTE: https://huntr.dev/bounties/ab60b7f3-6fb1-4ac2-a4fa-4d592e08008d/ NOTE: https://github.com/vim/vim/commit/35a9a00afcb20897d462a766793ff45534810dc3 (v8.2.3428) NOTE: https://www.openwall.com/lists/oss-security/2021/10/01/1 @@ -20197,7 +20196,6 @@ CVE-2021-3778 (vim is vulnerable to Heap-based Buffer Overflow ...) - vim 2:8.2.3455-1 (bug #994498) [bullseye] - vim 2:8.2.2434-3+deb11u1 [buster] - vim (Minor issue) - [stretch] - vim (Minor issue) NOTE: https://huntr.dev/bounties/d9c17308-2c99-4f9f-a706-f7f72c24c273 NOTE: https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f (v8.2.3409) NOTE: https://www.openwall.com/lists/oss-security/2021/10/01/1 @@ -116744,7 +116742,6 @@ CVE-2019-20808 (In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI V CVE-2019-20807 (In Vim before 8.1.0881, users can circumvent the rvim restricted mode ...) - vim 2:8.1.2136-1 [buster] - vim (Minor issue) - [stretch] - vim (Minor issue) [jessie] - vim (Minor issue) NOTE: https://github.com/vim/vim/commit/8c62a08faf89663e5633dc5036cd8695c80f1075 CVE-2020-13644 (An issue was discovered in the Accordion plugin before 2.2.9 for WordP ...) @@ -263627,7 +263624,6 @@ CVE-2017-17088 (The Enterprise version of SyncBreeze 10.2.12 and earlier is affe CVE-2017-17087 (fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp f ...) {DLA-1871-1} - vim 2:8.0.1401-1 - [stretch] - vim (Minor issue) [wheezy] - vim (Minor issue) NOTE: https://github.com/vim/vim/commit/5a73e0ca54c77e067c3b12ea6f35e3e8681e8cf8 (8.0.1263) CVE-2017-17086 (Indeo Otter through 1.7.4 mishandles a "/script" substring in ...) = data/DLA/list = @@ -1,3 +1,6 @@ +[10 Jan 2022] DLA-2876-1 vim - security update + {CVE-2017-17087 CVE-2019-20807 CVE-2021-3778 CVE-2021-3796} + [stretch] - vim 2:8.0.0197-4+deb9u4 [10 Jan 2022] DLA-2875-1 clamav - security update [stretch] - clamav 0.103.4+dfsg-0+deb9u1 [04 Jan 2022] DLA-2874-1 thunderbird - security update = data/dla-needed.txt = @@ -114,13 +114,6 @@ sphinxsearch (Thorsten Alteholz) thunderbird (Emilio) NOTE: 20220104: ftbfs on armhf (pochu) -- -vim (Anton) - NOTE: 20211203: adding here as it's in the ela-needed as well - NOTE: 20211203: so worth fixing in stretch, too. Co-ordinate w/ - NOTE: 20211203: Emilio since he's working on it for jessie. (utkarsh) - NOTE: 20211220: WIP (Anton) - NOTE: 20220103: Upload is planed this week (Anton) --- wordpress (Utkarsh) NOTE: 20220108: Issues may not warrant a DLA. See comment for commit 3ae7f35d1 re. previous release. (lamby) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e874c583c7ed5259ebbe3e1dda3976d9ed83aea -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e874c583c7ed5259ebbe3e1dda3976d9ed83aea You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: fix typo
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: c04b0b8a by Anton Gladky at 2022-01-09T21:29:07+01:00 LTS: fix typo - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -19,7 +19,7 @@ ansible (Lee Garrett) NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/ -- apache2 (Anton) - MOTW: 20220109: WIP https://salsa.debian.org/lts-team/packages/apache2 (Anton) + NOTE: 20220109: WIP https://salsa.debian.org/lts-team/packages/apache2 (Anton) -- apng2gif NOTE: 20211229: CVE-2017-6960 was fixed in DLAs for wheezy and jessie View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c04b0b8a62a4d34fa7f2877c82fdb2045715a9c0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c04b0b8a62a4d34fa7f2877c82fdb2045715a9c0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Mark CVE-2021-3770 as not-affected in stretch
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 4948c340 by Anton Gladky at 2022-01-09T21:04:33+01:00 Mark CVE-2021-3770 as not-affected in stretch - - - - - 0b379a11 by Anton Gladky at 2022-01-09T21:04:33+01:00 LTS: status update - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -20030,7 +20030,7 @@ CVE-2021-3770 (vim is vulnerable to Heap-based Buffer Overflow ...) - vim 2:8.2.3455-1 (bug #994076) [bullseye] - vim 2:8.2.2434-3+deb11u1 [buster] - vim (Minor issue) - [stretch] - vim (Minor issue) + [stretch] - vim (Vulnerable code not present) NOTE: https://huntr.dev/bounties/016ad2f2-07c1-4d14-a8ce-6eed10729365/ NOTE: Fixed by: https://github.com/vim/vim/commit/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9 (v8.2.3402) NOTE: Followup fix for introduced memory leak: https://github.com/vim/vim/commit/2ddb89f8a94425cda1e5491efc80c1b6e08e (v8.2.3403) = data/dla-needed.txt = @@ -19,6 +19,7 @@ ansible (Lee Garrett) NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/ -- apache2 (Anton) + MOTW: 20220109: WIP https://salsa.debian.org/lts-team/packages/apache2 (Anton) -- apng2gif NOTE: 20211229: CVE-2017-6960 was fixed in DLAs for wheezy and jessie @@ -30,6 +31,7 @@ condor (Anton) NOTE: 20211216: full details embargoed NOTE: 20211227: the fix is out and now available; cf: NOTE: 20211227: https://github.com/htcondor/htcondor/commit/8b311dee. (utkarsh) + NOTE: 20220109: Prepare for upload (Anton) -- debian-archive-keyring NOTE: https://lists.debian.org/debian-lts/2021/08/msg00037.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f6bf1612701684e094b80bf8d25df461d96f9b27...0b379a11e87f62a313cafc780e428fdb92714843 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f6bf1612701684e094b80bf8d25df461d96f9b27...0b379a11e87f62a313cafc780e428fdb92714843 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker] Deleted branch update_lts_file
Anton Gladky deleted branch update_lts_file at Debian Security Tracker / security-tracker -- You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][update_lts_file] Let Januar be planned as before
Anton Gladky pushed to branch update_lts_file at Debian Security Tracker / security-tracker Commits: 4dcff214 by Anton Gladky at 2022-01-05T21:53:49+01:00 Let Januar be planned as before - - - - - 1 changed file: - org/lts-frontdesk.2022.txt Changes: = org/lts-frontdesk.2022.txt = @@ -12,9 +12,9 @@ Who is in charge ? -- From 03-01 to 09-01:Chris Lamb -From 10-01 to 16-01:Emilio Pozuelo Monfort -From 17-01 to 23-01:Markus Koschany -From 24-01 to 30-01:Ola Lundqvist +From 10-01 to 16-01:Sylvain Beucler +From 17-01 to 23-01:Thorsten Alteholz +From 24-01 to 30-01:Utkarsh Gupta From 31-01 to 06-02:Sylvain Beucler From 07-02 to 13-02:Thorsten Alteholz From 14-02 to 20-02:Utkarsh Gupta View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4dcff214288178821455e463058d1def535fc04d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4dcff214288178821455e463058d1def535fc04d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker] Pushed new branch update_lts_file
Anton Gladky pushed new branch update_lts_file at Debian Security Tracker / security-tracker -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/tree/update_lts_file You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: Status update
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 4c501aa2 by Anton Gladky at 2022-01-03T20:25:23+01:00 LTS: Status update - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -113,4 +113,5 @@ vim (Anton) NOTE: 20211203: so worth fixing in stretch, too. Co-ordinate w/ NOTE: 20211203: Emilio since he's working on it for jessie. (utkarsh) NOTE: 20211220: WIP (Anton) + NOTE: 20220103: Upload is planed this week (Anton) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c501aa28b0ba57342201ed188ce974645576d79 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c501aa28b0ba57342201ed188ce974645576d79 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Bug#1002844: ITP: luma.emulator -- library provides a series of pseudo-display devices for luma.core
Package: wnpp Severity: wishlist Owner: Anton Gladky X-Debbugs-Cc: debian-devel@lists.debian.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 * Package name: luma.emulator Version : 1.4.0 Upstream Author : Richard Hull and contributors * URL : https://github.com/rm-hull/luma.emulator * License : MIT/X Programming Lang: Python Description : library provides a series of pseudo-display devices for luma.core Library provides a series of pseudo-display devices which allow the luma.core components to be used without running a physical device. These include: Real-time (pixel) emulator, based on pygame LED matrix and 7-segment renderers PNG screen capture Animated GIF animator Real-time ASCII-art & block emulators The package will be maintained under the umbrella of Debian Electronics Team. Regards Anton -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmHMt9cRHGdsYWRrQGRl Ymlhbi5vcmcACgkQ0+Fzg8+n/waVMg//TAca1FBtYrMTxfbSWdLE440GWhR4hkyu 5CUWcXUVXG6drK7czesZUtKupQFmE0FYkoJ9Beft+MntGDEQnCUJI3cFDApoBtuJ kHTRN7vGY0iSYVFk+DHwksi/ITuEKUYHvgO6NxT4JFPYik0+pWwUPJrx5Tjem9FS Z1OMBv826Yg3GFfRX5W2XMrPCoRFtyTHpHs/ltXThMXe0LNuuZXIGKn+qWD7EVYI LHAdRQ7VAv0JpoeN660ap0NB5kLuLKNuwkPhs8awSpxmMG1IlGc42DxrQJpjiMNt xA97/uaVc6UGtrikhx/SBeHnlHjlZWvK9sXoxWsAyx7BaPvDFfBtU5MGOqerYc0w 73qeVmeu3KBVMPU+wyiVdoADqZJrPEOJx3RJP9XJ3abvFdmoJUBUWsOmGgSz1ZDW HhZr+2rKYbiwnWCEXXTyYYOHLZoZImdUfPxmT1JnzhokGJSQdmjukbkgZNiUWrSP RbRK2o5jtSNQmiCy4wbZlG7c5bN0mwTliylUur6y90FJpjdHVAkWaEdLko6TqvFX p7XhtLac7ZPDxGRC3TTcrRpcuIVp1y1/xLbKaF0dp3BUgYwXo4D0U6YR5WL/jy5k sRx9jzdKbf9tQsqY93gEewdvnRe1OKyxWuq/UGquwHLvaGO47F5mZacPdRH1Kow4 plRPWlhlTpI= =15fo -END PGP SIGNATURE-
Bug#1002844: ITP: luma.emulator -- library provides a series of pseudo-display devices for luma.core
Package: wnpp Severity: wishlist Owner: Anton Gladky X-Debbugs-Cc: debian-de...@lists.debian.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 * Package name: luma.emulator Version : 1.4.0 Upstream Author : Richard Hull and contributors * URL : https://github.com/rm-hull/luma.emulator * License : MIT/X Programming Lang: Python Description : library provides a series of pseudo-display devices for luma.core Library provides a series of pseudo-display devices which allow the luma.core components to be used without running a physical device. These include: Real-time (pixel) emulator, based on pygame LED matrix and 7-segment renderers PNG screen capture Animated GIF animator Real-time ASCII-art & block emulators The package will be maintained under the umbrella of Debian Electronics Team. Regards Anton -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmHMt9cRHGdsYWRrQGRl Ymlhbi5vcmcACgkQ0+Fzg8+n/waVMg//TAca1FBtYrMTxfbSWdLE440GWhR4hkyu 5CUWcXUVXG6drK7czesZUtKupQFmE0FYkoJ9Beft+MntGDEQnCUJI3cFDApoBtuJ kHTRN7vGY0iSYVFk+DHwksi/ITuEKUYHvgO6NxT4JFPYik0+pWwUPJrx5Tjem9FS Z1OMBv826Yg3GFfRX5W2XMrPCoRFtyTHpHs/ltXThMXe0LNuuZXIGKn+qWD7EVYI LHAdRQ7VAv0JpoeN660ap0NB5kLuLKNuwkPhs8awSpxmMG1IlGc42DxrQJpjiMNt xA97/uaVc6UGtrikhx/SBeHnlHjlZWvK9sXoxWsAyx7BaPvDFfBtU5MGOqerYc0w 73qeVmeu3KBVMPU+wyiVdoADqZJrPEOJx3RJP9XJ3abvFdmoJUBUWsOmGgSz1ZDW HhZr+2rKYbiwnWCEXXTyYYOHLZoZImdUfPxmT1JnzhokGJSQdmjukbkgZNiUWrSP RbRK2o5jtSNQmiCy4wbZlG7c5bN0mwTliylUur6y90FJpjdHVAkWaEdLko6TqvFX p7XhtLac7ZPDxGRC3TTcrRpcuIVp1y1/xLbKaF0dp3BUgYwXo4D0U6YR5WL/jy5k sRx9jzdKbf9tQsqY93gEewdvnRe1OKyxWuq/UGquwHLvaGO47F5mZacPdRH1Kow4 plRPWlhlTpI= =15fo -END PGP SIGNATURE-
Bug#1002844: ITP: luma.emulator -- library provides a series of pseudo-display devices for luma.core
Package: wnpp Severity: wishlist Owner: Anton Gladky X-Debbugs-Cc: debian-de...@lists.debian.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 * Package name: luma.emulator Version : 1.4.0 Upstream Author : Richard Hull and contributors * URL : https://github.com/rm-hull/luma.emulator * License : MIT/X Programming Lang: Python Description : library provides a series of pseudo-display devices for luma.core Library provides a series of pseudo-display devices which allow the luma.core components to be used without running a physical device. These include: Real-time (pixel) emulator, based on pygame LED matrix and 7-segment renderers PNG screen capture Animated GIF animator Real-time ASCII-art & block emulators The package will be maintained under the umbrella of Debian Electronics Team. Regards Anton -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmHMt9cRHGdsYWRrQGRl Ymlhbi5vcmcACgkQ0+Fzg8+n/waVMg//TAca1FBtYrMTxfbSWdLE440GWhR4hkyu 5CUWcXUVXG6drK7czesZUtKupQFmE0FYkoJ9Beft+MntGDEQnCUJI3cFDApoBtuJ kHTRN7vGY0iSYVFk+DHwksi/ITuEKUYHvgO6NxT4JFPYik0+pWwUPJrx5Tjem9FS Z1OMBv826Yg3GFfRX5W2XMrPCoRFtyTHpHs/ltXThMXe0LNuuZXIGKn+qWD7EVYI LHAdRQ7VAv0JpoeN660ap0NB5kLuLKNuwkPhs8awSpxmMG1IlGc42DxrQJpjiMNt xA97/uaVc6UGtrikhx/SBeHnlHjlZWvK9sXoxWsAyx7BaPvDFfBtU5MGOqerYc0w 73qeVmeu3KBVMPU+wyiVdoADqZJrPEOJx3RJP9XJ3abvFdmoJUBUWsOmGgSz1ZDW HhZr+2rKYbiwnWCEXXTyYYOHLZoZImdUfPxmT1JnzhokGJSQdmjukbkgZNiUWrSP RbRK2o5jtSNQmiCy4wbZlG7c5bN0mwTliylUur6y90FJpjdHVAkWaEdLko6TqvFX p7XhtLac7ZPDxGRC3TTcrRpcuIVp1y1/xLbKaF0dp3BUgYwXo4D0U6YR5WL/jy5k sRx9jzdKbf9tQsqY93gEewdvnRe1OKyxWuq/UGquwHLvaGO47F5mZacPdRH1Kow4 plRPWlhlTpI= =15fo -END PGP SIGNATURE-
Bug#1002792: ITP: luma.lcd -- library interfacing small LCD displays
Package: wnpp Severity: wishlist Owner: Anton Gladky X-Debbugs-Cc: debian-devel@lists.debian.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 * Package name: luma.lcd Version : 2.9.0 Upstream Author : Richard Hull and contributors * URL : https://github.com/rm-hull/luma.lcd * License : MIT Programming Lang: Python Description : library interfacing small LCD displays Library provides a Python 3 interface to small LCD displays connected to Raspberry Pi and other Linux-based single-board computers (SBC). It currently supports devices using the HD44780, PCD8544, ST7735, HT1621, and UC1701X controllers. It provides a Pillow-compatible drawing canvas, and other functionality to support: scrolling/panning capability, terminal-style printing, state management, color/greyscale (where supported), dithering to monochrome The package will be maintained under the umbrella of Debian Electronics Team. Regards Anton -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmHLgywRHGdsYWRrQGRl Ymlhbi5vcmcACgkQ0+Fzg8+n/wZS4Q//dfmW8GfIJkZDmJVSjVQG7wungfLUf3by HFlGwwh1STqNL9sF5miDvAQp9C6QMDvDnMMnRL5JJfAUj/FQUVq2aaGJRmp2ddF7 4DVKyfP8+N+O4Ft6PvciBsxjrj/MUTAeZ9p+XH/BZQ2W5Gd/Qkx98Seoj2+hBdfE KXMUiznC9zgBUn29kDrGAPQ6IGm2zntSXN+W6Ivn2BvIp6PH7H6OP9KNpFehvNsX MBfqYnaIzyrq3FVZOXZ6YofpiUEJ4eO2tIz4QsLnjuuZhSpIT28/4snLLw8pUzhq 4zghhi13+ZjJIwmTa/VZ9mE56keHd+KPveJKHtAL28qNItWtodymBgArI+S85i4V CK+bUc8pZjEntcd5HlaYzXq7uCCBjITuWdLE1CYXKHKbo0zTSm0plpRmBWN+vSxt TRl5xdkXt3t7JlhFRswyE1kCqyJj71X3/rHNo0s3BDj8K2aN/gBdWfKBH5Ubm6TT 0zCZy7qENTh/tU/DmbTxVtBs662YbKCEKsJjoX9fSL3mOc7A70GF5JJtzZFU/Er0 lPw5k4y/I9byIjWSvZRsUWCD9lwRl42cc/lWwHHBl4NsJELgCOWcykqlYp1LT2KZ QvnEpqJD8171FExpmbzCTs5SiVl9fLMeqfe9vi6uY0Rnpn3q7SCbYkfUMgmzD7WY d867HKevJjo= =S0Im -END PGP SIGNATURE-
Bug#1002792: ITP: luma.lcd -- library interfacing small LCD displays
Package: wnpp Severity: wishlist Owner: Anton Gladky X-Debbugs-Cc: debian-de...@lists.debian.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 * Package name: luma.lcd Version : 2.9.0 Upstream Author : Richard Hull and contributors * URL : https://github.com/rm-hull/luma.lcd * License : MIT Programming Lang: Python Description : library interfacing small LCD displays Library provides a Python 3 interface to small LCD displays connected to Raspberry Pi and other Linux-based single-board computers (SBC). It currently supports devices using the HD44780, PCD8544, ST7735, HT1621, and UC1701X controllers. It provides a Pillow-compatible drawing canvas, and other functionality to support: scrolling/panning capability, terminal-style printing, state management, color/greyscale (where supported), dithering to monochrome The package will be maintained under the umbrella of Debian Electronics Team. Regards Anton -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmHLgywRHGdsYWRrQGRl Ymlhbi5vcmcACgkQ0+Fzg8+n/wZS4Q//dfmW8GfIJkZDmJVSjVQG7wungfLUf3by HFlGwwh1STqNL9sF5miDvAQp9C6QMDvDnMMnRL5JJfAUj/FQUVq2aaGJRmp2ddF7 4DVKyfP8+N+O4Ft6PvciBsxjrj/MUTAeZ9p+XH/BZQ2W5Gd/Qkx98Seoj2+hBdfE KXMUiznC9zgBUn29kDrGAPQ6IGm2zntSXN+W6Ivn2BvIp6PH7H6OP9KNpFehvNsX MBfqYnaIzyrq3FVZOXZ6YofpiUEJ4eO2tIz4QsLnjuuZhSpIT28/4snLLw8pUzhq 4zghhi13+ZjJIwmTa/VZ9mE56keHd+KPveJKHtAL28qNItWtodymBgArI+S85i4V CK+bUc8pZjEntcd5HlaYzXq7uCCBjITuWdLE1CYXKHKbo0zTSm0plpRmBWN+vSxt TRl5xdkXt3t7JlhFRswyE1kCqyJj71X3/rHNo0s3BDj8K2aN/gBdWfKBH5Ubm6TT 0zCZy7qENTh/tU/DmbTxVtBs662YbKCEKsJjoX9fSL3mOc7A70GF5JJtzZFU/Er0 lPw5k4y/I9byIjWSvZRsUWCD9lwRl42cc/lWwHHBl4NsJELgCOWcykqlYp1LT2KZ QvnEpqJD8171FExpmbzCTs5SiVl9fLMeqfe9vi6uY0Rnpn3q7SCbYkfUMgmzD7WY d867HKevJjo= =S0Im -END PGP SIGNATURE-
Bug#1002792: ITP: luma.lcd -- library interfacing small LCD displays
Package: wnpp Severity: wishlist Owner: Anton Gladky X-Debbugs-Cc: debian-de...@lists.debian.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 * Package name: luma.lcd Version : 2.9.0 Upstream Author : Richard Hull and contributors * URL : https://github.com/rm-hull/luma.lcd * License : MIT Programming Lang: Python Description : library interfacing small LCD displays Library provides a Python 3 interface to small LCD displays connected to Raspberry Pi and other Linux-based single-board computers (SBC). It currently supports devices using the HD44780, PCD8544, ST7735, HT1621, and UC1701X controllers. It provides a Pillow-compatible drawing canvas, and other functionality to support: scrolling/panning capability, terminal-style printing, state management, color/greyscale (where supported), dithering to monochrome The package will be maintained under the umbrella of Debian Electronics Team. Regards Anton -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmHLgywRHGdsYWRrQGRl Ymlhbi5vcmcACgkQ0+Fzg8+n/wZS4Q//dfmW8GfIJkZDmJVSjVQG7wungfLUf3by HFlGwwh1STqNL9sF5miDvAQp9C6QMDvDnMMnRL5JJfAUj/FQUVq2aaGJRmp2ddF7 4DVKyfP8+N+O4Ft6PvciBsxjrj/MUTAeZ9p+XH/BZQ2W5Gd/Qkx98Seoj2+hBdfE KXMUiznC9zgBUn29kDrGAPQ6IGm2zntSXN+W6Ivn2BvIp6PH7H6OP9KNpFehvNsX MBfqYnaIzyrq3FVZOXZ6YofpiUEJ4eO2tIz4QsLnjuuZhSpIT28/4snLLw8pUzhq 4zghhi13+ZjJIwmTa/VZ9mE56keHd+KPveJKHtAL28qNItWtodymBgArI+S85i4V CK+bUc8pZjEntcd5HlaYzXq7uCCBjITuWdLE1CYXKHKbo0zTSm0plpRmBWN+vSxt TRl5xdkXt3t7JlhFRswyE1kCqyJj71X3/rHNo0s3BDj8K2aN/gBdWfKBH5Ubm6TT 0zCZy7qENTh/tU/DmbTxVtBs662YbKCEKsJjoX9fSL3mOc7A70GF5JJtzZFU/Er0 lPw5k4y/I9byIjWSvZRsUWCD9lwRl42cc/lWwHHBl4NsJELgCOWcykqlYp1LT2KZ QvnEpqJD8171FExpmbzCTs5SiVl9fLMeqfe9vi6uY0Rnpn3q7SCbYkfUMgmzD7WY d867HKevJjo= =S0Im -END PGP SIGNATURE-
Bug#1002791: ITP: luma.oled -- Library interfacing OLED matrix displays
Package: wnpp Severity: wishlist Owner: Anton Gladky X-Debbugs-Cc: debian-de...@lists.debian.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 * Package name: luma.oled Version : 3.8.1 Upstream Author : Richard Hull and contributors * URL : https://github.com/rm-hull/luma.oled * License : MIT Programming Lang: Python Description : Library interfacing OLED matrix displays Library interfacing OLED matrix displays with the SSD1306, SSD1309, SSD1322, SSD1325, SSD1327, SSD1331, SSD1351, SH1106 or WS0010 driver using I2C/SPI/Parallel on the Raspberry Pi and other linux-based single-board computers - it provides a Pillow-compatible drawing canvas, and other functionality to support: scrolling/panning capability, terminal-style printing, state management, color/greyscale, dithering to monochrome The package will be maintained under the umbrella of Debian Electronics Team. Regards Anton -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmHLeqMRHGdsYWRrQGRl Ymlhbi5vcmcACgkQ0+Fzg8+n/wYhfBAAlb8R6iK+1U9yla3iTxff66EiXe6cSGys aT4fWl23XtueT/Qa2wQrUNhVVQc909tqXPdvy6oU9Vf1FyD1WpRFHFSFWccw8+rA p22Z8l5BuXT+Sxn3I/23mrzZ7D//udP3fa4xJUJE8v5iwAMQenIEcu6d7rVl3d76 qj+dmvkzLePp7wXy6JzXNnBUTGrYV+aKG5nGTFn1eJTwJpdq66y+28DtAkeZzDhc UPllPc5TVnVoD20KBJGPPsesua1dHHpwdF3Sa6pVNJGKOj0BLBNlpLsHN7u+2RQA 19QAitNWq/GSP5iZSrDUdW/h2zKBo3+izWz6PwXL06TyCTYVzoKWwQgVaMKokMFY dhevbWjw8xFvfOSaLS/sRnLtdfP5mTZEG/v6zV9qp8Pt9UOpitGT6ouJVnnsVx9H GnD8ANLXa/1Hc9Hd3vs943N6CBmvYYCv9kAWhydJbkzbqbZ6Qvi5VPU4hakLfNBN RJVR/g0bcUi0i4Lfq/0JNPa8s5zoCnLFeOB+Ic8/TR12ziR8OOZaQwwvi4+vZJPk PqWBF3J2YeQsaGyyJh8zCcVg0fx8wdK/XYPusjAWgxcCUrvdwNx1mUs9v2zSScDJ 3N1IZUymB9SaOWakbpExG1xby0ddvqrCr5zpo9MeXuRwTewrSuOnMqsQNi/AqbMX 5u6La8/KqNE= =YOPE -END PGP SIGNATURE-
Bug#1002791: ITP: luma.oled -- Library interfacing OLED matrix displays
Package: wnpp Severity: wishlist Owner: Anton Gladky X-Debbugs-Cc: debian-devel@lists.debian.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 * Package name: luma.oled Version : 3.8.1 Upstream Author : Richard Hull and contributors * URL : https://github.com/rm-hull/luma.oled * License : MIT Programming Lang: Python Description : Library interfacing OLED matrix displays Library interfacing OLED matrix displays with the SSD1306, SSD1309, SSD1322, SSD1325, SSD1327, SSD1331, SSD1351, SH1106 or WS0010 driver using I2C/SPI/Parallel on the Raspberry Pi and other linux-based single-board computers - it provides a Pillow-compatible drawing canvas, and other functionality to support: scrolling/panning capability, terminal-style printing, state management, color/greyscale, dithering to monochrome The package will be maintained under the umbrella of Debian Electronics Team. Regards Anton -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmHLeqMRHGdsYWRrQGRl Ymlhbi5vcmcACgkQ0+Fzg8+n/wYhfBAAlb8R6iK+1U9yla3iTxff66EiXe6cSGys aT4fWl23XtueT/Qa2wQrUNhVVQc909tqXPdvy6oU9Vf1FyD1WpRFHFSFWccw8+rA p22Z8l5BuXT+Sxn3I/23mrzZ7D//udP3fa4xJUJE8v5iwAMQenIEcu6d7rVl3d76 qj+dmvkzLePp7wXy6JzXNnBUTGrYV+aKG5nGTFn1eJTwJpdq66y+28DtAkeZzDhc UPllPc5TVnVoD20KBJGPPsesua1dHHpwdF3Sa6pVNJGKOj0BLBNlpLsHN7u+2RQA 19QAitNWq/GSP5iZSrDUdW/h2zKBo3+izWz6PwXL06TyCTYVzoKWwQgVaMKokMFY dhevbWjw8xFvfOSaLS/sRnLtdfP5mTZEG/v6zV9qp8Pt9UOpitGT6ouJVnnsVx9H GnD8ANLXa/1Hc9Hd3vs943N6CBmvYYCv9kAWhydJbkzbqbZ6Qvi5VPU4hakLfNBN RJVR/g0bcUi0i4Lfq/0JNPa8s5zoCnLFeOB+Ic8/TR12ziR8OOZaQwwvi4+vZJPk PqWBF3J2YeQsaGyyJh8zCcVg0fx8wdK/XYPusjAWgxcCUrvdwNx1mUs9v2zSScDJ 3N1IZUymB9SaOWakbpExG1xby0ddvqrCr5zpo9MeXuRwTewrSuOnMqsQNi/AqbMX 5u6La8/KqNE= =YOPE -END PGP SIGNATURE-
Bug#1002791: ITP: luma.oled -- Library interfacing OLED matrix displays
Package: wnpp Severity: wishlist Owner: Anton Gladky X-Debbugs-Cc: debian-de...@lists.debian.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 * Package name: luma.oled Version : 3.8.1 Upstream Author : Richard Hull and contributors * URL : https://github.com/rm-hull/luma.oled * License : MIT Programming Lang: Python Description : Library interfacing OLED matrix displays Library interfacing OLED matrix displays with the SSD1306, SSD1309, SSD1322, SSD1325, SSD1327, SSD1331, SSD1351, SH1106 or WS0010 driver using I2C/SPI/Parallel on the Raspberry Pi and other linux-based single-board computers - it provides a Pillow-compatible drawing canvas, and other functionality to support: scrolling/panning capability, terminal-style printing, state management, color/greyscale, dithering to monochrome The package will be maintained under the umbrella of Debian Electronics Team. Regards Anton -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmHLeqMRHGdsYWRrQGRl Ymlhbi5vcmcACgkQ0+Fzg8+n/wYhfBAAlb8R6iK+1U9yla3iTxff66EiXe6cSGys aT4fWl23XtueT/Qa2wQrUNhVVQc909tqXPdvy6oU9Vf1FyD1WpRFHFSFWccw8+rA p22Z8l5BuXT+Sxn3I/23mrzZ7D//udP3fa4xJUJE8v5iwAMQenIEcu6d7rVl3d76 qj+dmvkzLePp7wXy6JzXNnBUTGrYV+aKG5nGTFn1eJTwJpdq66y+28DtAkeZzDhc UPllPc5TVnVoD20KBJGPPsesua1dHHpwdF3Sa6pVNJGKOj0BLBNlpLsHN7u+2RQA 19QAitNWq/GSP5iZSrDUdW/h2zKBo3+izWz6PwXL06TyCTYVzoKWwQgVaMKokMFY dhevbWjw8xFvfOSaLS/sRnLtdfP5mTZEG/v6zV9qp8Pt9UOpitGT6ouJVnnsVx9H GnD8ANLXa/1Hc9Hd3vs943N6CBmvYYCv9kAWhydJbkzbqbZ6Qvi5VPU4hakLfNBN RJVR/g0bcUi0i4Lfq/0JNPa8s5zoCnLFeOB+Ic8/TR12ziR8OOZaQwwvi4+vZJPk PqWBF3J2YeQsaGyyJh8zCcVg0fx8wdK/XYPusjAWgxcCUrvdwNx1mUs9v2zSScDJ 3N1IZUymB9SaOWakbpExG1xby0ddvqrCr5zpo9MeXuRwTewrSuOnMqsQNi/AqbMX 5u6La8/KqNE= =YOPE -END PGP SIGNATURE-
Bug#1002665: ITP: spidev -- Python bindings for Linux SPI access
Package: wnpp Severity: wishlist Owner: Anton Gladky X-Debbugs-Cc: debian-de...@lists.debian.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 * Package name: spidev Version : 3.5 Upstream Author : Volker Thoms * URL : https://github.com/doceme/py-spidev/ * License : MIT Programming Lang: Python Description : Python bindings for Linux SPI access This project contains a python module for interfacing with SPI devices from user space via the spidev linux kernel driver. The package will be maintained under Debian-electronics-team. Regards, Anton -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmHI8EIRHGdsYWRrQGRl Ymlhbi5vcmcACgkQ0+Fzg8+n/wYpeA/7BPOhPMITQo+QGTWy0WajNvFx27XTRq79 kTn8fuJoON4bJPpSXGHCMwU8tuUhjgAho5ZRtzpkq/ZY3ra+CZFYMaosXOzaeBx/ shR4fup5+iciroof1tUdrQ0FXw9s0xIUgs5Cw/m/z5lhBfMO1pnGeTX91mS45xrz Oi0xqmZ2cjq5PUKldjCrCxHdXNENbymLWsMyYE+pZfAA5DKhd3mH/12rr0W/BePX 93EMQNf+0EMa74aU/YZU4ANEr9GTwlyW4Np54wEtZug6YLlH2Hn7v8taDiYtsCUC UGx/1EoTVtaSt6vMQB/ij3vMeo4zdqYXFPqwXv0YP4bB/576ay4jBh3MHcqDTDQT SFXXBAWimMsrfnq6hHVwoeqW+ihO8RqaPqtKrLBXB3BPVP+sItmr5RYVQ4/1YrsE grVSth7gOPZNTXAba+VRZ7hcuzQKSF2XRhnBr2fR+4H8CXS7v0WXQC/q2xprFlIj a+4p1nYlaJQ9VpyswO9e9WPHFNZszdU4KkBFCtqr8cJP5ncXP5EAmLrzxOSII4ow 0HA4t0h0rHfclnpkCFQ6DM+qcKX37Oj6P5m+7BGmZM4PlUNCeSK1rZ4odwRqL5z1 t4oBc8/JYAXGc4sMIJORi8/luM1Ygzil8x/wC8kxyRcQ291hpAFfhF+xnsfvbpYg bZo4g3oCGDs= =l1pT -END PGP SIGNATURE-
Bug#1002665: ITP: spidev -- Python bindings for Linux SPI access
Package: wnpp Severity: wishlist Owner: Anton Gladky X-Debbugs-Cc: debian-devel@lists.debian.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 * Package name: spidev Version : 3.5 Upstream Author : Volker Thoms * URL : https://github.com/doceme/py-spidev/ * License : MIT Programming Lang: Python Description : Python bindings for Linux SPI access This project contains a python module for interfacing with SPI devices from user space via the spidev linux kernel driver. The package will be maintained under Debian-electronics-team. Regards, Anton -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmHI8EIRHGdsYWRrQGRl Ymlhbi5vcmcACgkQ0+Fzg8+n/wYpeA/7BPOhPMITQo+QGTWy0WajNvFx27XTRq79 kTn8fuJoON4bJPpSXGHCMwU8tuUhjgAho5ZRtzpkq/ZY3ra+CZFYMaosXOzaeBx/ shR4fup5+iciroof1tUdrQ0FXw9s0xIUgs5Cw/m/z5lhBfMO1pnGeTX91mS45xrz Oi0xqmZ2cjq5PUKldjCrCxHdXNENbymLWsMyYE+pZfAA5DKhd3mH/12rr0W/BePX 93EMQNf+0EMa74aU/YZU4ANEr9GTwlyW4Np54wEtZug6YLlH2Hn7v8taDiYtsCUC UGx/1EoTVtaSt6vMQB/ij3vMeo4zdqYXFPqwXv0YP4bB/576ay4jBh3MHcqDTDQT SFXXBAWimMsrfnq6hHVwoeqW+ihO8RqaPqtKrLBXB3BPVP+sItmr5RYVQ4/1YrsE grVSth7gOPZNTXAba+VRZ7hcuzQKSF2XRhnBr2fR+4H8CXS7v0WXQC/q2xprFlIj a+4p1nYlaJQ9VpyswO9e9WPHFNZszdU4KkBFCtqr8cJP5ncXP5EAmLrzxOSII4ow 0HA4t0h0rHfclnpkCFQ6DM+qcKX37Oj6P5m+7BGmZM4PlUNCeSK1rZ4odwRqL5z1 t4oBc8/JYAXGc4sMIJORi8/luM1Ygzil8x/wC8kxyRcQ291hpAFfhF+xnsfvbpYg bZo4g3oCGDs= =l1pT -END PGP SIGNATURE-
Bug#1002665: ITP: spidev -- Python bindings for Linux SPI access
Package: wnpp Severity: wishlist Owner: Anton Gladky X-Debbugs-Cc: debian-de...@lists.debian.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 * Package name: spidev Version : 3.5 Upstream Author : Volker Thoms * URL : https://github.com/doceme/py-spidev/ * License : MIT Programming Lang: Python Description : Python bindings for Linux SPI access This project contains a python module for interfacing with SPI devices from user space via the spidev linux kernel driver. The package will be maintained under Debian-electronics-team. Regards, Anton -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmHI8EIRHGdsYWRrQGRl Ymlhbi5vcmcACgkQ0+Fzg8+n/wYpeA/7BPOhPMITQo+QGTWy0WajNvFx27XTRq79 kTn8fuJoON4bJPpSXGHCMwU8tuUhjgAho5ZRtzpkq/ZY3ra+CZFYMaosXOzaeBx/ shR4fup5+iciroof1tUdrQ0FXw9s0xIUgs5Cw/m/z5lhBfMO1pnGeTX91mS45xrz Oi0xqmZ2cjq5PUKldjCrCxHdXNENbymLWsMyYE+pZfAA5DKhd3mH/12rr0W/BePX 93EMQNf+0EMa74aU/YZU4ANEr9GTwlyW4Np54wEtZug6YLlH2Hn7v8taDiYtsCUC UGx/1EoTVtaSt6vMQB/ij3vMeo4zdqYXFPqwXv0YP4bB/576ay4jBh3MHcqDTDQT SFXXBAWimMsrfnq6hHVwoeqW+ihO8RqaPqtKrLBXB3BPVP+sItmr5RYVQ4/1YrsE grVSth7gOPZNTXAba+VRZ7hcuzQKSF2XRhnBr2fR+4H8CXS7v0WXQC/q2xprFlIj a+4p1nYlaJQ9VpyswO9e9WPHFNZszdU4KkBFCtqr8cJP5ncXP5EAmLrzxOSII4ow 0HA4t0h0rHfclnpkCFQ6DM+qcKX37Oj6P5m+7BGmZM4PlUNCeSK1rZ4odwRqL5z1 t4oBc8/JYAXGc4sMIJORi8/luM1Ygzil8x/wC8kxyRcQ291hpAFfhF+xnsfvbpYg bZo4g3oCGDs= =l1pT -END PGP SIGNATURE-
[Git][security-tracker-team/security-tracker][master] 2 commits: LTS: release samba
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 87ff77ea by Anton Gladky at 2021-12-26T22:23:26+01:00 LTS: release samba - - - - - be911a16 by Anton Gladky at 2021-12-26T22:23:46+01:00 LTS: take apache2 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -18,7 +18,7 @@ ansible NOTE: 20210411: after that LTS. (apo) NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/ -- -apache2 +apache2 (Anton) -- condor (Anton) NOTE: 20211216: full details embargoed @@ -80,7 +80,7 @@ pgbouncer (Christoph Berg) -- ruby2.3 (Utkarsh) -- -samba (Anton) +samba NOTE: 20211128: WIP https://salsa.debian.org/lts-team/packages/samba/ NOTE: 20211212: Fix is too large, coordination with ELTS-upload -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/93af287ceead0800b2da6ab67e34b734e0745db1...be911a16a0cf26c566ff7ec802eee281fef6a85c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/93af287ceead0800b2da6ab67e34b734e0745db1...be911a16a0cf26c566ff7ec802eee281fef6a85c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Bug#1002627: transition: alglib
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear release team, please provide a slot for the transition of alglib. All reverse-dependencies are checked and not FTBFS are detected. So the tranition should be short and easy. Thanks, Anton Ben file: title = "alglib"; is_affected = .depends ~ "libalglib3.17" | .depends ~ "libalglib3.18"; is_good = .depends ~ "libalglib3.18"; is_bad = .depends ~ "libalglib3.17"; -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmHHknARHGdsYWRrQGRl Ymlhbi5vcmcACgkQ0+Fzg8+n/wb+Eg//VXgqo+MEfluKITlUQyu3bjJ0WP8rbRDb Bf/0/cHAxjvhowRUI4h9KlyVfhkfDrXQ1+a7p4+M37XFj6uMxpvKrRBUJbfpjwge D3ydsaS636bjcxhPL6Bf2UXLtAidQ4jWJgNjzgGevxyoTUeKvQX8CqrbYBi7HcxS zr8JmfaJwwClRXgzhO34mWt5MxdhxlthjNMI17jrrkVxN8SbKYv7eablO3Nre4Mi SDv16/Gd0T8ldOn41EfNz9F0Sm66XxNlNj7kCRP7c0EDtR/IBJ28NoaBh6jaoU/1 vGvhfsqXaO2XFXcgB4OW/wu3+ioL/Xv6rz88Ec44nEm5Tlbfv2gGfaKD7P2QBa0K K5WdJOPrZTRfgimr02SS+tXdCZb/d+ucH44tvTgWxWiRFFIrKy+WRQsidYHZpfdP F0CpRmDcydtr7fxxxz/yQFoUmDaB4wNF/wGOc1nhyH0PupaLEgDekbNuwzqlMu7K TA/fj+6D5ws4FBxwauVEpWV2Qb8gwJByFXTaDt7vzEhlsDIwgjHP+TVdERyPhYE2 nhs/Hs+RUsYACEjqOk7HXGE+uIrsG05iD8yxFsgGsRdCssESWov5TBJwwm2Vlqq2 JOa/0Vv8iagsarO+neTiKhtRWW1LHqkmVye5uo9wTevj1Ws80aHETAWJqODOSfzU BBTMi+957/A= =yKYi -END PGP SIGNATURE-
Bug#1002627: transition: alglib
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear release team, please provide a slot for the transition of alglib. All reverse-dependencies are checked and not FTBFS are detected. So the tranition should be short and easy. Thanks, Anton Ben file: title = "alglib"; is_affected = .depends ~ "libalglib3.17" | .depends ~ "libalglib3.18"; is_good = .depends ~ "libalglib3.18"; is_bad = .depends ~ "libalglib3.17"; -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmHHknARHGdsYWRrQGRl Ymlhbi5vcmcACgkQ0+Fzg8+n/wb+Eg//VXgqo+MEfluKITlUQyu3bjJ0WP8rbRDb Bf/0/cHAxjvhowRUI4h9KlyVfhkfDrXQ1+a7p4+M37XFj6uMxpvKrRBUJbfpjwge D3ydsaS636bjcxhPL6Bf2UXLtAidQ4jWJgNjzgGevxyoTUeKvQX8CqrbYBi7HcxS zr8JmfaJwwClRXgzhO34mWt5MxdhxlthjNMI17jrrkVxN8SbKYv7eablO3Nre4Mi SDv16/Gd0T8ldOn41EfNz9F0Sm66XxNlNj7kCRP7c0EDtR/IBJ28NoaBh6jaoU/1 vGvhfsqXaO2XFXcgB4OW/wu3+ioL/Xv6rz88Ec44nEm5Tlbfv2gGfaKD7P2QBa0K K5WdJOPrZTRfgimr02SS+tXdCZb/d+ucH44tvTgWxWiRFFIrKy+WRQsidYHZpfdP F0CpRmDcydtr7fxxxz/yQFoUmDaB4wNF/wGOc1nhyH0PupaLEgDekbNuwzqlMu7K TA/fj+6D5ws4FBxwauVEpWV2Qb8gwJByFXTaDt7vzEhlsDIwgjHP+TVdERyPhYE2 nhs/Hs+RUsYACEjqOk7HXGE+uIrsG05iD8yxFsgGsRdCssESWov5TBJwwm2Vlqq2 JOa/0Vv8iagsarO+neTiKhtRWW1LHqkmVye5uo9wTevj1Ws80aHETAWJqODOSfzU BBTMi+957/A= =yKYi -END PGP SIGNATURE-
Bug#1002619: bullseye-pu: package gnuplot/gnuplot_5.4.1+dfsg1-1+deb11u1
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear release team, [ Reason ] gnuplot_5.4.1+dfsg1-1+deb11u1 is fixing security issue CVE-2021-44917. Please include it into the bullseye. [ Impact ] Security issue [ Tests ] Done on CI and locally. [ Risks ] No risks awaited [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] Patch imported from upstream. Thanks Anton -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmHHZV4RHGdsYWRrQGRl Ymlhbi5vcmcACgkQ0+Fzg8+n/waXwg/+N32dARCRDysGWA2f1KWiP/9slcH00cYQ Vyja1+nYut1S4HuWv8oWX7dvC9anSj8+I123M3Q7k2kG1iRN0FyydXnxwQT7xU8p ewS0NJvgO8QLPAS1kAzn72zT6KMnBlIbYoLGuVjnWRpQiCO8P0GJ8pgK7mr1tNN2 2/t+TfD7gvGgpN1ZIxnrpa5wwSBvG/txJqO7sazC6O7NZwRRxzHP5GG1Gn6I6yJP MparDEkNpSDeZTIo6o6D6g8dnMVIG6ukpWp0aJIHzKpy6a/P3agzglwTyl2V20+L m06EP4/zureXmAQz8mCA7rvTMo/N6LCRPKVOssNXwnja98kD612icYFhFg+P7tOY xlhbHVh+E8mEAbbovfaQp0MvlkvrkOwB0KtB8vcSaC0//HU3OsBS4f0g8Gb+fFa6 9OMTuCZ3XUEiNXHOr8P6LyCwK6R+blU1O0nAF8DuC14nR00Wjbi/h6SwuHNvNHEq WuGwLp2fWDKBd4ViQCMRwI5IcEhi9usW+q3e/X08VuI2t/tb2Nv+5fPbqTzQ6q1w TD4vQOT8YrTP4i+MKDOUkXoVePidmVNVHmChEgANqCMQfQ85gcHT6ldq1l+GADJ9 pVLZi6qjA3T/ePS70Dox/TAy/saKXO7hQhtlj4V4vKm2EGh0hvZzdS6wkvMHORuq z6abtXAa96M= =tBfC -END PGP SIGNATURE- diff -Nru gnuplot-5.4.1+dfsg1/debian/changelog gnuplot-5.4.1+dfsg1/debian/changelog --- gnuplot-5.4.1+dfsg1/debian/changelog2020-12-03 22:27:21.0 +0100 +++ gnuplot-5.4.1+dfsg1/debian/changelog2021-12-25 19:15:06.0 +0100 @@ -1,3 +1,9 @@ +gnuplot (5.4.1+dfsg1-1+deb11u1) bullseye; urgency=medium + + * Fix divide by zero vulnerability. CVE-2021-44917. (Closes: #1002539) + + -- Anton Gladky Sat, 25 Dec 2021 19:15:06 +0100 + gnuplot (5.4.1+dfsg1-1) unstable; urgency=medium * [945257b] New upstream version 5.4.1+dfsg1 diff -Nru gnuplot-5.4.1+dfsg1/debian/.gitlab-ci.yml gnuplot-5.4.1+dfsg1/debian/.gitlab-ci.yml --- gnuplot-5.4.1+dfsg1/debian/.gitlab-ci.yml 2020-09-24 23:46:23.0 +0200 +++ gnuplot-5.4.1+dfsg1/debian/.gitlab-ci.yml 2021-12-25 19:15:06.0 +0100 @@ -1,3 +1,4 @@ include: - - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml - - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml +variables: + RELEASE: 'bullseye' diff -Nru gnuplot-5.4.1+dfsg1/debian/patches/CVE-2021-44917.patch gnuplot-5.4.1+dfsg1/debian/patches/CVE-2021-44917.patch --- gnuplot-5.4.1+dfsg1/debian/patches/CVE-2021-44917.patch 1970-01-01 01:00:00.0 +0100 +++ gnuplot-5.4.1+dfsg1/debian/patches/CVE-2021-44917.patch 2021-12-25 19:15:06.0 +0100 @@ -0,0 +1,114 @@ +Description: + TODO: Put a short summary on the line above and replace this paragraph + with a longer explanation of this change. Complete the meta-information + with other relevant fields (see below for details). To make it easier, the + information below has been extracted from the changelog. Adjust it or drop + it. + . + gnuplot (5.4.2+dfsg2-1) unstable; urgency=medium + . + * [4370a18] Update d/watch + * [7d7c5c0] New upstream version 5.4.2+dfsg1.orig + * [97d5d83] Refresh patches + * [9d8bbae] Update gitlab.ci + * [e168129] Use secure URI in debian/watch. + * [08324bf] Bump debhelper from old 12 to 13. + * [3a47530] Update standards version to 4.5.1, no changes needed. + * [ba4a50d] Avoid explicitly specifying -Wl,--as-needed linker flag. + * [9ce752b] Set Standards-Version: 4.6.0 + * [917e564] Use execute-syntax for some commands in d/rules +Author: Anton Gladky + +--- +The information above should follow the Patch Tagging Guidelines, please +checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here +are templates for supplementary fields that you might want to add: + +Origin: , +Bug: +Bug-Debian: https://bugs.debian.org/ +Bug-Ubuntu: https://launchpad.net/bugs/ +Forwarded: +Reviewed-By: +Last-Update: 2021-12-25 + +Index: gnuplot-5.4.1+dfsg1/src/set.c +=== +--- gnuplot-5.4.1+dfsg1.orig/src/set.c gnuplot-5.4.1+dfsg1/src/set.c +@@ -5058,18 +5058,6 @@ set_terminal() + fprintf(stderr,"Options are '%s'\n",term_options); + if ((term->flags & TERM_MONOCHROME)) + init_monochrome(); +- +-/* Sanity check: +- * The most common failure mode found by fuzzing is a divide-by-zero +- * caused by initializing the basic unit of the current terminal character +- * size to zero. I keep patching the individual terminals, but a generic +- * sanity check may at least prevent a crash due to mistyping. +-
Bug#1002619: bullseye-pu: package gnuplot/gnuplot_5.4.1+dfsg1-1+deb11u1
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear release team, [ Reason ] gnuplot_5.4.1+dfsg1-1+deb11u1 is fixing security issue CVE-2021-44917. Please include it into the bullseye. [ Impact ] Security issue [ Tests ] Done on CI and locally. [ Risks ] No risks awaited [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] Patch imported from upstream. Thanks Anton -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmHHZV4RHGdsYWRrQGRl Ymlhbi5vcmcACgkQ0+Fzg8+n/waXwg/+N32dARCRDysGWA2f1KWiP/9slcH00cYQ Vyja1+nYut1S4HuWv8oWX7dvC9anSj8+I123M3Q7k2kG1iRN0FyydXnxwQT7xU8p ewS0NJvgO8QLPAS1kAzn72zT6KMnBlIbYoLGuVjnWRpQiCO8P0GJ8pgK7mr1tNN2 2/t+TfD7gvGgpN1ZIxnrpa5wwSBvG/txJqO7sazC6O7NZwRRxzHP5GG1Gn6I6yJP MparDEkNpSDeZTIo6o6D6g8dnMVIG6ukpWp0aJIHzKpy6a/P3agzglwTyl2V20+L m06EP4/zureXmAQz8mCA7rvTMo/N6LCRPKVOssNXwnja98kD612icYFhFg+P7tOY xlhbHVh+E8mEAbbovfaQp0MvlkvrkOwB0KtB8vcSaC0//HU3OsBS4f0g8Gb+fFa6 9OMTuCZ3XUEiNXHOr8P6LyCwK6R+blU1O0nAF8DuC14nR00Wjbi/h6SwuHNvNHEq WuGwLp2fWDKBd4ViQCMRwI5IcEhi9usW+q3e/X08VuI2t/tb2Nv+5fPbqTzQ6q1w TD4vQOT8YrTP4i+MKDOUkXoVePidmVNVHmChEgANqCMQfQ85gcHT6ldq1l+GADJ9 pVLZi6qjA3T/ePS70Dox/TAy/saKXO7hQhtlj4V4vKm2EGh0hvZzdS6wkvMHORuq z6abtXAa96M= =tBfC -END PGP SIGNATURE- diff -Nru gnuplot-5.4.1+dfsg1/debian/changelog gnuplot-5.4.1+dfsg1/debian/changelog --- gnuplot-5.4.1+dfsg1/debian/changelog2020-12-03 22:27:21.0 +0100 +++ gnuplot-5.4.1+dfsg1/debian/changelog2021-12-25 19:15:06.0 +0100 @@ -1,3 +1,9 @@ +gnuplot (5.4.1+dfsg1-1+deb11u1) bullseye; urgency=medium + + * Fix divide by zero vulnerability. CVE-2021-44917. (Closes: #1002539) + + -- Anton Gladky Sat, 25 Dec 2021 19:15:06 +0100 + gnuplot (5.4.1+dfsg1-1) unstable; urgency=medium * [945257b] New upstream version 5.4.1+dfsg1 diff -Nru gnuplot-5.4.1+dfsg1/debian/.gitlab-ci.yml gnuplot-5.4.1+dfsg1/debian/.gitlab-ci.yml --- gnuplot-5.4.1+dfsg1/debian/.gitlab-ci.yml 2020-09-24 23:46:23.0 +0200 +++ gnuplot-5.4.1+dfsg1/debian/.gitlab-ci.yml 2021-12-25 19:15:06.0 +0100 @@ -1,3 +1,4 @@ include: - - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml - - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml +variables: + RELEASE: 'bullseye' diff -Nru gnuplot-5.4.1+dfsg1/debian/patches/CVE-2021-44917.patch gnuplot-5.4.1+dfsg1/debian/patches/CVE-2021-44917.patch --- gnuplot-5.4.1+dfsg1/debian/patches/CVE-2021-44917.patch 1970-01-01 01:00:00.0 +0100 +++ gnuplot-5.4.1+dfsg1/debian/patches/CVE-2021-44917.patch 2021-12-25 19:15:06.0 +0100 @@ -0,0 +1,114 @@ +Description: + TODO: Put a short summary on the line above and replace this paragraph + with a longer explanation of this change. Complete the meta-information + with other relevant fields (see below for details). To make it easier, the + information below has been extracted from the changelog. Adjust it or drop + it. + . + gnuplot (5.4.2+dfsg2-1) unstable; urgency=medium + . + * [4370a18] Update d/watch + * [7d7c5c0] New upstream version 5.4.2+dfsg1.orig + * [97d5d83] Refresh patches + * [9d8bbae] Update gitlab.ci + * [e168129] Use secure URI in debian/watch. + * [08324bf] Bump debhelper from old 12 to 13. + * [3a47530] Update standards version to 4.5.1, no changes needed. + * [ba4a50d] Avoid explicitly specifying -Wl,--as-needed linker flag. + * [9ce752b] Set Standards-Version: 4.6.0 + * [917e564] Use execute-syntax for some commands in d/rules +Author: Anton Gladky + +--- +The information above should follow the Patch Tagging Guidelines, please +checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here +are templates for supplementary fields that you might want to add: + +Origin: , +Bug: +Bug-Debian: https://bugs.debian.org/ +Bug-Ubuntu: https://launchpad.net/bugs/ +Forwarded: +Reviewed-By: +Last-Update: 2021-12-25 + +Index: gnuplot-5.4.1+dfsg1/src/set.c +=== +--- gnuplot-5.4.1+dfsg1.orig/src/set.c gnuplot-5.4.1+dfsg1/src/set.c +@@ -5058,18 +5058,6 @@ set_terminal() + fprintf(stderr,"Options are '%s'\n",term_options); + if ((term->flags & TERM_MONOCHROME)) + init_monochrome(); +- +-/* Sanity check: +- * The most common failure mode found by fuzzing is a divide-by-zero +- * caused by initializing the basic unit of the current terminal character +- * size to zero. I keep patching the individual terminals, but a generic +- * sanity check may at least prevent a crash due to mistyping. +-
[Git][security-tracker-team/security-tracker][master] Marke CVE-2021-44917 as not-affected in buster
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 9769c3ba by Anton Gladky at 2021-12-25T19:53:49+01:00 Marke CVE-2021-44917 as not-affected in buster - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2341,6 +2341,7 @@ CVE-2021-44918 (A Null Pointer Dereference vulnerability exists in gpac 1.1.0 in NOTE: https://github.com/gpac/gpac/commit/75474199cf7187868fa4be4e76377db3c659ee9a CVE-2021-44917 (A Divide by Zero vulnerability exists in gnuplot 5.4 in the boundary3d ...) - gnuplot (unimportant; bug #1002539) + [buster] - gnuplot (Vulnerable code not present, bug not reproducible) NOTE: https://sourceforge.net/p/gnuplot/bugs/2474/ NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/8938dfc937348f1d4e7b3d6ef6d44209b1d89473/ (master) NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/acab14de21e323254507fca85f964e471258ac82/ (master) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9769c3ba5c5c6526d6e840dd8d51004c5c247068 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9769c3ba5c5c6526d6e840dd8d51004c5c247068 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2021-45101, fix link
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 8343ee77 by Anton Gladky at 2021-12-24T13:18:51+01:00 CVE-2021-45101, fix link - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1602,7 +1602,7 @@ CVE-2021-45102 (An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x CVE-2021-45101 (An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, ...) - condor (bug #1002540) NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0003/ - NOTE: https://github.com/htcondor/htcondor/8b311dee6dee6be518e65381e020fb74848b552b (V8_8_14) + NOTE: https://github.com/htcondor/htcondor/commit/8b311dee6dee6be518e65381e020fb74848b552b (V8_8_14) CVE-2021-45099 (** DISPUTED ** The addon.stdin service in addon-ssh (aka Home Assistan ...) NOT-FOR-US: Home Assistant Community Add-on: SSH & Web Terminal CVE-2021-45098 (An issue was discovered in Suricata before 6.0.4. It is possible to by ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8343ee7779f0c55b23347b7394c881b7c1bee681 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8343ee7779f0c55b23347b7394c881b7c1bee681 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Bug#1002046: ITP: bme280 -- Python interface for a Bosch BME280 digital sensor module
Package: wnpp Severity: wishlist Owner: Anton Gladky X-Debbugs-Cc: debian-devel@lists.debian.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 * Package name: bme280 Version : 0.2.4~git720dcbe6+ds1 * URL : https://github.com/rm-hull/bme280/ * License : MIT Programming Lang: Python Description : Python interface for a Bosch BME280 digital sensor module The package provides a python interface for BME280 sensor, measuring temperature, humidity and pressure. The package will be maintained under the roof of pkg-electronics team. Anton -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmHA60QRHGdsYWRrQGRl Ymlhbi5vcmcACgkQ0+Fzg8+n/wYXPw/+JTSmg7NYQk+4Cv587PAeAvIaFrtbwNnH cQ8lczhoeyjCr/f/ChieD14imt+fit+GpWgYjJnJm/e3r8xHdaM+QEMr+Zx4mltt FjgiAz2N0nKJzLiwhuixzNp846DS/91U/y1wfkk70AZ8HcgSQqYvvSEbNucrwDUB FBM3pNfEKHOU+UYxDARs3Dx5AvGqqpWErW8eFbqDowyIvrO9rYDiDXbAV3Yp/BQR EdmpFL0CA9J9hWrKSgYyf4qbBhce9XT0pd2+yDr3Eo0s5NZcvDvyTAry8TqEevwm vTS93oyng+IwQWQm3P04ygTzvyz460BVcfugpFwRWhOoT/8IgJqi8azH6y5ZzBTX ZNmAPskyFAizVGYpbW7VwugugJBYfCFDFIFKJkj38rRK1PQmq0xYKHfzpoJ9YzVH 6wBfEbyWwF8XGsqUzRKj4Z4KQJxNSUgDjI64XPpAfDMliygB9fNojfId1rJqFhhv 6RBpJ/MuFHvzpWCsmfFr0rwTyD05FnITreo7fJCkUEj3TYesrJLKJShLlglYoRJB Hq7k0IWemOnYqwxpGBLAsboQhGfb1+s6ROU/kYoLUeFPAEApTYlzLYiILz2rynod aNH08WAy9E9Od3Vz5vzj7HBOhAlScM6aw/C8C8hf0Tu3PBwFYtnEuZ8uSF/sq1o2 ysYBf1jutcs= =XrR8 -END PGP SIGNATURE-
Bug#1002046: ITP: bme280 -- Python interface for a Bosch BME280 digital sensor module
Package: wnpp Severity: wishlist Owner: Anton Gladky X-Debbugs-Cc: debian-de...@lists.debian.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 * Package name: bme280 Version : 0.2.4~git720dcbe6+ds1 * URL : https://github.com/rm-hull/bme280/ * License : MIT Programming Lang: Python Description : Python interface for a Bosch BME280 digital sensor module The package provides a python interface for BME280 sensor, measuring temperature, humidity and pressure. The package will be maintained under the roof of pkg-electronics team. Anton -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmHA60QRHGdsYWRrQGRl Ymlhbi5vcmcACgkQ0+Fzg8+n/wYXPw/+JTSmg7NYQk+4Cv587PAeAvIaFrtbwNnH cQ8lczhoeyjCr/f/ChieD14imt+fit+GpWgYjJnJm/e3r8xHdaM+QEMr+Zx4mltt FjgiAz2N0nKJzLiwhuixzNp846DS/91U/y1wfkk70AZ8HcgSQqYvvSEbNucrwDUB FBM3pNfEKHOU+UYxDARs3Dx5AvGqqpWErW8eFbqDowyIvrO9rYDiDXbAV3Yp/BQR EdmpFL0CA9J9hWrKSgYyf4qbBhce9XT0pd2+yDr3Eo0s5NZcvDvyTAry8TqEevwm vTS93oyng+IwQWQm3P04ygTzvyz460BVcfugpFwRWhOoT/8IgJqi8azH6y5ZzBTX ZNmAPskyFAizVGYpbW7VwugugJBYfCFDFIFKJkj38rRK1PQmq0xYKHfzpoJ9YzVH 6wBfEbyWwF8XGsqUzRKj4Z4KQJxNSUgDjI64XPpAfDMliygB9fNojfId1rJqFhhv 6RBpJ/MuFHvzpWCsmfFr0rwTyD05FnITreo7fJCkUEj3TYesrJLKJShLlglYoRJB Hq7k0IWemOnYqwxpGBLAsboQhGfb1+s6ROU/kYoLUeFPAEApTYlzLYiILz2rynod aNH08WAy9E9Od3Vz5vzj7HBOhAlScM6aw/C8C8hf0Tu3PBwFYtnEuZ8uSF/sq1o2 ysYBf1jutcs= =XrR8 -END PGP SIGNATURE-
Bug#1002046: ITP: bme280 -- Python interface for a Bosch BME280 digital sensor module
Package: wnpp Severity: wishlist Owner: Anton Gladky X-Debbugs-Cc: debian-de...@lists.debian.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 * Package name: bme280 Version : 0.2.4~git720dcbe6+ds1 * URL : https://github.com/rm-hull/bme280/ * License : MIT Programming Lang: Python Description : Python interface for a Bosch BME280 digital sensor module The package provides a python interface for BME280 sensor, measuring temperature, humidity and pressure. The package will be maintained under the roof of pkg-electronics team. Anton -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmHA60QRHGdsYWRrQGRl Ymlhbi5vcmcACgkQ0+Fzg8+n/wYXPw/+JTSmg7NYQk+4Cv587PAeAvIaFrtbwNnH cQ8lczhoeyjCr/f/ChieD14imt+fit+GpWgYjJnJm/e3r8xHdaM+QEMr+Zx4mltt FjgiAz2N0nKJzLiwhuixzNp846DS/91U/y1wfkk70AZ8HcgSQqYvvSEbNucrwDUB FBM3pNfEKHOU+UYxDARs3Dx5AvGqqpWErW8eFbqDowyIvrO9rYDiDXbAV3Yp/BQR EdmpFL0CA9J9hWrKSgYyf4qbBhce9XT0pd2+yDr3Eo0s5NZcvDvyTAry8TqEevwm vTS93oyng+IwQWQm3P04ygTzvyz460BVcfugpFwRWhOoT/8IgJqi8azH6y5ZzBTX ZNmAPskyFAizVGYpbW7VwugugJBYfCFDFIFKJkj38rRK1PQmq0xYKHfzpoJ9YzVH 6wBfEbyWwF8XGsqUzRKj4Z4KQJxNSUgDjI64XPpAfDMliygB9fNojfId1rJqFhhv 6RBpJ/MuFHvzpWCsmfFr0rwTyD05FnITreo7fJCkUEj3TYesrJLKJShLlglYoRJB Hq7k0IWemOnYqwxpGBLAsboQhGfb1+s6ROU/kYoLUeFPAEApTYlzLYiILz2rynod aNH08WAy9E9Od3Vz5vzj7HBOhAlScM6aw/C8C8hf0Tu3PBwFYtnEuZ8uSF/sq1o2 ysYBf1jutcs= =XrR8 -END PGP SIGNATURE-
[Git][security-tracker-team/security-tracker][master] 2 commits: LTS: take condor
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 28ce8bc3 by Anton Gladky at 2021-12-20T18:13:47+01:00 LTS: take condor - - - - - 8f1cc67c by Anton Gladky at 2021-12-20T18:14:00+01:00 LTS: wip on vim - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -20,7 +20,7 @@ ansible -- apache-log4j2 (Markus Koschany) -- -condor +condor (Anton) NOTE: 20211216: full details embargoed -- debian-archive-keyring @@ -100,6 +100,7 @@ vim (Anton) NOTE: 20211203: adding here as it's in the ela-needed as well NOTE: 20211203: so worth fixing in stretch, too. Co-ordinate w/ NOTE: 20211203: Emilio since he's working on it for jessie. (utkarsh) + NOTE: 20211220: WIP (Anton) -- wireshark (Adrian Bunk) NOTE: 2029: Check https://salsa.debian.org/security-tracker-team/security-tracker/commit/d55b7eff90db8487e20106c2c09e61293a477e89 (lamby) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a1bf9d55bd1fe0e2bae08c074f3050bce12c0fa3...8f1cc67ce3573c044b8799585890e0fdea677309 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a1bf9d55bd1fe0e2bae08c074f3050bce12c0fa3...8f1cc67ce3573c044b8799585890e0fdea677309 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Re: [ITA] triangle
Hi Antonio, package is currently under QA-group, so feel free to adopt it. Regards Anton Am Sa., 18. Dez. 2021 um 19:15 Uhr schrieb Antonio Valentino : > > Dear all, > I would like to adopt triangle (non-free) [1] and maintain it under the > Debian Science umbrella. > I have found already a git repository for the package in salsa [2] with > some preliminary job done by Andreas (in cc). > > Please let me know if anyone has something against it. > If not I will go on and adopt the package in few days. > > [1] https://tracker.debian.org/pkg/triangle > [2] https://salsa.debian.org/science-team/triangle > > kind regards > -- > Antonio Valentino > > -- > debian-science-maintainers mailing list > debian-science-maintainers@alioth-lists.debian.net > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers -- debian-science-maintainers mailing list debian-science-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
Bug#984232: status
This bug is fixed. I followed the advice from Adrian and now the package builds fine. Regards Anton Am Sa., 18. Dez. 2021 um 01:39 Uhr schrieb Ryan Pavlik : > > The updated package just needs the copyright file updated and reviewed. If > you'd like a fix uploaded before I get a chance to do that (which is somewhat > intimidating, they swapped some bundled dependencies since the last packaged > version), please feel free to nmu. Alternately I'd happily accept an mr to > make the copyright file complete again. > > Ryan > > On Wed, Dec 15, 2021, 5:24 AM Adrian Bunk wrote: >> >> On Mon, Nov 15, 2021 at 02:53:40PM -0600, Ryan Pavlik wrote: >> > Upstream has fixed this, and I have a package with the latest upstream >> > sources in progress, happy to accept help to put it over the edge. >> >> Any progress on this? >> >> If necessary, I could NMU with the minimal fix of adding >> export DEB_CXXFLAGS_MAINT_APPEND += -std=gnu++14 >> to debian/rules. >> >> > Ryan >> >> cu >> Adrian >> > -- > debian-science-maintainers mailing list > debian-science-maintain...@alioth-lists.debian.net > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
Bug#984232: status
This bug is fixed. I followed the advice from Adrian and now the package builds fine. Regards Anton Am Sa., 18. Dez. 2021 um 01:39 Uhr schrieb Ryan Pavlik : > > The updated package just needs the copyright file updated and reviewed. If > you'd like a fix uploaded before I get a chance to do that (which is somewhat > intimidating, they swapped some bundled dependencies since the last packaged > version), please feel free to nmu. Alternately I'd happily accept an mr to > make the copyright file complete again. > > Ryan > > On Wed, Dec 15, 2021, 5:24 AM Adrian Bunk wrote: >> >> On Mon, Nov 15, 2021 at 02:53:40PM -0600, Ryan Pavlik wrote: >> > Upstream has fixed this, and I have a package with the latest upstream >> > sources in progress, happy to accept help to put it over the edge. >> >> Any progress on this? >> >> If necessary, I could NMU with the minimal fix of adding >> export DEB_CXXFLAGS_MAINT_APPEND += -std=gnu++14 >> to debian/rules. >> >> > Ryan >> >> cu >> Adrian >> > -- > debian-science-maintainers mailing list > debian-science-maintain...@alioth-lists.debian.net > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
Bug#984232: status
This bug is fixed. I followed the advice from Adrian and now the package builds fine. Regards Anton Am Sa., 18. Dez. 2021 um 01:39 Uhr schrieb Ryan Pavlik : > > The updated package just needs the copyright file updated and reviewed. If > you'd like a fix uploaded before I get a chance to do that (which is somewhat > intimidating, they swapped some bundled dependencies since the last packaged > version), please feel free to nmu. Alternately I'd happily accept an mr to > make the copyright file complete again. > > Ryan > > On Wed, Dec 15, 2021, 5:24 AM Adrian Bunk wrote: >> >> On Mon, Nov 15, 2021 at 02:53:40PM -0600, Ryan Pavlik wrote: >> > Upstream has fixed this, and I have a package with the latest upstream >> > sources in progress, happy to accept help to put it over the edge. >> >> Any progress on this? >> >> If necessary, I could NMU with the minimal fix of adding >> export DEB_CXXFLAGS_MAINT_APPEND += -std=gnu++14 >> to debian/rules. >> >> > Ryan >> >> cu >> Adrian >> > -- > debian-science-maintainers mailing list > debian-science-maintainers@alioth-lists.debian.net > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers -- debian-science-maintainers mailing list debian-science-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
[SECURITY] [DLA 2848-1] libssh2 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2848-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Anton Gladky December 17, 2021 https://wiki.debian.org/LTS - - Package: libssh2 Version: 1.7.0-1+deb9u2 CVE ID : CVE-2019-13115 CVE-2019-17498 Two issues have been discovered in libssh2, a client-side C library implementing the SSH2 protocol: CVE-2019-13115: kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. CVE-2019-17498: SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. For Debian 9 stretch, these problems have been fixed in version 1.7.0-1+deb9u2. We recommend that you upgrade your libssh2 packages. For the detailed security status of libssh2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libssh2 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmG9FZcACgkQ0+Fzg8+n /wYcjA/8DbDlW35YAdfZnkIdylAZDlC0v/Ij5NaLcpJYUrL7OjFvPGJvh3koZz1f y2HM/U2VEGYoMLHKxDItEpSw9FkkS6NB2HoA8CM2+PAkzn6GAVlJ26Kh0SkrHZi1 djFlyC/FQDm07m7jTy9ntG7kioisjClGMrDQj+Zkb00TczKk4+q6uB92HpDj0/sG M25HwhVmUuFYnR6tS5gSeil/pcjmFD6486BHu+uAfqIQwMsyofWGTcT7iSTtIaLE 2LHWLy4AOZVsdbhEdcARv3TQccHkzR1yWkQ9aGIVNuxXu5jWCfnyEmxJjePyGe4q EDdrA1ml1nDfhzxbQevbGWsDUXPuYEYP0lMqu0QM/Z7D8lR0EoOheoS9zKkn+M5g BDAuRSrE1yB+1Cha5EoXtEeJ9abbW9E6UqqeMWLRkAjlGfsvQnOU5JlpZauPkjaW taz3gQ7ByrVPv9Z0kdp0KiwgaTiBErbaqxKB35/XILDAvu7H/tdOV5vx900uvUah 0XWU0Oyp7wRNU0cPzf0hYoqi5rwoB+zFSFj5VtGU8aRpEkmxpVVbUCPcqOnYE0Bg RaDS3euw1zvzzNp6TINZg2SrF4rF/KFbA5UpLiRq7D0W5jSgNVcnfTTCOtdWscrt 8kZB5JNyePyyRGNsq8A28mgcV+pFmfg1NDMmtAC7sy8rPvQTyww= =e/qE -END PGP SIGNATURE-
[Git][security-tracker-team/security-tracker][master] 2 commits: LTS: Remove no-dsa tags from CVE-2019-13115 and CVE-2019-17498
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 99497495 by Anton Gladky at 2021-12-17T21:25:21+01:00 LTS: Remove no-dsa tags from CVE-2019-13115 and CVE-2019-17498 - - - - - 3130560d by Anton Gladky at 2021-12-17T21:25:22+01:00 Reserve DLA-2848-1 for libssh2 - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -152922,7 +152922,6 @@ CVE-2019-17498 (In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT l {DLA-1991-1} - libssh2 1.9.0-1 (low; bug #943562) [buster] - libssh2 (Minor issue) - [stretch] - libssh2 (Minor issue) NOTE: https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c NOTE: https://securitylab.github.com/research/libssh2-integer-overflow-CVE-2019-17498/ NOTE: Backported SUSE patch for versions <= 1.8.0 (including struct string_buf, @@ -167489,7 +167488,6 @@ CVE-2019-13115 (In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchang {DLA-1730-3} - libssh2 1.9.0-1 (bug #932329) [buster] - libssh2 (Minor issue) - [stretch] - libssh2 (Minor issue) NOTE: https://securitylab.github.com/research/libssh2-integer-overflow/ NOTE: https://github.com/libssh2/libssh2/pull/350 NOTE: https://github.com/libssh2/libssh2/commit/ff1b155731ff8f790f12d980911d9fd84d0e1598 = data/DLA/list = @@ -1,3 +1,6 @@ +[17 Dec 2021] DLA-2848-1 libssh2 - security update + {CVE-2019-13115 CVE-2019-17498} + [stretch] - libssh2 1.7.0-1+deb9u2 [15 Dec 2021] DLA-2847-1 mediawiki - security update {CVE-2021-44858} [stretch] - mediawiki 1:1.27.7-1+deb9u11 = data/dla-needed.txt = @@ -53,11 +53,6 @@ libgit2 (Utkarsh) NOTE: 20211129: readied up everything, using pygit and other wrappers NOTE: 20211129: around which the code changed. will upload in the next 2 days. (utkarsh) -- -libssh2 (Anton) - NOTE: 20211031: CVE-2019-13115 and CVE-2019-17498 were fixed in jessie DLAs - NOTE: 20211031: but still need fixing in stretch and buster. (bunk) - NOTE: 2026: Work in progress for stretch. (ola) --- linux (Ben Hutchings) -- linux-4.19 (Ben Hutchings) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/83ac707edf0f51cf06eb8398f26da9ab0e3cab39...3130560d848a76c83ccd5df09fd503cfd81726f1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/83ac707edf0f51cf06eb8398f26da9ab0e3cab39...3130560d848a76c83ccd5df09fd503cfd81726f1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Fix links for CVE-2019-13115 and CVE-2019-17498
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 89b10d09 by Anton Gladky at 2021-12-17T20:42:40+01:00 Fix links for CVE-2019-13115 and CVE-2019-17498 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -152922,13 +152922,12 @@ CVE-2019-17498 (In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT l [buster] - libssh2 (Minor issue) [stretch] - libssh2 (Minor issue) NOTE: https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c - NOTE: https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/ + NOTE: https://securitylab.github.com/research/libssh2-integer-overflow-CVE-2019-17498/ NOTE: Backported SUSE patch for versions <= 1.8.0 (including struct string_buf, NOTE: and the functions _libssh2_check_length(), _libssh2_get_u32() and NOTE: libssh2_get_string(), forming part of the fix): NOTE: https://bugzilla.suse.com/attachment.cgi?id=822416 NOTE: Only exploitable with a malicious server - NOTE: https://securitylab.github.com/research/libssh2-integer-overflow-CVE-2019-17498/ CVE-2018-21028 (Boa through 0.94.14rc21 allows remote attackers to trigger a memory le ...) - boa CVE-2018-21027 (Boa through 0.94.14rc21 allows remote attackers to trigger an out-of-m ...) @@ -167489,7 +167488,7 @@ CVE-2019-13115 (In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchang - libssh2 1.9.0-1 (bug #932329) [buster] - libssh2 (Minor issue) [stretch] - libssh2 (Minor issue) - NOTE: https://blog.semmle.com/libssh2-integer-overflow/ + NOTE: https://securitylab.github.com/research/libssh2-integer-overflow/ NOTE: https://github.com/libssh2/libssh2/pull/350 NOTE: https://github.com/libssh2/libssh2/commit/ff1b155731ff8f790f12d980911d9fd84d0e1598 CVE-2019-13114 (http.c in Exiv2 through 0.27.1 allows a malicious http server to cause ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89b10d099ce6ed45b401780bacb8c535471a05d6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89b10d099ce6ed45b401780bacb8c535471a05d6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2019-17498, add one more link
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 51b01067 by Anton Gladky at 2021-12-17T20:21:53+01:00 CVE-2019-17498, add one more link - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -152928,6 +152928,7 @@ CVE-2019-17498 (In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT l NOTE: libssh2_get_string(), forming part of the fix): NOTE: https://bugzilla.suse.com/attachment.cgi?id=822416 NOTE: Only exploitable with a malicious server + NOTE: https://securitylab.github.com/research/libssh2-integer-overflow-CVE-2019-17498/ CVE-2018-21028 (Boa through 0.94.14rc21 allows remote attackers to trigger a memory le ...) - boa CVE-2018-21027 (Boa through 0.94.14rc21 allows remote attackers to trigger an out-of-m ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51b01067df20ad399b841d6ec41b1b40da5a1a02 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51b01067df20ad399b841d6ec41b1b40da5a1a02 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: Status update
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 33bf646a by Anton Gladky at 2021-12-12T20:47:47+01:00 LTS: Status update - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -81,6 +81,7 @@ rustc (Roberto C. Sánchez) -- samba (Anton) NOTE: 20211128: WIP https://salsa.debian.org/lts-team/packages/samba/ + NOTE: 20211212: Fix is too large, coordination with ELTS-upload -- thunderbird (Emilio) NOTE: 20211122: blocked on toolchain backports (pochu) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33bf646aa3fc603dc34fc43cf8cd56c5db150169 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33bf646aa3fc603dc34fc43cf8cd56c5db150169 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: take libssh2
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 981d91e3 by Anton Gladky at 2021-12-07T21:45:13+01:00 LTS: take libssh2 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -50,7 +50,7 @@ libgit2 (Utkarsh) NOTE: 20211129: readied up everything, using pygit and other wrappers NOTE: 20211129: around which the code changed. will upload in the next 2 days. (utkarsh) -- -libssh2 +libssh2 (Anton) NOTE: 20211031: CVE-2019-13115 and CVE-2019-17498 were fixed in jessie DLAs NOTE: 20211031: but still need fixing in stretch and buster. (bunk) NOTE: 2026: Work in progress for stretch. (ola) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/981d91e3a6524741887cb02b8f9edb6f19ce5ce8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/981d91e3a6524741887cb02b8f9edb6f19ce5ce8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Re: Semi-automatic package unclaim after two weeks of inactivity
Hi Jeremiah, > DLA 2839-1 (03 Dec 2021) (gerbv) thanks, it was announced and just pushed to the website. Will appear there soon. Regards Anton Am Di., 7. Dez. 2021 um 01:05 Uhr schrieb Jeremiah C. Foster : > > Hi, > > Today three packages were "unclaimed" for LTS, and two for ELTS; > > -firmware-nonfree (Markus Koschany) > -gpac (Roberto C. Sánchez) > -libssh2 (Ola Lundqvist) > > -firmware-nonfree (Markus Koschany) > -samba (Utkarsh) > > No one has claimed 4 or more packages. > > There appears to be just a single DLA which is reserved but not yet > published, namely; > > DLA 2839-1 (03 Dec 2021) (gerbv) > > Have a great week! > > Cheers, > > Jeremiah >
Re: [Yade-users] [Question #699714]: Python problems in Yade 2021.01a
Question #699714 on Yade changed: https://answers.launchpad.net/yade/+question/699714 Anton Gladky proposed the following answer: Please file a bug here [1] with a minimal working example, so we will have a change to fix it before the next release. [1] https://gitlab.com/yade-dev/trunk/-/issues -- You received this question notification because your team yade-users is an answer contact for Yade. ___ Mailing list: https://launchpad.net/~yade-users Post to : yade-users@lists.launchpad.net Unsubscribe : https://launchpad.net/~yade-users More help : https://help.launchpad.net/ListHelp
Re: [Yade-users] [Question #699714]: Python problems in Yade 2021.01a
Question #699714 on Yade changed: https://answers.launchpad.net/yade/+question/699714 Status: Open => Answered Anton Gladky proposed the following answer: Definitely update your scripts to 3rd python version and switch to a newer Yade. We are not supporting older Yade version, so there is no chance to fix an error in those versions, if they are detected. -- You received this question notification because your team yade-users is an answer contact for Yade. ___ Mailing list: https://launchpad.net/~yade-users Post to : yade-users@lists.launchpad.net Unsubscribe : https://launchpad.net/~yade-users More help : https://help.launchpad.net/ListHelp
[SECURITY] [DLA 2839-1] gerbv security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2839-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Anton Gladky December 03, 2021 https://wiki.debian.org/LTS - - Package: gerbv Version: 2.6.1-2+deb9u1 CVE ID : CVE-2021-40391 One security issue has been discovered in gerbv: a viewer for Gerber RS-274X files. It was discovered that an out-of-bounds write vulnerability exists in the drill format T-code tool. A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. For Debian 9 stretch, this problem has been fixed in version 2.6.1-2+deb9u1. We recommend that you upgrade your gerbv packages. For the detailed security status of gerbv please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gerbv Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmGqc8UACgkQ0+Fzg8+n /wbnxw/7B7quJeb+LwelKTjalNxv3nxDFneqFU5aw9PETNLchppjaeaf4wtsRQGv fMipbBejrMS3gYXbQJka+n332Rw8NKh1hMDmXKExeSE+7zw8PmaBcmuhjbR7kv/5 dJauAyHRJH0c9vC6aPEro/28bUnrbn9TDEobVaKv++3rmPI37uRb0+dNRc9haUvp uyLUkzjE2JRCTFk454/G0iZf6sfAzRbpvHSz0u74JAhylceNlf215AFQJGjdsDj3 v9dH2qCEHeWkRpOrjEsxZ+uBjAH+CsuU+2GQNs00+mRWfMmL3V8zAmskjJbUu5zf BoGj6MYwsws0hxkKxB/62CqhVIf8BAjU7Gv9uhxnFaTRN/OkqzXcid4DT5kAH28w SeNrz64BvPppzGbISYOgnB/Koa4yT4Oi/YfsXZ2uBeDAKsULxxIrJRUu/OspGFn6 5V2fDl6t3HtwidBdsG36aT7wWxT+nterQP0WWLgOXHCH5T8F1SDts1i88cw9TPgZ REEmoi+hZagpblisYPzUz8KepY0PbO2NLUBdKcpHsVkjQTJuLiNpRQ8nf1XNnvxZ Qzwigkmg0BOIc2+G2qL4CEq85rgkoFmjXm7RoBVtB7WZhaDp2uS62uXk5NNv7JQ5 8lz5mXfXGHhA3uhW/O6sTA7SopvnBUVXyW9XhXqbzyT9wgrI04A= =bKJn -END PGP SIGNATURE-
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2839-1 for gerbv
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 7e5d46cd by Anton Gladky at 2021-12-03T19:45:04+01:00 Reserve DLA-2839-1 for gerbv - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[03 Dec 2021] DLA-2839-1 gerbv - security update + {CVE-2021-40391} + [stretch] - gerbv 2.6.1-2+deb9u1 [03 Dec 2021] DLA-2838-1 librecad - security update {CVE-2021-21898 CVE-2021-21899 CVE-2021-21900} [stretch] - librecad 2.1.2-1+deb9u2 = data/dla-needed.txt = @@ -34,13 +34,6 @@ firmware-nonfree (Markus Koschany) NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding possible "ignore" tag -- -gerbv (Anton) - NOTE: 20211107: The fix has only one-line! But... be sure that the fix will help. (Anton) - NOTE: 20211107: Please take the package if you can reproduce the issue with valgrind/AddressSanitizer/Leaksanitizer (Anton) - NOTE: 20211107: The simple fix will unlikely help. (Anton) - NOTE: 20211121: Still needs to be investigated with extra-tool. (Anton) - NOTE: 20211128: WIP https://salsa.debian.org/lts-team/packages/gmp/ --- gpac (Roberto C. Sánchez) NOTE: 20211101: coordinating with secteam for s-p-u since stretch/buster versions match (roberto) NOTE: 20211120: received OK from secteam for buster update, working on stretch/buster in parallel (roberto) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e5d46cd5707c0092878effdcc631ea4b40cf604 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e5d46cd5707c0092878effdcc631ea4b40cf604 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: take vim
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 5f7e892d by Anton Gladky at 2021-12-03T19:38:32+01:00 LTS: take vim - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -92,7 +92,7 @@ samba (Anton) thunderbird (Emilio) NOTE: 20211122: blocked on toolchain backports (pochu) -- -vim +vim (Anton) NOTE: 20211203: adding here as it's in the ela-needed as well NOTE: 20211203: so worth fixing in stretch, too. Co-ordinate w/ NOTE: 20211203: Emilio since he's working on it for jessie. (utkarsh) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f7e892d6418227f00eee0087abc33fcb65c2b33 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f7e892d6418227f00eee0087abc33fcb65c2b33 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[SECURITY] [DLA 2837-1] gmp security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2837-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Anton Gladky December 02, 2021 https://wiki.debian.org/LTS - - Package: gmp Version: 2:6.1.2+dfsg-1+deb9u1 CVE ID : CVE-2021-43618 Debian Bug : 994405 One security issue has been discovered in gmp: GNU Multiple Precision Arithmetic Library. It was discovered that integer overflow is possible in mpz/inp_raw.c and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms. For Debian 9 stretch, this problem has been fixed in version 2:6.1.2+dfsg-1+deb9u1. We recommend that you upgrade your gmp packages. For the detailed security status of gmp please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gmp Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmGpJCkACgkQ0+Fzg8+n /wZlUBAAnuM5xs5sZQ1w5Wc2HXt2lPdIb/8ri2pUVEL8udLpvSiqrJlOqyBnY6R1 HKgcFOEVsajlMYJYFCSEjbN6qR9mZMxNFcI0XwC5kn0wFdLKD3FPS+jiOKDHBGF/ z1OhTJqFSCadQUGCrGQb/63M6dl8CKXy2MZNEdvkZiPsbIkYKfBAsq9gbxqcoWK6 jnOSgzbYmnU1aj6oH7QIrL2amPMx/ZcOx8v9tt6C1m2fCMEZM/yOT3mVSxaYwiAF odPSHGNVdgl2uWQwpW5uoP2csJ+RD6rXB86sct/cCjtRGLCRZYzJuy7sIeKzCbu4 bnc6NnOG8qbdVE4mNfUzh18UrOfoU12seeEY9O56w2n7OV+HVpqHnWFygizYoKjL d9L5cs9WRFlBxdQx9Ps5IBgP4fdwhU7QHSKeOIb3wnEVrahO3QCvGHKz8LK/rZep a4dN9Q6gpqvqzgAQh6zNShidIUTtSlfgSVdVPrSMVkMNKxS8B6WLNYculwBkqZdh QW4lc+NH3R9OJf1ecXGMc5GCFvIPHJxK+NXsoxbMcVCdiNsoYgVnPRUDlV4WrvZh C9GFJbXkS45GKBda17TaTKM+EBEFDoE5opmWl/xwNkJu8Wjv/aZBO3kflLn2Bl4x Uf4rQmMZWBqn4pjftlQz/jh44cxs66T5Fqahsp4WIp2cRw4Hlxw= =/0KZ -END PGP SIGNATURE-
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2837-1 for gmp
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 30d96e60 by Anton Gladky at 2021-12-02T18:00:57+01:00 Reserve DLA-2837-1 for gmp - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[02 Dec 2021] DLA-2837-1 gmp - security update + {CVE-2021-43618} + [stretch] - gmp 2:6.1.2+dfsg-1+deb9u1 [02 Dec 2021] DLA-2836-1 nss - security update {CVE-2021-43527} [stretch] - nss 2:3.26.2-1.1+deb9u3 = data/dla-needed.txt = @@ -41,9 +41,6 @@ gerbv (Anton) NOTE: 20211121: Still needs to be investigated with extra-tool. (Anton) NOTE: 20211128: WIP https://salsa.debian.org/lts-team/packages/gmp/ -- -gmp (Anton) - NOTE: 20211128: WIP https://salsa.debian.org/lts-team/packages/gmp/ --- gpac (Roberto C. Sánchez) NOTE: 20211101: coordinating with secteam for s-p-u since stretch/buster versions match (roberto) NOTE: 20211120: received OK from secteam for buster update, working on stretch/buster in parallel (roberto) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30d96e60cf75fce9c8a5df06bfb433fc361368c6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30d96e60cf75fce9c8a5df06bfb433fc361368c6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: minor status update. Add repos
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 0cdfd880 by Anton Gladky at 2021-11-28T16:15:25+01:00 LTS: minor status update. Add repos - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -39,8 +39,10 @@ gerbv (Anton) NOTE: 20211107: Please take the package if you can reproduce the issue with valgrind/AddressSanitizer/Leaksanitizer (Anton) NOTE: 20211107: The simple fix will unlikely help. (Anton) NOTE: 20211121: Still needs to be investigated with extra-tool. (Anton) + NOTE: 20211128: WIP https://salsa.debian.org/lts-team/packages/gmp/ -- gmp (Anton) + NOTE: 20211128: WIP https://salsa.debian.org/lts-team/packages/gmp/ -- gpac (Roberto C. Sánchez) NOTE: 20211101: coordinating with secteam for s-p-u since stretch/buster versions match (roberto) @@ -86,6 +88,7 @@ rustc (Roberto C. Sánchez) NOTE: 2022: llvm-toolchain-11 update is now uploaded (roberto) -- samba (Anton) + NOTE: 20211128: WIP https://salsa.debian.org/lts-team/packages/samba/ -- thunderbird (Emilio) NOTE: 20211122: blocked on toolchain backports (pochu) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0cdfd8805072f3ba2296a1a5393f26721a72a932 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0cdfd8805072f3ba2296a1a5393f26721a72a932 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Bug#1000611: libvtk9{,-qt}: soname change without library transition
Hi Adrian, thanks for the bug report. It was really an accidental upload into unstable instead of experimental. Yes, I will rename the package and upload it ASAP. Regards Anton Am Do., 25. Nov. 2021 um 22:03 Uhr schrieb Adrian Bunk : > > Package: libvtk9 > Version: 9.1.0+dfsg2-2 > Severity: serious > Control: affects -1 libvtk9-qt src:vtk9 > > https://ci.debian.net/data/autopkgtest/testing/amd64/f/freecad/16980590/log.gz > > ... > ERROR: TestFemApp (unittest.loader._FailedTest) > -- > ImportError: Failed to import test module: TestFemApp > Traceback (most recent call last): > File "/usr/lib/python3.9/unittest/loader.py", line 154, in loadTestsFromName > module = __import__(module_name) > File "/usr/share/freecad/Mod/Fem/TestFemApp.py", line 33, in > from femtest.app.test_mesh import TestMeshCommon as FemTest07 > File "/usr/share/freecad/Mod/Fem/femtest/app/test_mesh.py", line 33, in > > import Fem > ImportError: libvtkFiltersExtraction-9.0.so.1: cannot open shared object > file: No such file or directory > ... > > > The soname of the vtk9 libraries is not 9, it is 9.0 for VTK 9.0 > and 9.1 for VTK 9.1: > > $ objdump -p /usr/lib/x86_64-linux-gnu/libvtkChartsCore-9.1.so.1 | grep > SONAME > SONAME libvtkChartsCore-9.1.so.1 > $ > > In bullseye libvtk9 and libvtk9-qt should have been named > libvtk9.0 and libvtk9.0-qt, but this alone is harmless. > > Not harmless is that the libraries must transition to the new > soname in 9.1, renaming the packages to libvtk9.1 and libvtk9.1-qt. > > -- > debian-science-maintainers mailing list > debian-science-maintain...@alioth-lists.debian.net > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
Bug#1000611: libvtk9{,-qt}: soname change without library transition
Hi Adrian, thanks for the bug report. It was really an accidental upload into unstable instead of experimental. Yes, I will rename the package and upload it ASAP. Regards Anton Am Do., 25. Nov. 2021 um 22:03 Uhr schrieb Adrian Bunk : > > Package: libvtk9 > Version: 9.1.0+dfsg2-2 > Severity: serious > Control: affects -1 libvtk9-qt src:vtk9 > > https://ci.debian.net/data/autopkgtest/testing/amd64/f/freecad/16980590/log.gz > > ... > ERROR: TestFemApp (unittest.loader._FailedTest) > -- > ImportError: Failed to import test module: TestFemApp > Traceback (most recent call last): > File "/usr/lib/python3.9/unittest/loader.py", line 154, in loadTestsFromName > module = __import__(module_name) > File "/usr/share/freecad/Mod/Fem/TestFemApp.py", line 33, in > from femtest.app.test_mesh import TestMeshCommon as FemTest07 > File "/usr/share/freecad/Mod/Fem/femtest/app/test_mesh.py", line 33, in > > import Fem > ImportError: libvtkFiltersExtraction-9.0.so.1: cannot open shared object > file: No such file or directory > ... > > > The soname of the vtk9 libraries is not 9, it is 9.0 for VTK 9.0 > and 9.1 for VTK 9.1: > > $ objdump -p /usr/lib/x86_64-linux-gnu/libvtkChartsCore-9.1.so.1 | grep > SONAME > SONAME libvtkChartsCore-9.1.so.1 > $ > > In bullseye libvtk9 and libvtk9-qt should have been named > libvtk9.0 and libvtk9.0-qt, but this alone is harmless. > > Not harmless is that the libraries must transition to the new > soname in 9.1, renaming the packages to libvtk9.1 and libvtk9.1-qt. > > -- > debian-science-maintainers mailing list > debian-science-maintain...@alioth-lists.debian.net > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
Bug#1000611: libvtk9{,-qt}: soname change without library transition
Hi Adrian, thanks for the bug report. It was really an accidental upload into unstable instead of experimental. Yes, I will rename the package and upload it ASAP. Regards Anton Am Do., 25. Nov. 2021 um 22:03 Uhr schrieb Adrian Bunk : > > Package: libvtk9 > Version: 9.1.0+dfsg2-2 > Severity: serious > Control: affects -1 libvtk9-qt src:vtk9 > > https://ci.debian.net/data/autopkgtest/testing/amd64/f/freecad/16980590/log.gz > > ... > ERROR: TestFemApp (unittest.loader._FailedTest) > -- > ImportError: Failed to import test module: TestFemApp > Traceback (most recent call last): > File "/usr/lib/python3.9/unittest/loader.py", line 154, in loadTestsFromName > module = __import__(module_name) > File "/usr/share/freecad/Mod/Fem/TestFemApp.py", line 33, in > from femtest.app.test_mesh import TestMeshCommon as FemTest07 > File "/usr/share/freecad/Mod/Fem/femtest/app/test_mesh.py", line 33, in > > import Fem > ImportError: libvtkFiltersExtraction-9.0.so.1: cannot open shared object > file: No such file or directory > ... > > > The soname of the vtk9 libraries is not 9, it is 9.0 for VTK 9.0 > and 9.1 for VTK 9.1: > > $ objdump -p /usr/lib/x86_64-linux-gnu/libvtkChartsCore-9.1.so.1 | grep > SONAME > SONAME libvtkChartsCore-9.1.so.1 > $ > > In bullseye libvtk9 and libvtk9-qt should have been named > libvtk9.0 and libvtk9.0-qt, but this alone is harmless. > > Not harmless is that the libraries must transition to the new > soname in 9.1, renaming the packages to libvtk9.1 and libvtk9.1-qt. > > -- > debian-science-maintainers mailing list > debian-science-maintainers@alioth-lists.debian.net > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers -- debian-science-maintainers mailing list debian-science-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
Bug#1000539: RM: boost1.71 -- ROM; Outdated version
Package: ftp.debian.org Severity: normal Dear FTP masters, please remove the boost1.71, which is replaced by a newer version. Thanks Anton
Bug#1000477: bullseye-pu: package gmp/2:6.2.1+dfsg-1+deb11u1
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu Dear release team, I have prepared a fix for bullseye, fixing CVE-2021-43618. The fix was also successfully fixed in unstable and testing. Gitlab-CI is employed for the package testing. Diff is aattached. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable Thanks Anton diff -Nru gmp-6.2.1+dfsg/debian/changelog gmp-6.2.1+dfsg/debian/changelog --- gmp-6.2.1+dfsg/debian/changelog 2020-11-15 19:04:37.0 +0100 +++ gmp-6.2.1+dfsg/debian/changelog 2021-11-23 21:37:19.0 +0100 @@ -1,3 +1,10 @@ +gmp (2:6.2.1+dfsg-1+deb11u1) bullseye; urgency=medium + + * [ba91bc2] Add .gitlab-ci.yml + * [a848ad6] Avoid bit size overflows. CVE-2021-43618 + + -- Anton Gladky Tue, 23 Nov 2021 21:37:19 +0100 + gmp (2:6.2.1+dfsg-1) unstable; urgency=medium [ Steve Robbins ] diff -Nru gmp-6.2.1+dfsg/debian/.gitlab-ci.yml gmp-6.2.1+dfsg/debian/.gitlab-ci.yml --- gmp-6.2.1+dfsg/debian/.gitlab-ci.yml1970-01-01 01:00:00.0 +0100 +++ gmp-6.2.1+dfsg/debian/.gitlab-ci.yml2021-11-23 21:31:26.0 +0100 @@ -0,0 +1,6 @@ +include: + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml +variables: + RELEASE: 'bullseye' + SALSA_CI_DISABLE_REPROTEST: 1 + SALSA_CI_DISABLE_BLHC: 1 diff -Nru gmp-6.2.1+dfsg/debian/patches/CVE-2021-43618.patch gmp-6.2.1+dfsg/debian/patches/CVE-2021-43618.patch --- gmp-6.2.1+dfsg/debian/patches/CVE-2021-43618.patch 1970-01-01 01:00:00.0 +0100 +++ gmp-6.2.1+dfsg/debian/patches/CVE-2021-43618.patch 2021-11-23 21:36:27.0 +0100 @@ -0,0 +1,25 @@ +# Origin: https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e +# HG changeset patch +# User Marco Bodrato +# Date 1634836009 -7200 +# Node ID 561a9c25298e17bb01896801ff353546c6923dbd +# Parent e1fd9db13b475209a864577237ea4b9105b3e96e +mpz/inp_raw.c: Avoid bit size overflows + +Index: gmp/mpz/inp_raw.c +=== +--- gmp.orig/mpz/inp_raw.c gmp/mpz/inp_raw.c +@@ -88,8 +88,11 @@ mpz_inp_raw (mpz_ptr x, FILE *fp) + + abs_csize = ABS (csize); + ++ if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8)) ++return 0; /* Bit size overflows */ ++ + /* round up to a multiple of limbs */ +- abs_xsize = BITS_TO_LIMBS (abs_csize*8); ++ abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8); + + if (abs_xsize != 0) + { diff -Nru gmp-6.2.1+dfsg/debian/patches/series gmp-6.2.1+dfsg/debian/patches/series --- gmp-6.2.1+dfsg/debian/patches/series1970-01-01 01:00:00.0 +0100 +++ gmp-6.2.1+dfsg/debian/patches/series2021-11-15 22:20:32.0 +0100 @@ -0,0 +1 @@ +CVE-2021-43618.patch
Bug#1000477: bullseye-pu: package gmp/2:6.2.1+dfsg-1+deb11u1
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu Dear release team, I have prepared a fix for bullseye, fixing CVE-2021-43618. The fix was also successfully fixed in unstable and testing. Gitlab-CI is employed for the package testing. Diff is aattached. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable Thanks Anton diff -Nru gmp-6.2.1+dfsg/debian/changelog gmp-6.2.1+dfsg/debian/changelog --- gmp-6.2.1+dfsg/debian/changelog 2020-11-15 19:04:37.0 +0100 +++ gmp-6.2.1+dfsg/debian/changelog 2021-11-23 21:37:19.0 +0100 @@ -1,3 +1,10 @@ +gmp (2:6.2.1+dfsg-1+deb11u1) bullseye; urgency=medium + + * [ba91bc2] Add .gitlab-ci.yml + * [a848ad6] Avoid bit size overflows. CVE-2021-43618 + + -- Anton Gladky Tue, 23 Nov 2021 21:37:19 +0100 + gmp (2:6.2.1+dfsg-1) unstable; urgency=medium [ Steve Robbins ] diff -Nru gmp-6.2.1+dfsg/debian/.gitlab-ci.yml gmp-6.2.1+dfsg/debian/.gitlab-ci.yml --- gmp-6.2.1+dfsg/debian/.gitlab-ci.yml1970-01-01 01:00:00.0 +0100 +++ gmp-6.2.1+dfsg/debian/.gitlab-ci.yml2021-11-23 21:31:26.0 +0100 @@ -0,0 +1,6 @@ +include: + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml +variables: + RELEASE: 'bullseye' + SALSA_CI_DISABLE_REPROTEST: 1 + SALSA_CI_DISABLE_BLHC: 1 diff -Nru gmp-6.2.1+dfsg/debian/patches/CVE-2021-43618.patch gmp-6.2.1+dfsg/debian/patches/CVE-2021-43618.patch --- gmp-6.2.1+dfsg/debian/patches/CVE-2021-43618.patch 1970-01-01 01:00:00.0 +0100 +++ gmp-6.2.1+dfsg/debian/patches/CVE-2021-43618.patch 2021-11-23 21:36:27.0 +0100 @@ -0,0 +1,25 @@ +# Origin: https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e +# HG changeset patch +# User Marco Bodrato +# Date 1634836009 -7200 +# Node ID 561a9c25298e17bb01896801ff353546c6923dbd +# Parent e1fd9db13b475209a864577237ea4b9105b3e96e +mpz/inp_raw.c: Avoid bit size overflows + +Index: gmp/mpz/inp_raw.c +=== +--- gmp.orig/mpz/inp_raw.c gmp/mpz/inp_raw.c +@@ -88,8 +88,11 @@ mpz_inp_raw (mpz_ptr x, FILE *fp) + + abs_csize = ABS (csize); + ++ if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8)) ++return 0; /* Bit size overflows */ ++ + /* round up to a multiple of limbs */ +- abs_xsize = BITS_TO_LIMBS (abs_csize*8); ++ abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8); + + if (abs_xsize != 0) + { diff -Nru gmp-6.2.1+dfsg/debian/patches/series gmp-6.2.1+dfsg/debian/patches/series --- gmp-6.2.1+dfsg/debian/patches/series1970-01-01 01:00:00.0 +0100 +++ gmp-6.2.1+dfsg/debian/patches/series2021-11-15 22:20:32.0 +0100 @@ -0,0 +1 @@ +CVE-2021-43618.patch
Bug#1000473: buster-pu: package gmp/gmp_6.1.2+dfsg-4+deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu Dear release team, I have prepared a fix for buster, fixing CVE-2021-43618. The fix was also successfully fixed in unstable and testing. Gitlab-CI is employed for the package testing. Diff is applied. Thanks [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable Thanks Anton diff -Nru gmp-6.1.2+dfsg/debian/changelog gmp-6.1.2+dfsg/debian/changelog --- gmp-6.1.2+dfsg/debian/changelog 2018-12-02 07:39:34.0 +0100 +++ gmp-6.1.2+dfsg/debian/changelog 2021-11-23 21:09:08.0 +0100 @@ -1,3 +1,10 @@ +gmp (2:6.1.2+dfsg-4+deb10u1) buster; urgency=medium + + * [1f4ce6d] Add .gitlab-ci.yml + * [df6d314] Avoid bit size overflows. CVE-2021-43618 + + -- Anton Gladky Tue, 23 Nov 2021 21:09:08 +0100 + gmp (2:6.1.2+dfsg-4) unstable; urgency=medium * Team Upload. diff -Nru gmp-6.1.2+dfsg/debian/.gitlab-ci.yml gmp-6.1.2+dfsg/debian/.gitlab-ci.yml --- gmp-6.1.2+dfsg/debian/.gitlab-ci.yml1970-01-01 01:00:00.0 +0100 +++ gmp-6.1.2+dfsg/debian/.gitlab-ci.yml2021-11-23 21:04:00.0 +0100 @@ -0,0 +1,6 @@ +include: + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml +variables: + RELEASE: 'buster' + SALSA_CI_DISABLE_REPROTEST: 1 + SALSA_CI_DISABLE_BLHC: 1 diff -Nru gmp-6.1.2+dfsg/debian/patches/CVE-2021-43618.patch gmp-6.1.2+dfsg/debian/patches/CVE-2021-43618.patch --- gmp-6.1.2+dfsg/debian/patches/CVE-2021-43618.patch 1970-01-01 01:00:00.0 +0100 +++ gmp-6.1.2+dfsg/debian/patches/CVE-2021-43618.patch 2021-11-23 21:06:22.0 +0100 @@ -0,0 +1,25 @@ +# Origin: https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e +# HG changeset patch +# User Marco Bodrato +# Date 1634836009 -7200 +# Node ID 561a9c25298e17bb01896801ff353546c6923dbd +# Parent e1fd9db13b475209a864577237ea4b9105b3e96e +mpz/inp_raw.c: Avoid bit size overflows + +Index: gmp/mpz/inp_raw.c +=== +--- gmp.orig/mpz/inp_raw.c gmp/mpz/inp_raw.c +@@ -89,8 +89,11 @@ mpz_inp_raw (mpz_ptr x, FILE *fp) + + abs_csize = ABS (csize); + ++ if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8)) ++return 0; /* Bit size overflows */ ++ + /* round up to a multiple of limbs */ +- abs_xsize = BITS_TO_LIMBS (abs_csize*8); ++ abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8); + + if (abs_xsize != 0) + { diff -Nru gmp-6.1.2+dfsg/debian/patches/series gmp-6.1.2+dfsg/debian/patches/series --- gmp-6.1.2+dfsg/debian/patches/series2018-12-02 07:39:27.0 +0100 +++ gmp-6.1.2+dfsg/debian/patches/series2021-11-23 21:06:09.0 +0100 @@ -1 +1,2 @@ gmp-exception-sigfpe.patch +CVE-2021-43618.patch
Bug#1000473: buster-pu: package gmp/gmp_6.1.2+dfsg-4+deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu Dear release team, I have prepared a fix for buster, fixing CVE-2021-43618. The fix was also successfully fixed in unstable and testing. Gitlab-CI is employed for the package testing. Diff is applied. Thanks [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable Thanks Anton diff -Nru gmp-6.1.2+dfsg/debian/changelog gmp-6.1.2+dfsg/debian/changelog --- gmp-6.1.2+dfsg/debian/changelog 2018-12-02 07:39:34.0 +0100 +++ gmp-6.1.2+dfsg/debian/changelog 2021-11-23 21:09:08.0 +0100 @@ -1,3 +1,10 @@ +gmp (2:6.1.2+dfsg-4+deb10u1) buster; urgency=medium + + * [1f4ce6d] Add .gitlab-ci.yml + * [df6d314] Avoid bit size overflows. CVE-2021-43618 + + -- Anton Gladky Tue, 23 Nov 2021 21:09:08 +0100 + gmp (2:6.1.2+dfsg-4) unstable; urgency=medium * Team Upload. diff -Nru gmp-6.1.2+dfsg/debian/.gitlab-ci.yml gmp-6.1.2+dfsg/debian/.gitlab-ci.yml --- gmp-6.1.2+dfsg/debian/.gitlab-ci.yml1970-01-01 01:00:00.0 +0100 +++ gmp-6.1.2+dfsg/debian/.gitlab-ci.yml2021-11-23 21:04:00.0 +0100 @@ -0,0 +1,6 @@ +include: + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml +variables: + RELEASE: 'buster' + SALSA_CI_DISABLE_REPROTEST: 1 + SALSA_CI_DISABLE_BLHC: 1 diff -Nru gmp-6.1.2+dfsg/debian/patches/CVE-2021-43618.patch gmp-6.1.2+dfsg/debian/patches/CVE-2021-43618.patch --- gmp-6.1.2+dfsg/debian/patches/CVE-2021-43618.patch 1970-01-01 01:00:00.0 +0100 +++ gmp-6.1.2+dfsg/debian/patches/CVE-2021-43618.patch 2021-11-23 21:06:22.0 +0100 @@ -0,0 +1,25 @@ +# Origin: https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e +# HG changeset patch +# User Marco Bodrato +# Date 1634836009 -7200 +# Node ID 561a9c25298e17bb01896801ff353546c6923dbd +# Parent e1fd9db13b475209a864577237ea4b9105b3e96e +mpz/inp_raw.c: Avoid bit size overflows + +Index: gmp/mpz/inp_raw.c +=== +--- gmp.orig/mpz/inp_raw.c gmp/mpz/inp_raw.c +@@ -89,8 +89,11 @@ mpz_inp_raw (mpz_ptr x, FILE *fp) + + abs_csize = ABS (csize); + ++ if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8)) ++return 0; /* Bit size overflows */ ++ + /* round up to a multiple of limbs */ +- abs_xsize = BITS_TO_LIMBS (abs_csize*8); ++ abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8); + + if (abs_xsize != 0) + { diff -Nru gmp-6.1.2+dfsg/debian/patches/series gmp-6.1.2+dfsg/debian/patches/series --- gmp-6.1.2+dfsg/debian/patches/series2018-12-02 07:39:27.0 +0100 +++ gmp-6.1.2+dfsg/debian/patches/series2021-11-23 21:06:09.0 +0100 @@ -1 +1,2 @@ gmp-exception-sigfpe.patch +CVE-2021-43618.patch
Bug#1000409: ITP: dyssol -- tool for dynamic flowsheet simulation
Package: wnpp Severity: wishlist Owner: Anton Gladky X-Debbugs-Cc: debian-devel@lists.debian.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 * Package name: dyssol Version : 1.0 Upstream Author : Dyssol Development Team * URL : https://github.com/FlowsheetSimulation/Dyssol-open * License : MIT Programming Lang: C++ Description : tool for dynamic flowsheet simulation Dyssol, the dynamic simulation of solids processes, is a novel dynamic flowsheet modelling system designed to simulate the time-dependent behaviour of complex production processes in solids processing technology. Key features including: 1. Dynamic simulation of flowsheets to reflect the time-dependent behaviour of processes and to take into account the accumulation of mass and energy; 2. Proper calculation of multidimensional distributed parameters of the solid phase, considering their possible interdependence; 3. Flexibility and extensibility of the system for adding new models of apparatuses and solvers. And distinctive features including: * Dynamic simulation of complex process structures; * Advanced calculation algorithm for dynamic simulations; * Consideration of solid, liquid, gas phases and their mixtures; * Proper handling of multidimensional interdependent distributed parameters of solids; * Providing standardized interfaces and templates for implementation of new units; * High modularity and extensibility. The package will be maintained under the roof of Debian Science Team. Anton -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmGb41ARHGdsYWRrQGRl Ymlhbi5vcmcACgkQ0+Fzg8+n/wbdxA//aq+1NKUl9sJHwOuSTKTNJhvnckSaQNMa sGMW4z0oMJFzn15TWN960SeNdBufQzydJHhQ9Ee6wvjOIZGxD0iSFFwkXKYEucwk +fgx4sZQP85P+nnp3YbnPHpsnHGnNgffVOpkCc2ugJwU3KqVpF+v4S4rjc894orl I2R7jZycy9ynay3V+400Cb77IJAz2FFvkYXhXvUryZ4BeSdhuSPQ/lWQdBUqaJ+I h4PVAnCUQTS140wUsbsfiVWELXSId0Z6BRQO+39tPAWg/mj67lRIYyO/FgzbOFaS H1f5sm1nOKNw3/VF3mDpYjf5n6ha4ARI+6bHvCC8DeST/8bSjRlG/vFfIDmvtAeW uzJ5Ov8xLiwEYJQ1PwYLMGg0yITJC+YXBJYvTzi4uvpoNQuhKtTtjFoE7TtelC3Q HBpW99r1vc3pVD5z9w22ETsdFrbhqzITz0u0DoZjgq8ooY1vTEXgZxCfNdqJzsWw 2Rrr9MnCiulngQQYFza/TCudJdEx4TBjB2BUyQnBL9FYwlxXYPKzR16ouwdaiRMe n6fY4MAREcO8vRmnv3nNLydIa14nt7tP0/CPQWDwQoalAapi1gU8yvP3RBZWXAeA uyrIVrlS6/Q0p3dVcSJ0DEDDHkQZN3DDQVzW/nHmynI5VXxtwLLRvGbhr9fYODfO PSRlod/B114= =Sxnh -END PGP SIGNATURE-
Bug#1000409: ITP: dyssol -- tool for dynamic flowsheet simulation
Package: wnpp Severity: wishlist Owner: Anton Gladky X-Debbugs-Cc: debian-de...@lists.debian.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 * Package name: dyssol Version : 1.0 Upstream Author : Dyssol Development Team * URL : https://github.com/FlowsheetSimulation/Dyssol-open * License : MIT Programming Lang: C++ Description : tool for dynamic flowsheet simulation Dyssol, the dynamic simulation of solids processes, is a novel dynamic flowsheet modelling system designed to simulate the time-dependent behaviour of complex production processes in solids processing technology. Key features including: 1. Dynamic simulation of flowsheets to reflect the time-dependent behaviour of processes and to take into account the accumulation of mass and energy; 2. Proper calculation of multidimensional distributed parameters of the solid phase, considering their possible interdependence; 3. Flexibility and extensibility of the system for adding new models of apparatuses and solvers. And distinctive features including: * Dynamic simulation of complex process structures; * Advanced calculation algorithm for dynamic simulations; * Consideration of solid, liquid, gas phases and their mixtures; * Proper handling of multidimensional interdependent distributed parameters of solids; * Providing standardized interfaces and templates for implementation of new units; * High modularity and extensibility. The package will be maintained under the roof of Debian Science Team. Anton -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmGb41ARHGdsYWRrQGRl Ymlhbi5vcmcACgkQ0+Fzg8+n/wbdxA//aq+1NKUl9sJHwOuSTKTNJhvnckSaQNMa sGMW4z0oMJFzn15TWN960SeNdBufQzydJHhQ9Ee6wvjOIZGxD0iSFFwkXKYEucwk +fgx4sZQP85P+nnp3YbnPHpsnHGnNgffVOpkCc2ugJwU3KqVpF+v4S4rjc894orl I2R7jZycy9ynay3V+400Cb77IJAz2FFvkYXhXvUryZ4BeSdhuSPQ/lWQdBUqaJ+I h4PVAnCUQTS140wUsbsfiVWELXSId0Z6BRQO+39tPAWg/mj67lRIYyO/FgzbOFaS H1f5sm1nOKNw3/VF3mDpYjf5n6ha4ARI+6bHvCC8DeST/8bSjRlG/vFfIDmvtAeW uzJ5Ov8xLiwEYJQ1PwYLMGg0yITJC+YXBJYvTzi4uvpoNQuhKtTtjFoE7TtelC3Q HBpW99r1vc3pVD5z9w22ETsdFrbhqzITz0u0DoZjgq8ooY1vTEXgZxCfNdqJzsWw 2Rrr9MnCiulngQQYFza/TCudJdEx4TBjB2BUyQnBL9FYwlxXYPKzR16ouwdaiRMe n6fY4MAREcO8vRmnv3nNLydIa14nt7tP0/CPQWDwQoalAapi1gU8yvP3RBZWXAeA uyrIVrlS6/Q0p3dVcSJ0DEDDHkQZN3DDQVzW/nHmynI5VXxtwLLRvGbhr9fYODfO PSRlod/B114= =Sxnh -END PGP SIGNATURE-
Bug#1000409: ITP: dyssol -- tool for dynamic flowsheet simulation
Package: wnpp Severity: wishlist Owner: Anton Gladky X-Debbugs-Cc: debian-de...@lists.debian.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 * Package name: dyssol Version : 1.0 Upstream Author : Dyssol Development Team * URL : https://github.com/FlowsheetSimulation/Dyssol-open * License : MIT Programming Lang: C++ Description : tool for dynamic flowsheet simulation Dyssol, the dynamic simulation of solids processes, is a novel dynamic flowsheet modelling system designed to simulate the time-dependent behaviour of complex production processes in solids processing technology. Key features including: 1. Dynamic simulation of flowsheets to reflect the time-dependent behaviour of processes and to take into account the accumulation of mass and energy; 2. Proper calculation of multidimensional distributed parameters of the solid phase, considering their possible interdependence; 3. Flexibility and extensibility of the system for adding new models of apparatuses and solvers. And distinctive features including: * Dynamic simulation of complex process structures; * Advanced calculation algorithm for dynamic simulations; * Consideration of solid, liquid, gas phases and their mixtures; * Proper handling of multidimensional interdependent distributed parameters of solids; * Providing standardized interfaces and templates for implementation of new units; * High modularity and extensibility. The package will be maintained under the roof of Debian Science Team. Anton -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmGb41ARHGdsYWRrQGRl Ymlhbi5vcmcACgkQ0+Fzg8+n/wbdxA//aq+1NKUl9sJHwOuSTKTNJhvnckSaQNMa sGMW4z0oMJFzn15TWN960SeNdBufQzydJHhQ9Ee6wvjOIZGxD0iSFFwkXKYEucwk +fgx4sZQP85P+nnp3YbnPHpsnHGnNgffVOpkCc2ugJwU3KqVpF+v4S4rjc894orl I2R7jZycy9ynay3V+400Cb77IJAz2FFvkYXhXvUryZ4BeSdhuSPQ/lWQdBUqaJ+I h4PVAnCUQTS140wUsbsfiVWELXSId0Z6BRQO+39tPAWg/mj67lRIYyO/FgzbOFaS H1f5sm1nOKNw3/VF3mDpYjf5n6ha4ARI+6bHvCC8DeST/8bSjRlG/vFfIDmvtAeW uzJ5Ov8xLiwEYJQ1PwYLMGg0yITJC+YXBJYvTzi4uvpoNQuhKtTtjFoE7TtelC3Q HBpW99r1vc3pVD5z9w22ETsdFrbhqzITz0u0DoZjgq8ooY1vTEXgZxCfNdqJzsWw 2Rrr9MnCiulngQQYFza/TCudJdEx4TBjB2BUyQnBL9FYwlxXYPKzR16ouwdaiRMe n6fY4MAREcO8vRmnv3nNLydIa14nt7tP0/CPQWDwQoalAapi1gU8yvP3RBZWXAeA uyrIVrlS6/Q0p3dVcSJ0DEDDHkQZN3DDQVzW/nHmynI5VXxtwLLRvGbhr9fYODfO PSRlod/B114= =Sxnh -END PGP SIGNATURE-
[Git][security-tracker-team/security-tracker][master] LTS: Status update
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 803cf5ce by Anton Gladky at 2021-11-21T21:45:27+01:00 LTS: Status update - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -38,9 +38,10 @@ firmware-nonfree (Markus Koschany) NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding possible "ignore" tag -- gerbv (Anton) - NOTE: 20210711: The fix has only one-line! But... be sure that the fix will help. (Anton) - NOTE: 20210711: Please take the package if you can reproduce the issue with valgrind/AddressSanitizer/Leaksanitizer (Anton) - NOTE: 20210711: The simple fix will unlikely help. (Anton) + NOTE: 20211107: The fix has only one-line! But... be sure that the fix will help. (Anton) + NOTE: 20211107: Please take the package if you can reproduce the issue with valgrind/AddressSanitizer/Leaksanitizer (Anton) + NOTE: 20211107: The simple fix will unlikely help. (Anton) + NOTE: 20211121: Still needs to be investigated with extra-tool. (Anton) -- gmp (Anton) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/803cf5ce7671144a41f12f31e44ebce2d62dcdef -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/803cf5ce7671144a41f12f31e44ebce2d62dcdef You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Re: Comments regarding alglib_3.18.0-1~exp1_amd64.changes
Thanks for the valuable link dated 2004! I have updated the test of the license in git, including the link. https://salsa.debian.org/science-team/alglib/-/commit/894d5d4850f9fd5bf920e6a892b52d56ecf753ae Regards Anton Am So., 21. Nov. 2021 um 19:19 Uhr schrieb Thorsten Alteholz : > > Hi Anton, > > you forgot the specialfunction.* > Probably the license text for the files of Stephen L. Moshier is wrong, as he > stated his wishes in [1]. > > Thorsten > > [1] https://lists.debian.org/debian-legal/2004/12/msg00295.html > > -- debian-science-maintainers mailing list debian-science-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
Re: alglib_3.18.0-1~exp1_amd64.changes REJECTED
Hello Thorsten, thanks for careful review! I am maintaining the package for many years and could not imagine that some copyright notices are in the middle of the long file. Thanks and updated package is reuploaded. Anton Am So., 21. Nov. 2021 um 18:01 Uhr schrieb Thorsten Alteholz : > > > Hi, > > please also mention at least Stephen L. Moshier in your debian/copyright. > > Thanks! > Thorsten > > > > > === > > Please feel free to respond to this email if you don't understand why > your files were rejected, or if you upload new files which address our > concerns. > -- debian-science-maintainers mailing list debian-science-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
Re: Continuing packaging effort (was: Bug#994272: RFS: opm-{common|material|grid|models|simulators|upscaling}/2021.04-1 [ITP] -- opm -- Open Porous Media Software Suite)
Hi Markus, thanks for contribution! I briefly reviewed your packages and did not find any serious issues there! Also employing Salsa-CI is really cool stuff, which is helping to be sure that the package is OK. Please consider to become DM/DD. Best regards Anton Am Mi., 17. Nov. 2021 um 09:50 Uhr schrieb Markus Blatt : > > Hi Anton, > > On Tue, Nov 16, 2021 at 11:53:21PM +0100, Anton Gladky wrote: > >I have not uploaded simulators yet. So I reverted to the -1 version. > > > > Cool, I will adjust the tags accordingly if you don't mind. > > All package are now in NEW of ftpmaster. Thanks Anton and Debian Science. That > was a breeze, prompt, and amazing. > > I also like the packaging process. The tools are really great and they helped > discovering quite a few flaws that might not have been noticed otherwise. > > Good job and thanks a lot. > > Markus >
Re: Continuing packaging effort (was: Bug#994272: RFS: opm-{common|material|grid|models|simulators|upscaling}/2021.04-1 [ITP] -- opm -- Open Porous Media Software Suite)
Hi Markus, I have not uploaded simulators yet. So I reverted to the -1 version. Regards Anton Am Di., 16. Nov. 2021 um 23:47 Uhr schrieb Markus Blatt : > > On Tue, Nov 16, 2021 at 11:22:02PM +0100, Markus Blatt wrote: > >Turned out I introduced two typos in the manpage in opm-simulators. > >Already fixed and rebuilding. Will upload 2021.10-2 in a few minutes. > > > > Done: https://mentors.debian.net/package/opm-simulators/ > > Markus >
Bug#994405: libgmp10:i386: buffer overflow due to integer overflow in mpz/inp_raw.c on 32-bit machines
CVE-2021-43618 is assigned to this issue. Adrian Bunk schrieb am Sa., 13. Nov. 2021, 21:09: > On Fri, Sep 17, 2021 at 07:02:48AM +0200, Anton Gladky wrote: > > Thanks, Vincent, for the information. I would still wait for CVE, > > so we can apply a patch and track vulnerability for other > > Debian versions (stable/oldstable/o-o-stable etc.). > > Hi Anton, > > did you manage to get a CVE assigned for this issue, or has there been > any problem with tnat? > > > Regards > > > > Anton > > Thanks > Adrian > -- debian-science-maintainers mailing list debian-science-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
Bug#994405: libgmp10:i386: buffer overflow due to integer overflow in mpz/inp_raw.c on 32-bit machines
CVE-2021-43618 is assigned to this issue. Adrian Bunk schrieb am Sa., 13. Nov. 2021, 21:09: > On Fri, Sep 17, 2021 at 07:02:48AM +0200, Anton Gladky wrote: > > Thanks, Vincent, for the information. I would still wait for CVE, > > so we can apply a patch and track vulnerability for other > > Debian versions (stable/oldstable/o-o-stable etc.). > > Hi Anton, > > did you manage to get a CVE assigned for this issue, or has there been > any problem with tnat? > > > Regards > > > > Anton > > Thanks > Adrian >
Re: Bug#994405: libgmp10:i386: buffer overflow due to integer overflow in mpz/inp_raw.c on 32-bit machines
CVE-2021-43618 is assigned to this issue. Adrian Bunk schrieb am Sa., 13. Nov. 2021, 21:09: > On Fri, Sep 17, 2021 at 07:02:48AM +0200, Anton Gladky wrote: > > Thanks, Vincent, for the information. I would still wait for CVE, > > so we can apply a patch and track vulnerability for other > > Debian versions (stable/oldstable/o-o-stable etc.). > > Hi Anton, > > did you manage to get a CVE assigned for this issue, or has there been > any problem with tnat? > > > Regards > > > > Anton > > Thanks > Adrian >
[SECURITY] [DLA 2818-1] ffmpeg security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2818-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Anton Gladky November 13, 2021 https://wiki.debian.org/LTS - - Package: ffmpeg Version: 7:3.2.16-1+deb9u1 CVE ID : CVE-2020-20445 CVE-2020-20446 CVE-2020-20451 CVE-2020-20453 CVE-2020-22037 CVE-2020-22041 CVE-2020-22044 CVE-2020-22046 CVE-2020-22048 CVE-2020-22049 CVE-2020-22054 CVE-2021-38171 CVE-2021-38291 Multiple issues have been discovered in ffmpeg - tools for transcoding, streaming and playing of multimedia files. CVE-2020-20445 Divide By Zero issue via libavcodec/lpc.h, which allows a remote malicious user to cause a Denial of Service. CVE-2020-20446 Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial of Service. CVE-2020-20451 Denial of Service issue due to resource management errors via fftools/cmdutils.c. CVE-2020-20453 Divide By Zero issue via libavcodec/aaccoder, which allows a remote malicious user to cause a Denial of Service. CVE-2020-22037 A Denial of Service vulnerability due to a memory leak in avcodec_alloc_context3 at options.c CVE-2020-22041 A Denial of Service vulnerability due to a memory leak in the av_buffersrc_add_frame_flags function in buffersrc. CVE-2020-22044 A Denial of Service vulnerability due to a memory leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c. CVE-2020-22046 A Denial of Service vulnerability due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c. CVE-2020-22048 A Denial of Service vulnerability due to a memory leak in the ff_frame_pool_get function in framepool.c. CVE-2020-22049 A Denial of Service vulnerability due to a memory leak in the wtvfile_open_sector function in wtvdec.c. CVE-2020-22054 A Denial of Service vulnerability due to a memory leak in the av_dict_set function in dict.c. CVE-2021-38171 adts_decode_extradata in libavformat/adtsenc.c does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted. CVE-2021-38291 Assertion failure at src/libavutil/mathematics.c, causing ffmpeg aborted is detected. In some extrme cases, like with adpcm_ms samples with an extremely high channel count, get_audio_frame_duration() may return a negative frame duration value. For Debian 9 stretch, these problems have been fixed in version 7:3.2.16-1+deb9u1. We recommend that you upgrade your ffmpeg packages. For the detailed security status of ffmpeg please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ffmpeg Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmGRdfMACgkQ0+Fzg8+n /wYM1hAAlHzYwm9B2nvTdl09cQjxypZel3vsSLywadLMkwxz+nOkqT8eKK7NUCx+ DDuCEpNKx8NXudadNxp3RFgjkmC72cB9aFZsjaq2OoycCJhRK43hTWNt+4fEuSWZ AVThV5bC72usSf2bW56cHsiF1nIJqkPIlc9wpPBXPz+sVSoDrZAN7npzdMmrZbEi jakCPqUAtOfJXMlphT5rN91DVFvHbSeeSl4YSVk4/ne7vPv8exy2eQH1UfHOu7JY 7jzg15Y9H5eQILlVTyj5Kjqf8oC20toyMTFJLYTnBBlnRGjDa71RqBajWN3wfH2h HNrLrFuqpeR0L5Pp7BdybGETHTh4xdXthj6yWQr83rGJt6qSr4wbB7cYyhp/fPci +5k92Cr/4+GVtbZ5Mf3swqVuak6N+FHHhO3RmcNGxaGBf8FGo6R4appfbMITusow AdJWeGIwIU57jPkD3gVAuySWJGtm2jiqpHMpL7tF9t4ZX/tOE3Anzoxtql+qJhZH fU+GdJ6giWA80NnpicG44I6dh/yC8zL3B/nXRI/dBVVgmSEwL4ypFfj/C491nx2i FQ/suwiZLaSip8dDyjsb6kdvvoivRqMZhzmWlsp3cdvJluJdqSfMMG0sI9J7nxfk phWZs4mBriPSOu+zQoLr7uyqtL/sSHeQ0gINBAN9iO5sagG6aBk= =2qUQ -END PGP SIGNATURE-
Bug#994405: libgmp10:i386: buffer overflow due to integer overflow in mpz/inp_raw.c on 32-bit machines
Thanks, Vincent, now I am able to reproduce the issue! I will request CVE. Regards Anton Am So., 14. Nov. 2021 um 15:44 Uhr schrieb Vincent Lefevre : > > On 2021-11-14 14:15:25 +0100, Anton Gladky wrote: > > well, I was thinking that upstream should request a CVE. Neverheless > > I could not reproduce the issue with the modern GCC-versions. > > Even on 32bit-systems. > > I can still reproduce the segmentation fault under Debian/unstable. > Simplified testcase: > > #include > #include > > int main (void) > { > mpz_t s; > mpz_init (s); > mpz_inp_raw (s, stdin); > return 0; > } > > Compile with gcc -m32 and execute: > > printf 12345 | ./testcase > > Note that even if you don't get a segmentation fault, there may be > other erratic behaviors, such as silent memory corruption (which may > be even worse). > > -- > Vincent Lefèvre - Web: <https://www.vinc17.net/> > 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> > Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) > -- debian-science-maintainers mailing list debian-science-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
Bug#994405: libgmp10:i386: buffer overflow due to integer overflow in mpz/inp_raw.c on 32-bit machines
Thanks, Vincent, now I am able to reproduce the issue! I will request CVE. Regards Anton Am So., 14. Nov. 2021 um 15:44 Uhr schrieb Vincent Lefevre : > > On 2021-11-14 14:15:25 +0100, Anton Gladky wrote: > > well, I was thinking that upstream should request a CVE. Neverheless > > I could not reproduce the issue with the modern GCC-versions. > > Even on 32bit-systems. > > I can still reproduce the segmentation fault under Debian/unstable. > Simplified testcase: > > #include > #include > > int main (void) > { > mpz_t s; > mpz_init (s); > mpz_inp_raw (s, stdin); > return 0; > } > > Compile with gcc -m32 and execute: > > printf 12345 | ./testcase > > Note that even if you don't get a segmentation fault, there may be > other erratic behaviors, such as silent memory corruption (which may > be even worse). > > -- > Vincent Lefèvre - Web: <https://www.vinc17.net/> > 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> > Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) >
Re: Bug#994405: libgmp10:i386: buffer overflow due to integer overflow in mpz/inp_raw.c on 32-bit machines
Thanks, Vincent, now I am able to reproduce the issue! I will request CVE. Regards Anton Am So., 14. Nov. 2021 um 15:44 Uhr schrieb Vincent Lefevre : > > On 2021-11-14 14:15:25 +0100, Anton Gladky wrote: > > well, I was thinking that upstream should request a CVE. Neverheless > > I could not reproduce the issue with the modern GCC-versions. > > Even on 32bit-systems. > > I can still reproduce the segmentation fault under Debian/unstable. > Simplified testcase: > > #include > #include > > int main (void) > { > mpz_t s; > mpz_init (s); > mpz_inp_raw (s, stdin); > return 0; > } > > Compile with gcc -m32 and execute: > > printf 12345 | ./testcase > > Note that even if you don't get a segmentation fault, there may be > other erratic behaviors, such as silent memory corruption (which may > be even worse). > > -- > Vincent Lefèvre - Web: <https://www.vinc17.net/> > 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> > Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) >
Bug#994405: libgmp10:i386: buffer overflow due to integer overflow in mpz/inp_raw.c on 32-bit machines
Hi Adrian, well, I was thinking that upstream should request a CVE. Neverheless I could not reproduce the issue with the modern GCC-versions. Even on 32bit-systems. Regards Anton Am Sa., 13. Nov. 2021 um 21:09 Uhr schrieb Adrian Bunk : > > On Fri, Sep 17, 2021 at 07:02:48AM +0200, Anton Gladky wrote: > > Thanks, Vincent, for the information. I would still wait for CVE, > > so we can apply a patch and track vulnerability for other > > Debian versions (stable/oldstable/o-o-stable etc.). > > Hi Anton, > > did you manage to get a CVE assigned for this issue, or has there been > any problem with tnat? > > > Regards > > > > Anton > > Thanks > Adrian -- debian-science-maintainers mailing list debian-science-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
Bug#994405: libgmp10:i386: buffer overflow due to integer overflow in mpz/inp_raw.c on 32-bit machines
Hi Adrian, well, I was thinking that upstream should request a CVE. Neverheless I could not reproduce the issue with the modern GCC-versions. Even on 32bit-systems. Regards Anton Am Sa., 13. Nov. 2021 um 21:09 Uhr schrieb Adrian Bunk : > > On Fri, Sep 17, 2021 at 07:02:48AM +0200, Anton Gladky wrote: > > Thanks, Vincent, for the information. I would still wait for CVE, > > so we can apply a patch and track vulnerability for other > > Debian versions (stable/oldstable/o-o-stable etc.). > > Hi Anton, > > did you manage to get a CVE assigned for this issue, or has there been > any problem with tnat? > > > Regards > > > > Anton > > Thanks > Adrian
Re: Bug#994405: libgmp10:i386: buffer overflow due to integer overflow in mpz/inp_raw.c on 32-bit machines
Hi Adrian, well, I was thinking that upstream should request a CVE. Neverheless I could not reproduce the issue with the modern GCC-versions. Even on 32bit-systems. Regards Anton Am Sa., 13. Nov. 2021 um 21:09 Uhr schrieb Adrian Bunk : > > On Fri, Sep 17, 2021 at 07:02:48AM +0200, Anton Gladky wrote: > > Thanks, Vincent, for the information. I would still wait for CVE, > > so we can apply a patch and track vulnerability for other > > Debian versions (stable/oldstable/o-o-stable etc.). > > Hi Anton, > > did you manage to get a CVE assigned for this issue, or has there been > any problem with tnat? > > > Regards > > > > Anton > > Thanks > Adrian
[Git][security-tracker-team/security-tracker][master] LTS: Add CVE-2021-38171 to be announced in DLA-2818-1
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 443b0985 by Anton Gladky at 2021-11-13T22:06:41+01:00 LTS: Add CVE-2021-38171 to be announced in DLA-2818-1 - - - - - 2 changed files: - data/CVE/list - data/DLA/list Changes: = data/CVE/list = @@ -15267,7 +15267,6 @@ CVE-2021-38172 CVE-2021-38171 (adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not ...) {DSA-4998-1 DSA-4990-1} - ffmpeg 7:4.4.1-1 - [stretch] - ffmpeg (Wait to be fixed in buster first) NOTE: https://github.com/FFmpeg/FFmpeg/commit/9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6 CVE-2021-38170 RESERVED = data/DLA/list = @@ -1,5 +1,5 @@ [13 Nov 2021] DLA-2818-1 ffmpeg - security update - {CVE-2020-20445 CVE-2020-20446 CVE-2020-20451 CVE-2020-20453 CVE-2020-22037 CVE-2020-22041 CVE-2020-22044 CVE-2020-22046 CVE-2020-22048 CVE-2020-22049 CVE-2020-22054 CVE-2021-38291} + {CVE-2020-20445 CVE-2020-20446 CVE-2020-20451 CVE-2020-20453 CVE-2020-22037 CVE-2020-22041 CVE-2020-22044 CVE-2020-22046 CVE-2020-22048 CVE-2020-22049 CVE-2020-22054 CVE-2021-38171 CVE-2021-38291} [stretch] - ffmpeg 7:3.2.16-1+deb9u1 [12 Nov 2021] DLA-2817-1 postgresql-9.6 - security update {CVE-2021-23214 CVE-2021-23222} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/443b0985410fa18819fa69e8353857e355291b2f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/443b0985410fa18819fa69e8353857e355291b2f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits