[Git][security-tracker-team/security-tracker][master] Reserve DLA-2818-1 for ffmpeg

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
11708225 by Anton Gladky at 2021-11-13T20:45:40+01:00
Reserve DLA-2818-1 for ffmpeg

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[13 Nov 2021] DLA-2818-1 ffmpeg - security update
+   {CVE-2020-20445 CVE-2020-20446 CVE-2020-20451 CVE-2020-20453 
CVE-2020-22037 CVE-2020-22041 CVE-2020-22044 CVE-2020-22046 CVE-2020-22048 
CVE-2020-22049 CVE-2020-22054 CVE-2021-38291}
+   [stretch] - ffmpeg 7:3.2.16-1+deb9u1
 [12 Nov 2021] DLA-2817-1 postgresql-9.6 - security update
{CVE-2021-23214 CVE-2021-23222}
[stretch] - postgresql-9.6 9.6.24-0+deb9u1


=
data/dla-needed.txt
=
@@ -36,12 +36,6 @@ debian-archive-keyring
 exiv2 (Thorsten Alteholz)
   NOTE: 20211109: testing package
 --
-ffmpeg (Anton Gladky)
-  NOTE: probably wait until stuff is fixed in Buster
-  NOTE: 20211010: WIP https://salsa.debian.org/lts-team/packages/ffmpeg
-  NOTE: ffmpeg 3.2.16 has been released
-  NOTE: 20211101: preparing an update (gladk)
---
 firefox-esr (Emilio)
 --
 firmware-nonfree



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1170822547df23d3426fd6813e07aa2ac83af5a0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1170822547df23d3426fd6813e07aa2ac83af5a0
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 3 commits: LTS: Mark CVE-2020-20898 as not-affected for stretch

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a5e8c57d by Anton Gladky at 2021-11-12T21:56:11+01:00
LTS: Mark CVE-2020-20898 as not-affected for stretch

- - - - -
e92ae2a4 by Anton Gladky at 2021-11-12T21:56:12+01:00
LTS: Mark CVE-2020-20450 as not-affected for stretch

- - - - -
efc96d20 by Anton Gladky at 2021-11-12T21:56:13+01:00
LTS: Mark CVE-2020-20448 as not-affected for stretch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -88088,6 +88088,7 @@ CVE-2020-20899
REJECTED
 CVE-2020-20898 (Integer Overflow vulnerability in function filter16_prewitt in 
libavfi ...)
- ffmpeg 7:4.3-2 (unimportant)
+   [stretch] - ffmpeg  (vulnerable code is not present)
NOTE: 
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23
 (4.3)
NOTE: https://trac.ffmpeg.org/ticket/8263
 CVE-2020-20897
@@ -89016,6 +89017,7 @@ CVE-2020-20450 (FFmpeg 4.2 is affected by null pointer 
dereference passed as arg
{DSA-4998-1}
[experimental] - ffmpeg 7:4.4-1
- ffmpeg 7:4.4-5 (unimportant)
+   [stretch] - ffmpeg  (vulnerable code is not present)
NOTE: https://trac.ffmpeg.org/ticket/7993
NOTE: 
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5400e4a50c61e53e1bc50b3e77201649bbe9c510
NOTE: 
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3865b1952e5cf993b016d83ba78fe1deb63bbfad
 (4.3)
@@ -89025,6 +89027,7 @@ CVE-2020-20449
 CVE-2020-20448 (FFmpeg 4.1.3 is affected by a Divide By Zero issue via 
libavcodec/rate ...)
{DSA-4722-1}
- ffmpeg 7:4.3-2 (unimportant)
+   [stretch] - ffmpeg  (vulnerable code is not present)
NOTE: https://trac.ffmpeg.org/ticket/7990
NOTE: Negligible security impact
NOTE: 
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8802e329c8317ca5ceb929df48a23eb0f9e852b2



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0479c970fc5fa15c101a7415d0c2d95dcd0621ee...efc96d20e5f83af8351acea4259a93664258fc31

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0479c970fc5fa15c101a7415d0c2d95dcd0621ee...efc96d20e5f83af8351acea4259a93664258fc31
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 8 commits: LTS: Mark CVE-2021-3809{0-4} as not-affected for stretch

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
aae67a88 by Anton Gladky at 2021-11-12T20:52:25+01:00
LTS: Mark CVE-2021-3809{0-4} as not-affected for stretch

- - - - -
991955f9 by Anton Gladky at 2021-11-12T20:52:27+01:00
LTS: Mark CVE-2020-22056 as not-affected for stretch

- - - - -
1af3a308 by Anton Gladky at 2021-11-12T20:52:29+01:00
LTS: Mark CVE-2020-22051 as not-affected for stretch

- - - - -
6aed8f87 by Anton Gladky at 2021-11-12T20:52:31+01:00
LTS: Mark CVE-2021-22043 as ignored for stretch

- - - - -
6b093797 by Anton Gladky at 2021-11-12T20:52:32+01:00
LTS: Mark CVE-2021-22042 as ignored for stretch

- - - - -
7cef8505 by Anton Gladky at 2021-11-12T20:52:34+01:00
LTS: Mark CVE-2021-22040 as ignored for stretch

- - - - -
c837c6f0 by Anton Gladky at 2021-11-12T20:52:35+01:00
LTS: Mark CVE-2021-22039 as ignored for stretch

- - - - -
f459c867 by Anton Gladky at 2021-11-12T20:52:37+01:00
LTS: Mark CVE-2020-22038 as not-affected for stretch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -15354,24 +15354,29 @@ CVE-2021-38095 (The REST API in Planview Spigit 4.5.3 
allows remote unauthentica
NOT-FOR-US: Planview Spigit
 CVE-2021-38094 (Integer Overflow vulnerability in function filter_sobel in 
libavfilter ...)
- ffmpeg 7:4.3-2 (unimportant)
+   [stretch] - ffmpeg  (vulnerable code is not present)
NOTE: 
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23
NOTE: https://trac.ffmpeg.org/ticket/8263
NOTE: Negligible security impact
 CVE-2021-38093 (Integer Overflow vulnerability in function filter_robert in 
libavfilte ...)
- ffmpeg 7:4.3-2 (unimportant)
+   [stretch] - ffmpeg  (vulnerable code is not present)
NOTE: 
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23
NOTE: https://trac.ffmpeg.org/ticket/8263
NOTE: Negligible security impact
 CVE-2021-38092 (Integer Overflow vulnerability in function filter_prewitt in 
libavfilt ...)
- ffmpeg 7:4.3-2 (unimportant)
+   [stretch] - ffmpeg  (vulnerable code is not present)
NOTE: 
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23
NOTE: https://trac.ffmpeg.org/ticket/8263
 CVE-2021-38091 (Integer Overflow vulnerability in function filter16_sobel in 
libavfilt ...)
- ffmpeg 7:4.3-2 (unimportant)
+   [stretch] - ffmpeg  (vulnerable code is not present)
NOTE: 
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23
NOTE: https://trac.ffmpeg.org/ticket/8263
 CVE-2021-38090 (Integer Overflow vulnerability in function filter16_roberts in 
libavfi ...)
- ffmpeg 7:4.3-2 (unimportant)
+   [stretch] - ffmpeg  (vulnerable code is not present)
NOTE: 
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23
NOTE: https://trac.ffmpeg.org/ticket/8263
 CVE-2021-38089
@@ -85452,6 +85457,7 @@ CVE-2020-22057
RESERVED
 CVE-2020-22056 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to 
a memory ...)
- ffmpeg 7:4.3-2 (unimportant)
+   [stretch] - ffmpeg  (vulnerable code is not present)
NOTE: https://trac.ffmpeg.org/ticket/8304
NOTE: 
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=daf2bef98ded7f8431fd04bf3324669329a923c1
NOTE: Negligible security impact
@@ -85469,6 +85475,7 @@ CVE-2020-22052
RESERVED
 CVE-2020-22051 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to 
a memory ...)
- ffmpeg 7:4.3-2 (unimportant)
+   [stretch] - ffmpeg  (vulnerable code is not present)
NOTE: https://trac.ffmpeg.org/ticket/8313
NOTE: 
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=673fce6d40d9a594fb7a0ea17d296b7d3d9ea856
NOTE: Negligible security impact
@@ -85501,12 +85508,14 @@ CVE-2020-22044 (A Denial of Service vulnerability 
exists in FFmpeg 4.2 due to a
NOTE: Negligible security impact
 CVE-2020-22043 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to 
a memory ...)
- ffmpeg 7:4.3-2 (unimportant)
+   [stretch] - ffmpeg  (Patch is too destructive to implement it 
in oldstable. Minor issue)
NOTE: https://trac.ffmpeg.org/ticket/8284
NOTE: 
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=b288a7eb3d963a175e177b6219c8271076ee8590
NOTE: Negligible security impact
 CVE-2020-22042 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to 
a memory ...)
{DSA-4998-1}
- ffmpeg 7:4.4-5 (unimportant)
+   [stretch] - ffmpeg  (Patch can not be applied cleanly in 
oldstable. Minor issue)
NOTE: https://trac.ffmpeg.org/ticket/8267
NOTE: 
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h

[Git][security-tracker-team/security-tracker][master] 2 commits: LTS: unclaim ntfs-3g

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
441ca87f by Anton Gladky at 2021-11-11T21:52:43+01:00
LTS: unclaim ntfs-3g

- - - - -
7de02388 by Anton Gladky at 2021-11-11T21:53:28+01:00
LTS: take samba

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -74,7 +74,7 @@ linux-4.19 (Ben Hutchings)
 --
 mbedtls (Emilio)
 --
-ntfs-3g (Anton Gladky)
+ntfs-3g
   NOTE: 20211101: too many CVEs (gladk)
 --
 nvidia-graphics-drivers
@@ -91,7 +91,7 @@ rustc (Roberto C. Sánchez)
 --
 salt (Markus Koschany)
 --
-samba
+samba (Anton)
 --
 thunderbird (Emilio)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/97980ea25991203e6e44c04eb9d4ec096101b3bd...7de02388cacfdbd7ad80e2de063e39207b97bbd3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/97980ea25991203e6e44c04eb9d4ec096101b3bd...7de02388cacfdbd7ad80e2de063e39207b97bbd3
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] LTS: take gerbv

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6e90a903 by Anton Gladky at 2021-11-08T22:37:02+01:00
LTS: take gerbv

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -44,7 +44,7 @@ firmware-nonfree
   NOTE: 20210731: WIP: 
https://salsa.debian.org/lts-team/packages/firmware-nonfree
   NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding 
possible "ignore" tag
 --
-gerbv
+gerbv (Anton)
   NOTE: 20210711: The fix has only one-line! But... be sure that the fix will 
help. (Anton)
   NOTE: 20210711: Please take the package if you can reproduce the issue with 
valgrind/AddressSanitizer/Leaksanitizer (Anton)
   NOTE: 20210711: The simple fix will unlikely help. (Anton)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e90a903e48f529d4dbad3ad57b9e25b714ecf4d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e90a903e48f529d4dbad3ad57b9e25b714ecf4d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[SECURITY] [DLA 2812-1] botan1.10 security update

[Anton Gladky]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

- -
Debian LTS Advisory DLA-2812-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Anton Gladky
November 08, 2021 https://wiki.debian.org/LTS
- -

Package: botan1.10
Version: 1.10.17-1+deb9u1
CVE ID : CVE-2017-14737

One security issue has been discovered in botan1.10: a C++ cryptography
library.


An attacker of a local or a cross-VM may be able to recover bits of
secret exponents as used in RSA, DH, etc. with help of cache analysis.
https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/wang-shuai

For Debian 9 stretch, this problem has been fixed in version
1.10.17-1+deb9u1.

We recommend that you upgrade your botan1.10 packages.

For the detailed security status of botan1.10 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/botan1.10

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmGJlfsACgkQ0+Fzg8+n
/waTvxAAmViY/mHlK+e6Bs3JwfiFbtBixUxnfnaIF+byn7QGjoWCQhcKMP/QrPiO
x4KU0S/88634P5t0Kd7VtGxAPKAuS9u4U2GzbED3LNqWkE6YIsK0TqJTXGDT/Q3o
dEFWp7pHuG5nAP4pPJ9xTPXZfaF0gI+/HgetPUxB026qvhl/iaveEvzyyH94Yc9J
0lZSEnyC3tymRM9/8RlvthQIVDiZENMZHvTH7Alyn+yu3VEGkRCWlY+mfPSqSHUS
Qa0XNAzNEQXeYKY/1OUmNbxjHX8scy9H2rlchs/+G63lgY6oS29ZKCf2ON36gCes
/zVWzPCAhy1iIr6QPDSx8zpkHp4Y4t7da98WUTW72hsrHEVGKZXI1IwD52QbQxUq
y76k4fiKIcP0TcoRVyXjCFW/+0fgEI+hMHiA0tM8iuas4wTBYD9D+iuRijaBYWKB
/cO73DpBvurXmLZNFBfN0PxIY8paw3ru1pZE9VA8dixauE3jIYTcwDIj5hEvkrG9
2u9qQBNnm06C9eXuu9F1jBI3HNgZX9cRyJL8/ig3J8rbBq9OrI2z2ssztXf+3Gp5
HZL5aqp0PoRxmnUasgOucbrgJEcz7W15F6mceRy6PoSeknX7xZVvB+CR0qGxBtH7
MI6NBxhB3dQUsry6gUlerBJYY6Yd+oSZk2+Ujb+8936adhW8y+E=
=xXmx
-END PGP SIGNATURE-

[Git][security-tracker-team/security-tracker][master] 2 commits: LTS: remove no-dsa tag for CVE-2017-14737 for stretch

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
dd92d16d by Anton Gladky at 2021-11-08T21:26:49+01:00
LTS: remove no-dsa tag for CVE-2017-14737 for stretch

- - - - -
48d4da5f by Anton Gladky at 2021-11-08T21:26:50+01:00
Reserve DLA-2812-1 for botan1.10

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=
data/CVE/list
=
@@ -260635,7 +260635,6 @@ CVE-2017-14738 (FileRun (version 2017.09.18 and 
below) suffers from a remote SQL
 CVE-2017-14737 (A cryptographic cache-based side channel in the RSA 
implementation in  ...)
{DLA-1125-1}
- botan1.10 1.10.17-0.1 (bug #877436)
-   [stretch] - botan1.10  (Minor issue)
[jessie] - botan1.10  (Minor issue)
NOTE: https://github.com/randombit/botan/issues/1222
NOTE: 
https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/wang-shuai


=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[08 Nov 2021] DLA-2812-1 botan1.10 - security update
+   {CVE-2017-14737}
+   [stretch] - botan1.10 1.10.17-1+deb9u1
 [06 Nov 2021] DLA-2811-1 sqlalchemy - security update
{CVE-2019-7164 CVE-2019-7548}
[stretch] - sqlalchemy 1.0.15+ds1-1+deb9u1


=
data/dla-needed.txt
=
@@ -18,9 +18,6 @@ ansible
   NOTE: 20210411: after that LTS. (apo)
   NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/
 --
-botan1.10 (Anton Gladky)
-  NOTE: 20211101: almost ready to be uploaded (gladk)
---
 ckeditor (Utkarsh)
 --
 debian-archive-keyring



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/24ce436cf2edc2a26f4754f9da880ea795f66955...48d4da5f9966115868b5af545e4ddcab8d715f18

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/24ce436cf2edc2a26f4754f9da880ea795f66955...48d4da5f9966115868b5af545e4ddcab8d715f18
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Re: gmsh_4.8.4+ds1-2_amd64.changes REJECTED

[Anton Gladky]

Hi Thorsten,

thanks for this information!

I removed some libraries and used a packaged versions,
updated d/copyright and uploaded again.

Thank you

Anton

Am Sa., 6. Nov. 2021 um 00:00 Uhr schrieb Thorsten Alteholz
:
>
>
> Hi Anton,
>
> I am afraid you need to rework your debian/copyright a bit.
> On a short glimpse several packages in contrib are added and should be 
> mentioned (for example the MPL of Eigen).
>
> Thanks!
>  Thorsten
>
>
>
> ===
>
> Please feel free to respond to this email if you don't understand why
> your files were rejected, or if you upload new files which address our
> concerns.
>

-- 
debian-science-maintainers mailing list
debian-science-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers

[Git][security-tracker-team/security-tracker][master] LTS: add gerbv

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b8024c66 by Anton Gladky at 2021-11-07T11:46:40+01:00
LTS: add gerbv

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=
data/CVE/list
=
@@ -9187,6 +9187,8 @@ CVE-2021-40391 [Gerbv drill format T-code tool number 
out-of-bounds write vulner
[bullseye] - gerbv  (Minor issue)
[buster] - gerbv  (Minor issue)
NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1402
+   NOTE: 
https://github.com/gerbv/gerbv/commit/9f83950b772b37b49ee188300e444546e6aab17e
+   NOTE: https://github.com/gerbv/gerbv/issues/30
 CVE-2021-40390
RESERVED
 CVE-2021-40389


=
data/dla-needed.txt
=
@@ -47,6 +47,11 @@ firmware-nonfree
   NOTE: 20210731: WIP: 
https://salsa.debian.org/lts-team/packages/firmware-nonfree
   NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding 
possible "ignore" tag
 --
+gerbv
+  NOTE: 20210711: The fix has only one-line! But... be sure that the fix will 
help. (Anton)
+  NOTE: 20210711: Please take the package if you can reproduce the issue with 
valgrind/AddressSanitizer/Leaksanitizer (Anton)
+  NOTE: 20210711: The simple fix will unlikely help. (Anton)
+--
 gpac (Roberto C. Sánchez)
   NOTE: 20211101: coordinating with secteam for s-p-u since stretch/buster 
versions match (roberto)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8024c66e37652cf8316f9b3417dd91ec368ad45

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8024c66e37652cf8316f9b3417dd91ec368ad45
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Yade-users] New version of Yade, 2022. Release plan

[Anton Gladky]

Dear Yade users and developers,

as always at the beginning of January we want to release a new Yade version.
Release process takes some time, so please commit all your planned features
till the end of the December 2021, so we can prepare tarball, test it on all
supported architectures and upload it into the package archives.

The version 2022.01 should go into the next Long-term-support Ubuntu Release,
which is planned to be released in April 2022 and will be supported till 2027,
and even with Extended Security Maintenance till 2032.

Please plan your work accordingly.

Thanks and best regards

Anton

___
Mailing list: https://launchpad.net/~yade-users
Post to : yade-users@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yade-users
More help   : https://help.launchpad.net/ListHelp

[Yade-dev] New version of Yade, 2022. Release plan

[Anton Gladky]

Dear Yade users and developers,

as always at the beginning of January we want to release a new Yade version.
Release process takes some time, so please commit all your planned features
till the end of the December 2021, so we can prepare tarball, test it on all
supported architectures and upload it into the package archives.

The version 2022.01 should go into the next Long-term-support Ubuntu Release,
which is planned to be released in April 2022 and will be supported till 2027,
and even with Extended Security Maintenance till 2032.

Please plan your work accordingly.

Thanks and best regards

Anton

___
Mailing list: https://launchpad.net/~yade-dev
Post to : yade-dev@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yade-dev
More help   : https://help.launchpad.net/ListHelp

[Git][security-tracker-team/security-tracker][master] LTS: add wordpress

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f541bd86 by Anton Gladky at 2021-11-05T19:25:28+01:00
LTS: add wordpress

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -100,3 +100,5 @@ sqlalchemy (Markus Koschany)
 --
 thunderbird (Emilio)
 --
+wordpress
+--



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f541bd86b2109e82dd165a5e9c2b4899b9d9047f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f541bd86b2109e82dd165a5e9c2b4899b9d9047f
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] LTS: add ckeditor and assign to Utkarsh (discussed per email)

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
417435ee by Anton Gladky at 2021-11-05T19:12:46+01:00
LTS: add ckeditor and assign to Utkarsh (discussed per email)

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -21,6 +21,8 @@ ansible
 botan1.10 (Anton Gladky)
   NOTE: 20211101: almost ready to be uploaded (gladk)
 --
+ckeditor (Utkarsh)
+--
 debian-archive-keyring
   NOTE: https://lists.debian.org/debian-lts/2021/08/msg00037.html
   NOTE: 20210920: Raphael answered. will backport today. (utkarsh)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/417435ee8736d9a40b2a3596e7750250138368f6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/417435ee8736d9a40b2a3596e7750250138368f6
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Bug#996204: Bug#998411: Bug#996204: transition: numerical library stack: hypre SONAME (Policy 8.1)

[Anton Gladky]

I have fixed gmsh. It will appear in NEW soon.

Regards

Anton

Bug#998411: Bug#996204: transition: numerical library stack: hypre SONAME (Policy 8.1)

[Anton Gladky]

I have fixed gmsh. It will appear in NEW soon.

Regards

Anton

Bug#996204: Bug#998411: Bug#996204: transition: numerical library stack: hypre SONAME (Policy 8.1)

[Anton Gladky]

I have fixed gmsh. It will appear in NEW soon.

Regards

Anton

Bug#998411: Bug#996204: transition: numerical library stack: hypre SONAME (Policy 8.1)

[Anton Gladky]

I have fixed gmsh. It will appear in NEW soon.

Regards

Anton

-- 
debian-science-maintainers mailing list
debian-science-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers

Re: Continuing packaging effort (was: Bug#994272: RFS: opm-{common|material|grid|models|simulators|upscaling}/2021.04-1 [ITP] -- opm -- Open Porous Media Software Suite)

[Anton Gladky]

Hi Markus,

thanks for this effort! I am also interested in this software
and will review it within the next few days.

Best regards

Anton

Am Do., 4. Nov. 2021 um 18:17 Uhr schrieb Markus Blatt :
>
> Hi,
>
> just to keep debian-science up to date (I am sorry for not CCing with the
> original message to BTS and for multiple messages).
>
> Here is a copy of the message sent to Debian's BTS.
>
> We are still looking for a sponsor for the OPM packages.
>
> FYI: We are about to release the next upstream version 2021.10 and intend to
> update the prospective Debian packages (see [0], [1] for all details).
> Any comments and recommendations about the current packages are of course
> welcome and we will try to incorporate them. It might of course make sense to
> wait with uploading to NEW for the new release. I will report when the 
> packages
> for the new release are available.
>
> What OPM is and why it should be in Debian:
>
> The Open Porous Media (OPM) software suite provides libraries and
> tools for modeling and simulation of porous media processes, especially
> for simulating CO2 sequestration and improved and enhanced oil recovery.
> Its main part is a blackoil reservoir simulator with file input and output
> compatible with a major commercial oil reservoir simulator. On some
> cases it clearly outperforms the commercial one. Being open source it lowers
> the bar for starting simulations and is used by industry, research institutes
> and quite a few small consultancies.
>
> Looking foward to your reviews and sponsoring efforts.
>
> Cheers,
>
> Markus
>
> [0] https://lists.debian.org/debian-mentors/2021/09/msg00055.html
> [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994272
>
>

[Git][security-tracker-team/security-tracker][master] LTS: add udisks2

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ce12f5aa by Anton Gladky at 2021-11-04T19:21:52+01:00
LTS: add udisks2

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -117,3 +117,5 @@ sqlalchemy (Markus Koschany)
 --
 thunderbird (Emilio)
 --
+udisks2
+--



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce12f5aa6017995e6414045f05785c40165d010f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce12f5aa6017995e6414045f05785c40165d010f
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] LTS: add mbedtls

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d5382456 by Anton Gladky at 2021-11-03T22:47:59+01:00
LTS: add mbedtls

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -67,6 +67,8 @@ linux (Ben Hutchings)
 --
 linux-4.19 (Ben Hutchings)
 --
+mbedtls
+--
 ntfs-3g (Anton Gladky)
   NOTE: 20211101: too many CVEs (gladk)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5382456a53d5d7850bbe31693fb00b0657a3339

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5382456a53d5d7850bbe31693fb00b0657a3339
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Re: Request to join

[Anton Gladky]

Hi,

Welcome on board! Added to the salsa-group.

Regards

Anton

Am Mi., 3. Nov. 2021 um 20:39 Uhr schrieb Jose Manuel Abuin Mosquera
:
>
> Hello.
>
> My name is Jose Manuel Abuin, I am a scientific software developer and a
> Debian user since a long time ago. I would like to join the group and
> help in anything I can. My login in salsa is jmabuin-guest
>
> For more information you can take a look at my web
> http://jmabuin.github.io/ or my GitHub https://github.com/jmabuin
>
> Cheers!
>
> Jose M. Abuin
>

Re: Debian Math Team

[Anton Gladky]

I think we all have a very limited free time to work on Debian.
At least it is my situation.

Newcomers are looking for reviewers/uploaders, trying to reach
a relatively large audience in d/science, sometimes for a very long
time without success. How will it work in a smaller team?

Doing some large transitions (vtk, boost, etc.) I am always very glad
seeing package maintained in a d/science because it is very easy
to make a tiny uploads, reaching the result very fast without filing
bugs, NMUs etc. All these official bureaucratic procedures  take a lot
of time and at the end slow down the process. Why do we want to
get a one-more team with own policy, necessity to be a member of it
doing such uploads etc. It makes things harder!

I have unsubscribed myself from most of the mailing lists (even from
debian-devel, sorry), leaving only important ones for me to save some
more time for QA-work, reviewing/sponsoring/uploading packages, fixing
bugs, setting CI-pipelines for salsa-repos etc.  Why do we want to spread
an energy/time writing new policy, moving packages etc?

My strong opinion is that new barriers (blends/teams/salsa-groups whatever)
will unlikely improve the total quality and amount of Debian packages.
For me it just means that I will probably need to file more NMUs, asking
other people for reviews etc... It is a pain and a waste of time. Sorry.

I will probably need to request membership in other teams due to
some QA or release-transition work, but

Regards

Anton

[Git][security-tracker-team/security-tracker][master] LTS: add icinga2 and kodi

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2d1d92e4 by Anton Gladky at 2021-11-02T22:39:54+01:00
LTS: add icinga2 and kodi

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -48,6 +48,10 @@ firmware-nonfree
 gpac (Roberto C. Sánchez)
   NOTE: 20211101: coordinating with secteam for s-p-u since stretch/buster 
versions match (roberto)
 --
+icinga2
+--
+kodi
+--
 libgit2 (Utkarsh)
   NOTE: 20211029: CVE-2018-10887/CVE-2018-10888/CVE-2018-15501 were fixed
   NOTE: 20211029: for jessie in DLA-1477-1 and should also be fixed in stretch



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d1d92e4830975dd2e11ae9413c8e9fc18ed240b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d1d92e4830975dd2e11ae9413c8e9fc18ed240b
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] LTS: status update

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
738d7339 by Anton Gladky at 2021-11-01T20:59:57+01:00
LTS: status update

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -21,6 +21,7 @@ ansible
 bind9 (Markus Koschany)
 --
 botan1.10 (Anton Gladky)
+  NOTE: 20211101: almost ready to be uploaded (gladk)
 --
 debian-archive-keyring
   NOTE: https://lists.debian.org/debian-lts/2021/08/msg00037.html
@@ -38,6 +39,7 @@ ffmpeg (Anton Gladky)
   NOTE: probably wait until stuff is fixed in Buster
   NOTE: 20211010: WIP https://salsa.debian.org/lts-team/packages/ffmpeg
   NOTE: ffmpeg 3.2.16 has been released
+  NOTE: 20211101: preparing an update (gladk)
 --
 firefox-esr (Emilio)
 --
@@ -68,6 +70,7 @@ linux (Ben Hutchings)
 linux-4.19 (Ben Hutchings)
 --
 ntfs-3g (Anton Gladky)
+  NOTE: 20211101: too many CVEs (gladk)
 --
 nvidia-graphics-drivers
   NOTE: package is in non-free but also in packages-to-support



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/738d73399ed1936d2ce10e7206e37a6f038571fa

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/738d73399ed1936d2ce10e7206e37a6f038571fa
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Bug#996204: transition: numerical library stack

[Anton Gladky]

sundials_5.8.0 is in unstable already.

Cheers


Anton

Bug#996204: transition: numerical library stack

[Anton Gladky]

sundials_5.8.0 is in unstable already.

Cheers


Anton

Re: Debian Math Team

[Anton Gladky]

I do not see any benefits from creating a one-more team. It decreases
definitely bus-factor of the package, will unlikely increase their quality
and for end-users it is mostly not visible, in what team it is maintained.

Sure, feel free to create it, if you want, but please do not move any existing
packages from any team to a new one without prior confirmation of all
uploaders.

>From my point of view, we have enough really useful work in Debian which
needs to be done (fixing bugs, adding autopkgtests, setting-up
CI-pipelines etc.)
instead of moving packages between teams.

Cheers

Anton

Re: Debian Math Team

[Anton Gladky]

Hi Doug,

well, I think that it just increases a fragmentation. But it is up to you.

Best regards

Anton

Am Fr., 29. Okt. 2021 um 22:04 Uhr schrieb Torrance, Douglas
:
>
> During the Debian Science BoF at this year's DebConf, there was some
> discussion of creating a team devoted to packaging mathematical software.
>
> This seemed like a pretty good idea, so I figured that I'd go ahead and
> start working on getting it set up.  I've already created a Salsa group [1]
> and a team on the Debian Package Tracker [2].  If you're interested in
> joining, then you should be able to sign up at these links.
>
> I figured next would be applying for a mailing list, putting together a team 
> policy, etc.  Any thoughts?
>
> Doug
>
> [1] https://salsa.debian.org/math-team
> [2] https://tracker.debian.org/teams/math/

[Git][security-tracker-team/security-tracker][master] LTS: Mark CVE-2021-40529 as ignored for stretch

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
35f58eef by Anton Gladky at 2021-10-28T20:50:13+02:00
LTS: Mark CVE-2021-40529 as ignored for stretch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -6986,6 +6986,7 @@ CVE-2021-40530 (The ElGamal implementation in Crypto++ 
through 8.5 allows plaint
 CVE-2021-40529 (The ElGamal implementation in Botan through 2.18.1, as used in 
Thunder ...)
- botan 2.18.1+dfsg-3 (bug #993840)
- botan1.10 
+   [stretch] - botan1.10  (Affected function encrypt(...) has 
changed drastically. Backport is too instrusive to backport)
NOTE: https://eprint.iacr.org/2021/923
NOTE: https://github.com/randombit/botan/pull/2790
NOTE: Fixed by: 
https://github.com/randombit/botan/commit/9a23e4e3bc3966340531f2ff608fa9d33b5185a2



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35f58eef4348fa9f99a513e24033c2d2818c4910

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35f58eef4348fa9f99a513e24033c2d2818c4910
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] LTS: take botan1.10

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
50bc957b by Anton Gladky at 2021-10-27T17:05:13+02:00
LTS: take botan1.10

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -18,7 +18,7 @@ ansible
   NOTE: 20210411: after that LTS. (apo)
   NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/
 --
-botan1.10
+botan1.10 (Anton Gladky)
 --
 cron (Adrian Bunk)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50bc957ba5d6fee27badfe7b451f90a08074edbc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50bc957ba5d6fee27badfe7b451f90a08074edbc
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 3 commits: LTS: ignored -> not-affected for CVE-2021-34432

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d3c76c38 by Anton Gladky at 2021-10-26T23:32:46+02:00
LTS: ignored - not-affected for CVE-2021-34432

- - - - -
f61b955a by Anton Gladky at 2021-10-26T23:32:46+02:00
Reserve DLA-2793-1 for mosquitto

- - - - -
b5b16186 by Anton Gladky at 2021-10-26T23:33:04+02:00
Reserve DLA-2794-1 for mosquitto

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=
data/CVE/list
=
@@ -21413,8 +21413,8 @@ CVE-2021-34433 (In Eclipse Californium version 2.0.0 to 
2.6.4 and 3.0.0-M1 to 3.
NOT-FOR-US: Eclipse Californium
 CVE-2021-34432 (In Eclipse Mosquitto versions 2.07 and earlier, the server 
will crash  ...)
- mosquitto 2.0.8-1
-   [buster] - mosquitto  (Vulnerable code is not accessible in 
version 1.x)
-   [stretch] - mosquitto  (Vulnerable code is not accessible in 
version 1.x)
+   [buster] - mosquitto  (Vulnerable code is not accessible 
in version 1.x)
+   [stretch] - mosquitto  (Vulnerable code is not accessible 
in version 1.x)
NOTE: 
https://github.com/eclipse/mosquitto/commit/9b08faf0bdaf5a4f2e6e3dd1ea7e8c57f70418d6
NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=574141
 CVE-2021-34431 (In Eclipse Mosquitto version 1.6 to 2.0.10, if an 
authenticated client ...)


=
data/DLA/list
=
@@ -1,3 +1,9 @@
+[26 Oct 2021] DLA-2794-1 mosquitto - security update
+   {CVE-2017-7655}
+   [stretch] - mosquitto 1.4.10-3+deb9u5
+[26 Oct 2021] DLA-2793-1 mosquitto - security update
+   {CVE-2017-7655}
+   [stretch] - mosquitto 1.4.10-3+deb9u5
 [24 Oct 2021] DLA-2792-1 faad2 - security update
{CVE-2018-20199 CVE-2018-20360 CVE-2019-6956 CVE-2021-32274 
CVE-2021-32276 CVE-2021-32277 CVE-2021-32278}
[stretch] - faad2 2.8.0~cvs20161113-1+deb9u3


=
data/dla-needed.txt
=
@@ -55,10 +55,6 @@ linux (Ben Hutchings)
 --
 linux-4.19 (Ben Hutchings)
 --
-mosquitto (Anton Gladky)
-  NOTE: 20210805: coordinating upload to buster before DLA for Stretch 
(codehelp)
-  NOTE: 20210806: CVE-2021-34432 ignored in buster and stretch. Vulnerable 
code not accessible. (codehelp)
---
 ntfs-3g (Anton Gladky)
 --
 nvidia-graphics-drivers



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ad7f7810b0440e42060e6a30b108893f248bf468...b5b1618632bb2ba6e106323de5ce2722ef0ef4c9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ad7f7810b0440e42060e6a30b108893f248bf468...b5b1618632bb2ba6e106323de5ce2722ef0ef4c9
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Bug#996204: transition: numerical library stack

[Anton Gladky]

OK, I will upload it into unstable very soon. What abou #997664?
The package should go to NEW actually. Or leave it as it is for the moment?

Anton

Am Mo., 25. Okt. 2021 um 21:15 Uhr schrieb Drew Parsons :
>
> The sundials 5.8.0 test build in experimental looks successful.
> Probably not worth waiting for the mipsel build, it's been slow to
> build, especially for experimental.
>
> Drew
>
>
>
> On 2021-10-22 17:40, Anton Gladky wrote:
> > Great, thanks! Will do it very shortly.
> >
> > Anton
> >
> > Sebastian Ramacher  schrieb am Fr., 22. Okt.
> > 2021, 14:35:
> ...
> >>
> >> I think we are ready for the sundials upload.
> >>

Bug#996204: transition: numerical library stack

[Anton Gladky]

OK, I will upload it into unstable very soon. What abou #997664?
The package should go to NEW actually. Or leave it as it is for the moment?

Anton

Am Mo., 25. Okt. 2021 um 21:15 Uhr schrieb Drew Parsons :
>
> The sundials 5.8.0 test build in experimental looks successful.
> Probably not worth waiting for the mipsel build, it's been slow to
> build, especially for experimental.
>
> Drew
>
>
>
> On 2021-10-22 17:40, Anton Gladky wrote:
> > Great, thanks! Will do it very shortly.
> >
> > Anton
> >
> > Sebastian Ramacher  schrieb am Fr., 22. Okt.
> > 2021, 14:35:
> ...
> >>
> >> I think we are ready for the sundials upload.
> >>

Bug#984068: marked as pending in itksnap

[Anton Gladky]

Control: tag -1 pending

Hello,

Bug #984068 in itksnap reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/med-team/itksnap/-/commit/23e6d300304fd9fff8d31984b43ed438cfc7eb17


Add upstream commit fixing the C++ version used

Closes: #984068


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/984068

[med-svn] [Git][med-team/itksnap][master] Switch to vtk9

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Med / itksnap


Commits:
76a57573 by Anton Gladky at 2021-10-24T20:43:13+02:00
Switch to vtk9

- - - - -


1 changed file:

- debian/control


Changes:

=
debian/control
=
@@ -7,7 +7,7 @@ Section: science
 Priority: optional
 Build-Depends: debhelper-compat (= 11),
cmake,
-   libvtk7-dev,
+   libvtk9-dev,
libinsighttoolkit4-dev,
libgdcm-dev,
imagemagick,



View it on GitLab: 
https://salsa.debian.org/med-team/itksnap/-/commit/76a57573c1ac5f6e8f4fd5870dd665624e9f9b95

-- 
View it on GitLab: 
https://salsa.debian.org/med-team/itksnap/-/commit/76a57573c1ac5f6e8f4fd5870dd665624e9f9b95
You're receiving this email because of your account on salsa.debian.org.


___
debian-med-commit mailing list
debian-med-com...@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-med-commit

[med-svn] [Git][med-team/itksnap][master] 4 commits: Add patch from Logan Rosen to fix FTBFS with glibc 2.32

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Med / itksnap


Commits:
ff651a1d by Adrian Bunk at 2021-10-24T13:25:48+03:00
Add patch from Logan Rosen to fix FTBFS with glibc 2.32

Closes: #986600

- - - - -
23e6d300 by Adrian Bunk at 2021-10-24T13:30:31+03:00
Add upstream commit fixing the C++ version used

Closes: #984068

- - - - -
6097ae8d by Adrian Bunk at 2021-10-24T19:35:56+03:00
Switch from vtk6 to vtk7

- - - - -
24a656b3 by Adrian Bunk at 2021-10-24T19:36:08+03:00
debian/control: Update Vcs-{Browser,Git} after the move to med-team

- - - - -


5 changed files:

- debian/control
- + debian/patches/03_glibc_2.32.patch
- + debian/patches/04_gxx.patch
- + debian/patches/05_vtk7.patch
- debian/patches/series


Changes:

=
debian/control
=
@@ -7,7 +7,7 @@ Section: science
 Priority: optional
 Build-Depends: debhelper-compat (= 11),
cmake,
-   libvtk6-dev,
+   libvtk7-dev,
libinsighttoolkit4-dev,
libgdcm-dev,
imagemagick,
@@ -18,8 +18,8 @@ Build-Depends: debhelper-compat (= 11),
qttools5-private-dev,
libfftw3-dev
 Standards-Version: 4.4.1
-Vcs-Browser: https://salsa.debian.org/neurodebian-team/itksnap
-Vcs-Git: https://salsa.debian.org/neurodebian-team/itksnap.git
+Vcs-Browser: https://salsa.debian.org/med-team/itksnap
+Vcs-Git: https://salsa.debian.org/med-team/itksnap.git
 Homepage: http://www.itksnap.org
 
 Package: itksnap


=
debian/patches/03_glibc_2.32.patch
=
@@ -0,0 +1,11 @@
+--- a/GUI/Qt/main.cxx
 b/GUI/Qt/main.cxx
+@@ -56,7 +56,7 @@
+ void SegmentationFaultHandler(int sig)
+ {
+   cerr << "*" << endl;
+-  cerr << "ITK-SNAP: " << sys_siglist[sig] << endl;
++  cerr << "ITK-SNAP: " << strsignal(sig) << endl;
+   cerr << "BACKTRACE: " << endl;
+   void *array[50];
+   int nsize = backtrace(array, 50);


=
debian/patches/04_gxx.patch
=
@@ -0,0 +1,26 @@
+From 2ef9ed48a352acf0c0436a24c5ef56f947340d8e Mon Sep 17 00:00:00 2001
+From: JLasserv <56830768+jlass...@users.noreply.github.com>
+Date: Mon, 2 Mar 2020 10:08:01 -0500
+Subject: Update CMakeLists.txt
+
+C++ 11 required
+---
+ CMakeLists.txt | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 993ae91d..492a74c9 100644
+--- a/CMakeLists.txt
 b/CMakeLists.txt
+@@ -11,6 +11,8 @@ MESSAGE(STATUS "ITK-SNAP Git Info:")
+ # CMAKE PRELIMINARIES   
+ 
#
+ cmake_minimum_required(VERSION 2.8.12)
++set(CMAKE_CXX_STANDARD 11)
++set(CMAKE_CXX_STANDARD_REQUIRED ON)
+ 
+ IF(POLICY CMP0026)
+   cmake_policy(SET CMP0026 OLD)
+-- 
+2.20.1
+


=
debian/patches/05_vtk7.patch
=
@@ -0,0 +1,26 @@
+From b9de837844d89c8326c7d047820c033f5cbe8668 Mon Sep 17 00:00:00 2001
+From: Adrian Bunk 
+Date: Sun, 24 Oct 2021 19:34:15 +0300
+Subject: Correct the return type of
+ IntensityCurveControlPointsContextItem::GetControlPointsMTime() for vtk7
+
+---
+ GUI/Renderer/IntensityCurveVTKRenderer.cxx | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/GUI/Renderer/IntensityCurveVTKRenderer.cxx 
b/GUI/Renderer/IntensityCurveVTKRenderer.cxx
+index 679adb1..7acb3fa 100644
+--- a/GUI/Renderer/IntensityCurveVTKRenderer.cxx
 b/GUI/Renderer/IntensityCurveVTKRenderer.cxx
+@@ -339,7 +339,7 @@ public:
+ else return false;
+   }
+ 
+-  virtual unsigned long int GetControlPointsMTime()
++  virtual vtkMTimeType GetControlPointsMTime()
+   {
+ // TODO: figure this out!
+ return this->GetMTime();
+-- 
+2.20.1
+


=
debian/patches/series
=
@@ -1,3 +1,6 @@
 01_add_required_vtklibraries_and_gdcm.patch
 
 02_check_sse.patch
+03_glibc_2.32.patch
+04_gxx.patch
+05_vtk7.patch



View it on GitLab: 
https://salsa.debian.org/med-team/itksnap/-/compare/4da5b788a97e54e31e30467872238cf2e62cfe43...24a656b357b24de6a4c650b55174cf138bd719f3

-- 
View it on GitLab: 
https://salsa.debian.org/med-team/itksnap/-/compare/4da5b788a97e54e31e30467872238cf2e62cfe43...24a656b357b24de6a4c650b55174cf138bd719f3
You're receiving this email because of your account on salsa.debian.org.


___
debian-med-commit mailing list
debian-med-com...@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-med-commit

Bug#997664: sundials: apparent ABI bumps in sundials5 library packages

[Anton Gladky]

Hi Drew,

Thanks for the catch!

yes,  library splitting is somehow strange in this package. We should
probably split it in much more sublibs to escape such situations in the
future.

Regards

Anton

Drew Parsons  schrieb am So., 24. Okt. 2021, 02:18:

> Source: sundials
> Version: 5.7.0+dfsg-1
> Severity: normal
>
> Unless I misunderstood the package naming system for sundials, looks
> like there was an ABI bump in sublibraries when sundials upgraded from
> v4 to v5.
>
> It can be seen in 5.7.0+dfsg-1, so it's not a side-effect of the the new
> 5.8.0 build (hence no need to block 5.8.0 with severity Serious).
>
> The apparently upgraded libraries are
>
> arkode3  ->  arkode4  (libsundials_arkode.so.4)
> cvode[s]4  ->  cvodes5  (libsundials_cvode[s].so.5 )
> ida[s]4  ->  ida5  (libsundials_ida[s].so.5)
> kinsol4  ->  kinsol5  (libsundials_kinsol.so.5)
> nvecserial4 ->  nvecserial5  (libsundials_nvecserial.so.5)
> sunmatrix2  ->  sunmatrix3   (libsundials_sunmatrixband.so.3 etc)
> sunlinsol2  ->  sunlinsol3   (libsundials_fsunlinsolband.so.3 etc, and
> other anomalies)
>
> nvecparallel-XX4  ->  nvecparallel-XX5 (libsundials_nvecXX.so.5)
> (XX = pthread, petsc, openmp, mpi, hypre)
>
> --
> debian-science-maintainers mailing list
> debian-science-maintain...@alioth-lists.debian.net
>
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
>

Bug#997664: sundials: apparent ABI bumps in sundials5 library packages

[Anton Gladky]

Hi Drew,

Thanks for the catch!

yes,  library splitting is somehow strange in this package. We should
probably split it in much more sublibs to escape such situations in the
future.

Regards

Anton

Drew Parsons  schrieb am So., 24. Okt. 2021, 02:18:

> Source: sundials
> Version: 5.7.0+dfsg-1
> Severity: normal
>
> Unless I misunderstood the package naming system for sundials, looks
> like there was an ABI bump in sublibraries when sundials upgraded from
> v4 to v5.
>
> It can be seen in 5.7.0+dfsg-1, so it's not a side-effect of the the new
> 5.8.0 build (hence no need to block 5.8.0 with severity Serious).
>
> The apparently upgraded libraries are
>
> arkode3  ->  arkode4  (libsundials_arkode.so.4)
> cvode[s]4  ->  cvodes5  (libsundials_cvode[s].so.5 )
> ida[s]4  ->  ida5  (libsundials_ida[s].so.5)
> kinsol4  ->  kinsol5  (libsundials_kinsol.so.5)
> nvecserial4 ->  nvecserial5  (libsundials_nvecserial.so.5)
> sunmatrix2  ->  sunmatrix3   (libsundials_sunmatrixband.so.3 etc)
> sunlinsol2  ->  sunlinsol3   (libsundials_fsunlinsolband.so.3 etc, and
> other anomalies)
>
> nvecparallel-XX4  ->  nvecparallel-XX5 (libsundials_nvecXX.so.5)
> (XX = pthread, petsc, openmp, mpi, hypre)
>
> --
> debian-science-maintainers mailing list
> debian-science-maintainers@alioth-lists.debian.net
>
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
>
-- 
debian-science-maintainers mailing list
debian-science-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers

Re: [Yade-users] [Question #699190]: Problem Install Yade Daily

[Anton Gladky]

Question #699190 on Yade changed:
https://answers.launchpad.net/yade/+question/699190

Status: Open => Answered

Anton Gladky proposed the following answer:
We are supporting only LTS-Ubuntu versions. 21.04 is not
a LTS version, thus is not supported. See the list of suported
versions here [1].

[1] https://yade-dem.org/doc/installation.html#packages

Best regards

Anton

-- 
You received this question notification because your team yade-users is
an answer contact for Yade.

___
Mailing list: https://launchpad.net/~yade-users
Post to : yade-users@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yade-users
More help   : https://help.launchpad.net/ListHelp

Re: [Yade-users] [Question #699190]: Problem Install Yade Daily

[Anton Gladky]

Question #699190 on Yade changed:
https://answers.launchpad.net/yade/+question/699190

Status: Open => Answered

Anton Gladky proposed the following answer:
What is your operating system? What version?


Anton

Am Fr., 22. Okt. 2021 um 18:01 Uhr schrieb Chiara Gigoli
:
>
> A question was asked in a language (Italian) spoken by
> none of the registered Yade answer contacts.
>
> https://answers.launchpad.net/yade/+question/699190
>
> Hi,
> First of all, excuse me for my english. I'm new on Linux and on Yade.
> I have some problems installing Yade daily. Some weeks ago I installed Yade 
> and it works.
> In my university recommended to install yadedaily, because we are only users 
> of the software, so I want to follow their suggestion. So I remove Yade and 
> tried to install yadedaily.
> I followed instruction in https://yade-dem.org/doc/installation.html
> But when I arrived at step
> Add the PGP-key AA915EEB as trusted and install yadedaily
> there is a warning:
> Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead 
> (see apt-key(8)).
> If I ignore this warning and go over, terminal restitutes that to me:
> Alcuni pacchetti non possono essere installati. Questo può voler dire
> che è stata richiesta una situazione impossibile oppure, se si sta
> usando una distribuzione in sviluppo, che alcuni pacchetti richiesti
> non sono ancora stati creati o sono stati rimossi da Incoming.
> Le seguenti informazioni possono aiutare a risolvere la situazione:
>
> I seguenti pacchetti hanno dipendenze non soddisfatte:
>  libyadedaily : Dipende: libboost-python1.71.0-py38 ma non è installabile
> Dipende: libboost-regex1.71.0-icu66 ma non è installabile
> Dipende: libpython3.8 (>= 3.8.2) ma non è installabile
>  python3-yadedaily : Dipende: libboost-python1.71.0-py38 ma non è installabile
>  Dipende: libboost-regex1.71.0-icu66 ma non è installabile
>  Dipende: libpython3.8 (>= 3.8.2) ma non è installabile
> E: Impossibile correggere i problemi, ci sono pacchetti danneggiati bloccati.
>
> (it's in italian, but maybe that's pretty clear the meaning).
> I search here and online in general if somone else had the same problem, but 
> I didn't find anyone, so I think that post this question could be helpful for 
> other users.
> Thank you in advance for the help, and sorry again (maybe it's a banal 
> problem).
> Chiara
>
> --
> You received this question notification because your team yade-users is
> an answer contact for Yade.
>
> ___
> Mailing list: https://launchpad.net/~yade-users
> Post to : yade-users@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~yade-users
> More help   : https://help.launchpad.net/ListHelp

-- 
You received this question notification because your team yade-users is
an answer contact for Yade.

___
Mailing list: https://launchpad.net/~yade-users
Post to : yade-users@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yade-users
More help   : https://help.launchpad.net/ListHelp

[med-svn] [Git][med-team/itksnap][master] Update gitlab-ci

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Med / itksnap


Commits:
4da5b788 by Anton Gladky at 2021-10-22T18:49:17+02:00
Update gitlab-ci

- - - - -


1 changed file:

- debian/.gitlab-ci.yml


Changes:

=
debian/.gitlab-ci.yml
=
@@ -1,16 +1,3 @@
-image: debian:sid
-
-build:
-  stage: build
-  
-  before_script:
-- apt-get update && apt-get -y install devscripts git-buildpackage 
-#  - apt-get -t experimental libinsighttoolkit4-dev
-- mk-build-deps --tool "apt -y -o Debug::pkgProblemResolver=yes 
--no-install-recommends" --install -r debian/control 
-  script:
-- git checkout pristine-tar 
-- git pull 
-- git checkout master
-- git pull 
-- gbp buildpackage -uc -us 
-
+---
+include:
+  - 
https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml



View it on GitLab: 
https://salsa.debian.org/med-team/itksnap/-/commit/4da5b788a97e54e31e30467872238cf2e62cfe43

-- 
View it on GitLab: 
https://salsa.debian.org/med-team/itksnap/-/commit/4da5b788a97e54e31e30467872238cf2e62cfe43
You're receiving this email because of your account on salsa.debian.org.


___
debian-med-commit mailing list
debian-med-com...@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-med-commit

Bug#996204: transition: numerical library stack

[Anton Gladky]

Great, thanks! Will do it very shortly.

Anton

Sebastian Ramacher  schrieb am Fr., 22. Okt. 2021,
14:35:

> Hi Anton
>
> On 2021-10-12 13:09:02, Drew Parsons wrote:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian@packages.debian.org
> > Usertags: transition
> > X-Debbugs-Cc: debian-scie...@lists.debian.org, Anton Gladky <
> gl...@debian.org>
> >
> > I'd like to proceed with a transition of the numerical library stack.
> > This involves
> >
> > superlu   5.2.2+dfsg1 -> 5.3.0+dfsg1  (both libsuperlu5 so not
> really a transition)
> > superlu-dist  libsuperlu-dist6 -> libsuperlu-dist7
> > hypre 2.18.2 -> 2.22.1 (internal within libhypre-dev)
> > mumps libmumps-5.3 -> libmumps-5.4
> > scotch6.1.0 -> 6.1.1 (both libscotch-6.1 so not a transition)
> > petsc libpetsc-.*3.14 -> libpetsc-.*3.15
> > slepc libslepc-.*3.14 -> libslepc-.*3.15
> > (together with petsc4py, slepc4py)
> >
> > Header packages libxtensor-dev, libxtensor-blas-dev will also be
> > upgraded (xtl-dev 0.7.2 already got uploaded to unstable).
> >
> > fenics-dolfinx will upgrade
> >   libdolfinx-.*2019.2 -> libdolfinx-.*0.3
> > (along with other fenics components). There is currently some problem
> > with fenics-dolfinx 1:0.3.0-4 on 32-bit arches i386, armel, armhf.
> > I'll skip the demo_poisson_mpi tests for them if necessary.
> >
> > sundials 5.7.0 is incompatible with hypre 2.22, Anton Gladky (cc:d) will
> > upgrade to sundials 5.8.0.
>
> I think we are ready for the sundials upload.
>
> Cheers
>
> >
> > openmpi/mpi4py/h5py have recently migrated to testing so shouldn't give
> > any particular trouble (apart from the known 32-bit dolfinx problem)
> >
> > auto transitions are already in place:
> >
> > https://release.debian.org/transitions/html/auto-superlu-dist.html
> > https://release.debian.org/transitions/html/auto-mumps.html
> > https://release.debian.org/transitions/html/auto-petsc.html
> > https://release.debian.org/transitions/html/auto-slepc.html
> >
> >
> > Ben file:
> >
> > title = "numerical library stack";
> > is_affected = .depends ~ "libpetsc-.*3.14" | .depends ~
> "libpetsc-.*3.15";
> > is_good = .depends ~ "libpetsc-.*3.15";
> > is_bad = .depends ~ "libpetsc-.*3.14";
> >
>
> --
> Sebastian Ramacher
>

Bug#996204: transition: numerical library stack

[Anton Gladky]

Great, thanks! Will do it very shortly.

Anton

Sebastian Ramacher  schrieb am Fr., 22. Okt. 2021,
14:35:

> Hi Anton
>
> On 2021-10-12 13:09:02, Drew Parsons wrote:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian@packages.debian.org
> > Usertags: transition
> > X-Debbugs-Cc: debian-scie...@lists.debian.org, Anton Gladky <
> gl...@debian.org>
> >
> > I'd like to proceed with a transition of the numerical library stack.
> > This involves
> >
> > superlu   5.2.2+dfsg1 -> 5.3.0+dfsg1  (both libsuperlu5 so not
> really a transition)
> > superlu-dist  libsuperlu-dist6 -> libsuperlu-dist7
> > hypre 2.18.2 -> 2.22.1 (internal within libhypre-dev)
> > mumps libmumps-5.3 -> libmumps-5.4
> > scotch6.1.0 -> 6.1.1 (both libscotch-6.1 so not a transition)
> > petsc libpetsc-.*3.14 -> libpetsc-.*3.15
> > slepc libslepc-.*3.14 -> libslepc-.*3.15
> > (together with petsc4py, slepc4py)
> >
> > Header packages libxtensor-dev, libxtensor-blas-dev will also be
> > upgraded (xtl-dev 0.7.2 already got uploaded to unstable).
> >
> > fenics-dolfinx will upgrade
> >   libdolfinx-.*2019.2 -> libdolfinx-.*0.3
> > (along with other fenics components). There is currently some problem
> > with fenics-dolfinx 1:0.3.0-4 on 32-bit arches i386, armel, armhf.
> > I'll skip the demo_poisson_mpi tests for them if necessary.
> >
> > sundials 5.7.0 is incompatible with hypre 2.22, Anton Gladky (cc:d) will
> > upgrade to sundials 5.8.0.
>
> I think we are ready for the sundials upload.
>
> Cheers
>
> >
> > openmpi/mpi4py/h5py have recently migrated to testing so shouldn't give
> > any particular trouble (apart from the known 32-bit dolfinx problem)
> >
> > auto transitions are already in place:
> >
> > https://release.debian.org/transitions/html/auto-superlu-dist.html
> > https://release.debian.org/transitions/html/auto-mumps.html
> > https://release.debian.org/transitions/html/auto-petsc.html
> > https://release.debian.org/transitions/html/auto-slepc.html
> >
> >
> > Ben file:
> >
> > title = "numerical library stack";
> > is_affected = .depends ~ "libpetsc-.*3.14" | .depends ~
> "libpetsc-.*3.15";
> > is_good = .depends ~ "libpetsc-.*3.15";
> > is_bad = .depends ~ "libpetsc-.*3.14";
> >
>
> --
> Sebastian Ramacher
>

Bug#996976: vtk6: Remove vtk6 from the Debian 12

[Anton Gladky]

Source: vtk6
Severity: serious


vtk has now 3 versions in archive: vtk6, vtk7 and vtk9.
Intention is to remove older unsupported versions in favour of cyrrent vtk9.

Bug#996976: vtk6: Remove vtk6 from the Debian 12

[Anton Gladky]

Source: vtk6
Severity: serious


vtk has now 3 versions in archive: vtk6, vtk7 and vtk9.
Intention is to remove older unsupported versions in favour of cyrrent vtk9.

Bug#996976: vtk6: Remove vtk6 from the Debian 12

[Anton Gladky]

Source: vtk6
Severity: serious


vtk has now 3 versions in archive: vtk6, vtk7 and vtk9.
Intention is to remove older unsupported versions in favour of cyrrent vtk9.

-- 
debian-science-maintainers mailing list
debian-science-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers

Bug#996695: buster-pu: package plib/plib_1.8.5-8+deb10u1

[Anton Gladky]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

Anton Gladky 
  
Anhänge15:17 (vor 1 Minute)
  
an Debian; Bcc: gladk
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu

Dear release team,

the plib versioned 1.8.5-8+deb10u1 is prepared for the bullseye next
stable release.

[ Reason ]
This upload fixes a security issue CVE-2021-38714.

[ Impact ]
It should not have any impact on end users.

[ Tests ]
Salsa-ci is employed to check main package characteristics
https://salsa.debian.org/debian/plib/-/pipelines/303704

[ Risks ]
No risks are known.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
See attached diff. Sanitized values check is implemented.

Best regards

Anton
diff -Nru plib-1.8.5/debian/changelog plib-1.8.5/debian/changelog
--- plib-1.8.5/debian/changelog 2017-07-24 21:24:48.0 +0200
+++ plib-1.8.5/debian/changelog 2021-10-17 14:56:13.0 +0200
@@ -1,3 +1,10 @@
+plib (1.8.5-8+deb10u1) buster; urgency=medium
+
+  * Prevent integer overflow in ssgLoadTGA() function. CVE-2021-38714
+(Closes: #992973)
+
+ -- Anton Gladky   Sun, 17 Oct 2021 14:56:13 +0200
+
 plib (1.8.5-8) unstable; urgency=medium
 
   * QA upload.
diff -Nru plib-1.8.5/debian/.gitlab-ci.yml plib-1.8.5/debian/.gitlab-ci.yml
--- plib-1.8.5/debian/.gitlab-ci.yml1970-01-01 01:00:00.0 +0100
+++ plib-1.8.5/debian/.gitlab-ci.yml2021-10-17 14:56:13.0 +0200
@@ -0,0 +1,7 @@
+include:
+  - 
https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml
+
+variables:
+  RELEASE: 'buster'
+  SALSA_CI_COMPONENTS: 'main contrib non-free'
+  SALSA_CI_DISABLE_REPROTEST: 1
diff -Nru plib-1.8.5/debian/patches/08_CVE-2021-38714.patch 
plib-1.8.5/debian/patches/08_CVE-2021-38714.patch
--- plib-1.8.5/debian/patches/08_CVE-2021-38714.patch   1970-01-01 
01:00:00.0 +0100
+++ plib-1.8.5/debian/patches/08_CVE-2021-38714.patch   2021-10-10 
15:14:22.0 +0200
@@ -0,0 +1,64 @@
+Description: Prevent integer overflow in ssgLoadTGA() function. CVE-2021-38714
+Author: Anton Gladky 
+Bug-Debian: https://bugs.debian.org/992973
+Last-Update: 2021-10-02
+
+Index: plib/src/ssg/ssgLoadTGA.cxx
+===
+--- plib.orig/src/ssg/ssgLoadTGA.cxx
 plib/src/ssg/ssgLoadTGA.cxx
+@@ -23,6 +23,7 @@
+ 
+ 
+ #include "ssgLocal.h"
++#include 
+ 
+ #ifdef SSG_LOAD_TGA_SUPPORTED
+ 
+@@ -103,9 +104,9 @@ bool ssgLoadTGA ( const char *fname, ssg
+ 
+ // image info
+ int type = header[2];
+-int xsize = get16u(header + 12);
+-int ysize = get16u(header + 14);
+-int bits  = header[16];
++unsigned int xsize = get16u(header + 12);
++unsigned int ysize = get16u(header + 14);
++unsigned int bits  = header[16];
+ 
+ /* image types:
+  *
+@@ -169,9 +170,32 @@ bool ssgLoadTGA ( const char *fname, ssg
+ }
+ 
+ 
++const auto bytes_to_allocate = (bits / 8) * xsize * ysize;
++
++ulSetError( UL_DEBUG, "bytes_to_allocate=%ld xsize = %ld, ysize = %ld, 
%ld == %ld ", bytes_to_allocate, xsize, ysize, bytes_to_allocate / xsize, 
(ysize * (bits / 8)));
++
++if (xsize != 0 && ((ysize * (bits / 8)) != bytes_to_allocate / xsize))
++{
++  ulSetError( UL_WARNING, "Integer overflow in image size: xsize = %d, 
ysize = %d", xsize, ysize);
++  return false;
++}
++else
++{
++ulSetError( UL_DEBUG, "ssgLoadTGA: Allocating %ld bytes for the size 
%d x %d", bytes_to_allocate, xsize, ysize );
++}
++
+ // read image data
+ 
+-GLubyte *image = new GLubyte [ (bits / 8) * xsize * ysize ];
++GLubyte *image;
++try
++{
++image = new GLubyte [ bytes_to_allocate ];
++}
++catch (const std::bad_alloc&)
++{
++ulSetError( UL_WARNING, "ssgLoadTGA:  Allocation of %d bytes 
failed!", bytes_to_allocate);
++  return false;
++}
+ 
+ if ((type & 8) != 0) 
+ {
diff -Nru plib-1.8.5/debian/patches/series plib-1.8.5/debian/patches/series
--- plib-1.8.5/debian/patches/series2017-07-24 20:11:17.0 +0200
+++ plib-1.8.5/debian/patches/series2021-10-02 13:24:19.0 +0200
@@ -6,3 +6,4 @@
 06_spelling_errors.diff
 05_CVE-2012-4552.diff
 07_dont_break_joystick_system_calibration.diff
+08_CVE-2021-38714.patch

Bug#996694: bullseye-pu: package plib/1.8.5-8+deb11u1

[Anton Gladky]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu

Dear release team,

the plib versioned 1.8.5-8+deb10u1 is prepared for the bullseye next
stable release.

[ Reason ]
This upload fixes a security issue CVE-2021-38714.

[ Impact ]
It should not have any impact on end users.

[ Tests ]
Salsa-ci is employed to check main package characteristics
https://salsa.debian.org/debian/plib/-/pipelines/303701

[ Risks ]
No risks are known.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
See attached diff. Sanitized values check is implemented.

Best regards

Anton
diff -Nru plib-1.8.5/debian/changelog plib-1.8.5/debian/changelog
--- plib-1.8.5/debian/changelog 2017-07-24 21:24:48.0 +0200
+++ plib-1.8.5/debian/changelog 2021-10-17 14:56:13.0 +0200
@@ -1,3 +1,10 @@
+plib (1.8.5-8+deb11u1) bullseye; urgency=medium
+
+  * Prevent integer overflow in ssgLoadTGA() function. CVE-2021-38714
+(Closes: #992973)
+
+ -- Anton Gladky   Sun, 17 Oct 2021 14:56:13 +0200
+
 plib (1.8.5-8) unstable; urgency=medium
 
   * QA upload.
diff -Nru plib-1.8.5/debian/.gitlab-ci.yml plib-1.8.5/debian/.gitlab-ci.yml
--- plib-1.8.5/debian/.gitlab-ci.yml1970-01-01 01:00:00.0 +0100
+++ plib-1.8.5/debian/.gitlab-ci.yml2021-10-17 14:56:13.0 +0200
@@ -0,0 +1,7 @@
+include:
+  - 
https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml
+
+variables:
+  RELEASE: 'bullseye'
+  SALSA_CI_COMPONENTS: 'main contrib non-free'
+  SALSA_CI_DISABLE_REPROTEST: 1
diff -Nru plib-1.8.5/debian/patches/08_CVE-2021-38714.patch 
plib-1.8.5/debian/patches/08_CVE-2021-38714.patch
--- plib-1.8.5/debian/patches/08_CVE-2021-38714.patch   1970-01-01 
01:00:00.0 +0100
+++ plib-1.8.5/debian/patches/08_CVE-2021-38714.patch   2021-10-10 
15:14:22.0 +0200
@@ -0,0 +1,64 @@
+Description: Prevent integer overflow in ssgLoadTGA() function. CVE-2021-38714
+Author: Anton Gladky 
+Bug-Debian: https://bugs.debian.org/992973
+Last-Update: 2021-10-02
+
+Index: plib/src/ssg/ssgLoadTGA.cxx
+===
+--- plib.orig/src/ssg/ssgLoadTGA.cxx
 plib/src/ssg/ssgLoadTGA.cxx
+@@ -23,6 +23,7 @@
+ 
+ 
+ #include "ssgLocal.h"
++#include 
+ 
+ #ifdef SSG_LOAD_TGA_SUPPORTED
+ 
+@@ -103,9 +104,9 @@ bool ssgLoadTGA ( const char *fname, ssg
+ 
+ // image info
+ int type = header[2];
+-int xsize = get16u(header + 12);
+-int ysize = get16u(header + 14);
+-int bits  = header[16];
++unsigned int xsize = get16u(header + 12);
++unsigned int ysize = get16u(header + 14);
++unsigned int bits  = header[16];
+ 
+ /* image types:
+  *
+@@ -169,9 +170,32 @@ bool ssgLoadTGA ( const char *fname, ssg
+ }
+ 
+ 
++const auto bytes_to_allocate = (bits / 8) * xsize * ysize;
++
++ulSetError( UL_DEBUG, "bytes_to_allocate=%ld xsize = %ld, ysize = %ld, 
%ld == %ld ", bytes_to_allocate, xsize, ysize, bytes_to_allocate / xsize, 
(ysize * (bits / 8)));
++
++if (xsize != 0 && ((ysize * (bits / 8)) != bytes_to_allocate / xsize))
++{
++  ulSetError( UL_WARNING, "Integer overflow in image size: xsize = %d, 
ysize = %d", xsize, ysize);
++  return false;
++}
++else
++{
++ulSetError( UL_DEBUG, "ssgLoadTGA: Allocating %ld bytes for the size 
%d x %d", bytes_to_allocate, xsize, ysize );
++}
++
+ // read image data
+ 
+-GLubyte *image = new GLubyte [ (bits / 8) * xsize * ysize ];
++GLubyte *image;
++try
++{
++image = new GLubyte [ bytes_to_allocate ];
++}
++catch (const std::bad_alloc&)
++{
++ulSetError( UL_WARNING, "ssgLoadTGA:  Allocation of %d bytes 
failed!", bytes_to_allocate);
++  return false;
++}
+ 
+ if ((type & 8) != 0) 
+ {
diff -Nru plib-1.8.5/debian/patches/series plib-1.8.5/debian/patches/series
--- plib-1.8.5/debian/patches/series2017-07-24 20:11:17.0 +0200
+++ plib-1.8.5/debian/patches/series2021-10-02 13:24:19.0 +0200
@@ -6,3 +6,4 @@
 06_spelling_errors.diff
 05_CVE-2012-4552.diff
 07_dont_break_joystick_system_calibration.diff
+08_CVE-2021-38714.patch

Bug#996695: buster-pu: package plib/plib_1.8.5-8+deb10u1

[Anton Gladky]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

Anton Gladky 
  
Anhänge15:17 (vor 1 Minute)
  
an Debian; Bcc: gladk
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu

Dear release team,

the plib versioned 1.8.5-8+deb10u1 is prepared for the bullseye next
stable release.

[ Reason ]
This upload fixes a security issue CVE-2021-38714.

[ Impact ]
It should not have any impact on end users.

[ Tests ]
Salsa-ci is employed to check main package characteristics
https://salsa.debian.org/debian/plib/-/pipelines/303704

[ Risks ]
No risks are known.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
See attached diff. Sanitized values check is implemented.

Best regards

Anton
diff -Nru plib-1.8.5/debian/changelog plib-1.8.5/debian/changelog
--- plib-1.8.5/debian/changelog 2017-07-24 21:24:48.0 +0200
+++ plib-1.8.5/debian/changelog 2021-10-17 14:56:13.0 +0200
@@ -1,3 +1,10 @@
+plib (1.8.5-8+deb10u1) buster; urgency=medium
+
+  * Prevent integer overflow in ssgLoadTGA() function. CVE-2021-38714
+(Closes: #992973)
+
+ -- Anton Gladky   Sun, 17 Oct 2021 14:56:13 +0200
+
 plib (1.8.5-8) unstable; urgency=medium
 
   * QA upload.
diff -Nru plib-1.8.5/debian/.gitlab-ci.yml plib-1.8.5/debian/.gitlab-ci.yml
--- plib-1.8.5/debian/.gitlab-ci.yml1970-01-01 01:00:00.0 +0100
+++ plib-1.8.5/debian/.gitlab-ci.yml2021-10-17 14:56:13.0 +0200
@@ -0,0 +1,7 @@
+include:
+  - 
https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml
+
+variables:
+  RELEASE: 'buster'
+  SALSA_CI_COMPONENTS: 'main contrib non-free'
+  SALSA_CI_DISABLE_REPROTEST: 1
diff -Nru plib-1.8.5/debian/patches/08_CVE-2021-38714.patch 
plib-1.8.5/debian/patches/08_CVE-2021-38714.patch
--- plib-1.8.5/debian/patches/08_CVE-2021-38714.patch   1970-01-01 
01:00:00.0 +0100
+++ plib-1.8.5/debian/patches/08_CVE-2021-38714.patch   2021-10-10 
15:14:22.0 +0200
@@ -0,0 +1,64 @@
+Description: Prevent integer overflow in ssgLoadTGA() function. CVE-2021-38714
+Author: Anton Gladky 
+Bug-Debian: https://bugs.debian.org/992973
+Last-Update: 2021-10-02
+
+Index: plib/src/ssg/ssgLoadTGA.cxx
+===
+--- plib.orig/src/ssg/ssgLoadTGA.cxx
 plib/src/ssg/ssgLoadTGA.cxx
+@@ -23,6 +23,7 @@
+ 
+ 
+ #include "ssgLocal.h"
++#include 
+ 
+ #ifdef SSG_LOAD_TGA_SUPPORTED
+ 
+@@ -103,9 +104,9 @@ bool ssgLoadTGA ( const char *fname, ssg
+ 
+ // image info
+ int type = header[2];
+-int xsize = get16u(header + 12);
+-int ysize = get16u(header + 14);
+-int bits  = header[16];
++unsigned int xsize = get16u(header + 12);
++unsigned int ysize = get16u(header + 14);
++unsigned int bits  = header[16];
+ 
+ /* image types:
+  *
+@@ -169,9 +170,32 @@ bool ssgLoadTGA ( const char *fname, ssg
+ }
+ 
+ 
++const auto bytes_to_allocate = (bits / 8) * xsize * ysize;
++
++ulSetError( UL_DEBUG, "bytes_to_allocate=%ld xsize = %ld, ysize = %ld, 
%ld == %ld ", bytes_to_allocate, xsize, ysize, bytes_to_allocate / xsize, 
(ysize * (bits / 8)));
++
++if (xsize != 0 && ((ysize * (bits / 8)) != bytes_to_allocate / xsize))
++{
++  ulSetError( UL_WARNING, "Integer overflow in image size: xsize = %d, 
ysize = %d", xsize, ysize);
++  return false;
++}
++else
++{
++ulSetError( UL_DEBUG, "ssgLoadTGA: Allocating %ld bytes for the size 
%d x %d", bytes_to_allocate, xsize, ysize );
++}
++
+ // read image data
+ 
+-GLubyte *image = new GLubyte [ (bits / 8) * xsize * ysize ];
++GLubyte *image;
++try
++{
++image = new GLubyte [ bytes_to_allocate ];
++}
++catch (const std::bad_alloc&)
++{
++ulSetError( UL_WARNING, "ssgLoadTGA:  Allocation of %d bytes 
failed!", bytes_to_allocate);
++  return false;
++}
+ 
+ if ((type & 8) != 0) 
+ {
diff -Nru plib-1.8.5/debian/patches/series plib-1.8.5/debian/patches/series
--- plib-1.8.5/debian/patches/series2017-07-24 20:11:17.0 +0200
+++ plib-1.8.5/debian/patches/series2021-10-02 13:24:19.0 +0200
@@ -6,3 +6,4 @@
 06_spelling_errors.diff
 05_CVE-2012-4552.diff
 07_dont_break_joystick_system_calibration.diff
+08_CVE-2021-38714.patch

Bug#996694: bullseye-pu: package plib/1.8.5-8+deb11u1

[Anton Gladky]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu

Dear release team,

the plib versioned 1.8.5-8+deb10u1 is prepared for the bullseye next
stable release.

[ Reason ]
This upload fixes a security issue CVE-2021-38714.

[ Impact ]
It should not have any impact on end users.

[ Tests ]
Salsa-ci is employed to check main package characteristics
https://salsa.debian.org/debian/plib/-/pipelines/303701

[ Risks ]
No risks are known.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
See attached diff. Sanitized values check is implemented.

Best regards

Anton
diff -Nru plib-1.8.5/debian/changelog plib-1.8.5/debian/changelog
--- plib-1.8.5/debian/changelog 2017-07-24 21:24:48.0 +0200
+++ plib-1.8.5/debian/changelog 2021-10-17 14:56:13.0 +0200
@@ -1,3 +1,10 @@
+plib (1.8.5-8+deb11u1) bullseye; urgency=medium
+
+  * Prevent integer overflow in ssgLoadTGA() function. CVE-2021-38714
+(Closes: #992973)
+
+ -- Anton Gladky   Sun, 17 Oct 2021 14:56:13 +0200
+
 plib (1.8.5-8) unstable; urgency=medium
 
   * QA upload.
diff -Nru plib-1.8.5/debian/.gitlab-ci.yml plib-1.8.5/debian/.gitlab-ci.yml
--- plib-1.8.5/debian/.gitlab-ci.yml1970-01-01 01:00:00.0 +0100
+++ plib-1.8.5/debian/.gitlab-ci.yml2021-10-17 14:56:13.0 +0200
@@ -0,0 +1,7 @@
+include:
+  - 
https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml
+
+variables:
+  RELEASE: 'bullseye'
+  SALSA_CI_COMPONENTS: 'main contrib non-free'
+  SALSA_CI_DISABLE_REPROTEST: 1
diff -Nru plib-1.8.5/debian/patches/08_CVE-2021-38714.patch 
plib-1.8.5/debian/patches/08_CVE-2021-38714.patch
--- plib-1.8.5/debian/patches/08_CVE-2021-38714.patch   1970-01-01 
01:00:00.0 +0100
+++ plib-1.8.5/debian/patches/08_CVE-2021-38714.patch   2021-10-10 
15:14:22.0 +0200
@@ -0,0 +1,64 @@
+Description: Prevent integer overflow in ssgLoadTGA() function. CVE-2021-38714
+Author: Anton Gladky 
+Bug-Debian: https://bugs.debian.org/992973
+Last-Update: 2021-10-02
+
+Index: plib/src/ssg/ssgLoadTGA.cxx
+===
+--- plib.orig/src/ssg/ssgLoadTGA.cxx
 plib/src/ssg/ssgLoadTGA.cxx
+@@ -23,6 +23,7 @@
+ 
+ 
+ #include "ssgLocal.h"
++#include 
+ 
+ #ifdef SSG_LOAD_TGA_SUPPORTED
+ 
+@@ -103,9 +104,9 @@ bool ssgLoadTGA ( const char *fname, ssg
+ 
+ // image info
+ int type = header[2];
+-int xsize = get16u(header + 12);
+-int ysize = get16u(header + 14);
+-int bits  = header[16];
++unsigned int xsize = get16u(header + 12);
++unsigned int ysize = get16u(header + 14);
++unsigned int bits  = header[16];
+ 
+ /* image types:
+  *
+@@ -169,9 +170,32 @@ bool ssgLoadTGA ( const char *fname, ssg
+ }
+ 
+ 
++const auto bytes_to_allocate = (bits / 8) * xsize * ysize;
++
++ulSetError( UL_DEBUG, "bytes_to_allocate=%ld xsize = %ld, ysize = %ld, 
%ld == %ld ", bytes_to_allocate, xsize, ysize, bytes_to_allocate / xsize, 
(ysize * (bits / 8)));
++
++if (xsize != 0 && ((ysize * (bits / 8)) != bytes_to_allocate / xsize))
++{
++  ulSetError( UL_WARNING, "Integer overflow in image size: xsize = %d, 
ysize = %d", xsize, ysize);
++  return false;
++}
++else
++{
++ulSetError( UL_DEBUG, "ssgLoadTGA: Allocating %ld bytes for the size 
%d x %d", bytes_to_allocate, xsize, ysize );
++}
++
+ // read image data
+ 
+-GLubyte *image = new GLubyte [ (bits / 8) * xsize * ysize ];
++GLubyte *image;
++try
++{
++image = new GLubyte [ bytes_to_allocate ];
++}
++catch (const std::bad_alloc&)
++{
++ulSetError( UL_WARNING, "ssgLoadTGA:  Allocation of %d bytes 
failed!", bytes_to_allocate);
++  return false;
++}
+ 
+ if ((type & 8) != 0) 
+ {
diff -Nru plib-1.8.5/debian/patches/series plib-1.8.5/debian/patches/series
--- plib-1.8.5/debian/patches/series2017-07-24 20:11:17.0 +0200
+++ plib-1.8.5/debian/patches/series2021-10-02 13:24:19.0 +0200
@@ -6,3 +6,4 @@
 06_spelling_errors.diff
 05_CVE-2012-4552.diff
 07_dont_break_joystick_system_calibration.diff
+08_CVE-2021-38714.patch

[SECURITY] [DLA 2786-1] nghttp2 security update

[Anton Gladky]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

- -
Debian LTS Advisory DLA-2786-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Anton Gladky
October 16, 2021  https://wiki.debian.org/LTS
- -

Package: nghttp2
Version: 1.18.1-1+deb9u2
CVE ID : CVE-2018-1000168 CVE-2020-11080

Two security issue have been discovered in nghttp2: server, proxy and client
implementing HTTP/2.

CVE-2018-1000168

An Improper Input Validation CWE-20 vulnerability found in ALTSVC frame 
handling
that can result in segmentation fault leading to denial of service. This 
attack
appears to be exploitable via network client.

CVE-2020-11080

The overly large HTTP/2 SETTINGS frame payload causes denial of service.
The proof of concept attack involves a malicious client constructing a 
SETTINGS
frame with a length of 14,400 bytes (2400 individual settings entries) over 
and over again.
The attack causes the CPU to spike at 100%.

For Debian 9 stretch, these problems have been fixed in version
1.18.1-1+deb9u2.

We recommend that you upgrade your nghttp2 packages.

For the detailed security status of nghttp2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/nghttp2

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmFrvI8ACgkQ0+Fzg8+n
/wakFA//cHXBrc2jiJ6comMoArM7BnSE0/DxbrY5FsdoN1NWEbTKcsK+cDuW9bBk
roCrah3Nwzw3lnjlsWiR0PVqklyYWEBYdq6TEs1h+cp8XIpxFGuRQcbieZFqrGXB
09H4yFBlbpgeu3KyHtLfuuqJSklJg4GVvI4iCd4+ruu1avYnSk5HFtji9SLjx9vX
zcM66+yll1ZKD64C2wAwzSeYvDntU5DGO3rwQ6LC2R8SDka7tudh5YBqP+I7tZeQ
aNqYJ0WctVdPoEe2IHZMAYZQsfKU2OkJW9E/fHK/E3ghDAscDYWWGOyEn4o0sp3c
FzHkzXLq+KRSD62EFBu5KKCZQ9wlfQ6ckGf6kuWRQIJnpAAgPRYsor3h8vDvEm9B
CHidp75FAPkX2vCbFzTlIKl5NDr9ilZlT6mHzZKtfbFNn300a6wTFOqrWwah2xyE
7VY1YX3v8jRMYoY6V4K62f0PMKmj00vt/huscugH6sur21VF/8DXWY/oPMAPbuj7
B0V5IAf3xLWNivD+cML3zPTwE5LBnIf/SCenijPLpwolf0tGhtKtDEsfj8yZTXsZ
U4VDksNKNckLgy/bWl4pRPb/wGxax4e/DgUCWRljjGxIPrfuoY6Wtr9q29ONEoMp
82QMVZAUemFkCJ6eGqs2s+oaCII4/R86L00yPBljMbPf32YDaf4=
=vAXg
-END PGP SIGNATURE-

[Git][security-tracker-team/security-tracker][master] LTS: take mosquitto

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
db683d1b by Anton Gladky at 2021-10-16T22:57:15+02:00
LTS: take mosquitto

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -54,7 +54,7 @@ linux (Ben Hutchings)
 --
 linux-4.19 (Ben Hutchings)
 --
-mosquitto
+mosquitto (Anton Gladky)
   NOTE: 20210805: coordinating upload to buster before DLA for Stretch 
(codehelp)
   NOTE: 20210806: CVE-2021-34432 ignored in buster and stretch. Vulnerable 
code not accessible. (codehelp)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db683d1b158b5e2c7c12634accaf9c7dfc983ad0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db683d1b158b5e2c7c12634accaf9c7dfc983ad0
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-2786-1 for nghttp2

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1d96f326 by Anton Gladky at 2021-10-16T22:43:13+02:00
Reserve DLA-2786-1 for nghttp2

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[16 Oct 2021] DLA-2786-1 nghttp2 - security update
+   {CVE-2018-1000168 CVE-2020-11080}
+   [stretch] - nghttp2 1.18.1-1+deb9u2
 [12 Oct 2021] DLA-2785-1 linux-4.19 - security update
{CVE-2020-3702 CVE-2020-16119 CVE-2021-3444 CVE-2021-3600 CVE-2021-3612 
CVE-2021-3653 CVE-2021-3655 CVE-2021-3656 CVE-2021-3679 CVE-2021-3732 
CVE-2021-3743 CVE-2021-3753 CVE-2021-22543 CVE-2021-33624 CVE-2021-34556 
CVE-2021-35039 CVE-2021-35477 CVE-2021-37159 CVE-2021-37576 CVE-2021-38160 
CVE-2021-38198 CVE-2021-38199 CVE-2021-38204 CVE-2021-38205 CVE-2021-40490 
CVE-2021-42008 CVE-2021-42252}
[stretch] - linux-4.19 4.19.208-1~deb9u1


=
data/dla-needed.txt
=
@@ -58,9 +58,6 @@ mosquitto
   NOTE: 20210805: coordinating upload to buster before DLA for Stretch 
(codehelp)
   NOTE: 20210806: CVE-2021-34432 ignored in buster and stretch. Vulnerable 
code not accessible. (codehelp)
 --
-nghttp2 (Anton Gladky)
-  NOTE: 20211010: WIP https://salsa.debian.org/lts-team/packages/nghttp2
---
 ntfs-3g (Anton Gladky)
 --
 nvidia-graphics-drivers



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d96f3263c3f4717bd365bd798a3622d98a11523

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d96f3263c3f4717bd365bd798a3622d98a11523
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] LTS: take FD-slots

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cccef8a5 by Anton Gladky at 2021-10-16T08:06:59+02:00
LTS: take FD-slots

- - - - -


1 changed file:

- org/lts-frontdesk.2022.txt


Changes:

=
org/lts-frontdesk.2022.txt
=
@@ -56,10 +56,10 @@ From 17-10 to 23-10:Chris Lamb 
 From 24-10 to 30-10:Thorsten Alteholz 
 From 31-10 to 06-11:Sylvain Beucler 
 From 07-11 to 13-11:Utkarsh Gupta 
-From 14-11 to 20-11:
+From 14-11 to 20-11:Anton Gladky 
 From 21-11 to 27-11:Thorsten Alteholz 
 From 28-11 to 04-12:Sylvain Beucler 
 From 05-12 to 11-12:Chris Lamb 
 From 12-12 to 18-12:Thorsten Alteholz 
 From 19-12 to 25-12:Utkarsh Gupta 
-From 26-12 to 01-01:
+From 26-12 to 01-01:Anton Gladky 



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cccef8a579bdd3e33ac531a6d4384ed5eda7d234

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cccef8a579bdd3e33ac531a6d4384ed5eda7d234
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] LTS: take ntfs-3g

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d9bcc421 by Anton Gladky at 2021-10-14T17:56:05+00:00
LTS: take ntfs-3g
- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -61,7 +61,7 @@ mosquitto
 nghttp2 (Anton Gladky)
   NOTE: 20211010: WIP https://salsa.debian.org/lts-team/packages/nghttp2
 --
-ntfs-3g
+ntfs-3g (Anton Gladky)
 --
 nvidia-graphics-drivers
   NOTE: package is in non-free but also in packages-to-support



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9bcc4214ea748a56f026c2511f0b519da1f114b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9bcc4214ea748a56f026c2511f0b519da1f114b
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] LTS: status update

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f44355f6 by Anton Gladky at 2021-10-10T22:30:48+02:00
LTS: status update

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -36,6 +36,7 @@ faad2 (Thorsten Alteholz)
 --
 ffmpeg (Anton Gladky)
   NOTE: probably wait until stuff is fixed in Buster
+  NOTE: 20211010: WIP https://salsa.debian.org/lts-team/packages/ffmpeg
 --
 firefox-esr (Emilio)
 --
@@ -57,6 +58,7 @@ mosquitto
   NOTE: 20210806: CVE-2021-34432 ignored in buster and stretch. Vulnerable 
code not accessible. (codehelp)
 --
 nghttp2 (Anton Gladky)
+  NOTE: 20211010: WIP https://salsa.debian.org/lts-team/packages/nghttp2
 --
 ntfs-3g (Abhijith PA)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f44355f63450c7d598b3706777d2a54e9d8bcf60

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f44355f63450c7d598b3706777d2a54e9d8bcf60
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Re: Joining the team

[Anton Gladky]

Hi Roland,

Welcome on board! I have added you into the team.

Regards


Anton


Am So., 10. Okt. 2021 um 16:36 Uhr schrieb Roland Mas :

> Hi all,
>
> I've been contracted by Synchrotron SOLEIL to work on packaging
> scientific applications and libraries and other software used in
> scientific contexts. Some of them can belong under the Python team,
> others under the Javascript team, but some are not really relevant to
> those two teams, so I'd rather package them under the Debian Science
> Team umbrella.
>
> So this email is my introduction to the team, and a request to be added
> to the Salsa group (my login is "lolando") so as to be able to keep the
> relevant packages in the right place.
>
> See you :-)
>
> Roland.
>
>

Re: Update Ceres Solver to 2.0.0

[Anton Gladky]

Hi François,

thanks for the update! I will definitely check it
within the next few days.

Best regards

Anton


Andrius Merkys  schrieb am Mo., 4. Okt. 2021, 08:29:

> Hi François,
>
> On 2021-10-03 12:50, François Mazen wrote:
> > I've just packaged the last version of ceres package and I've pushed it
> > to the salsa repo [1], and to mentors [2].
> >
> > Could someone review the package? The tricky part may be the transition
> > of the lib package from libceres1 to libceres2. For now, I've just
> > renamed the binary package but maybe some additional actions are
> > required?
>
> Transitions for libs packages in Debian indeed have to proceed a certain
> workflow [3]. To start with, you should target experimental instead of
> unstable in debian/changelog.
>
> > In addition, could you please grant me right to upload the package as
> > I'm DM?
>
> It would be best if Anton could help you with upload and rights.
>
> > [1] https://salsa.debian.org/science-team/ceres-solver
> > [2] https://mentors.debian.net/package/ceres-solver/
>
> [3] https://wiki.debian.org/Teams/ReleaseTeam/Transitions
>
> Best,
> Andrius
>
>

Re: [SECURITY] [DLA 2775-1] plib security update

[Anton Gladky]

Hi Marc,

thanks for the note. Yes, I will add a short package description
next time to DLAs if it helps to make an update-decision.

Best regards

Anton


Am Sa., 2. Okt. 2021 um 14:34 Uhr schrieb Marc SCHAEFER <
schae...@alphanet.ch>:

> On Sat, Oct 02, 2021 at 01:45:33PM +0200, Anton Gladky wrote:
> > Package: plib
> > Version: 1.8.5-7+deb9u1
> > CVE ID : CVE-2021-38714
> >
> > One security issue has been discovered in plib.
>
> Yes, what is the purpose of this library?  This helps planning upgrades.
>
> Other advisories always give a short summary of what the software does.
>
> Actually, I think this is against libplib1, which seems to be:
>
>  Provides a Joystick interface, a simple GUI built on top of OpenGL,
>  some standard geometry functions, a sound library and a simple scene
>  graph API built on top of OpenGL.
>
> Oh, great, this probably does not run on my servers, so no need to plan
> anything.
>
> Thank you for updating DLAs, like DSAs are doing, to add a short summary
> of the
> purpose of the package, and give the correct package name so that it can be
> quickly found.
>
>

[SECURITY] [DLA 2775-1] plib security update

[Anton Gladky]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

- -
Debian LTS Advisory DLA-2775-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Anton Gladky
October 02, 2021  https://wiki.debian.org/LTS
- -

Package: plib
Version: 1.8.5-7+deb9u1
CVE ID : CVE-2021-38714

One security issue has been discovered in plib.

Integer overflow vulnerability that could result in arbitrary code execution.
The vulnerability is found in ssgLoadTGA() function in src/ssg/ssgLoadTGA.cxx 
file.

For Debian 9 stretch, this problem has been fixed in version
1.8.5-7+deb9u1.

We recommend that you upgrade your plib packages.

For the detailed security status of plib please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/plib

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmFYRlsACgkQ0+Fzg8+n
/wYIyA/9FFgE9gBXVTL5zEDZObe9wyZPxiXlDO+mF6MYpY7qgg4Z/6C/mkZrceE4
pBN1mpSAJ11Udxvyhoy4bB2Kqy73jB2E8xh6NCbIqYlmVi03NFXPJ13lKnNCsNON
rPAzoySkz/cPLKgTgStKdCfbrxche+TV8QTIs8LrPw2vmqVtAAUbUuNyxmYVpQad
WnzoLWDmjL5OmblFZFTrLSCzVg6mRcMYgX4hhOee+1Jiw8dKvaDSWHw4k1yNbtef
ZlaB4+jjCNa8WAr1ksh/hfqrikdH9EGgCn7Pp/hDnUaBzcHDpjGLTrcdRVJZWaJm
zKuYmAvr84V7tefjekPwzhjy7FwyzRGzSKfECVPX5TPgqIQEAvVBIF40SD0ZxPaT
nJJORy0CeAVFx96eO8wAGZQCeoW+39RF2MDdw6Y77QiXMGGbEBWsYwZ37POpBdDT
5MRI7A+eEVVd6NRkpIFVjETZ/kaqfpX91iRwgcnfs7kZY+ky9BrS0W2HA77vR/Bp
kSKkacWmbkU3QIN43jXZ/dU7PIFJ2HfJUnGmyDmekS5RqvSbkYBTKXZhW6c826JW
WOHHnQgrFgho2c3yByOAh3dT9mH4+hujQco/6S4494TDJZEnqNrE6CgtCIPSURor
ZGu7wqjVMvISyfpU0Eicy88gK7ljEnpcEERn/ne2cvmPOV6VZy4=
=A2pl
-END PGP SIGNATURE-

[Git][security-tracker-team/security-tracker][master] Reserve DLA-2775-1 for plib

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
915343b7 by Anton Gladky at 2021-10-02T12:58:20+02:00
Reserve DLA-2775-1 for plib

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[02 Oct 2021] DLA-2775-1 plib - security update
+   {CVE-2021-38714}
+   [stretch] - plib 1.8.5-7+deb9u1
 [30 Sep 2021] DLA-2774-1 openssl1.0 - security update
{CVE-2021-3712}
[stretch] - openssl1.0 1.0.2u-1~deb9u6


=
data/dla-needed.txt
=
@@ -64,10 +64,6 @@ nvidia-graphics-drivers
   NOTE: package is in non-free but also in packages-to-support
   NOTE: only CVE‑2021‑1076 seems to be fixed in the R390 branch used in 
Stretch, no fix available for CVE-2021-1077
 --
-plib (Anton Gladky)
-  NOTE: 20210829: no fix yet. (thorsten)
-  NOTE: 20210829: upstream bug mentions that it might never get fixed. 
(utkarsh)
---
 python-babel
   NOTE: 20210617: CVE-2021-20095 withdrawn, cf. 251b6e33 and #987824 (abhijith)
   NOTE: 20210620: http://people.debian.org/~abhijith/backport_of_3a700b5.patch 
(abhijith)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/915343b75886798e192795108c212f92570a23fe

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/915343b75886798e192795108c212f92570a23fe
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Douglas Andrew Torrance: Advocate

[Anton Gladky (via nm.debian.org)]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

For nm.debian.org, at 2021-10-01:
I support Douglas Andrew Torrance 's request to become 
a Debian Developer, uploading.
I have reviewed and uploaded many packages, prepared by Douglas Andrew 
Torrance. Among of them are:
frobby, memtailor, mathic, mathicgb, macaulay2, saclib, mpsolve, gfan (maybe 
some more). His contribution is very
valuable for Debian Science Team.

I have personally worked with Douglas Andrew Torrance 
(key 803CE41F4DC252ECB5E5F1B9D12B2BE26D3FF663) for  over six years (since 
2015), and I know Douglas Andrew Torrance
can be trusted to be a full member of Debian, and have unsupervised, 
unrestricted upload rights, right now.
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmFWv20ACgkQ0+Fzg8+n
/wYe3RAAmg2e91elgUe1mAfvqXrBj7/2/w7mJW8VFWEufHcp0A+us9LtzxQVZHDl
E0aC2AbX3HX3KEkGvmrA8fBIx7CgWx0MP+UXjgWVf/924BjJd9H+m7GroYZuTEhG
A17MJKYxOi7i3WAuRaOqBPGTKFejD/bXsUqBxI9sStBFYl4gMGVWbf+Hb8toLeLI
Nr8TbYe1jFhIt8XFKj0j/NHtsYu2GBbF3ypSlZox1aX220MXTCdcgo5P6hHuSMs7
BsrwhWu3DtVcSQKTeCyesD4HdYE3F7Z5sOBpA+jmxZtHvDf7NKswzwH3Sz1FxYqD
GnO31hMCHk1RG4O9CeZZEb+OP5DgucpqjVERZCg8oDd2NjsMyiarXcX5F92SAztg
aifqUBtYycpsRFG3zKSklxOshLnkya71c3btMO1U6G6SlPIHKJ4D6TDxoewMbvY0
u6Ktifoc2aLolnIqHcEQPPaP7a6PBj54oq73LVQ7Hk2v0AcwJkd4di922EUD7W3X
4NghTvouTkUNFdgSPnJKnnP7vyHr7RmvSPdiUR2dai2uf0YxPsH3S7zj++yzWK9a
aKhggqkCES85HLH2jXvUgfO9W+LdiY5+hTN7H8ln7ZXp0vqsMnBZuF4l0FucL3Qd
3SdoH+By7TuHFOHZZv/ogrLOCXAAZwsfOcCD1PuLh5uBWAPW3U4=
=ts8i
-END PGP SIGNATURE-

Anton Gladky (via nm.debian.org)

For details and to comment, visit https://nm.debian.org/process/978/
-- 
https://nm.debian.org/process/978/

Re: upgrading numerical libraries and sundials

[Anton Gladky]

Hello Drew,

yes, I will prepare a newer sundials update within the next few days.

Regards


Anton


Am Fr., 1. Okt. 2021 um 02:23 Uhr schrieb Drew Parsons :

> I'm preparing the numerical library upgrade to push to unstable.
> That's superlu-dist hypre mumps petsc slepc.
>
> I discovered that sundials 2.7.0 is incompatible with hypre 2.22.
> But right in the middle of testing they released 2.8.0, so it's already
> ready to go.
>
> Anton, do you prefer to prepare sundials 2.8.0 yourself, or would you
> like me to push it to experimental?
> It contains a few ABI bumps (arkode4, cvode5, ida5, kinsol5,
> nvecserial5) so it'll have to pass NEW.
>
> We'll also need to coordinate upgrade of xtl with xtensor, though that
> could be done separately from the other numerical libraries.
> (Vincent, would it be interesting for the Quantstack team to take over
> xtensor and xtensor-blas?  Or to join and transfer xtl to the Debian
> Science team?)
>
> Drew
>
>

[Git][security-tracker-team/security-tracker][master] LTS: take nghttp2

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a8d4c051 by Anton Gladky at 2021-09-26T22:27:44+02:00
LTS: take nghttp2

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -64,7 +64,7 @@ mosquitto
   NOTE: 20210805: coordinating upload to buster before DLA for Stretch 
(codehelp)
   NOTE: 20210806: CVE-2021-34432 ignored in buster and stretch. Vulnerable 
code not accessible. (codehelp)
 --
-nghttp2
+nghttp2 (Anton Gladky)
 --
 ntfs-3g (Abhijith PA)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8d4c051da9afa49e73ad00b643db2e8079f4f78

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8d4c051da9afa49e73ad00b643db2e8079f4f78
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[SECURITY] [DLA 2765-1] mupdf security update

[Anton Gladky]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

- -
Debian LTS Advisory DLA-2765-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Anton Gladky
September 23, 2021https://wiki.debian.org/LTS
- -

Package: mupdf
Version: 1.14.0+ds1-4+deb9u1
CVE ID : CVE-2016-10246 CVE-2016-10247 CVE-2017-6060 CVE-2018-10289
 CVE-2018-136 CVE-2020-19609

Multiple issues have been discovered in mupdf.

CVE-2016-10246

Buffer overflow in the main function in jstest_main.c allows remote 
attackers
to cause a denial of service (out-of-bounds write) via a crafted file.


CVE-2016-10247

Buffer overflow in the my_getline function in jstest_main.c allows remote 
attackers
to cause a denial of service (out-of-bounds write) via a crafted file.


CVE-2017-6060

Stack-based buffer overflow in jstest_main.c allows remote attackers
to have unspecified impact via a crafted image.


CVE-2018-10289

An infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file.
A remote adversary could leverage this vulnerability to cause a denial of
service via a crafted pdf file.


CVE-2018-136

Multiple memory leaks in the PDF parser allow an attacker to cause a denial
of service (memory leak) via a crafted file.


CVE-2020-19609

A heap based buffer over-write in tiff_expand_colormap() function when 
parsing TIFF
files allowing attackers to cause a denial of service.


For Debian 9 stretch, these problems have been fixed in version
1.14.0+ds1-4+deb9u1.

We recommend that you upgrade your mupdf packages.

For the detailed security status of mupdf please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mupdf

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmFM5qcACgkQ0+Fzg8+n
/wZ+2w/+KMtJDPzaGgHYzhaeax75+IXBf9zfbS+AO/trnFuj8Jh7bNql5REN+7Bf
sT6R/8U74AMKmZrTrurq1Exp5KpNxxlPCOJvl8RgrSzC+0hmzIy/+MeIi+Q/TaiW
j1b6HpqILbWz2NmzM0cYcDXYFRt9voOwKDwehmz2Vr/Zm9elX+VPzlm77mcGJy0H
f0eC81vizuI1s+DPa1Psd0USzBjfcLgUaIN+e4/aGOSMUX6EwYzvX8DjIYGO1PeV
L8ye3XybwL734IUmgU7MSKdZi/qJ9pYeIuyq48mvNNlEZXu0pEmiJBepwKnIvtLi
eKMimFLs6Hth2+jKoSJn3evk/Wd6JT8/HK8aMlsEsad2NVrw/ovy07I09DfXIW8F
iphBKPJHQezLmDzCsrzutjDVmOrEs06IygD1wglsCxKDCXrT0lPQzbyiuHhDbbCv
+KStwXAmp+Q2sgsWqYU+/N4/60mGrgNNtFiLBFqtrb1mQzY+P867Vofg1KNjJ39L
egQhyJjnTE09PNXYA8S+Ev3CbgvWBaPX5n8uROpMaFhXR2g9t5Q6+sVEt+5oJ13f
DpLqPDWDUNlrqe3+MVyDUMkZ+Xoonl40Yxn3c+x3WuCiiiSJ2liJY4T/QLlpUqg3
MLQoQn+1C1tvc+peLGNh5Bgemr1qoz9wT0fI0CtUmJcmUAZQhMI=
=4y6v
-END PGP SIGNATURE-

[Git][security-tracker-team/security-tracker][master] Reserve DLA-2765-1 for mupdf

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f4858ea2 by Anton Gladky at 2021-09-23T20:42:13+02:00
Reserve DLA-2765-1 for mupdf

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[23 Sep 2021] DLA-2765-1 mupdf - security update
+   {CVE-2016-10246 CVE-2016-10247 CVE-2017-6060 CVE-2018-10289 
CVE-2018-136 CVE-2020-19609}
+   [stretch] - mupdf 1.14.0+ds1-4+deb9u1
 [22 Sep 2021] DLA-2764-1 tomcat8 - security update
{CVE-2021-41079}
[stretch] - tomcat8 8.5.54-0+deb9u8


=
data/dla-needed.txt
=
@@ -60,9 +60,6 @@ mosquitto
   NOTE: 20210805: coordinating upload to buster before DLA for Stretch 
(codehelp)
   NOTE: 20210806: CVE-2021-34432 ignored in buster and stretch. Vulnerable 
code not accessible. (codehelp)
 --
-mupdf (Anton Gladky)
-  NOTE: 20210817: fix for CVE-2020-19609 and CVE-2021-37220 in buster are to 
be put into a point release.
---
 ntfs-3g (Abhijith PA)
 --
 nvidia-graphics-drivers



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4858ea2b01b88925584bcbcf4b9f3edd4936a30

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4858ea2b01b88925584bcbcf4b9f3edd4936a30
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] LTS: unclaim libxstream-java

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cc744cf2 by Anton Gladky at 2021-09-23T20:10:52+02:00
LTS: unclaim libxstream-java

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -49,7 +49,7 @@ jsoup (Markus Koschany)
 krb5 (Adrian Bunk)
   NOTE: 20210905: testing fixes
 --
-libxstream-java (Anton Gladky)
+libxstream-java 
   NOTE: 20210901: See thread at 
https://www.mail-archive.com/debian-lts@lists.debian.org/msg09588.html
 --
 linux (Ben Hutchings)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc744cf249af483728b45befab38991764049039

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc744cf249af483728b45befab38991764049039
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] LTS: take ffmpeg

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
be685423 by Anton Gladky at 2021-09-23T19:43:02+02:00
LTS: take ffmpeg

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -35,7 +35,7 @@ debian-archive-keyring (Utkarsh)
   NOTE: https://lists.debian.org/debian-lts/2021/08/msg00037.html
   NOTE: 20210920: Raphael answered. will backport today. (utkarsh)
 --
-ffmpeg
+ffmpeg (Anton Gladky)
   NOTE: probably wait until stuff is fixed in Buster
 --
 fig2dev (Markus Koschany)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be6854237f1c6096bac104059eed9cf796d9f288

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be6854237f1c6096bac104059eed9cf796d9f288
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Re: Propose to ignore libxstream-java CVEs

[Anton Gladky]

Hi Markus,

I have applied your patch and the pipelines are passed [1]. So, at least
nothing breaks from the "build side of view".

Yes, I took this package, but uf your are working on it, feel free to
reclaim it.

[1]
https://salsa.debian.org/lts-team/packages/libxstream-java/-/pipelines/292916

Best regards

Anton


Am Mi., 22. Sept. 2021 um 15:37 Uhr schrieb Markus Koschany :

> Hi all,
>
> so far I have not found any regressions in Debian packages which depend on
> libxstream-java. I propose to switch to the whitelist in all suites because
> this is the only reasonable way to secure XStream. I have prepared an
> update
> for Stretch. Anton, could you take a look at it because I saw you have
> claimed
> libxstream-java?
>
> https://people.debian.org/~apo/lts/libxstream-java/libxstream-java.debdiff
>
>
> Regards,
>
> Markus
>
>
>
>
>
>

Bug#994882: ITS: vitables

[Anton Gladky]

Hi Benda!

Thanks for your contribution. I have approved and merged your MR. Also I
have added you
to the Debian Science group on salsa.

@PICCA Frederic-Emmanuel ,
would you want also to check those changes?

Best regards

Anton


Am Mi., 22. Sept. 2021 um 16:18 Uhr schrieb Benda Xu :

> Package: vitables
> Version: 3.0.2-1
> Severity: normal
> X-Debbugs-Cc: Debian Science Maintainers <
> debian-science-maintain...@lists.alioth.debian.org>, Dmitrijs Ledkovs <
> dmitrij.led...@gmail.com>, Picca Frédéric-Emmanuel 
>
> Dear Maintainer,
>
> I am interested in co-maintaining vitables by joining the science team
> and appending myself as an uploader.
>
> The newest version (3.0.0-1.1) was NMU-ed and has not been included in
> the package Vcs for more than a year. Bug 966056 (a year old) prevents
> the version in bullseye to function if python3-sip is not installed. I
> think the current uploads need help.
>
> I have contributed to the present 3.0.0-1 release in 2019 and I would
> like to support packaging vitables in the long run, as I am an active
> user of it and giving my lectures with it.
>
> The diff is in the merge request:
>
>   https://salsa.debian.org/science-team/vitables/-/merge_requests/4
>
> Thanks for your consideration!
> Benda
>
> -- System Information:
> Debian Release: bullseye/sid
>   APT prefers stable
>   APT policy: (990, 'stable')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 5.10.0-5-amd64 (SMP w/8 CPU threads)
> Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
> set to en_US.UTF-8), LANGUAGE not set
> Shell: /bin/sh linked to /bin/dash
> Init: OpenRC (via /run/openrc), PID 1: init
>
> Versions of packages vitables depends on:
> ii  python3  3.9.2-2
> ii  python3-numexpr  2.7.2-2
> ii  python3-numpy1:1.19.5-1
> ii  python3-qtpy 1.9.0-3
> ii  python3-tables   3.6.1-3
>
> vitables recommends no packages.
>
> vitables suggests no packages.
>
> -- no debconf information
> --
> debian-science-maintainers mailing list
> debian-science-maintain...@alioth-lists.debian.net
>
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
>

Bug#994882: ITS: vitables

[Anton Gladky]

Hi Benda!

Thanks for your contribution. I have approved and merged your MR. Also I
have added you
to the Debian Science group on salsa.

@PICCA Frederic-Emmanuel ,
would you want also to check those changes?

Best regards

Anton


Am Mi., 22. Sept. 2021 um 16:18 Uhr schrieb Benda Xu :

> Package: vitables
> Version: 3.0.2-1
> Severity: normal
> X-Debbugs-Cc: Debian Science Maintainers <
> debian-science-maintain...@lists.alioth.debian.org>, Dmitrijs Ledkovs <
> dmitrij.led...@gmail.com>, Picca Frédéric-Emmanuel 
>
> Dear Maintainer,
>
> I am interested in co-maintaining vitables by joining the science team
> and appending myself as an uploader.
>
> The newest version (3.0.0-1.1) was NMU-ed and has not been included in
> the package Vcs for more than a year. Bug 966056 (a year old) prevents
> the version in bullseye to function if python3-sip is not installed. I
> think the current uploads need help.
>
> I have contributed to the present 3.0.0-1 release in 2019 and I would
> like to support packaging vitables in the long run, as I am an active
> user of it and giving my lectures with it.
>
> The diff is in the merge request:
>
>   https://salsa.debian.org/science-team/vitables/-/merge_requests/4
>
> Thanks for your consideration!
> Benda
>
> -- System Information:
> Debian Release: bullseye/sid
>   APT prefers stable
>   APT policy: (990, 'stable')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 5.10.0-5-amd64 (SMP w/8 CPU threads)
> Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
> set to en_US.UTF-8), LANGUAGE not set
> Shell: /bin/sh linked to /bin/dash
> Init: OpenRC (via /run/openrc), PID 1: init
>
> Versions of packages vitables depends on:
> ii  python3  3.9.2-2
> ii  python3-numexpr  2.7.2-2
> ii  python3-numpy1:1.19.5-1
> ii  python3-qtpy 1.9.0-3
> ii  python3-tables   3.6.1-3
>
> vitables recommends no packages.
>
> vitables suggests no packages.
>
> -- no debconf information
> --
> debian-science-maintainers mailing list
> debian-science-maintainers@alioth-lists.debian.net
>
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
>
-- 
debian-science-maintainers mailing list
debian-science-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers

[Git][security-tracker-team/security-tracker][master] LTS: take plib

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
05a93063 by Anton Gladky at 2021-09-20T13:22:44+02:00
LTS: take plib

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -70,7 +70,7 @@ openssl (Thorsten Alteholz)
 openssl1.0 (Thorsten Alteholz)
   NOTE: 20210912: testing package, upload probably after LE fix
 --
-plib
+plib (Anton Gladky)
   NOTE: 20210829: no fix yet. (thorsten)
   NOTE: 20210829: upstream bug mentions that it might never get fixed. 
(utkarsh)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05a9306321026c160f18053d64217934c1661368

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05a9306321026c160f18053d64217934c1661368
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Bug#994405: libgmp10:i386: buffer overflow due to integer overflow in mpz/inp_raw.c on 32-bit machines

[Anton Gladky]

Thanks, Vincent, for the information. I would still wait for CVE,
so we can apply a patch and track vulnerability for other
Debian versions (stable/oldstable/o-o-stable etc.).

Regards

Anton


Am Fr., 17. Sept. 2021 um 01:17 Uhr schrieb Vincent Lefevre <
vinc...@vinc17.net>:

> On 2021-09-16 21:23:34 +0200, Anton Gladky wrote:
> > Thanks for the bug report. We will fix it when CVE (if any) will be
> > assigned and upstream patch will be available.
>
> FYI, an upstream patch is now available here:
>
>   https://gmplib.org/list-archives/gmp-bugs/2021-September/005087.html
>
> > Though, the integer overflows are not making the package unusable in
> > most cases.
>
> Yes, but they may introduce security issues, in particular here
> because the behavior depends on data from a file, which may be
> untrusted. That said, here it is probably wise to check that the
> size is not too large in order to prevent the address space from
> being exhausted.
>
-- 
debian-science-maintainers mailing list
debian-science-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers

Bug#994405: libgmp10:i386: buffer overflow due to integer overflow in mpz/inp_raw.c on 32-bit machines

[Anton Gladky]

Thanks, Vincent, for the information. I would still wait for CVE,
so we can apply a patch and track vulnerability for other
Debian versions (stable/oldstable/o-o-stable etc.).

Regards

Anton


Am Fr., 17. Sept. 2021 um 01:17 Uhr schrieb Vincent Lefevre <
vinc...@vinc17.net>:

> On 2021-09-16 21:23:34 +0200, Anton Gladky wrote:
> > Thanks for the bug report. We will fix it when CVE (if any) will be
> > assigned and upstream patch will be available.
>
> FYI, an upstream patch is now available here:
>
>   https://gmplib.org/list-archives/gmp-bugs/2021-September/005087.html
>
> > Though, the integer overflows are not making the package unusable in
> > most cases.
>
> Yes, but they may introduce security issues, in particular here
> because the behavior depends on data from a file, which may be
> untrusted. That said, here it is probably wise to check that the
> size is not too large in order to prevent the address space from
> being exhausted.
>

Bug#994405: libgmp10:i386: buffer overflow due to integer overflow in mpz/inp_raw.c on 32-bit machines

[Anton Gladky]

Control: severity -1 important
Control: notfound -1 2:6.2.1+dfsg-2
Control: found -1 2:6.2.1+dfsg-1

Thanks for the bug report. We will fix it when CVE (if any) will be
assigned and upstream patch will be available.

Though, the integer overflows are not making the package unusable in most
cases.
Thus the severity is reduced.

Regards

Anton

Bug#994405: libgmp10:i386: buffer overflow due to integer overflow in mpz/inp_raw.c on 32-bit machines

[Anton Gladky]

Control: severity -1 important
Control: notfound -1 2:6.2.1+dfsg-2
Control: found -1 2:6.2.1+dfsg-1

Thanks for the bug report. We will fix it when CVE (if any) will be
assigned and upstream patch will be available.

Though, the integer overflows are not making the package unusable in most
cases.
Thus the severity is reduced.

Regards

Anton

Bug#994405: libgmp10:i386: buffer overflow due to integer overflow in mpz/inp_raw.c on 32-bit machines

[Anton Gladky]

Control: severity -1 important
Control: notfound -1 2:6.2.1+dfsg-2
Control: found -1 2:6.2.1+dfsg-1

Thanks for the bug report. We will fix it when CVE (if any) will be
assigned and upstream patch will be available.

Though, the integer overflows are not making the package unusable in most
cases.
Thus the severity is reduced.

Regards

Anton
-- 
debian-science-maintainers mailing list
debian-science-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers

Bug#994488: alglib: autopkgtest regression with CMake 3.19+

[Anton Gladky]

Hi Timo,

thanks for the patch! Yes, feel free to upload it. Please update git and
tag a new upload.

Regards

Anton


Am Do., 16. Sept. 2021 um 18:15 Uhr schrieb Timo Röhling <
roehl...@debian.org>:

> Package: src:alglib
> Version: 3.17.0-2
> Tag: patch
>
> Dear maintainer,
>
> the alglib autopkgtest suite fails due to a deprecation warning with
> CMake 3.19+ if cmake_minimum_required() requests a version earlier
> than 2.8.12. The attached patch bumps the minimum version in
> debian/tests to 3.7, which I picked because it is the CMake version
> in oldoldstable.
>
> As I am a member of the Science Team, I can also fix and upload this
> for you if you are starved for developer time; just give me the
> green light.
>
> Cheers
> Timo
>
> --
> ⢀⣴⠾⠻⢶⣦⠀   ╭╮
> ⣾⠁⢠⠒⠀⣿⡁   │ Timo Röhling   │
> ⢿⡄⠘⠷⠚⠋⠀   │ 9B03 EBB9 8300 DF97 C2B1  23BF CC8C 6BDD 1403 F4CA │
> ⠈⠳⣄   ╰╯
> --
> debian-science-maintainers mailing list
> debian-science-maintain...@alioth-lists.debian.net
>
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
>

Bug#994488: alglib: autopkgtest regression with CMake 3.19+

[Anton Gladky]

Hi Timo,

thanks for the patch! Yes, feel free to upload it. Please update git and
tag a new upload.

Regards

Anton


Am Do., 16. Sept. 2021 um 18:15 Uhr schrieb Timo Röhling <
roehl...@debian.org>:

> Package: src:alglib
> Version: 3.17.0-2
> Tag: patch
>
> Dear maintainer,
>
> the alglib autopkgtest suite fails due to a deprecation warning with
> CMake 3.19+ if cmake_minimum_required() requests a version earlier
> than 2.8.12. The attached patch bumps the minimum version in
> debian/tests to 3.7, which I picked because it is the CMake version
> in oldoldstable.
>
> As I am a member of the Science Team, I can also fix and upload this
> for you if you are starved for developer time; just give me the
> green light.
>
> Cheers
> Timo
>
> --
> ⢀⣴⠾⠻⢶⣦⠀   ╭╮
> ⣾⠁⢠⠒⠀⣿⡁   │ Timo Röhling   │
> ⢿⡄⠘⠷⠚⠋⠀   │ 9B03 EBB9 8300 DF97 C2B1  23BF CC8C 6BDD 1403 F4CA │
> ⠈⠳⣄   ╰╯
> --
> debian-science-maintainers mailing list
> debian-science-maintainers@alioth-lists.debian.net
>
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
>
-- 
debian-science-maintainers mailing list
debian-science-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers

[SECURITY] [DLA 2758-1] sssd security update

[Anton Gladky]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

- -
Debian LTS Advisory DLA-2758-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Anton Gladky
September 15, 2021https://wiki.debian.org/LTS
- -

Package: sssd
Version: 1.15.0-3+deb9u2
CVE ID : CVE-2021-3621

One security issue has been discovered in sssd.

The sssctl command was vulnerable to shell command injection via the logs-fetch
and cache-expire subcommands. This flaw allows an attacker to trick the root
user into running a specially crafted sssctl command, such as via sudo, to gain
root access. The highest threat from this vulnerability is to confidentiality,
integrity, as well as system availability.

For Debian 9 stretch, this problem has been fixed in version
1.15.0-3+deb9u2.

We recommend that you upgrade your sssd packages.

For the detailed security status of sssd please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/sssd

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmFCWGQACgkQ0+Fzg8+n
/wboeQ/+J/Y0UfLvGRUnUYaLZjU/8ab+TeN0Bfq3cjxluu3zmmxY9dfZNuHU1dWO
UHgmefRAULUaZ6i6tmiTj08gKxSrQu8anNYrZAfEQcBSU/LHlHup1rh2IaD+AoRs
iAUaD+VitXrI0tHvHKoomFRjBCAcgdSq30nzVvv4HxuX/I5/ILQ5UMWrvSk/JJb6
t7lgORo9fn82NqTUBtfB7+sBXqeN4mtY5O7ViW/sBbaeZ6V1eRpeM9Ocb07tsPOK
ZTtjvrwI0+LtAbozhUK3kCUsVmoMWX4S3g9gOmA9czfy55/r6F7Z1QbEzc9RqnPH
4vJXDwe9rTc/nLoUXIgSgc8Q04/YvdqnpxVPqO0fZ/D+yCrTqSRcuSgPioz85Zjx
ei43NgpZMLRheeA6sJKaVNyU5vj7nXgqUosTDS6kGZXHIsm4/DkfLBgp5xM9+I8z
As1IkXlK82BWZdXxxfpG+zBzIGrPf2/3OSRBpEOsFMDM4fi6uDxwcldCDcjUCf1h
tyUnx4Cvh0npPGiSUtOVjZ6e8KYBLt/R6xPWKxrYJMeBO7nSL0WeblgNC2H0ZofB
1azxhTRpZOMcB/y3cHMl4/hgUDlX9t8rHcvyzDDj22cqHGr0wnGMOHi2hFzF2nSb
hvWKset5gDmpuOe9yxzQ3g1LZRenEdVZsoDmYz1l3iixiVW0bWc=
=ssLt
-END PGP SIGNATURE-

[Git][security-tracker-team/security-tracker][master] Reserve DLA-2758-1 for sssd

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b8cab4f9 by Anton Gladky at 2021-09-15T21:01:50+02:00
Reserve DLA-2758-1 for sssd

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[15 Sep 2021] DLA-2758-1 sssd - security update
+   {CVE-2021-3621}
+   [stretch] - sssd 1.15.0-3+deb9u2
 [13 Sep 2021] DLA-2757-1 thunderbird - security update
{CVE-2021-38493}
[stretch] - thunderbird 1:78.14.0-1~deb9u1


=
data/dla-needed.txt
=
@@ -121,8 +121,5 @@ smarty3 (Abhijith PA)
   NOTE: 20210829: Track regression (abhijith)
   NOTE: 20210906: prepared a build for testing. Waiting for bug submitter's 
reply (abhijith)
 --
-sssd (Anton Gladky)
-  NOTE: Fix is ready, testing phase. DLA will be released soon.
---
 tiff (Utkarsh)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8cab4f961d8eda84c6544c8f432968222cd65da

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8cab4f961d8eda84c6544c8f432968222cd65da
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] LTS: sssd status update

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6ae7950e by Anton Gladky at 2021-09-12T08:50:31+02:00
LTS: sssd status update

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -116,7 +116,7 @@ smarty3 (Abhijith PA)
   NOTE: 20210906: prepared a build for testing. Waiting for bug submitter's 
reply (abhijith)
 --
 sssd (Anton Gladky)
-  NOTE: Prepared repo
+  NOTE: Fix is ready, testing phase. DLA will be released soon.
 --
 thunderbird (Emilio)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ae7950ee5f4a13c6fb9e66f2d1f0a14d097a73e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ae7950ee5f4a13c6fb9e66f2d1f0a14d097a73e
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] LTS: take mupdf

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
25d3c84d by Anton Gladky at 2021-09-11T22:25:59+02:00
LTS: take mupdf

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -53,7 +53,7 @@ mosquitto
   NOTE: 20210805: coordinating upload to buster before DLA for Stretch 
(codehelp)
   NOTE: 20210806: CVE-2021-34432 ignored in buster and stretch. Vulnerable 
code not accessible. (codehelp)
 --
-mupdf
+mupdf (Anton Gladky)
   NOTE: 20210817: fix for CVE-2020-19609 and CVE-2021-37220 in buster are to 
be put into a point release.
 --
 nettle (Markus Koschany)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25d3c84d2a7b0e8644b9090382af07082e347921

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25d3c84d2a7b0e8644b9090382af07082e347921
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] LTS: drop rustc. Affected CVE was marked as ignored

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
50cd4099 by Anton Gladky at 2021-09-11T20:47:22+02:00
LTS: drop rustc. Affected CVE was marked as ignored

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -99,12 +99,6 @@ ruby2.3 (Utkarsh)
   NOTE: 20210802: Utkarsh already uploaded a fix for sid/bullseye. (utkarsh)
   NOTE: 20210816: wip, backporting patches; a bit hard. (utkarsh)
 --
-rustc (Anton Gladky)
-  NOTE: rust-doc in stretch-lts (and jessie-lts) is not installable
-  NOTE: https://bugs.debian.org/928422
-  NOTE: Perhaps fix with the next rustc update for a new Firefox? (bunk)
-  NOTE: Trying to fix compilation issues.. The package is huge (gladk)
---
 salt
   NOTE: 20210329: WIP (utkarsh)
   NOTE: 20210510: patches ready; reviewing and testing with donfede, damien, 
and bdrung. (utkarsh)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50cd4099cf824319daf83a03ca27611fa9539647

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50cd4099cf824319daf83a03ca27611fa9539647
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: LTS: Mark CVE-2021-29922 as ignored for stretch

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4da929a6 by Anton Gladky at 2021-09-11T20:44:39+02:00
LTS: Mark CVE-2021-29922 as ignored for stretch

- - - - -
a3be1927 by Anton Gladky at 2021-09-11T20:45:45+02:00
LTS: fix package name

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=
data/CVE/list
=
@@ -26164,6 +26164,7 @@ CVE-2021-29922 (library/std/src/net/parser.rs in Rust 
before 1.53.0 does not pro
- rustc 
[bullseye] - rustc  (Minor issue)
[buster] - rustc  (Minor issue)
+   [stretch] - rustc  (Minor issue. Patch can be backported, but 
risky.)
NOTE: https://github.com/rust-lang/rust/issues/83648
NOTE: https://github.com/rust-lang/rust/pull/83652
NOTE: 
https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-015.md


=
data/dla-needed.txt
=
@@ -121,5 +121,5 @@ sssd (Anton Gladky)
 --
 thunderbird (Emilio)
 --
-tifftUtkarsh
+tiff (Utkarsh)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d5e803761232f02085cb6b17cf2b7def6e509961...a3be19272960e3b54186f0e767e6b30eda8e9cd6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d5e803761232f02085cb6b17cf2b7def6e509961...a3be19272960e3b54186f0e767e6b30eda8e9cd6
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] LTS: take Update dla-needed.txt

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
65571a4a by Anton Gladky at 2021-09-10T06:11:13+00:00
LTS: take Update dla-needed.txt
- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -41,7 +41,7 @@ grilo (Thorsten Alteholz)
 krb5 (Adrian Bunk)
   NOTE: 20210905: testing fixes
 --
-libxstream-java
+libxstream-java (Anton Gladky)
   NOTE: 20210901: See thread at 
https://www.mail-archive.com/debian-lts@lists.debian.org/msg09588.html
 --
 linux (Ben Hutchings)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65571a4a89699e4486016e65e7247e66554162cf

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65571a4a89699e4486016e65e7247e66554162cf
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Re: [Yade-users] [Question #698654]: libopenblas problem after updating to Ubuntu 20

[Anton Gladky]

Question #698654 on Yade changed:
https://answers.launchpad.net/yade/+question/698654

Anton Gladky posted a new comment:
OK, I am glad that the problem is fixed. But I do not really know, why
it libopenblas0 package was not installed on your system.

>From here [1]: libyade strictly depends on libopenblas0, so it HAS to be 
>installed by the package manager.
>From here [2] libopenblas0 can be provided by libopenblas0-pthread,
>libopenblas0-openmp or  libopenblas0-serial and all of them are providing 
>libopenblas0.so

No idea, what was wrong there.

[1] https://packages.debian.org/unstable/libyade
[2] https://packages.debian.org/sid/libopenblas0

Anton

-- 
You received this question notification because your team yade-users is
an answer contact for Yade.

___
Mailing list: https://launchpad.net/~yade-users
Post to : yade-users@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yade-users
More help   : https://help.launchpad.net/ListHelp

Re: [Yade-users] [Question #698654]: libopenblas problem after updating to Ubuntu 20

[Anton Gladky]

Question #698654 on Yade changed:
https://answers.launchpad.net/yade/+question/698654

Status: Needs information => Answered

Anton Gladky proposed the following answer:
It is very strange. Could you please check, whether maybe
LD_LIBRARY_PATH is set in your environment?

echo $LD_LIBRARY_PATH

And please check, how libyade is linked:

ldd /usr/lib/x86_64-linux-gnu/yade/libyade.so | grep -i openblas

>>> libopenblas.so.0 => /lib/x86_64-linux-gnu/libopenblas.so.0
(0x7f409ddb)

I have just installed yade in Ubuntu 20.04 docker-container and it works
as it should. Please also show all your environmental variables:

env

-- 
You received this question notification because your team yade-users is
an answer contact for Yade.

___
Mailing list: https://launchpad.net/~yade-users
Post to : yade-users@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yade-users
More help   : https://help.launchpad.net/ListHelp

Bug#788411: Please update the patch

[Anton Gladky]

Hi Helmut,

thanks a lot for updated patch!

Please cancel NMU upload, because I am preparing the next gmp version,
where some
more bug sare fixed.

Also this debdiff introduces lintian-error [1] which should be fixed.

[1] https://salsa.debian.org/science-team/gmp/-/jobs/1917314
Thanks again

Anton


Am Mo., 6. Sept. 2021 um 08:11 Uhr schrieb Helmut Grohne :

> Control: tags -1 -moreinfo +pending
>
> Hi Anton,
>
> On Mon, Aug 30, 2021 at 10:44:34PM +0200, Anton Gladky wrote:
> > It looks like the symbol-file cannot be applied any more.
>
> Yes, it (the shell form) can still be applied.
>
> > Could you please update it, if this bug is still relevant?
>
> Yes, it still is relevant. There is no need to update it.
>
> > If not - please close it. Thanks.
>
> Closing it with my 2:6.2.1+dfsg-1.1 upload. Thanks.
>
> NMU diff attached for conformance with dev-ref.
>
> Helmut
>
-- 
debian-science-maintainers mailing list
debian-science-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers

Bug#788411: Please update the patch

[Anton Gladky]

Hi Helmut,

thanks a lot for updated patch!

Please cancel NMU upload, because I am preparing the next gmp version,
where some
more bug sare fixed.

Also this debdiff introduces lintian-error [1] which should be fixed.

[1] https://salsa.debian.org/science-team/gmp/-/jobs/1917314
Thanks again

Anton


Am Mo., 6. Sept. 2021 um 08:11 Uhr schrieb Helmut Grohne :

> Control: tags -1 -moreinfo +pending
>
> Hi Anton,
>
> On Mon, Aug 30, 2021 at 10:44:34PM +0200, Anton Gladky wrote:
> > It looks like the symbol-file cannot be applied any more.
>
> Yes, it (the shell form) can still be applied.
>
> > Could you please update it, if this bug is still relevant?
>
> Yes, it still is relevant. There is no need to update it.
>
> > If not - please close it. Thanks.
>
> Closing it with my 2:6.2.1+dfsg-1.1 upload. Thanks.
>
> NMU diff attached for conformance with dev-ref.
>
> Helmut
>

[Git][security-tracker-team/security-tracker][master] Update status sssd

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2402fcf4 by Anton Gladky at 2021-09-05T21:03:16+00:00
Update status sssd
- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -113,4 +113,5 @@ smarty3 (Abhijith PA)
   NOTE: 20210829: Track regression (abhijith)
 --
 sssd (Anton Gladky)
+  NOTE: Prepared repo
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2402fcf4bd44995500375e0991d2783ea7109679

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2402fcf4bd44995500375e0991d2783ea7109679
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Bug#788411: Please update the patch

[Anton Gladky]

control: tags -1 +moreinfo

Thanks for the patch!

It looks like the symbol-file cannot be applied any more.
Could you please update it, if this bug is still relevant?

If not - please close it. Thanks.

Anton

Bug#788411: Please update the patch

[Anton Gladky]

control: tags -1 +moreinfo

Thanks for the patch!

It looks like the symbol-file cannot be applied any more.
Could you please update it, if this bug is still relevant?

If not - please close it. Thanks.

Anton
-- 
debian-science-maintainers mailing list
debian-science-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers

[Git][security-tracker-team/security-tracker][master] LTS: Take rustc, status update

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8c6c7fda by Anton Gladky at 2021-08-30T19:31:48+02:00
LTS: Take rustc, status update

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -88,10 +88,11 @@ ruby2.3
   NOTE: 20210802: Utkarsh already uploaded a fix for sid/bullseye. (utkarsh)
   NOTE: 20210816: wip, backporting patches; a bit hard. (utkarsh)
 --
-rustc
+rustc (Anton Gladky)
   NOTE: rust-doc in stretch-lts (and jessie-lts) is not installable
   NOTE: https://bugs.debian.org/928422
   NOTE: Perhaps fix with the next rustc update for a new Firefox? (bunk)
+  NOTE: Trying to fix compilation issues.. The package is huge (gladk)
 --
 salt
   NOTE: 20210329: WIP (utkarsh)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c6c7fdae79b0ad280c7fba3ada3fa78b1ad9cd7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c6c7fdae79b0ad280c7fba3ada3fa78b1ad9cd7
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] LTS: status update, unclaim firmware-nonfree

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d69713ca by Anton Gladky at 2021-08-30T13:47:11+02:00
LTS: status update, unclaim firmware-nonfree

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -23,10 +23,9 @@ btrbk (Thorsten Alteholz)
 cacti (Roberto C. Sánchez)
   NOTE: 20210829: not really sure whether affected, please recheck
 --
-firmware-nonfree (Anton Gladky)
+firmware-nonfree
   NOTE: 20210731: WIP: 
https://salsa.debian.org/lts-team/packages/firmware-nonfree
-  NOTE: 20210815: Planed to be finished on CW 34/2021
-  NOTE: 20210822: Work is delayed due to urgent regression fix in another 
package
+  NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding 
possible "ignore" tag
 --
 grilo (Thorsten Alteholz)
   NOTE: 20210825: ssl-use-system-ca-file is used in libsoup2.4 since version 
2.38



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d69713caaf7ba99e13498bd337c4c538ad4f0002

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d69713caaf7ba99e13498bd337c4c538ad4f0002
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[SECURITY] [DLA 2742-2] ffmpeg regression update

[Anton Gladky]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

- -
Debian LTS Advisory DLA-2742-2debian-...@lists.debian.org
https://www.debian.org/lts/security/ Anton Gladky
August 22, 2021   https://wiki.debian.org/LTS
- -

Package: ffmpeg
Version: 7:3.2.15-0+deb9u4

During the backporting of one of patches in CVE-2020-22021 one line was wrongly
interpreted and it caused the regression during the deinterlacing process.
Thanks to Jari Ruusu for the reporting the issue and for the testing of
prepared update.

For Debian 9 stretch, this problem has been fixed in version
7:3.2.15-0+deb9u4.

We recommend that you upgrade your ffmpeg packages.

For the detailed security status of ffmpeg please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ffmpeg

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmEiyT4ACgkQ0+Fzg8+n
/waoGg//cD08sZ9mZZcnti+jVxUm2JNQKhm5w8djrNP9Dzi+wuhEF+LO6py05P3r
UgFDC72uvf4be8BkjbPlZ55R3pM31Vm6372m3jUoXUPuxMDqBbKTgtg1FEdtvpzK
bIfb05ixx7Fhpx9OATa1GwypC8vzx25e9vIKA3kWSbOIFK5PADQT4MUNbkwBFD7/
EXWomfAcKF94XTjgsztov4lbgeHmdmKreGLefWnCgFr6Wi0ey8PbGHAb/wGw/BNC
XedgcV8Bbr1kbDqJSYvm9q5BvSX2lQInmCaRUNr15wsnq5KzmIQpJ/pvoqAlm48+
EoxxNpz2pnGFTTDkOReREI7rNMLPFaGFP576RGx39sVvDFj3GLURqsyLlRPHfTjs
uqdow+Xu3z1PLDH0qqQFJBLk3BWBXzcVKpVNgXVsAKDuDD4YnCQ8F33DWGpSdowL
ef73o92lOQoDkA4y5XqY9xdj20SwGGFyMosgrexrrmGzQHVJHY6NpLRWfwdMm3Pn
MxUkSKCe4m8vHtTqmXvM1pp5gQO+fPwOU6jM+xCKPIy33xgpMAhyXom1nrtA/KK0
ecX0YcwwwagOak5OzRaqnF0fYsXIJr4RgZJgkqAf+DBoxjNWA3NfGDu6j2zDMzOq
zCfjyfoG0opGH2yiaFVm//HsMSRCNKVrcBVReuN7GjkoN14RHbY=
=37ez
-END PGP SIGNATURE-

[Git][security-tracker-team/security-tracker][master] LTS: status update

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
86bbe58c by Anton Gladky at 2021-08-22T22:08:55+02:00
LTS: status update

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -27,6 +27,7 @@ exiv2 (Utkarsh Gupta)
 firmware-nonfree (Anton Gladky)
   NOTE: 20210731: WIP: 
https://salsa.debian.org/lts-team/packages/firmware-nonfree
   NOTE: 20210815: Planed to be finished on CW 34/2021
+  NOTE: 20210822: Work is delayed due to urgent regression fix in another 
package
 --
 gpac (Thorsten Alteholz)
   NOTE: 20210815: WIP, almost done, still testing package



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86bbe58c8070978c22a54817f424d71b5c1c97f7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86bbe58c8070978c22a54817f424d71b5c1c97f7
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-2742-2 for ffmpeg

[Anton Gladky (@gladk)]

Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7597c4b8 by Anton Gladky at 2021-08-22T22:07:30+02:00
Reserve DLA-2742-2 for ffmpeg

- - - - -


1 changed file:

- data/DLA/list


Changes:

=
data/DLA/list
=
@@ -1,3 +1,5 @@
+[22 Aug 2021] DLA-2742-2 ffmpeg - regression update
+   [stretch] - ffmpeg 7:3.2.15-0+deb9u4
 [22 Aug 2021] DLA-2747-1 ircii - security update
{CVE-2021-29376}
[stretch] - ircii 20151120-1+deb9u1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7597c4b8b9a1ed1da520479313d33c7c588f7644

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7597c4b8b9a1ed1da520479313d33c7c588f7644
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Bug#962728: F3D

[Anton Gladky]

Hello Francois,

I will take a look in the next few days.

Regards

Anton


Am So., 22. Aug. 2021 um 01:57 Uhr schrieb François Mazen :

> Hello Sylwester,
>
> Thanks for your interest in F3D, I'm working on the packaging of this
> software [1].
>
> The package is already on mentors [2], so let's hope that it will bring
> some DD's attention! [3]
>
> Best,
> François
>
> [1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985993
> [2]: https://mentors.debian.net/package/f3d/
> [3]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986108
>
>
> --
> debian-science-maintainers mailing list
> debian-science-maintain...@alioth-lists.debian.net
>
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
>

Bug#962728: F3D

[Anton Gladky]

Hello Francois,

I will take a look in the next few days.

Regards

Anton


Am So., 22. Aug. 2021 um 01:57 Uhr schrieb François Mazen :

> Hello Sylwester,
>
> Thanks for your interest in F3D, I'm working on the packaging of this
> software [1].
>
> The package is already on mentors [2], so let's hope that it will bring
> some DD's attention! [3]
>
> Best,
> François
>
> [1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985993
> [2]: https://mentors.debian.net/package/f3d/
> [3]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986108
>
>
> --
> debian-science-maintainers mailing list
> debian-science-maintainers@alioth-lists.debian.net
>
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
>
-- 
debian-science-maintainers mailing list
debian-science-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers