[Git][security-tracker-team/security-tracker][master] Reserve DLA-2818-1 for ffmpeg
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 11708225 by Anton Gladky at 2021-11-13T20:45:40+01:00 Reserve DLA-2818-1 for ffmpeg - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[13 Nov 2021] DLA-2818-1 ffmpeg - security update + {CVE-2020-20445 CVE-2020-20446 CVE-2020-20451 CVE-2020-20453 CVE-2020-22037 CVE-2020-22041 CVE-2020-22044 CVE-2020-22046 CVE-2020-22048 CVE-2020-22049 CVE-2020-22054 CVE-2021-38291} + [stretch] - ffmpeg 7:3.2.16-1+deb9u1 [12 Nov 2021] DLA-2817-1 postgresql-9.6 - security update {CVE-2021-23214 CVE-2021-23222} [stretch] - postgresql-9.6 9.6.24-0+deb9u1 = data/dla-needed.txt = @@ -36,12 +36,6 @@ debian-archive-keyring exiv2 (Thorsten Alteholz) NOTE: 20211109: testing package -- -ffmpeg (Anton Gladky) - NOTE: probably wait until stuff is fixed in Buster - NOTE: 20211010: WIP https://salsa.debian.org/lts-team/packages/ffmpeg - NOTE: ffmpeg 3.2.16 has been released - NOTE: 20211101: preparing an update (gladk) --- firefox-esr (Emilio) -- firmware-nonfree View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1170822547df23d3426fd6813e07aa2ac83af5a0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1170822547df23d3426fd6813e07aa2ac83af5a0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 3 commits: LTS: Mark CVE-2020-20898 as not-affected for stretch
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: a5e8c57d by Anton Gladky at 2021-11-12T21:56:11+01:00 LTS: Mark CVE-2020-20898 as not-affected for stretch - - - - - e92ae2a4 by Anton Gladky at 2021-11-12T21:56:12+01:00 LTS: Mark CVE-2020-20450 as not-affected for stretch - - - - - efc96d20 by Anton Gladky at 2021-11-12T21:56:13+01:00 LTS: Mark CVE-2020-20448 as not-affected for stretch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -88088,6 +88088,7 @@ CVE-2020-20899 REJECTED CVE-2020-20898 (Integer Overflow vulnerability in function filter16_prewitt in libavfi ...) - ffmpeg 7:4.3-2 (unimportant) + [stretch] - ffmpeg (vulnerable code is not present) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23 (4.3) NOTE: https://trac.ffmpeg.org/ticket/8263 CVE-2020-20897 @@ -89016,6 +89017,7 @@ CVE-2020-20450 (FFmpeg 4.2 is affected by null pointer dereference passed as arg {DSA-4998-1} [experimental] - ffmpeg 7:4.4-1 - ffmpeg 7:4.4-5 (unimportant) + [stretch] - ffmpeg (vulnerable code is not present) NOTE: https://trac.ffmpeg.org/ticket/7993 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5400e4a50c61e53e1bc50b3e77201649bbe9c510 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3865b1952e5cf993b016d83ba78fe1deb63bbfad (4.3) @@ -89025,6 +89027,7 @@ CVE-2020-20449 CVE-2020-20448 (FFmpeg 4.1.3 is affected by a Divide By Zero issue via libavcodec/rate ...) {DSA-4722-1} - ffmpeg 7:4.3-2 (unimportant) + [stretch] - ffmpeg (vulnerable code is not present) NOTE: https://trac.ffmpeg.org/ticket/7990 NOTE: Negligible security impact NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8802e329c8317ca5ceb929df48a23eb0f9e852b2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0479c970fc5fa15c101a7415d0c2d95dcd0621ee...efc96d20e5f83af8351acea4259a93664258fc31 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0479c970fc5fa15c101a7415d0c2d95dcd0621ee...efc96d20e5f83af8351acea4259a93664258fc31 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 8 commits: LTS: Mark CVE-2021-3809{0-4} as not-affected for stretch
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: aae67a88 by Anton Gladky at 2021-11-12T20:52:25+01:00 LTS: Mark CVE-2021-3809{0-4} as not-affected for stretch - - - - - 991955f9 by Anton Gladky at 2021-11-12T20:52:27+01:00 LTS: Mark CVE-2020-22056 as not-affected for stretch - - - - - 1af3a308 by Anton Gladky at 2021-11-12T20:52:29+01:00 LTS: Mark CVE-2020-22051 as not-affected for stretch - - - - - 6aed8f87 by Anton Gladky at 2021-11-12T20:52:31+01:00 LTS: Mark CVE-2021-22043 as ignored for stretch - - - - - 6b093797 by Anton Gladky at 2021-11-12T20:52:32+01:00 LTS: Mark CVE-2021-22042 as ignored for stretch - - - - - 7cef8505 by Anton Gladky at 2021-11-12T20:52:34+01:00 LTS: Mark CVE-2021-22040 as ignored for stretch - - - - - c837c6f0 by Anton Gladky at 2021-11-12T20:52:35+01:00 LTS: Mark CVE-2021-22039 as ignored for stretch - - - - - f459c867 by Anton Gladky at 2021-11-12T20:52:37+01:00 LTS: Mark CVE-2020-22038 as not-affected for stretch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15354,24 +15354,29 @@ CVE-2021-38095 (The REST API in Planview Spigit 4.5.3 allows remote unauthentica NOT-FOR-US: Planview Spigit CVE-2021-38094 (Integer Overflow vulnerability in function filter_sobel in libavfilter ...) - ffmpeg 7:4.3-2 (unimportant) + [stretch] - ffmpeg (vulnerable code is not present) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23 NOTE: https://trac.ffmpeg.org/ticket/8263 NOTE: Negligible security impact CVE-2021-38093 (Integer Overflow vulnerability in function filter_robert in libavfilte ...) - ffmpeg 7:4.3-2 (unimportant) + [stretch] - ffmpeg (vulnerable code is not present) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23 NOTE: https://trac.ffmpeg.org/ticket/8263 NOTE: Negligible security impact CVE-2021-38092 (Integer Overflow vulnerability in function filter_prewitt in libavfilt ...) - ffmpeg 7:4.3-2 (unimportant) + [stretch] - ffmpeg (vulnerable code is not present) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23 NOTE: https://trac.ffmpeg.org/ticket/8263 CVE-2021-38091 (Integer Overflow vulnerability in function filter16_sobel in libavfilt ...) - ffmpeg 7:4.3-2 (unimportant) + [stretch] - ffmpeg (vulnerable code is not present) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23 NOTE: https://trac.ffmpeg.org/ticket/8263 CVE-2021-38090 (Integer Overflow vulnerability in function filter16_roberts in libavfi ...) - ffmpeg 7:4.3-2 (unimportant) + [stretch] - ffmpeg (vulnerable code is not present) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23 NOTE: https://trac.ffmpeg.org/ticket/8263 CVE-2021-38089 @@ -85452,6 +85457,7 @@ CVE-2020-22057 RESERVED CVE-2020-22056 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...) - ffmpeg 7:4.3-2 (unimportant) + [stretch] - ffmpeg (vulnerable code is not present) NOTE: https://trac.ffmpeg.org/ticket/8304 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=daf2bef98ded7f8431fd04bf3324669329a923c1 NOTE: Negligible security impact @@ -85469,6 +85475,7 @@ CVE-2020-22052 RESERVED CVE-2020-22051 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...) - ffmpeg 7:4.3-2 (unimportant) + [stretch] - ffmpeg (vulnerable code is not present) NOTE: https://trac.ffmpeg.org/ticket/8313 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=673fce6d40d9a594fb7a0ea17d296b7d3d9ea856 NOTE: Negligible security impact @@ -85501,12 +85508,14 @@ CVE-2020-22044 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a NOTE: Negligible security impact CVE-2020-22043 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...) - ffmpeg 7:4.3-2 (unimportant) + [stretch] - ffmpeg (Patch is too destructive to implement it in oldstable. Minor issue) NOTE: https://trac.ffmpeg.org/ticket/8284 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=b288a7eb3d963a175e177b6219c8271076ee8590 NOTE: Negligible security impact CVE-2020-22042 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...) {DSA-4998-1} - ffmpeg 7:4.4-5 (unimportant) + [stretch] - ffmpeg (Patch can not be applied cleanly in oldstable. Minor issue) NOTE: https://trac.ffmpeg.org/ticket/8267 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h
[Git][security-tracker-team/security-tracker][master] 2 commits: LTS: unclaim ntfs-3g
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 441ca87f by Anton Gladky at 2021-11-11T21:52:43+01:00 LTS: unclaim ntfs-3g - - - - - 7de02388 by Anton Gladky at 2021-11-11T21:53:28+01:00 LTS: take samba - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -74,7 +74,7 @@ linux-4.19 (Ben Hutchings) -- mbedtls (Emilio) -- -ntfs-3g (Anton Gladky) +ntfs-3g NOTE: 20211101: too many CVEs (gladk) -- nvidia-graphics-drivers @@ -91,7 +91,7 @@ rustc (Roberto C. Sánchez) -- salt (Markus Koschany) -- -samba +samba (Anton) -- thunderbird (Emilio) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/97980ea25991203e6e44c04eb9d4ec096101b3bd...7de02388cacfdbd7ad80e2de063e39207b97bbd3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/97980ea25991203e6e44c04eb9d4ec096101b3bd...7de02388cacfdbd7ad80e2de063e39207b97bbd3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: take gerbv
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 6e90a903 by Anton Gladky at 2021-11-08T22:37:02+01:00 LTS: take gerbv - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -44,7 +44,7 @@ firmware-nonfree NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding possible "ignore" tag -- -gerbv +gerbv (Anton) NOTE: 20210711: The fix has only one-line! But... be sure that the fix will help. (Anton) NOTE: 20210711: Please take the package if you can reproduce the issue with valgrind/AddressSanitizer/Leaksanitizer (Anton) NOTE: 20210711: The simple fix will unlikely help. (Anton) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e90a903e48f529d4dbad3ad57b9e25b714ecf4d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e90a903e48f529d4dbad3ad57b9e25b714ecf4d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[SECURITY] [DLA 2812-1] botan1.10 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2812-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Anton Gladky November 08, 2021 https://wiki.debian.org/LTS - - Package: botan1.10 Version: 1.10.17-1+deb9u1 CVE ID : CVE-2017-14737 One security issue has been discovered in botan1.10: a C++ cryptography library. An attacker of a local or a cross-VM may be able to recover bits of secret exponents as used in RSA, DH, etc. with help of cache analysis. https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/wang-shuai For Debian 9 stretch, this problem has been fixed in version 1.10.17-1+deb9u1. We recommend that you upgrade your botan1.10 packages. For the detailed security status of botan1.10 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/botan1.10 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmGJlfsACgkQ0+Fzg8+n /waTvxAAmViY/mHlK+e6Bs3JwfiFbtBixUxnfnaIF+byn7QGjoWCQhcKMP/QrPiO x4KU0S/88634P5t0Kd7VtGxAPKAuS9u4U2GzbED3LNqWkE6YIsK0TqJTXGDT/Q3o dEFWp7pHuG5nAP4pPJ9xTPXZfaF0gI+/HgetPUxB026qvhl/iaveEvzyyH94Yc9J 0lZSEnyC3tymRM9/8RlvthQIVDiZENMZHvTH7Alyn+yu3VEGkRCWlY+mfPSqSHUS Qa0XNAzNEQXeYKY/1OUmNbxjHX8scy9H2rlchs/+G63lgY6oS29ZKCf2ON36gCes /zVWzPCAhy1iIr6QPDSx8zpkHp4Y4t7da98WUTW72hsrHEVGKZXI1IwD52QbQxUq y76k4fiKIcP0TcoRVyXjCFW/+0fgEI+hMHiA0tM8iuas4wTBYD9D+iuRijaBYWKB /cO73DpBvurXmLZNFBfN0PxIY8paw3ru1pZE9VA8dixauE3jIYTcwDIj5hEvkrG9 2u9qQBNnm06C9eXuu9F1jBI3HNgZX9cRyJL8/ig3J8rbBq9OrI2z2ssztXf+3Gp5 HZL5aqp0PoRxmnUasgOucbrgJEcz7W15F6mceRy6PoSeknX7xZVvB+CR0qGxBtH7 MI6NBxhB3dQUsry6gUlerBJYY6Yd+oSZk2+Ujb+8936adhW8y+E= =xXmx -END PGP SIGNATURE-
[Git][security-tracker-team/security-tracker][master] 2 commits: LTS: remove no-dsa tag for CVE-2017-14737 for stretch
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: dd92d16d by Anton Gladky at 2021-11-08T21:26:49+01:00 LTS: remove no-dsa tag for CVE-2017-14737 for stretch - - - - - 48d4da5f by Anton Gladky at 2021-11-08T21:26:50+01:00 Reserve DLA-2812-1 for botan1.10 - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -260635,7 +260635,6 @@ CVE-2017-14738 (FileRun (version 2017.09.18 and below) suffers from a remote SQL CVE-2017-14737 (A cryptographic cache-based side channel in the RSA implementation in ...) {DLA-1125-1} - botan1.10 1.10.17-0.1 (bug #877436) - [stretch] - botan1.10 (Minor issue) [jessie] - botan1.10 (Minor issue) NOTE: https://github.com/randombit/botan/issues/1222 NOTE: https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/wang-shuai = data/DLA/list = @@ -1,3 +1,6 @@ +[08 Nov 2021] DLA-2812-1 botan1.10 - security update + {CVE-2017-14737} + [stretch] - botan1.10 1.10.17-1+deb9u1 [06 Nov 2021] DLA-2811-1 sqlalchemy - security update {CVE-2019-7164 CVE-2019-7548} [stretch] - sqlalchemy 1.0.15+ds1-1+deb9u1 = data/dla-needed.txt = @@ -18,9 +18,6 @@ ansible NOTE: 20210411: after that LTS. (apo) NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/ -- -botan1.10 (Anton Gladky) - NOTE: 20211101: almost ready to be uploaded (gladk) --- ckeditor (Utkarsh) -- debian-archive-keyring View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/24ce436cf2edc2a26f4754f9da880ea795f66955...48d4da5f9966115868b5af545e4ddcab8d715f18 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/24ce436cf2edc2a26f4754f9da880ea795f66955...48d4da5f9966115868b5af545e4ddcab8d715f18 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Re: gmsh_4.8.4+ds1-2_amd64.changes REJECTED
Hi Thorsten, thanks for this information! I removed some libraries and used a packaged versions, updated d/copyright and uploaded again. Thank you Anton Am Sa., 6. Nov. 2021 um 00:00 Uhr schrieb Thorsten Alteholz : > > > Hi Anton, > > I am afraid you need to rework your debian/copyright a bit. > On a short glimpse several packages in contrib are added and should be > mentioned (for example the MPL of Eigen). > > Thanks! > Thorsten > > > > === > > Please feel free to respond to this email if you don't understand why > your files were rejected, or if you upload new files which address our > concerns. > -- debian-science-maintainers mailing list debian-science-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
[Git][security-tracker-team/security-tracker][master] LTS: add gerbv
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: b8024c66 by Anton Gladky at 2021-11-07T11:46:40+01:00 LTS: add gerbv - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -9187,6 +9187,8 @@ CVE-2021-40391 [Gerbv drill format T-code tool number out-of-bounds write vulner [bullseye] - gerbv (Minor issue) [buster] - gerbv (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1402 + NOTE: https://github.com/gerbv/gerbv/commit/9f83950b772b37b49ee188300e444546e6aab17e + NOTE: https://github.com/gerbv/gerbv/issues/30 CVE-2021-40390 RESERVED CVE-2021-40389 = data/dla-needed.txt = @@ -47,6 +47,11 @@ firmware-nonfree NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding possible "ignore" tag -- +gerbv + NOTE: 20210711: The fix has only one-line! But... be sure that the fix will help. (Anton) + NOTE: 20210711: Please take the package if you can reproduce the issue with valgrind/AddressSanitizer/Leaksanitizer (Anton) + NOTE: 20210711: The simple fix will unlikely help. (Anton) +-- gpac (Roberto C. Sánchez) NOTE: 20211101: coordinating with secteam for s-p-u since stretch/buster versions match (roberto) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8024c66e37652cf8316f9b3417dd91ec368ad45 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8024c66e37652cf8316f9b3417dd91ec368ad45 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Yade-users] New version of Yade, 2022. Release plan
Dear Yade users and developers, as always at the beginning of January we want to release a new Yade version. Release process takes some time, so please commit all your planned features till the end of the December 2021, so we can prepare tarball, test it on all supported architectures and upload it into the package archives. The version 2022.01 should go into the next Long-term-support Ubuntu Release, which is planned to be released in April 2022 and will be supported till 2027, and even with Extended Security Maintenance till 2032. Please plan your work accordingly. Thanks and best regards Anton ___ Mailing list: https://launchpad.net/~yade-users Post to : yade-users@lists.launchpad.net Unsubscribe : https://launchpad.net/~yade-users More help : https://help.launchpad.net/ListHelp
[Yade-dev] New version of Yade, 2022. Release plan
Dear Yade users and developers, as always at the beginning of January we want to release a new Yade version. Release process takes some time, so please commit all your planned features till the end of the December 2021, so we can prepare tarball, test it on all supported architectures and upload it into the package archives. The version 2022.01 should go into the next Long-term-support Ubuntu Release, which is planned to be released in April 2022 and will be supported till 2027, and even with Extended Security Maintenance till 2032. Please plan your work accordingly. Thanks and best regards Anton ___ Mailing list: https://launchpad.net/~yade-dev Post to : yade-dev@lists.launchpad.net Unsubscribe : https://launchpad.net/~yade-dev More help : https://help.launchpad.net/ListHelp
[Git][security-tracker-team/security-tracker][master] LTS: add wordpress
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: f541bd86 by Anton Gladky at 2021-11-05T19:25:28+01:00 LTS: add wordpress - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -100,3 +100,5 @@ sqlalchemy (Markus Koschany) -- thunderbird (Emilio) -- +wordpress +-- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f541bd86b2109e82dd165a5e9c2b4899b9d9047f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f541bd86b2109e82dd165a5e9c2b4899b9d9047f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: add ckeditor and assign to Utkarsh (discussed per email)
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 417435ee by Anton Gladky at 2021-11-05T19:12:46+01:00 LTS: add ckeditor and assign to Utkarsh (discussed per email) - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -21,6 +21,8 @@ ansible botan1.10 (Anton Gladky) NOTE: 20211101: almost ready to be uploaded (gladk) -- +ckeditor (Utkarsh) +-- debian-archive-keyring NOTE: https://lists.debian.org/debian-lts/2021/08/msg00037.html NOTE: 20210920: Raphael answered. will backport today. (utkarsh) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/417435ee8736d9a40b2a3596e7750250138368f6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/417435ee8736d9a40b2a3596e7750250138368f6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Bug#996204: Bug#998411: Bug#996204: transition: numerical library stack: hypre SONAME (Policy 8.1)
I have fixed gmsh. It will appear in NEW soon. Regards Anton
Bug#998411: Bug#996204: transition: numerical library stack: hypre SONAME (Policy 8.1)
I have fixed gmsh. It will appear in NEW soon. Regards Anton
Bug#996204: Bug#998411: Bug#996204: transition: numerical library stack: hypre SONAME (Policy 8.1)
I have fixed gmsh. It will appear in NEW soon. Regards Anton
Bug#998411: Bug#996204: transition: numerical library stack: hypre SONAME (Policy 8.1)
I have fixed gmsh. It will appear in NEW soon. Regards Anton -- debian-science-maintainers mailing list debian-science-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
Re: Continuing packaging effort (was: Bug#994272: RFS: opm-{common|material|grid|models|simulators|upscaling}/2021.04-1 [ITP] -- opm -- Open Porous Media Software Suite)
Hi Markus, thanks for this effort! I am also interested in this software and will review it within the next few days. Best regards Anton Am Do., 4. Nov. 2021 um 18:17 Uhr schrieb Markus Blatt : > > Hi, > > just to keep debian-science up to date (I am sorry for not CCing with the > original message to BTS and for multiple messages). > > Here is a copy of the message sent to Debian's BTS. > > We are still looking for a sponsor for the OPM packages. > > FYI: We are about to release the next upstream version 2021.10 and intend to > update the prospective Debian packages (see [0], [1] for all details). > Any comments and recommendations about the current packages are of course > welcome and we will try to incorporate them. It might of course make sense to > wait with uploading to NEW for the new release. I will report when the > packages > for the new release are available. > > What OPM is and why it should be in Debian: > > The Open Porous Media (OPM) software suite provides libraries and > tools for modeling and simulation of porous media processes, especially > for simulating CO2 sequestration and improved and enhanced oil recovery. > Its main part is a blackoil reservoir simulator with file input and output > compatible with a major commercial oil reservoir simulator. On some > cases it clearly outperforms the commercial one. Being open source it lowers > the bar for starting simulations and is used by industry, research institutes > and quite a few small consultancies. > > Looking foward to your reviews and sponsoring efforts. > > Cheers, > > Markus > > [0] https://lists.debian.org/debian-mentors/2021/09/msg00055.html > [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994272 > >
[Git][security-tracker-team/security-tracker][master] LTS: add udisks2
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: ce12f5aa by Anton Gladky at 2021-11-04T19:21:52+01:00 LTS: add udisks2 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -117,3 +117,5 @@ sqlalchemy (Markus Koschany) -- thunderbird (Emilio) -- +udisks2 +-- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce12f5aa6017995e6414045f05785c40165d010f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce12f5aa6017995e6414045f05785c40165d010f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: add mbedtls
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: d5382456 by Anton Gladky at 2021-11-03T22:47:59+01:00 LTS: add mbedtls - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -67,6 +67,8 @@ linux (Ben Hutchings) -- linux-4.19 (Ben Hutchings) -- +mbedtls +-- ntfs-3g (Anton Gladky) NOTE: 20211101: too many CVEs (gladk) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5382456a53d5d7850bbe31693fb00b0657a3339 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5382456a53d5d7850bbe31693fb00b0657a3339 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Re: Request to join
Hi, Welcome on board! Added to the salsa-group. Regards Anton Am Mi., 3. Nov. 2021 um 20:39 Uhr schrieb Jose Manuel Abuin Mosquera : > > Hello. > > My name is Jose Manuel Abuin, I am a scientific software developer and a > Debian user since a long time ago. I would like to join the group and > help in anything I can. My login in salsa is jmabuin-guest > > For more information you can take a look at my web > http://jmabuin.github.io/ or my GitHub https://github.com/jmabuin > > Cheers! > > Jose M. Abuin >
Re: Debian Math Team
I think we all have a very limited free time to work on Debian. At least it is my situation. Newcomers are looking for reviewers/uploaders, trying to reach a relatively large audience in d/science, sometimes for a very long time without success. How will it work in a smaller team? Doing some large transitions (vtk, boost, etc.) I am always very glad seeing package maintained in a d/science because it is very easy to make a tiny uploads, reaching the result very fast without filing bugs, NMUs etc. All these official bureaucratic procedures take a lot of time and at the end slow down the process. Why do we want to get a one-more team with own policy, necessity to be a member of it doing such uploads etc. It makes things harder! I have unsubscribed myself from most of the mailing lists (even from debian-devel, sorry), leaving only important ones for me to save some more time for QA-work, reviewing/sponsoring/uploading packages, fixing bugs, setting CI-pipelines for salsa-repos etc. Why do we want to spread an energy/time writing new policy, moving packages etc? My strong opinion is that new barriers (blends/teams/salsa-groups whatever) will unlikely improve the total quality and amount of Debian packages. For me it just means that I will probably need to file more NMUs, asking other people for reviews etc... It is a pain and a waste of time. Sorry. I will probably need to request membership in other teams due to some QA or release-transition work, but Regards Anton
[Git][security-tracker-team/security-tracker][master] LTS: add icinga2 and kodi
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 2d1d92e4 by Anton Gladky at 2021-11-02T22:39:54+01:00 LTS: add icinga2 and kodi - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -48,6 +48,10 @@ firmware-nonfree gpac (Roberto C. Sánchez) NOTE: 20211101: coordinating with secteam for s-p-u since stretch/buster versions match (roberto) -- +icinga2 +-- +kodi +-- libgit2 (Utkarsh) NOTE: 20211029: CVE-2018-10887/CVE-2018-10888/CVE-2018-15501 were fixed NOTE: 20211029: for jessie in DLA-1477-1 and should also be fixed in stretch View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d1d92e4830975dd2e11ae9413c8e9fc18ed240b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d1d92e4830975dd2e11ae9413c8e9fc18ed240b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: status update
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 738d7339 by Anton Gladky at 2021-11-01T20:59:57+01:00 LTS: status update - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -21,6 +21,7 @@ ansible bind9 (Markus Koschany) -- botan1.10 (Anton Gladky) + NOTE: 20211101: almost ready to be uploaded (gladk) -- debian-archive-keyring NOTE: https://lists.debian.org/debian-lts/2021/08/msg00037.html @@ -38,6 +39,7 @@ ffmpeg (Anton Gladky) NOTE: probably wait until stuff is fixed in Buster NOTE: 20211010: WIP https://salsa.debian.org/lts-team/packages/ffmpeg NOTE: ffmpeg 3.2.16 has been released + NOTE: 20211101: preparing an update (gladk) -- firefox-esr (Emilio) -- @@ -68,6 +70,7 @@ linux (Ben Hutchings) linux-4.19 (Ben Hutchings) -- ntfs-3g (Anton Gladky) + NOTE: 20211101: too many CVEs (gladk) -- nvidia-graphics-drivers NOTE: package is in non-free but also in packages-to-support View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/738d73399ed1936d2ce10e7206e37a6f038571fa -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/738d73399ed1936d2ce10e7206e37a6f038571fa You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Bug#996204: transition: numerical library stack
sundials_5.8.0 is in unstable already. Cheers Anton
Bug#996204: transition: numerical library stack
sundials_5.8.0 is in unstable already. Cheers Anton
Re: Debian Math Team
I do not see any benefits from creating a one-more team. It decreases definitely bus-factor of the package, will unlikely increase their quality and for end-users it is mostly not visible, in what team it is maintained. Sure, feel free to create it, if you want, but please do not move any existing packages from any team to a new one without prior confirmation of all uploaders. >From my point of view, we have enough really useful work in Debian which needs to be done (fixing bugs, adding autopkgtests, setting-up CI-pipelines etc.) instead of moving packages between teams. Cheers Anton
Re: Debian Math Team
Hi Doug, well, I think that it just increases a fragmentation. But it is up to you. Best regards Anton Am Fr., 29. Okt. 2021 um 22:04 Uhr schrieb Torrance, Douglas : > > During the Debian Science BoF at this year's DebConf, there was some > discussion of creating a team devoted to packaging mathematical software. > > This seemed like a pretty good idea, so I figured that I'd go ahead and > start working on getting it set up. I've already created a Salsa group [1] > and a team on the Debian Package Tracker [2]. If you're interested in > joining, then you should be able to sign up at these links. > > I figured next would be applying for a mailing list, putting together a team > policy, etc. Any thoughts? > > Doug > > [1] https://salsa.debian.org/math-team > [2] https://tracker.debian.org/teams/math/
[Git][security-tracker-team/security-tracker][master] LTS: Mark CVE-2021-40529 as ignored for stretch
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 35f58eef by Anton Gladky at 2021-10-28T20:50:13+02:00 LTS: Mark CVE-2021-40529 as ignored for stretch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6986,6 +6986,7 @@ CVE-2021-40530 (The ElGamal implementation in Crypto++ through 8.5 allows plaint CVE-2021-40529 (The ElGamal implementation in Botan through 2.18.1, as used in Thunder ...) - botan 2.18.1+dfsg-3 (bug #993840) - botan1.10 + [stretch] - botan1.10 (Affected function encrypt(...) has changed drastically. Backport is too instrusive to backport) NOTE: https://eprint.iacr.org/2021/923 NOTE: https://github.com/randombit/botan/pull/2790 NOTE: Fixed by: https://github.com/randombit/botan/commit/9a23e4e3bc3966340531f2ff608fa9d33b5185a2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35f58eef4348fa9f99a513e24033c2d2818c4910 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35f58eef4348fa9f99a513e24033c2d2818c4910 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: take botan1.10
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 50bc957b by Anton Gladky at 2021-10-27T17:05:13+02:00 LTS: take botan1.10 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -18,7 +18,7 @@ ansible NOTE: 20210411: after that LTS. (apo) NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/ -- -botan1.10 +botan1.10 (Anton Gladky) -- cron (Adrian Bunk) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50bc957ba5d6fee27badfe7b451f90a08074edbc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50bc957ba5d6fee27badfe7b451f90a08074edbc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 3 commits: LTS: ignored -> not-affected for CVE-2021-34432
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: d3c76c38 by Anton Gladky at 2021-10-26T23:32:46+02:00 LTS: ignored - not-affected for CVE-2021-34432 - - - - - f61b955a by Anton Gladky at 2021-10-26T23:32:46+02:00 Reserve DLA-2793-1 for mosquitto - - - - - b5b16186 by Anton Gladky at 2021-10-26T23:33:04+02:00 Reserve DLA-2794-1 for mosquitto - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -21413,8 +21413,8 @@ CVE-2021-34433 (In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3. NOT-FOR-US: Eclipse Californium CVE-2021-34432 (In Eclipse Mosquitto versions 2.07 and earlier, the server will crash ...) - mosquitto 2.0.8-1 - [buster] - mosquitto (Vulnerable code is not accessible in version 1.x) - [stretch] - mosquitto (Vulnerable code is not accessible in version 1.x) + [buster] - mosquitto (Vulnerable code is not accessible in version 1.x) + [stretch] - mosquitto (Vulnerable code is not accessible in version 1.x) NOTE: https://github.com/eclipse/mosquitto/commit/9b08faf0bdaf5a4f2e6e3dd1ea7e8c57f70418d6 NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=574141 CVE-2021-34431 (In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client ...) = data/DLA/list = @@ -1,3 +1,9 @@ +[26 Oct 2021] DLA-2794-1 mosquitto - security update + {CVE-2017-7655} + [stretch] - mosquitto 1.4.10-3+deb9u5 +[26 Oct 2021] DLA-2793-1 mosquitto - security update + {CVE-2017-7655} + [stretch] - mosquitto 1.4.10-3+deb9u5 [24 Oct 2021] DLA-2792-1 faad2 - security update {CVE-2018-20199 CVE-2018-20360 CVE-2019-6956 CVE-2021-32274 CVE-2021-32276 CVE-2021-32277 CVE-2021-32278} [stretch] - faad2 2.8.0~cvs20161113-1+deb9u3 = data/dla-needed.txt = @@ -55,10 +55,6 @@ linux (Ben Hutchings) -- linux-4.19 (Ben Hutchings) -- -mosquitto (Anton Gladky) - NOTE: 20210805: coordinating upload to buster before DLA for Stretch (codehelp) - NOTE: 20210806: CVE-2021-34432 ignored in buster and stretch. Vulnerable code not accessible. (codehelp) --- ntfs-3g (Anton Gladky) -- nvidia-graphics-drivers View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ad7f7810b0440e42060e6a30b108893f248bf468...b5b1618632bb2ba6e106323de5ce2722ef0ef4c9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ad7f7810b0440e42060e6a30b108893f248bf468...b5b1618632bb2ba6e106323de5ce2722ef0ef4c9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Bug#996204: transition: numerical library stack
OK, I will upload it into unstable very soon. What abou #997664? The package should go to NEW actually. Or leave it as it is for the moment? Anton Am Mo., 25. Okt. 2021 um 21:15 Uhr schrieb Drew Parsons : > > The sundials 5.8.0 test build in experimental looks successful. > Probably not worth waiting for the mipsel build, it's been slow to > build, especially for experimental. > > Drew > > > > On 2021-10-22 17:40, Anton Gladky wrote: > > Great, thanks! Will do it very shortly. > > > > Anton > > > > Sebastian Ramacher schrieb am Fr., 22. Okt. > > 2021, 14:35: > ... > >> > >> I think we are ready for the sundials upload. > >>
Bug#996204: transition: numerical library stack
OK, I will upload it into unstable very soon. What abou #997664? The package should go to NEW actually. Or leave it as it is for the moment? Anton Am Mo., 25. Okt. 2021 um 21:15 Uhr schrieb Drew Parsons : > > The sundials 5.8.0 test build in experimental looks successful. > Probably not worth waiting for the mipsel build, it's been slow to > build, especially for experimental. > > Drew > > > > On 2021-10-22 17:40, Anton Gladky wrote: > > Great, thanks! Will do it very shortly. > > > > Anton > > > > Sebastian Ramacher schrieb am Fr., 22. Okt. > > 2021, 14:35: > ... > >> > >> I think we are ready for the sundials upload. > >>
Bug#984068: marked as pending in itksnap
Control: tag -1 pending Hello, Bug #984068 in itksnap reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/med-team/itksnap/-/commit/23e6d300304fd9fff8d31984b43ed438cfc7eb17 Add upstream commit fixing the C++ version used Closes: #984068 (this message was generated automatically) -- Greetings https://bugs.debian.org/984068
[med-svn] [Git][med-team/itksnap][master] Switch to vtk9
Anton Gladky pushed to branch master at Debian Med / itksnap Commits: 76a57573 by Anton Gladky at 2021-10-24T20:43:13+02:00 Switch to vtk9 - - - - - 1 changed file: - debian/control Changes: = debian/control = @@ -7,7 +7,7 @@ Section: science Priority: optional Build-Depends: debhelper-compat (= 11), cmake, - libvtk7-dev, + libvtk9-dev, libinsighttoolkit4-dev, libgdcm-dev, imagemagick, View it on GitLab: https://salsa.debian.org/med-team/itksnap/-/commit/76a57573c1ac5f6e8f4fd5870dd665624e9f9b95 -- View it on GitLab: https://salsa.debian.org/med-team/itksnap/-/commit/76a57573c1ac5f6e8f4fd5870dd665624e9f9b95 You're receiving this email because of your account on salsa.debian.org. ___ debian-med-commit mailing list debian-med-com...@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-med-commit
[med-svn] [Git][med-team/itksnap][master] 4 commits: Add patch from Logan Rosen to fix FTBFS with glibc 2.32
Anton Gladky pushed to branch master at Debian Med / itksnap Commits: ff651a1d by Adrian Bunk at 2021-10-24T13:25:48+03:00 Add patch from Logan Rosen to fix FTBFS with glibc 2.32 Closes: #986600 - - - - - 23e6d300 by Adrian Bunk at 2021-10-24T13:30:31+03:00 Add upstream commit fixing the C++ version used Closes: #984068 - - - - - 6097ae8d by Adrian Bunk at 2021-10-24T19:35:56+03:00 Switch from vtk6 to vtk7 - - - - - 24a656b3 by Adrian Bunk at 2021-10-24T19:36:08+03:00 debian/control: Update Vcs-{Browser,Git} after the move to med-team - - - - - 5 changed files: - debian/control - + debian/patches/03_glibc_2.32.patch - + debian/patches/04_gxx.patch - + debian/patches/05_vtk7.patch - debian/patches/series Changes: = debian/control = @@ -7,7 +7,7 @@ Section: science Priority: optional Build-Depends: debhelper-compat (= 11), cmake, - libvtk6-dev, + libvtk7-dev, libinsighttoolkit4-dev, libgdcm-dev, imagemagick, @@ -18,8 +18,8 @@ Build-Depends: debhelper-compat (= 11), qttools5-private-dev, libfftw3-dev Standards-Version: 4.4.1 -Vcs-Browser: https://salsa.debian.org/neurodebian-team/itksnap -Vcs-Git: https://salsa.debian.org/neurodebian-team/itksnap.git +Vcs-Browser: https://salsa.debian.org/med-team/itksnap +Vcs-Git: https://salsa.debian.org/med-team/itksnap.git Homepage: http://www.itksnap.org Package: itksnap = debian/patches/03_glibc_2.32.patch = @@ -0,0 +1,11 @@ +--- a/GUI/Qt/main.cxx b/GUI/Qt/main.cxx +@@ -56,7 +56,7 @@ + void SegmentationFaultHandler(int sig) + { + cerr << "*" << endl; +- cerr << "ITK-SNAP: " << sys_siglist[sig] << endl; ++ cerr << "ITK-SNAP: " << strsignal(sig) << endl; + cerr << "BACKTRACE: " << endl; + void *array[50]; + int nsize = backtrace(array, 50); = debian/patches/04_gxx.patch = @@ -0,0 +1,26 @@ +From 2ef9ed48a352acf0c0436a24c5ef56f947340d8e Mon Sep 17 00:00:00 2001 +From: JLasserv <56830768+jlass...@users.noreply.github.com> +Date: Mon, 2 Mar 2020 10:08:01 -0500 +Subject: Update CMakeLists.txt + +C++ 11 required +--- + CMakeLists.txt | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 993ae91d..492a74c9 100644 +--- a/CMakeLists.txt b/CMakeLists.txt +@@ -11,6 +11,8 @@ MESSAGE(STATUS "ITK-SNAP Git Info:") + # CMAKE PRELIMINARIES + # + cmake_minimum_required(VERSION 2.8.12) ++set(CMAKE_CXX_STANDARD 11) ++set(CMAKE_CXX_STANDARD_REQUIRED ON) + + IF(POLICY CMP0026) + cmake_policy(SET CMP0026 OLD) +-- +2.20.1 + = debian/patches/05_vtk7.patch = @@ -0,0 +1,26 @@ +From b9de837844d89c8326c7d047820c033f5cbe8668 Mon Sep 17 00:00:00 2001 +From: Adrian Bunk +Date: Sun, 24 Oct 2021 19:34:15 +0300 +Subject: Correct the return type of + IntensityCurveControlPointsContextItem::GetControlPointsMTime() for vtk7 + +--- + GUI/Renderer/IntensityCurveVTKRenderer.cxx | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/GUI/Renderer/IntensityCurveVTKRenderer.cxx b/GUI/Renderer/IntensityCurveVTKRenderer.cxx +index 679adb1..7acb3fa 100644 +--- a/GUI/Renderer/IntensityCurveVTKRenderer.cxx b/GUI/Renderer/IntensityCurveVTKRenderer.cxx +@@ -339,7 +339,7 @@ public: + else return false; + } + +- virtual unsigned long int GetControlPointsMTime() ++ virtual vtkMTimeType GetControlPointsMTime() + { + // TODO: figure this out! + return this->GetMTime(); +-- +2.20.1 + = debian/patches/series = @@ -1,3 +1,6 @@ 01_add_required_vtklibraries_and_gdcm.patch 02_check_sse.patch +03_glibc_2.32.patch +04_gxx.patch +05_vtk7.patch View it on GitLab: https://salsa.debian.org/med-team/itksnap/-/compare/4da5b788a97e54e31e30467872238cf2e62cfe43...24a656b357b24de6a4c650b55174cf138bd719f3 -- View it on GitLab: https://salsa.debian.org/med-team/itksnap/-/compare/4da5b788a97e54e31e30467872238cf2e62cfe43...24a656b357b24de6a4c650b55174cf138bd719f3 You're receiving this email because of your account on salsa.debian.org. ___ debian-med-commit mailing list debian-med-com...@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-med-commit
Bug#997664: sundials: apparent ABI bumps in sundials5 library packages
Hi Drew, Thanks for the catch! yes, library splitting is somehow strange in this package. We should probably split it in much more sublibs to escape such situations in the future. Regards Anton Drew Parsons schrieb am So., 24. Okt. 2021, 02:18: > Source: sundials > Version: 5.7.0+dfsg-1 > Severity: normal > > Unless I misunderstood the package naming system for sundials, looks > like there was an ABI bump in sublibraries when sundials upgraded from > v4 to v5. > > It can be seen in 5.7.0+dfsg-1, so it's not a side-effect of the the new > 5.8.0 build (hence no need to block 5.8.0 with severity Serious). > > The apparently upgraded libraries are > > arkode3 -> arkode4 (libsundials_arkode.so.4) > cvode[s]4 -> cvodes5 (libsundials_cvode[s].so.5 ) > ida[s]4 -> ida5 (libsundials_ida[s].so.5) > kinsol4 -> kinsol5 (libsundials_kinsol.so.5) > nvecserial4 -> nvecserial5 (libsundials_nvecserial.so.5) > sunmatrix2 -> sunmatrix3 (libsundials_sunmatrixband.so.3 etc) > sunlinsol2 -> sunlinsol3 (libsundials_fsunlinsolband.so.3 etc, and > other anomalies) > > nvecparallel-XX4 -> nvecparallel-XX5 (libsundials_nvecXX.so.5) > (XX = pthread, petsc, openmp, mpi, hypre) > > -- > debian-science-maintainers mailing list > debian-science-maintain...@alioth-lists.debian.net > > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers >
Bug#997664: sundials: apparent ABI bumps in sundials5 library packages
Hi Drew, Thanks for the catch! yes, library splitting is somehow strange in this package. We should probably split it in much more sublibs to escape such situations in the future. Regards Anton Drew Parsons schrieb am So., 24. Okt. 2021, 02:18: > Source: sundials > Version: 5.7.0+dfsg-1 > Severity: normal > > Unless I misunderstood the package naming system for sundials, looks > like there was an ABI bump in sublibraries when sundials upgraded from > v4 to v5. > > It can be seen in 5.7.0+dfsg-1, so it's not a side-effect of the the new > 5.8.0 build (hence no need to block 5.8.0 with severity Serious). > > The apparently upgraded libraries are > > arkode3 -> arkode4 (libsundials_arkode.so.4) > cvode[s]4 -> cvodes5 (libsundials_cvode[s].so.5 ) > ida[s]4 -> ida5 (libsundials_ida[s].so.5) > kinsol4 -> kinsol5 (libsundials_kinsol.so.5) > nvecserial4 -> nvecserial5 (libsundials_nvecserial.so.5) > sunmatrix2 -> sunmatrix3 (libsundials_sunmatrixband.so.3 etc) > sunlinsol2 -> sunlinsol3 (libsundials_fsunlinsolband.so.3 etc, and > other anomalies) > > nvecparallel-XX4 -> nvecparallel-XX5 (libsundials_nvecXX.so.5) > (XX = pthread, petsc, openmp, mpi, hypre) > > -- > debian-science-maintainers mailing list > debian-science-maintainers@alioth-lists.debian.net > > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers > -- debian-science-maintainers mailing list debian-science-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
Re: [Yade-users] [Question #699190]: Problem Install Yade Daily
Question #699190 on Yade changed: https://answers.launchpad.net/yade/+question/699190 Status: Open => Answered Anton Gladky proposed the following answer: We are supporting only LTS-Ubuntu versions. 21.04 is not a LTS version, thus is not supported. See the list of suported versions here [1]. [1] https://yade-dem.org/doc/installation.html#packages Best regards Anton -- You received this question notification because your team yade-users is an answer contact for Yade. ___ Mailing list: https://launchpad.net/~yade-users Post to : yade-users@lists.launchpad.net Unsubscribe : https://launchpad.net/~yade-users More help : https://help.launchpad.net/ListHelp
Re: [Yade-users] [Question #699190]: Problem Install Yade Daily
Question #699190 on Yade changed: https://answers.launchpad.net/yade/+question/699190 Status: Open => Answered Anton Gladky proposed the following answer: What is your operating system? What version? Anton Am Fr., 22. Okt. 2021 um 18:01 Uhr schrieb Chiara Gigoli : > > A question was asked in a language (Italian) spoken by > none of the registered Yade answer contacts. > > https://answers.launchpad.net/yade/+question/699190 > > Hi, > First of all, excuse me for my english. I'm new on Linux and on Yade. > I have some problems installing Yade daily. Some weeks ago I installed Yade > and it works. > In my university recommended to install yadedaily, because we are only users > of the software, so I want to follow their suggestion. So I remove Yade and > tried to install yadedaily. > I followed instruction in https://yade-dem.org/doc/installation.html > But when I arrived at step > Add the PGP-key AA915EEB as trusted and install yadedaily > there is a warning: > Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead > (see apt-key(8)). > If I ignore this warning and go over, terminal restitutes that to me: > Alcuni pacchetti non possono essere installati. Questo può voler dire > che è stata richiesta una situazione impossibile oppure, se si sta > usando una distribuzione in sviluppo, che alcuni pacchetti richiesti > non sono ancora stati creati o sono stati rimossi da Incoming. > Le seguenti informazioni possono aiutare a risolvere la situazione: > > I seguenti pacchetti hanno dipendenze non soddisfatte: > libyadedaily : Dipende: libboost-python1.71.0-py38 ma non è installabile > Dipende: libboost-regex1.71.0-icu66 ma non è installabile > Dipende: libpython3.8 (>= 3.8.2) ma non è installabile > python3-yadedaily : Dipende: libboost-python1.71.0-py38 ma non è installabile > Dipende: libboost-regex1.71.0-icu66 ma non è installabile > Dipende: libpython3.8 (>= 3.8.2) ma non è installabile > E: Impossibile correggere i problemi, ci sono pacchetti danneggiati bloccati. > > (it's in italian, but maybe that's pretty clear the meaning). > I search here and online in general if somone else had the same problem, but > I didn't find anyone, so I think that post this question could be helpful for > other users. > Thank you in advance for the help, and sorry again (maybe it's a banal > problem). > Chiara > > -- > You received this question notification because your team yade-users is > an answer contact for Yade. > > ___ > Mailing list: https://launchpad.net/~yade-users > Post to : yade-users@lists.launchpad.net > Unsubscribe : https://launchpad.net/~yade-users > More help : https://help.launchpad.net/ListHelp -- You received this question notification because your team yade-users is an answer contact for Yade. ___ Mailing list: https://launchpad.net/~yade-users Post to : yade-users@lists.launchpad.net Unsubscribe : https://launchpad.net/~yade-users More help : https://help.launchpad.net/ListHelp
[med-svn] [Git][med-team/itksnap][master] Update gitlab-ci
Anton Gladky pushed to branch master at Debian Med / itksnap Commits: 4da5b788 by Anton Gladky at 2021-10-22T18:49:17+02:00 Update gitlab-ci - - - - - 1 changed file: - debian/.gitlab-ci.yml Changes: = debian/.gitlab-ci.yml = @@ -1,16 +1,3 @@ -image: debian:sid - -build: - stage: build - - before_script: -- apt-get update && apt-get -y install devscripts git-buildpackage -# - apt-get -t experimental libinsighttoolkit4-dev -- mk-build-deps --tool "apt -y -o Debug::pkgProblemResolver=yes --no-install-recommends" --install -r debian/control - script: -- git checkout pristine-tar -- git pull -- git checkout master -- git pull -- gbp buildpackage -uc -us - +--- +include: + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml View it on GitLab: https://salsa.debian.org/med-team/itksnap/-/commit/4da5b788a97e54e31e30467872238cf2e62cfe43 -- View it on GitLab: https://salsa.debian.org/med-team/itksnap/-/commit/4da5b788a97e54e31e30467872238cf2e62cfe43 You're receiving this email because of your account on salsa.debian.org. ___ debian-med-commit mailing list debian-med-com...@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-med-commit
Bug#996204: transition: numerical library stack
Great, thanks! Will do it very shortly. Anton Sebastian Ramacher schrieb am Fr., 22. Okt. 2021, 14:35: > Hi Anton > > On 2021-10-12 13:09:02, Drew Parsons wrote: > > Package: release.debian.org > > Severity: normal > > User: release.debian@packages.debian.org > > Usertags: transition > > X-Debbugs-Cc: debian-scie...@lists.debian.org, Anton Gladky < > gl...@debian.org> > > > > I'd like to proceed with a transition of the numerical library stack. > > This involves > > > > superlu 5.2.2+dfsg1 -> 5.3.0+dfsg1 (both libsuperlu5 so not > really a transition) > > superlu-dist libsuperlu-dist6 -> libsuperlu-dist7 > > hypre 2.18.2 -> 2.22.1 (internal within libhypre-dev) > > mumps libmumps-5.3 -> libmumps-5.4 > > scotch6.1.0 -> 6.1.1 (both libscotch-6.1 so not a transition) > > petsc libpetsc-.*3.14 -> libpetsc-.*3.15 > > slepc libslepc-.*3.14 -> libslepc-.*3.15 > > (together with petsc4py, slepc4py) > > > > Header packages libxtensor-dev, libxtensor-blas-dev will also be > > upgraded (xtl-dev 0.7.2 already got uploaded to unstable). > > > > fenics-dolfinx will upgrade > > libdolfinx-.*2019.2 -> libdolfinx-.*0.3 > > (along with other fenics components). There is currently some problem > > with fenics-dolfinx 1:0.3.0-4 on 32-bit arches i386, armel, armhf. > > I'll skip the demo_poisson_mpi tests for them if necessary. > > > > sundials 5.7.0 is incompatible with hypre 2.22, Anton Gladky (cc:d) will > > upgrade to sundials 5.8.0. > > I think we are ready for the sundials upload. > > Cheers > > > > > openmpi/mpi4py/h5py have recently migrated to testing so shouldn't give > > any particular trouble (apart from the known 32-bit dolfinx problem) > > > > auto transitions are already in place: > > > > https://release.debian.org/transitions/html/auto-superlu-dist.html > > https://release.debian.org/transitions/html/auto-mumps.html > > https://release.debian.org/transitions/html/auto-petsc.html > > https://release.debian.org/transitions/html/auto-slepc.html > > > > > > Ben file: > > > > title = "numerical library stack"; > > is_affected = .depends ~ "libpetsc-.*3.14" | .depends ~ > "libpetsc-.*3.15"; > > is_good = .depends ~ "libpetsc-.*3.15"; > > is_bad = .depends ~ "libpetsc-.*3.14"; > > > > -- > Sebastian Ramacher >
Bug#996204: transition: numerical library stack
Great, thanks! Will do it very shortly. Anton Sebastian Ramacher schrieb am Fr., 22. Okt. 2021, 14:35: > Hi Anton > > On 2021-10-12 13:09:02, Drew Parsons wrote: > > Package: release.debian.org > > Severity: normal > > User: release.debian@packages.debian.org > > Usertags: transition > > X-Debbugs-Cc: debian-scie...@lists.debian.org, Anton Gladky < > gl...@debian.org> > > > > I'd like to proceed with a transition of the numerical library stack. > > This involves > > > > superlu 5.2.2+dfsg1 -> 5.3.0+dfsg1 (both libsuperlu5 so not > really a transition) > > superlu-dist libsuperlu-dist6 -> libsuperlu-dist7 > > hypre 2.18.2 -> 2.22.1 (internal within libhypre-dev) > > mumps libmumps-5.3 -> libmumps-5.4 > > scotch6.1.0 -> 6.1.1 (both libscotch-6.1 so not a transition) > > petsc libpetsc-.*3.14 -> libpetsc-.*3.15 > > slepc libslepc-.*3.14 -> libslepc-.*3.15 > > (together with petsc4py, slepc4py) > > > > Header packages libxtensor-dev, libxtensor-blas-dev will also be > > upgraded (xtl-dev 0.7.2 already got uploaded to unstable). > > > > fenics-dolfinx will upgrade > > libdolfinx-.*2019.2 -> libdolfinx-.*0.3 > > (along with other fenics components). There is currently some problem > > with fenics-dolfinx 1:0.3.0-4 on 32-bit arches i386, armel, armhf. > > I'll skip the demo_poisson_mpi tests for them if necessary. > > > > sundials 5.7.0 is incompatible with hypre 2.22, Anton Gladky (cc:d) will > > upgrade to sundials 5.8.0. > > I think we are ready for the sundials upload. > > Cheers > > > > > openmpi/mpi4py/h5py have recently migrated to testing so shouldn't give > > any particular trouble (apart from the known 32-bit dolfinx problem) > > > > auto transitions are already in place: > > > > https://release.debian.org/transitions/html/auto-superlu-dist.html > > https://release.debian.org/transitions/html/auto-mumps.html > > https://release.debian.org/transitions/html/auto-petsc.html > > https://release.debian.org/transitions/html/auto-slepc.html > > > > > > Ben file: > > > > title = "numerical library stack"; > > is_affected = .depends ~ "libpetsc-.*3.14" | .depends ~ > "libpetsc-.*3.15"; > > is_good = .depends ~ "libpetsc-.*3.15"; > > is_bad = .depends ~ "libpetsc-.*3.14"; > > > > -- > Sebastian Ramacher >
Bug#996976: vtk6: Remove vtk6 from the Debian 12
Source: vtk6 Severity: serious vtk has now 3 versions in archive: vtk6, vtk7 and vtk9. Intention is to remove older unsupported versions in favour of cyrrent vtk9.
Bug#996976: vtk6: Remove vtk6 from the Debian 12
Source: vtk6 Severity: serious vtk has now 3 versions in archive: vtk6, vtk7 and vtk9. Intention is to remove older unsupported versions in favour of cyrrent vtk9.
Bug#996976: vtk6: Remove vtk6 from the Debian 12
Source: vtk6 Severity: serious vtk has now 3 versions in archive: vtk6, vtk7 and vtk9. Intention is to remove older unsupported versions in favour of cyrrent vtk9. -- debian-science-maintainers mailing list debian-science-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
Bug#996695: buster-pu: package plib/plib_1.8.5-8+deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu Anton Gladky Anhänge15:17 (vor 1 Minute) an Debian; Bcc: gladk Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu Dear release team, the plib versioned 1.8.5-8+deb10u1 is prepared for the bullseye next stable release. [ Reason ] This upload fixes a security issue CVE-2021-38714. [ Impact ] It should not have any impact on end users. [ Tests ] Salsa-ci is employed to check main package characteristics https://salsa.debian.org/debian/plib/-/pipelines/303704 [ Risks ] No risks are known. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] See attached diff. Sanitized values check is implemented. Best regards Anton diff -Nru plib-1.8.5/debian/changelog plib-1.8.5/debian/changelog --- plib-1.8.5/debian/changelog 2017-07-24 21:24:48.0 +0200 +++ plib-1.8.5/debian/changelog 2021-10-17 14:56:13.0 +0200 @@ -1,3 +1,10 @@ +plib (1.8.5-8+deb10u1) buster; urgency=medium + + * Prevent integer overflow in ssgLoadTGA() function. CVE-2021-38714 +(Closes: #992973) + + -- Anton Gladky Sun, 17 Oct 2021 14:56:13 +0200 + plib (1.8.5-8) unstable; urgency=medium * QA upload. diff -Nru plib-1.8.5/debian/.gitlab-ci.yml plib-1.8.5/debian/.gitlab-ci.yml --- plib-1.8.5/debian/.gitlab-ci.yml1970-01-01 01:00:00.0 +0100 +++ plib-1.8.5/debian/.gitlab-ci.yml2021-10-17 14:56:13.0 +0200 @@ -0,0 +1,7 @@ +include: + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml + +variables: + RELEASE: 'buster' + SALSA_CI_COMPONENTS: 'main contrib non-free' + SALSA_CI_DISABLE_REPROTEST: 1 diff -Nru plib-1.8.5/debian/patches/08_CVE-2021-38714.patch plib-1.8.5/debian/patches/08_CVE-2021-38714.patch --- plib-1.8.5/debian/patches/08_CVE-2021-38714.patch 1970-01-01 01:00:00.0 +0100 +++ plib-1.8.5/debian/patches/08_CVE-2021-38714.patch 2021-10-10 15:14:22.0 +0200 @@ -0,0 +1,64 @@ +Description: Prevent integer overflow in ssgLoadTGA() function. CVE-2021-38714 +Author: Anton Gladky +Bug-Debian: https://bugs.debian.org/992973 +Last-Update: 2021-10-02 + +Index: plib/src/ssg/ssgLoadTGA.cxx +=== +--- plib.orig/src/ssg/ssgLoadTGA.cxx plib/src/ssg/ssgLoadTGA.cxx +@@ -23,6 +23,7 @@ + + + #include "ssgLocal.h" ++#include + + #ifdef SSG_LOAD_TGA_SUPPORTED + +@@ -103,9 +104,9 @@ bool ssgLoadTGA ( const char *fname, ssg + + // image info + int type = header[2]; +-int xsize = get16u(header + 12); +-int ysize = get16u(header + 14); +-int bits = header[16]; ++unsigned int xsize = get16u(header + 12); ++unsigned int ysize = get16u(header + 14); ++unsigned int bits = header[16]; + + /* image types: + * +@@ -169,9 +170,32 @@ bool ssgLoadTGA ( const char *fname, ssg + } + + ++const auto bytes_to_allocate = (bits / 8) * xsize * ysize; ++ ++ulSetError( UL_DEBUG, "bytes_to_allocate=%ld xsize = %ld, ysize = %ld, %ld == %ld ", bytes_to_allocate, xsize, ysize, bytes_to_allocate / xsize, (ysize * (bits / 8))); ++ ++if (xsize != 0 && ((ysize * (bits / 8)) != bytes_to_allocate / xsize)) ++{ ++ ulSetError( UL_WARNING, "Integer overflow in image size: xsize = %d, ysize = %d", xsize, ysize); ++ return false; ++} ++else ++{ ++ulSetError( UL_DEBUG, "ssgLoadTGA: Allocating %ld bytes for the size %d x %d", bytes_to_allocate, xsize, ysize ); ++} ++ + // read image data + +-GLubyte *image = new GLubyte [ (bits / 8) * xsize * ysize ]; ++GLubyte *image; ++try ++{ ++image = new GLubyte [ bytes_to_allocate ]; ++} ++catch (const std::bad_alloc&) ++{ ++ulSetError( UL_WARNING, "ssgLoadTGA: Allocation of %d bytes failed!", bytes_to_allocate); ++ return false; ++} + + if ((type & 8) != 0) + { diff -Nru plib-1.8.5/debian/patches/series plib-1.8.5/debian/patches/series --- plib-1.8.5/debian/patches/series2017-07-24 20:11:17.0 +0200 +++ plib-1.8.5/debian/patches/series2021-10-02 13:24:19.0 +0200 @@ -6,3 +6,4 @@ 06_spelling_errors.diff 05_CVE-2012-4552.diff 07_dont_break_joystick_system_calibration.diff +08_CVE-2021-38714.patch
Bug#996694: bullseye-pu: package plib/1.8.5-8+deb11u1
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu Dear release team, the plib versioned 1.8.5-8+deb10u1 is prepared for the bullseye next stable release. [ Reason ] This upload fixes a security issue CVE-2021-38714. [ Impact ] It should not have any impact on end users. [ Tests ] Salsa-ci is employed to check main package characteristics https://salsa.debian.org/debian/plib/-/pipelines/303701 [ Risks ] No risks are known. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] See attached diff. Sanitized values check is implemented. Best regards Anton diff -Nru plib-1.8.5/debian/changelog plib-1.8.5/debian/changelog --- plib-1.8.5/debian/changelog 2017-07-24 21:24:48.0 +0200 +++ plib-1.8.5/debian/changelog 2021-10-17 14:56:13.0 +0200 @@ -1,3 +1,10 @@ +plib (1.8.5-8+deb11u1) bullseye; urgency=medium + + * Prevent integer overflow in ssgLoadTGA() function. CVE-2021-38714 +(Closes: #992973) + + -- Anton Gladky Sun, 17 Oct 2021 14:56:13 +0200 + plib (1.8.5-8) unstable; urgency=medium * QA upload. diff -Nru plib-1.8.5/debian/.gitlab-ci.yml plib-1.8.5/debian/.gitlab-ci.yml --- plib-1.8.5/debian/.gitlab-ci.yml1970-01-01 01:00:00.0 +0100 +++ plib-1.8.5/debian/.gitlab-ci.yml2021-10-17 14:56:13.0 +0200 @@ -0,0 +1,7 @@ +include: + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml + +variables: + RELEASE: 'bullseye' + SALSA_CI_COMPONENTS: 'main contrib non-free' + SALSA_CI_DISABLE_REPROTEST: 1 diff -Nru plib-1.8.5/debian/patches/08_CVE-2021-38714.patch plib-1.8.5/debian/patches/08_CVE-2021-38714.patch --- plib-1.8.5/debian/patches/08_CVE-2021-38714.patch 1970-01-01 01:00:00.0 +0100 +++ plib-1.8.5/debian/patches/08_CVE-2021-38714.patch 2021-10-10 15:14:22.0 +0200 @@ -0,0 +1,64 @@ +Description: Prevent integer overflow in ssgLoadTGA() function. CVE-2021-38714 +Author: Anton Gladky +Bug-Debian: https://bugs.debian.org/992973 +Last-Update: 2021-10-02 + +Index: plib/src/ssg/ssgLoadTGA.cxx +=== +--- plib.orig/src/ssg/ssgLoadTGA.cxx plib/src/ssg/ssgLoadTGA.cxx +@@ -23,6 +23,7 @@ + + + #include "ssgLocal.h" ++#include + + #ifdef SSG_LOAD_TGA_SUPPORTED + +@@ -103,9 +104,9 @@ bool ssgLoadTGA ( const char *fname, ssg + + // image info + int type = header[2]; +-int xsize = get16u(header + 12); +-int ysize = get16u(header + 14); +-int bits = header[16]; ++unsigned int xsize = get16u(header + 12); ++unsigned int ysize = get16u(header + 14); ++unsigned int bits = header[16]; + + /* image types: + * +@@ -169,9 +170,32 @@ bool ssgLoadTGA ( const char *fname, ssg + } + + ++const auto bytes_to_allocate = (bits / 8) * xsize * ysize; ++ ++ulSetError( UL_DEBUG, "bytes_to_allocate=%ld xsize = %ld, ysize = %ld, %ld == %ld ", bytes_to_allocate, xsize, ysize, bytes_to_allocate / xsize, (ysize * (bits / 8))); ++ ++if (xsize != 0 && ((ysize * (bits / 8)) != bytes_to_allocate / xsize)) ++{ ++ ulSetError( UL_WARNING, "Integer overflow in image size: xsize = %d, ysize = %d", xsize, ysize); ++ return false; ++} ++else ++{ ++ulSetError( UL_DEBUG, "ssgLoadTGA: Allocating %ld bytes for the size %d x %d", bytes_to_allocate, xsize, ysize ); ++} ++ + // read image data + +-GLubyte *image = new GLubyte [ (bits / 8) * xsize * ysize ]; ++GLubyte *image; ++try ++{ ++image = new GLubyte [ bytes_to_allocate ]; ++} ++catch (const std::bad_alloc&) ++{ ++ulSetError( UL_WARNING, "ssgLoadTGA: Allocation of %d bytes failed!", bytes_to_allocate); ++ return false; ++} + + if ((type & 8) != 0) + { diff -Nru plib-1.8.5/debian/patches/series plib-1.8.5/debian/patches/series --- plib-1.8.5/debian/patches/series2017-07-24 20:11:17.0 +0200 +++ plib-1.8.5/debian/patches/series2021-10-02 13:24:19.0 +0200 @@ -6,3 +6,4 @@ 06_spelling_errors.diff 05_CVE-2012-4552.diff 07_dont_break_joystick_system_calibration.diff +08_CVE-2021-38714.patch
Bug#996695: buster-pu: package plib/plib_1.8.5-8+deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu Anton Gladky Anhänge15:17 (vor 1 Minute) an Debian; Bcc: gladk Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu Dear release team, the plib versioned 1.8.5-8+deb10u1 is prepared for the bullseye next stable release. [ Reason ] This upload fixes a security issue CVE-2021-38714. [ Impact ] It should not have any impact on end users. [ Tests ] Salsa-ci is employed to check main package characteristics https://salsa.debian.org/debian/plib/-/pipelines/303704 [ Risks ] No risks are known. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] See attached diff. Sanitized values check is implemented. Best regards Anton diff -Nru plib-1.8.5/debian/changelog plib-1.8.5/debian/changelog --- plib-1.8.5/debian/changelog 2017-07-24 21:24:48.0 +0200 +++ plib-1.8.5/debian/changelog 2021-10-17 14:56:13.0 +0200 @@ -1,3 +1,10 @@ +plib (1.8.5-8+deb10u1) buster; urgency=medium + + * Prevent integer overflow in ssgLoadTGA() function. CVE-2021-38714 +(Closes: #992973) + + -- Anton Gladky Sun, 17 Oct 2021 14:56:13 +0200 + plib (1.8.5-8) unstable; urgency=medium * QA upload. diff -Nru plib-1.8.5/debian/.gitlab-ci.yml plib-1.8.5/debian/.gitlab-ci.yml --- plib-1.8.5/debian/.gitlab-ci.yml1970-01-01 01:00:00.0 +0100 +++ plib-1.8.5/debian/.gitlab-ci.yml2021-10-17 14:56:13.0 +0200 @@ -0,0 +1,7 @@ +include: + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml + +variables: + RELEASE: 'buster' + SALSA_CI_COMPONENTS: 'main contrib non-free' + SALSA_CI_DISABLE_REPROTEST: 1 diff -Nru plib-1.8.5/debian/patches/08_CVE-2021-38714.patch plib-1.8.5/debian/patches/08_CVE-2021-38714.patch --- plib-1.8.5/debian/patches/08_CVE-2021-38714.patch 1970-01-01 01:00:00.0 +0100 +++ plib-1.8.5/debian/patches/08_CVE-2021-38714.patch 2021-10-10 15:14:22.0 +0200 @@ -0,0 +1,64 @@ +Description: Prevent integer overflow in ssgLoadTGA() function. CVE-2021-38714 +Author: Anton Gladky +Bug-Debian: https://bugs.debian.org/992973 +Last-Update: 2021-10-02 + +Index: plib/src/ssg/ssgLoadTGA.cxx +=== +--- plib.orig/src/ssg/ssgLoadTGA.cxx plib/src/ssg/ssgLoadTGA.cxx +@@ -23,6 +23,7 @@ + + + #include "ssgLocal.h" ++#include + + #ifdef SSG_LOAD_TGA_SUPPORTED + +@@ -103,9 +104,9 @@ bool ssgLoadTGA ( const char *fname, ssg + + // image info + int type = header[2]; +-int xsize = get16u(header + 12); +-int ysize = get16u(header + 14); +-int bits = header[16]; ++unsigned int xsize = get16u(header + 12); ++unsigned int ysize = get16u(header + 14); ++unsigned int bits = header[16]; + + /* image types: + * +@@ -169,9 +170,32 @@ bool ssgLoadTGA ( const char *fname, ssg + } + + ++const auto bytes_to_allocate = (bits / 8) * xsize * ysize; ++ ++ulSetError( UL_DEBUG, "bytes_to_allocate=%ld xsize = %ld, ysize = %ld, %ld == %ld ", bytes_to_allocate, xsize, ysize, bytes_to_allocate / xsize, (ysize * (bits / 8))); ++ ++if (xsize != 0 && ((ysize * (bits / 8)) != bytes_to_allocate / xsize)) ++{ ++ ulSetError( UL_WARNING, "Integer overflow in image size: xsize = %d, ysize = %d", xsize, ysize); ++ return false; ++} ++else ++{ ++ulSetError( UL_DEBUG, "ssgLoadTGA: Allocating %ld bytes for the size %d x %d", bytes_to_allocate, xsize, ysize ); ++} ++ + // read image data + +-GLubyte *image = new GLubyte [ (bits / 8) * xsize * ysize ]; ++GLubyte *image; ++try ++{ ++image = new GLubyte [ bytes_to_allocate ]; ++} ++catch (const std::bad_alloc&) ++{ ++ulSetError( UL_WARNING, "ssgLoadTGA: Allocation of %d bytes failed!", bytes_to_allocate); ++ return false; ++} + + if ((type & 8) != 0) + { diff -Nru plib-1.8.5/debian/patches/series plib-1.8.5/debian/patches/series --- plib-1.8.5/debian/patches/series2017-07-24 20:11:17.0 +0200 +++ plib-1.8.5/debian/patches/series2021-10-02 13:24:19.0 +0200 @@ -6,3 +6,4 @@ 06_spelling_errors.diff 05_CVE-2012-4552.diff 07_dont_break_joystick_system_calibration.diff +08_CVE-2021-38714.patch
Bug#996694: bullseye-pu: package plib/1.8.5-8+deb11u1
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu Dear release team, the plib versioned 1.8.5-8+deb10u1 is prepared for the bullseye next stable release. [ Reason ] This upload fixes a security issue CVE-2021-38714. [ Impact ] It should not have any impact on end users. [ Tests ] Salsa-ci is employed to check main package characteristics https://salsa.debian.org/debian/plib/-/pipelines/303701 [ Risks ] No risks are known. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] See attached diff. Sanitized values check is implemented. Best regards Anton diff -Nru plib-1.8.5/debian/changelog plib-1.8.5/debian/changelog --- plib-1.8.5/debian/changelog 2017-07-24 21:24:48.0 +0200 +++ plib-1.8.5/debian/changelog 2021-10-17 14:56:13.0 +0200 @@ -1,3 +1,10 @@ +plib (1.8.5-8+deb11u1) bullseye; urgency=medium + + * Prevent integer overflow in ssgLoadTGA() function. CVE-2021-38714 +(Closes: #992973) + + -- Anton Gladky Sun, 17 Oct 2021 14:56:13 +0200 + plib (1.8.5-8) unstable; urgency=medium * QA upload. diff -Nru plib-1.8.5/debian/.gitlab-ci.yml plib-1.8.5/debian/.gitlab-ci.yml --- plib-1.8.5/debian/.gitlab-ci.yml1970-01-01 01:00:00.0 +0100 +++ plib-1.8.5/debian/.gitlab-ci.yml2021-10-17 14:56:13.0 +0200 @@ -0,0 +1,7 @@ +include: + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml + +variables: + RELEASE: 'bullseye' + SALSA_CI_COMPONENTS: 'main contrib non-free' + SALSA_CI_DISABLE_REPROTEST: 1 diff -Nru plib-1.8.5/debian/patches/08_CVE-2021-38714.patch plib-1.8.5/debian/patches/08_CVE-2021-38714.patch --- plib-1.8.5/debian/patches/08_CVE-2021-38714.patch 1970-01-01 01:00:00.0 +0100 +++ plib-1.8.5/debian/patches/08_CVE-2021-38714.patch 2021-10-10 15:14:22.0 +0200 @@ -0,0 +1,64 @@ +Description: Prevent integer overflow in ssgLoadTGA() function. CVE-2021-38714 +Author: Anton Gladky +Bug-Debian: https://bugs.debian.org/992973 +Last-Update: 2021-10-02 + +Index: plib/src/ssg/ssgLoadTGA.cxx +=== +--- plib.orig/src/ssg/ssgLoadTGA.cxx plib/src/ssg/ssgLoadTGA.cxx +@@ -23,6 +23,7 @@ + + + #include "ssgLocal.h" ++#include + + #ifdef SSG_LOAD_TGA_SUPPORTED + +@@ -103,9 +104,9 @@ bool ssgLoadTGA ( const char *fname, ssg + + // image info + int type = header[2]; +-int xsize = get16u(header + 12); +-int ysize = get16u(header + 14); +-int bits = header[16]; ++unsigned int xsize = get16u(header + 12); ++unsigned int ysize = get16u(header + 14); ++unsigned int bits = header[16]; + + /* image types: + * +@@ -169,9 +170,32 @@ bool ssgLoadTGA ( const char *fname, ssg + } + + ++const auto bytes_to_allocate = (bits / 8) * xsize * ysize; ++ ++ulSetError( UL_DEBUG, "bytes_to_allocate=%ld xsize = %ld, ysize = %ld, %ld == %ld ", bytes_to_allocate, xsize, ysize, bytes_to_allocate / xsize, (ysize * (bits / 8))); ++ ++if (xsize != 0 && ((ysize * (bits / 8)) != bytes_to_allocate / xsize)) ++{ ++ ulSetError( UL_WARNING, "Integer overflow in image size: xsize = %d, ysize = %d", xsize, ysize); ++ return false; ++} ++else ++{ ++ulSetError( UL_DEBUG, "ssgLoadTGA: Allocating %ld bytes for the size %d x %d", bytes_to_allocate, xsize, ysize ); ++} ++ + // read image data + +-GLubyte *image = new GLubyte [ (bits / 8) * xsize * ysize ]; ++GLubyte *image; ++try ++{ ++image = new GLubyte [ bytes_to_allocate ]; ++} ++catch (const std::bad_alloc&) ++{ ++ulSetError( UL_WARNING, "ssgLoadTGA: Allocation of %d bytes failed!", bytes_to_allocate); ++ return false; ++} + + if ((type & 8) != 0) + { diff -Nru plib-1.8.5/debian/patches/series plib-1.8.5/debian/patches/series --- plib-1.8.5/debian/patches/series2017-07-24 20:11:17.0 +0200 +++ plib-1.8.5/debian/patches/series2021-10-02 13:24:19.0 +0200 @@ -6,3 +6,4 @@ 06_spelling_errors.diff 05_CVE-2012-4552.diff 07_dont_break_joystick_system_calibration.diff +08_CVE-2021-38714.patch
[SECURITY] [DLA 2786-1] nghttp2 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2786-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Anton Gladky October 16, 2021 https://wiki.debian.org/LTS - - Package: nghttp2 Version: 1.18.1-1+deb9u2 CVE ID : CVE-2018-1000168 CVE-2020-11080 Two security issue have been discovered in nghttp2: server, proxy and client implementing HTTP/2. CVE-2018-1000168 An Improper Input Validation CWE-20 vulnerability found in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. CVE-2020-11080 The overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. For Debian 9 stretch, these problems have been fixed in version 1.18.1-1+deb9u2. We recommend that you upgrade your nghttp2 packages. For the detailed security status of nghttp2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nghttp2 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmFrvI8ACgkQ0+Fzg8+n /wakFA//cHXBrc2jiJ6comMoArM7BnSE0/DxbrY5FsdoN1NWEbTKcsK+cDuW9bBk roCrah3Nwzw3lnjlsWiR0PVqklyYWEBYdq6TEs1h+cp8XIpxFGuRQcbieZFqrGXB 09H4yFBlbpgeu3KyHtLfuuqJSklJg4GVvI4iCd4+ruu1avYnSk5HFtji9SLjx9vX zcM66+yll1ZKD64C2wAwzSeYvDntU5DGO3rwQ6LC2R8SDka7tudh5YBqP+I7tZeQ aNqYJ0WctVdPoEe2IHZMAYZQsfKU2OkJW9E/fHK/E3ghDAscDYWWGOyEn4o0sp3c FzHkzXLq+KRSD62EFBu5KKCZQ9wlfQ6ckGf6kuWRQIJnpAAgPRYsor3h8vDvEm9B CHidp75FAPkX2vCbFzTlIKl5NDr9ilZlT6mHzZKtfbFNn300a6wTFOqrWwah2xyE 7VY1YX3v8jRMYoY6V4K62f0PMKmj00vt/huscugH6sur21VF/8DXWY/oPMAPbuj7 B0V5IAf3xLWNivD+cML3zPTwE5LBnIf/SCenijPLpwolf0tGhtKtDEsfj8yZTXsZ U4VDksNKNckLgy/bWl4pRPb/wGxax4e/DgUCWRljjGxIPrfuoY6Wtr9q29ONEoMp 82QMVZAUemFkCJ6eGqs2s+oaCII4/R86L00yPBljMbPf32YDaf4= =vAXg -END PGP SIGNATURE-
[Git][security-tracker-team/security-tracker][master] LTS: take mosquitto
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: db683d1b by Anton Gladky at 2021-10-16T22:57:15+02:00 LTS: take mosquitto - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -54,7 +54,7 @@ linux (Ben Hutchings) -- linux-4.19 (Ben Hutchings) -- -mosquitto +mosquitto (Anton Gladky) NOTE: 20210805: coordinating upload to buster before DLA for Stretch (codehelp) NOTE: 20210806: CVE-2021-34432 ignored in buster and stretch. Vulnerable code not accessible. (codehelp) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db683d1b158b5e2c7c12634accaf9c7dfc983ad0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db683d1b158b5e2c7c12634accaf9c7dfc983ad0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2786-1 for nghttp2
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 1d96f326 by Anton Gladky at 2021-10-16T22:43:13+02:00 Reserve DLA-2786-1 for nghttp2 - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[16 Oct 2021] DLA-2786-1 nghttp2 - security update + {CVE-2018-1000168 CVE-2020-11080} + [stretch] - nghttp2 1.18.1-1+deb9u2 [12 Oct 2021] DLA-2785-1 linux-4.19 - security update {CVE-2020-3702 CVE-2020-16119 CVE-2021-3444 CVE-2021-3600 CVE-2021-3612 CVE-2021-3653 CVE-2021-3655 CVE-2021-3656 CVE-2021-3679 CVE-2021-3732 CVE-2021-3743 CVE-2021-3753 CVE-2021-22543 CVE-2021-33624 CVE-2021-34556 CVE-2021-35039 CVE-2021-35477 CVE-2021-37159 CVE-2021-37576 CVE-2021-38160 CVE-2021-38198 CVE-2021-38199 CVE-2021-38204 CVE-2021-38205 CVE-2021-40490 CVE-2021-42008 CVE-2021-42252} [stretch] - linux-4.19 4.19.208-1~deb9u1 = data/dla-needed.txt = @@ -58,9 +58,6 @@ mosquitto NOTE: 20210805: coordinating upload to buster before DLA for Stretch (codehelp) NOTE: 20210806: CVE-2021-34432 ignored in buster and stretch. Vulnerable code not accessible. (codehelp) -- -nghttp2 (Anton Gladky) - NOTE: 20211010: WIP https://salsa.debian.org/lts-team/packages/nghttp2 --- ntfs-3g (Anton Gladky) -- nvidia-graphics-drivers View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d96f3263c3f4717bd365bd798a3622d98a11523 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d96f3263c3f4717bd365bd798a3622d98a11523 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: take FD-slots
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: cccef8a5 by Anton Gladky at 2021-10-16T08:06:59+02:00 LTS: take FD-slots - - - - - 1 changed file: - org/lts-frontdesk.2022.txt Changes: = org/lts-frontdesk.2022.txt = @@ -56,10 +56,10 @@ From 17-10 to 23-10:Chris Lamb From 24-10 to 30-10:Thorsten Alteholz From 31-10 to 06-11:Sylvain Beucler From 07-11 to 13-11:Utkarsh Gupta -From 14-11 to 20-11: +From 14-11 to 20-11:Anton Gladky From 21-11 to 27-11:Thorsten Alteholz From 28-11 to 04-12:Sylvain Beucler From 05-12 to 11-12:Chris Lamb From 12-12 to 18-12:Thorsten Alteholz From 19-12 to 25-12:Utkarsh Gupta -From 26-12 to 01-01: +From 26-12 to 01-01:Anton Gladky View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cccef8a579bdd3e33ac531a6d4384ed5eda7d234 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cccef8a579bdd3e33ac531a6d4384ed5eda7d234 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: take ntfs-3g
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: d9bcc421 by Anton Gladky at 2021-10-14T17:56:05+00:00 LTS: take ntfs-3g - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -61,7 +61,7 @@ mosquitto nghttp2 (Anton Gladky) NOTE: 20211010: WIP https://salsa.debian.org/lts-team/packages/nghttp2 -- -ntfs-3g +ntfs-3g (Anton Gladky) -- nvidia-graphics-drivers NOTE: package is in non-free but also in packages-to-support View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9bcc4214ea748a56f026c2511f0b519da1f114b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9bcc4214ea748a56f026c2511f0b519da1f114b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: status update
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: f44355f6 by Anton Gladky at 2021-10-10T22:30:48+02:00 LTS: status update - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -36,6 +36,7 @@ faad2 (Thorsten Alteholz) -- ffmpeg (Anton Gladky) NOTE: probably wait until stuff is fixed in Buster + NOTE: 20211010: WIP https://salsa.debian.org/lts-team/packages/ffmpeg -- firefox-esr (Emilio) -- @@ -57,6 +58,7 @@ mosquitto NOTE: 20210806: CVE-2021-34432 ignored in buster and stretch. Vulnerable code not accessible. (codehelp) -- nghttp2 (Anton Gladky) + NOTE: 20211010: WIP https://salsa.debian.org/lts-team/packages/nghttp2 -- ntfs-3g (Abhijith PA) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f44355f63450c7d598b3706777d2a54e9d8bcf60 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f44355f63450c7d598b3706777d2a54e9d8bcf60 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Re: Joining the team
Hi Roland, Welcome on board! I have added you into the team. Regards Anton Am So., 10. Okt. 2021 um 16:36 Uhr schrieb Roland Mas : > Hi all, > > I've been contracted by Synchrotron SOLEIL to work on packaging > scientific applications and libraries and other software used in > scientific contexts. Some of them can belong under the Python team, > others under the Javascript team, but some are not really relevant to > those two teams, so I'd rather package them under the Debian Science > Team umbrella. > > So this email is my introduction to the team, and a request to be added > to the Salsa group (my login is "lolando") so as to be able to keep the > relevant packages in the right place. > > See you :-) > > Roland. > >
Re: Update Ceres Solver to 2.0.0
Hi François, thanks for the update! I will definitely check it within the next few days. Best regards Anton Andrius Merkys schrieb am Mo., 4. Okt. 2021, 08:29: > Hi François, > > On 2021-10-03 12:50, François Mazen wrote: > > I've just packaged the last version of ceres package and I've pushed it > > to the salsa repo [1], and to mentors [2]. > > > > Could someone review the package? The tricky part may be the transition > > of the lib package from libceres1 to libceres2. For now, I've just > > renamed the binary package but maybe some additional actions are > > required? > > Transitions for libs packages in Debian indeed have to proceed a certain > workflow [3]. To start with, you should target experimental instead of > unstable in debian/changelog. > > > In addition, could you please grant me right to upload the package as > > I'm DM? > > It would be best if Anton could help you with upload and rights. > > > [1] https://salsa.debian.org/science-team/ceres-solver > > [2] https://mentors.debian.net/package/ceres-solver/ > > [3] https://wiki.debian.org/Teams/ReleaseTeam/Transitions > > Best, > Andrius > >
Re: [SECURITY] [DLA 2775-1] plib security update
Hi Marc, thanks for the note. Yes, I will add a short package description next time to DLAs if it helps to make an update-decision. Best regards Anton Am Sa., 2. Okt. 2021 um 14:34 Uhr schrieb Marc SCHAEFER < schae...@alphanet.ch>: > On Sat, Oct 02, 2021 at 01:45:33PM +0200, Anton Gladky wrote: > > Package: plib > > Version: 1.8.5-7+deb9u1 > > CVE ID : CVE-2021-38714 > > > > One security issue has been discovered in plib. > > Yes, what is the purpose of this library? This helps planning upgrades. > > Other advisories always give a short summary of what the software does. > > Actually, I think this is against libplib1, which seems to be: > > Provides a Joystick interface, a simple GUI built on top of OpenGL, > some standard geometry functions, a sound library and a simple scene > graph API built on top of OpenGL. > > Oh, great, this probably does not run on my servers, so no need to plan > anything. > > Thank you for updating DLAs, like DSAs are doing, to add a short summary > of the > purpose of the package, and give the correct package name so that it can be > quickly found. > >
[SECURITY] [DLA 2775-1] plib security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2775-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Anton Gladky October 02, 2021 https://wiki.debian.org/LTS - - Package: plib Version: 1.8.5-7+deb9u1 CVE ID : CVE-2021-38714 One security issue has been discovered in plib. Integer overflow vulnerability that could result in arbitrary code execution. The vulnerability is found in ssgLoadTGA() function in src/ssg/ssgLoadTGA.cxx file. For Debian 9 stretch, this problem has been fixed in version 1.8.5-7+deb9u1. We recommend that you upgrade your plib packages. For the detailed security status of plib please refer to its security tracker page at: https://security-tracker.debian.org/tracker/plib Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmFYRlsACgkQ0+Fzg8+n /wYIyA/9FFgE9gBXVTL5zEDZObe9wyZPxiXlDO+mF6MYpY7qgg4Z/6C/mkZrceE4 pBN1mpSAJ11Udxvyhoy4bB2Kqy73jB2E8xh6NCbIqYlmVi03NFXPJ13lKnNCsNON rPAzoySkz/cPLKgTgStKdCfbrxche+TV8QTIs8LrPw2vmqVtAAUbUuNyxmYVpQad WnzoLWDmjL5OmblFZFTrLSCzVg6mRcMYgX4hhOee+1Jiw8dKvaDSWHw4k1yNbtef ZlaB4+jjCNa8WAr1ksh/hfqrikdH9EGgCn7Pp/hDnUaBzcHDpjGLTrcdRVJZWaJm zKuYmAvr84V7tefjekPwzhjy7FwyzRGzSKfECVPX5TPgqIQEAvVBIF40SD0ZxPaT nJJORy0CeAVFx96eO8wAGZQCeoW+39RF2MDdw6Y77QiXMGGbEBWsYwZ37POpBdDT 5MRI7A+eEVVd6NRkpIFVjETZ/kaqfpX91iRwgcnfs7kZY+ky9BrS0W2HA77vR/Bp kSKkacWmbkU3QIN43jXZ/dU7PIFJ2HfJUnGmyDmekS5RqvSbkYBTKXZhW6c826JW WOHHnQgrFgho2c3yByOAh3dT9mH4+hujQco/6S4494TDJZEnqNrE6CgtCIPSURor ZGu7wqjVMvISyfpU0Eicy88gK7ljEnpcEERn/ne2cvmPOV6VZy4= =A2pl -END PGP SIGNATURE-
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2775-1 for plib
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 915343b7 by Anton Gladky at 2021-10-02T12:58:20+02:00 Reserve DLA-2775-1 for plib - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[02 Oct 2021] DLA-2775-1 plib - security update + {CVE-2021-38714} + [stretch] - plib 1.8.5-7+deb9u1 [30 Sep 2021] DLA-2774-1 openssl1.0 - security update {CVE-2021-3712} [stretch] - openssl1.0 1.0.2u-1~deb9u6 = data/dla-needed.txt = @@ -64,10 +64,6 @@ nvidia-graphics-drivers NOTE: package is in non-free but also in packages-to-support NOTE: only CVE‑2021‑1076 seems to be fixed in the R390 branch used in Stretch, no fix available for CVE-2021-1077 -- -plib (Anton Gladky) - NOTE: 20210829: no fix yet. (thorsten) - NOTE: 20210829: upstream bug mentions that it might never get fixed. (utkarsh) --- python-babel NOTE: 20210617: CVE-2021-20095 withdrawn, cf. 251b6e33 and #987824 (abhijith) NOTE: 20210620: http://people.debian.org/~abhijith/backport_of_3a700b5.patch (abhijith) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/915343b75886798e192795108c212f92570a23fe -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/915343b75886798e192795108c212f92570a23fe You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Douglas Andrew Torrance: Advocate
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 For nm.debian.org, at 2021-10-01: I support Douglas Andrew Torrance 's request to become a Debian Developer, uploading. I have reviewed and uploaded many packages, prepared by Douglas Andrew Torrance. Among of them are: frobby, memtailor, mathic, mathicgb, macaulay2, saclib, mpsolve, gfan (maybe some more). His contribution is very valuable for Debian Science Team. I have personally worked with Douglas Andrew Torrance (key 803CE41F4DC252ECB5E5F1B9D12B2BE26D3FF663) for over six years (since 2015), and I know Douglas Andrew Torrance can be trusted to be a full member of Debian, and have unsupervised, unrestricted upload rights, right now. -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmFWv20ACgkQ0+Fzg8+n /wYe3RAAmg2e91elgUe1mAfvqXrBj7/2/w7mJW8VFWEufHcp0A+us9LtzxQVZHDl E0aC2AbX3HX3KEkGvmrA8fBIx7CgWx0MP+UXjgWVf/924BjJd9H+m7GroYZuTEhG A17MJKYxOi7i3WAuRaOqBPGTKFejD/bXsUqBxI9sStBFYl4gMGVWbf+Hb8toLeLI Nr8TbYe1jFhIt8XFKj0j/NHtsYu2GBbF3ypSlZox1aX220MXTCdcgo5P6hHuSMs7 BsrwhWu3DtVcSQKTeCyesD4HdYE3F7Z5sOBpA+jmxZtHvDf7NKswzwH3Sz1FxYqD GnO31hMCHk1RG4O9CeZZEb+OP5DgucpqjVERZCg8oDd2NjsMyiarXcX5F92SAztg aifqUBtYycpsRFG3zKSklxOshLnkya71c3btMO1U6G6SlPIHKJ4D6TDxoewMbvY0 u6Ktifoc2aLolnIqHcEQPPaP7a6PBj54oq73LVQ7Hk2v0AcwJkd4di922EUD7W3X 4NghTvouTkUNFdgSPnJKnnP7vyHr7RmvSPdiUR2dai2uf0YxPsH3S7zj++yzWK9a aKhggqkCES85HLH2jXvUgfO9W+LdiY5+hTN7H8ln7ZXp0vqsMnBZuF4l0FucL3Qd 3SdoH+By7TuHFOHZZv/ogrLOCXAAZwsfOcCD1PuLh5uBWAPW3U4= =ts8i -END PGP SIGNATURE- Anton Gladky (via nm.debian.org) For details and to comment, visit https://nm.debian.org/process/978/ -- https://nm.debian.org/process/978/
Re: upgrading numerical libraries and sundials
Hello Drew, yes, I will prepare a newer sundials update within the next few days. Regards Anton Am Fr., 1. Okt. 2021 um 02:23 Uhr schrieb Drew Parsons : > I'm preparing the numerical library upgrade to push to unstable. > That's superlu-dist hypre mumps petsc slepc. > > I discovered that sundials 2.7.0 is incompatible with hypre 2.22. > But right in the middle of testing they released 2.8.0, so it's already > ready to go. > > Anton, do you prefer to prepare sundials 2.8.0 yourself, or would you > like me to push it to experimental? > It contains a few ABI bumps (arkode4, cvode5, ida5, kinsol5, > nvecserial5) so it'll have to pass NEW. > > We'll also need to coordinate upgrade of xtl with xtensor, though that > could be done separately from the other numerical libraries. > (Vincent, would it be interesting for the Quantstack team to take over > xtensor and xtensor-blas? Or to join and transfer xtl to the Debian > Science team?) > > Drew > >
[Git][security-tracker-team/security-tracker][master] LTS: take nghttp2
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: a8d4c051 by Anton Gladky at 2021-09-26T22:27:44+02:00 LTS: take nghttp2 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -64,7 +64,7 @@ mosquitto NOTE: 20210805: coordinating upload to buster before DLA for Stretch (codehelp) NOTE: 20210806: CVE-2021-34432 ignored in buster and stretch. Vulnerable code not accessible. (codehelp) -- -nghttp2 +nghttp2 (Anton Gladky) -- ntfs-3g (Abhijith PA) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8d4c051da9afa49e73ad00b643db2e8079f4f78 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8d4c051da9afa49e73ad00b643db2e8079f4f78 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[SECURITY] [DLA 2765-1] mupdf security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2765-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Anton Gladky September 23, 2021https://wiki.debian.org/LTS - - Package: mupdf Version: 1.14.0+ds1-4+deb9u1 CVE ID : CVE-2016-10246 CVE-2016-10247 CVE-2017-6060 CVE-2018-10289 CVE-2018-136 CVE-2020-19609 Multiple issues have been discovered in mupdf. CVE-2016-10246 Buffer overflow in the main function in jstest_main.c allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file. CVE-2016-10247 Buffer overflow in the my_getline function in jstest_main.c allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file. CVE-2017-6060 Stack-based buffer overflow in jstest_main.c allows remote attackers to have unspecified impact via a crafted image. CVE-2018-10289 An infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file. CVE-2018-136 Multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file. CVE-2020-19609 A heap based buffer over-write in tiff_expand_colormap() function when parsing TIFF files allowing attackers to cause a denial of service. For Debian 9 stretch, these problems have been fixed in version 1.14.0+ds1-4+deb9u1. We recommend that you upgrade your mupdf packages. For the detailed security status of mupdf please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mupdf Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmFM5qcACgkQ0+Fzg8+n /wZ+2w/+KMtJDPzaGgHYzhaeax75+IXBf9zfbS+AO/trnFuj8Jh7bNql5REN+7Bf sT6R/8U74AMKmZrTrurq1Exp5KpNxxlPCOJvl8RgrSzC+0hmzIy/+MeIi+Q/TaiW j1b6HpqILbWz2NmzM0cYcDXYFRt9voOwKDwehmz2Vr/Zm9elX+VPzlm77mcGJy0H f0eC81vizuI1s+DPa1Psd0USzBjfcLgUaIN+e4/aGOSMUX6EwYzvX8DjIYGO1PeV L8ye3XybwL734IUmgU7MSKdZi/qJ9pYeIuyq48mvNNlEZXu0pEmiJBepwKnIvtLi eKMimFLs6Hth2+jKoSJn3evk/Wd6JT8/HK8aMlsEsad2NVrw/ovy07I09DfXIW8F iphBKPJHQezLmDzCsrzutjDVmOrEs06IygD1wglsCxKDCXrT0lPQzbyiuHhDbbCv +KStwXAmp+Q2sgsWqYU+/N4/60mGrgNNtFiLBFqtrb1mQzY+P867Vofg1KNjJ39L egQhyJjnTE09PNXYA8S+Ev3CbgvWBaPX5n8uROpMaFhXR2g9t5Q6+sVEt+5oJ13f DpLqPDWDUNlrqe3+MVyDUMkZ+Xoonl40Yxn3c+x3WuCiiiSJ2liJY4T/QLlpUqg3 MLQoQn+1C1tvc+peLGNh5Bgemr1qoz9wT0fI0CtUmJcmUAZQhMI= =4y6v -END PGP SIGNATURE-
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2765-1 for mupdf
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: f4858ea2 by Anton Gladky at 2021-09-23T20:42:13+02:00 Reserve DLA-2765-1 for mupdf - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[23 Sep 2021] DLA-2765-1 mupdf - security update + {CVE-2016-10246 CVE-2016-10247 CVE-2017-6060 CVE-2018-10289 CVE-2018-136 CVE-2020-19609} + [stretch] - mupdf 1.14.0+ds1-4+deb9u1 [22 Sep 2021] DLA-2764-1 tomcat8 - security update {CVE-2021-41079} [stretch] - tomcat8 8.5.54-0+deb9u8 = data/dla-needed.txt = @@ -60,9 +60,6 @@ mosquitto NOTE: 20210805: coordinating upload to buster before DLA for Stretch (codehelp) NOTE: 20210806: CVE-2021-34432 ignored in buster and stretch. Vulnerable code not accessible. (codehelp) -- -mupdf (Anton Gladky) - NOTE: 20210817: fix for CVE-2020-19609 and CVE-2021-37220 in buster are to be put into a point release. --- ntfs-3g (Abhijith PA) -- nvidia-graphics-drivers View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4858ea2b01b88925584bcbcf4b9f3edd4936a30 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4858ea2b01b88925584bcbcf4b9f3edd4936a30 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: unclaim libxstream-java
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: cc744cf2 by Anton Gladky at 2021-09-23T20:10:52+02:00 LTS: unclaim libxstream-java - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -49,7 +49,7 @@ jsoup (Markus Koschany) krb5 (Adrian Bunk) NOTE: 20210905: testing fixes -- -libxstream-java (Anton Gladky) +libxstream-java NOTE: 20210901: See thread at https://www.mail-archive.com/debian-lts@lists.debian.org/msg09588.html -- linux (Ben Hutchings) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc744cf249af483728b45befab38991764049039 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc744cf249af483728b45befab38991764049039 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: take ffmpeg
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: be685423 by Anton Gladky at 2021-09-23T19:43:02+02:00 LTS: take ffmpeg - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -35,7 +35,7 @@ debian-archive-keyring (Utkarsh) NOTE: https://lists.debian.org/debian-lts/2021/08/msg00037.html NOTE: 20210920: Raphael answered. will backport today. (utkarsh) -- -ffmpeg +ffmpeg (Anton Gladky) NOTE: probably wait until stuff is fixed in Buster -- fig2dev (Markus Koschany) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be6854237f1c6096bac104059eed9cf796d9f288 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be6854237f1c6096bac104059eed9cf796d9f288 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Re: Propose to ignore libxstream-java CVEs
Hi Markus, I have applied your patch and the pipelines are passed [1]. So, at least nothing breaks from the "build side of view". Yes, I took this package, but uf your are working on it, feel free to reclaim it. [1] https://salsa.debian.org/lts-team/packages/libxstream-java/-/pipelines/292916 Best regards Anton Am Mi., 22. Sept. 2021 um 15:37 Uhr schrieb Markus Koschany : > Hi all, > > so far I have not found any regressions in Debian packages which depend on > libxstream-java. I propose to switch to the whitelist in all suites because > this is the only reasonable way to secure XStream. I have prepared an > update > for Stretch. Anton, could you take a look at it because I saw you have > claimed > libxstream-java? > > https://people.debian.org/~apo/lts/libxstream-java/libxstream-java.debdiff > > > Regards, > > Markus > > > > > >
Bug#994882: ITS: vitables
Hi Benda! Thanks for your contribution. I have approved and merged your MR. Also I have added you to the Debian Science group on salsa. @PICCA Frederic-Emmanuel , would you want also to check those changes? Best regards Anton Am Mi., 22. Sept. 2021 um 16:18 Uhr schrieb Benda Xu : > Package: vitables > Version: 3.0.2-1 > Severity: normal > X-Debbugs-Cc: Debian Science Maintainers < > debian-science-maintain...@lists.alioth.debian.org>, Dmitrijs Ledkovs < > dmitrij.led...@gmail.com>, Picca Frédéric-Emmanuel > > Dear Maintainer, > > I am interested in co-maintaining vitables by joining the science team > and appending myself as an uploader. > > The newest version (3.0.0-1.1) was NMU-ed and has not been included in > the package Vcs for more than a year. Bug 966056 (a year old) prevents > the version in bullseye to function if python3-sip is not installed. I > think the current uploads need help. > > I have contributed to the present 3.0.0-1 release in 2019 and I would > like to support packaging vitables in the long run, as I am an active > user of it and giving my lectures with it. > > The diff is in the merge request: > > https://salsa.debian.org/science-team/vitables/-/merge_requests/4 > > Thanks for your consideration! > Benda > > -- System Information: > Debian Release: bullseye/sid > APT prefers stable > APT policy: (990, 'stable') > Architecture: amd64 (x86_64) > > Kernel: Linux 5.10.0-5-amd64 (SMP w/8 CPU threads) > Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) (ignored: LC_ALL > set to en_US.UTF-8), LANGUAGE not set > Shell: /bin/sh linked to /bin/dash > Init: OpenRC (via /run/openrc), PID 1: init > > Versions of packages vitables depends on: > ii python3 3.9.2-2 > ii python3-numexpr 2.7.2-2 > ii python3-numpy1:1.19.5-1 > ii python3-qtpy 1.9.0-3 > ii python3-tables 3.6.1-3 > > vitables recommends no packages. > > vitables suggests no packages. > > -- no debconf information > -- > debian-science-maintainers mailing list > debian-science-maintain...@alioth-lists.debian.net > > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers >
Bug#994882: ITS: vitables
Hi Benda! Thanks for your contribution. I have approved and merged your MR. Also I have added you to the Debian Science group on salsa. @PICCA Frederic-Emmanuel , would you want also to check those changes? Best regards Anton Am Mi., 22. Sept. 2021 um 16:18 Uhr schrieb Benda Xu : > Package: vitables > Version: 3.0.2-1 > Severity: normal > X-Debbugs-Cc: Debian Science Maintainers < > debian-science-maintain...@lists.alioth.debian.org>, Dmitrijs Ledkovs < > dmitrij.led...@gmail.com>, Picca Frédéric-Emmanuel > > Dear Maintainer, > > I am interested in co-maintaining vitables by joining the science team > and appending myself as an uploader. > > The newest version (3.0.0-1.1) was NMU-ed and has not been included in > the package Vcs for more than a year. Bug 966056 (a year old) prevents > the version in bullseye to function if python3-sip is not installed. I > think the current uploads need help. > > I have contributed to the present 3.0.0-1 release in 2019 and I would > like to support packaging vitables in the long run, as I am an active > user of it and giving my lectures with it. > > The diff is in the merge request: > > https://salsa.debian.org/science-team/vitables/-/merge_requests/4 > > Thanks for your consideration! > Benda > > -- System Information: > Debian Release: bullseye/sid > APT prefers stable > APT policy: (990, 'stable') > Architecture: amd64 (x86_64) > > Kernel: Linux 5.10.0-5-amd64 (SMP w/8 CPU threads) > Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) (ignored: LC_ALL > set to en_US.UTF-8), LANGUAGE not set > Shell: /bin/sh linked to /bin/dash > Init: OpenRC (via /run/openrc), PID 1: init > > Versions of packages vitables depends on: > ii python3 3.9.2-2 > ii python3-numexpr 2.7.2-2 > ii python3-numpy1:1.19.5-1 > ii python3-qtpy 1.9.0-3 > ii python3-tables 3.6.1-3 > > vitables recommends no packages. > > vitables suggests no packages. > > -- no debconf information > -- > debian-science-maintainers mailing list > debian-science-maintainers@alioth-lists.debian.net > > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers > -- debian-science-maintainers mailing list debian-science-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
[Git][security-tracker-team/security-tracker][master] LTS: take plib
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 05a93063 by Anton Gladky at 2021-09-20T13:22:44+02:00 LTS: take plib - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -70,7 +70,7 @@ openssl (Thorsten Alteholz) openssl1.0 (Thorsten Alteholz) NOTE: 20210912: testing package, upload probably after LE fix -- -plib +plib (Anton Gladky) NOTE: 20210829: no fix yet. (thorsten) NOTE: 20210829: upstream bug mentions that it might never get fixed. (utkarsh) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05a9306321026c160f18053d64217934c1661368 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05a9306321026c160f18053d64217934c1661368 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Bug#994405: libgmp10:i386: buffer overflow due to integer overflow in mpz/inp_raw.c on 32-bit machines
Thanks, Vincent, for the information. I would still wait for CVE, so we can apply a patch and track vulnerability for other Debian versions (stable/oldstable/o-o-stable etc.). Regards Anton Am Fr., 17. Sept. 2021 um 01:17 Uhr schrieb Vincent Lefevre < vinc...@vinc17.net>: > On 2021-09-16 21:23:34 +0200, Anton Gladky wrote: > > Thanks for the bug report. We will fix it when CVE (if any) will be > > assigned and upstream patch will be available. > > FYI, an upstream patch is now available here: > > https://gmplib.org/list-archives/gmp-bugs/2021-September/005087.html > > > Though, the integer overflows are not making the package unusable in > > most cases. > > Yes, but they may introduce security issues, in particular here > because the behavior depends on data from a file, which may be > untrusted. That said, here it is probably wise to check that the > size is not too large in order to prevent the address space from > being exhausted. > -- debian-science-maintainers mailing list debian-science-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
Bug#994405: libgmp10:i386: buffer overflow due to integer overflow in mpz/inp_raw.c on 32-bit machines
Thanks, Vincent, for the information. I would still wait for CVE, so we can apply a patch and track vulnerability for other Debian versions (stable/oldstable/o-o-stable etc.). Regards Anton Am Fr., 17. Sept. 2021 um 01:17 Uhr schrieb Vincent Lefevre < vinc...@vinc17.net>: > On 2021-09-16 21:23:34 +0200, Anton Gladky wrote: > > Thanks for the bug report. We will fix it when CVE (if any) will be > > assigned and upstream patch will be available. > > FYI, an upstream patch is now available here: > > https://gmplib.org/list-archives/gmp-bugs/2021-September/005087.html > > > Though, the integer overflows are not making the package unusable in > > most cases. > > Yes, but they may introduce security issues, in particular here > because the behavior depends on data from a file, which may be > untrusted. That said, here it is probably wise to check that the > size is not too large in order to prevent the address space from > being exhausted. >
Bug#994405: libgmp10:i386: buffer overflow due to integer overflow in mpz/inp_raw.c on 32-bit machines
Control: severity -1 important Control: notfound -1 2:6.2.1+dfsg-2 Control: found -1 2:6.2.1+dfsg-1 Thanks for the bug report. We will fix it when CVE (if any) will be assigned and upstream patch will be available. Though, the integer overflows are not making the package unusable in most cases. Thus the severity is reduced. Regards Anton
Bug#994405: libgmp10:i386: buffer overflow due to integer overflow in mpz/inp_raw.c on 32-bit machines
Control: severity -1 important Control: notfound -1 2:6.2.1+dfsg-2 Control: found -1 2:6.2.1+dfsg-1 Thanks for the bug report. We will fix it when CVE (if any) will be assigned and upstream patch will be available. Though, the integer overflows are not making the package unusable in most cases. Thus the severity is reduced. Regards Anton
Bug#994405: libgmp10:i386: buffer overflow due to integer overflow in mpz/inp_raw.c on 32-bit machines
Control: severity -1 important Control: notfound -1 2:6.2.1+dfsg-2 Control: found -1 2:6.2.1+dfsg-1 Thanks for the bug report. We will fix it when CVE (if any) will be assigned and upstream patch will be available. Though, the integer overflows are not making the package unusable in most cases. Thus the severity is reduced. Regards Anton -- debian-science-maintainers mailing list debian-science-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
Bug#994488: alglib: autopkgtest regression with CMake 3.19+
Hi Timo, thanks for the patch! Yes, feel free to upload it. Please update git and tag a new upload. Regards Anton Am Do., 16. Sept. 2021 um 18:15 Uhr schrieb Timo Röhling < roehl...@debian.org>: > Package: src:alglib > Version: 3.17.0-2 > Tag: patch > > Dear maintainer, > > the alglib autopkgtest suite fails due to a deprecation warning with > CMake 3.19+ if cmake_minimum_required() requests a version earlier > than 2.8.12. The attached patch bumps the minimum version in > debian/tests to 3.7, which I picked because it is the CMake version > in oldoldstable. > > As I am a member of the Science Team, I can also fix and upload this > for you if you are starved for developer time; just give me the > green light. > > Cheers > Timo > > -- > ⢀⣴⠾⠻⢶⣦⠀ ╭╮ > ⣾⠁⢠⠒⠀⣿⡁ │ Timo Röhling │ > ⢿⡄⠘⠷⠚⠋⠀ │ 9B03 EBB9 8300 DF97 C2B1 23BF CC8C 6BDD 1403 F4CA │ > ⠈⠳⣄ ╰╯ > -- > debian-science-maintainers mailing list > debian-science-maintain...@alioth-lists.debian.net > > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers >
Bug#994488: alglib: autopkgtest regression with CMake 3.19+
Hi Timo, thanks for the patch! Yes, feel free to upload it. Please update git and tag a new upload. Regards Anton Am Do., 16. Sept. 2021 um 18:15 Uhr schrieb Timo Röhling < roehl...@debian.org>: > Package: src:alglib > Version: 3.17.0-2 > Tag: patch > > Dear maintainer, > > the alglib autopkgtest suite fails due to a deprecation warning with > CMake 3.19+ if cmake_minimum_required() requests a version earlier > than 2.8.12. The attached patch bumps the minimum version in > debian/tests to 3.7, which I picked because it is the CMake version > in oldoldstable. > > As I am a member of the Science Team, I can also fix and upload this > for you if you are starved for developer time; just give me the > green light. > > Cheers > Timo > > -- > ⢀⣴⠾⠻⢶⣦⠀ ╭╮ > ⣾⠁⢠⠒⠀⣿⡁ │ Timo Röhling │ > ⢿⡄⠘⠷⠚⠋⠀ │ 9B03 EBB9 8300 DF97 C2B1 23BF CC8C 6BDD 1403 F4CA │ > ⠈⠳⣄ ╰╯ > -- > debian-science-maintainers mailing list > debian-science-maintainers@alioth-lists.debian.net > > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers > -- debian-science-maintainers mailing list debian-science-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
[SECURITY] [DLA 2758-1] sssd security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2758-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Anton Gladky September 15, 2021https://wiki.debian.org/LTS - - Package: sssd Version: 1.15.0-3+deb9u2 CVE ID : CVE-2021-3621 One security issue has been discovered in sssd. The sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. For Debian 9 stretch, this problem has been fixed in version 1.15.0-3+deb9u2. We recommend that you upgrade your sssd packages. For the detailed security status of sssd please refer to its security tracker page at: https://security-tracker.debian.org/tracker/sssd Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmFCWGQACgkQ0+Fzg8+n /wboeQ/+J/Y0UfLvGRUnUYaLZjU/8ab+TeN0Bfq3cjxluu3zmmxY9dfZNuHU1dWO UHgmefRAULUaZ6i6tmiTj08gKxSrQu8anNYrZAfEQcBSU/LHlHup1rh2IaD+AoRs iAUaD+VitXrI0tHvHKoomFRjBCAcgdSq30nzVvv4HxuX/I5/ILQ5UMWrvSk/JJb6 t7lgORo9fn82NqTUBtfB7+sBXqeN4mtY5O7ViW/sBbaeZ6V1eRpeM9Ocb07tsPOK ZTtjvrwI0+LtAbozhUK3kCUsVmoMWX4S3g9gOmA9czfy55/r6F7Z1QbEzc9RqnPH 4vJXDwe9rTc/nLoUXIgSgc8Q04/YvdqnpxVPqO0fZ/D+yCrTqSRcuSgPioz85Zjx ei43NgpZMLRheeA6sJKaVNyU5vj7nXgqUosTDS6kGZXHIsm4/DkfLBgp5xM9+I8z As1IkXlK82BWZdXxxfpG+zBzIGrPf2/3OSRBpEOsFMDM4fi6uDxwcldCDcjUCf1h tyUnx4Cvh0npPGiSUtOVjZ6e8KYBLt/R6xPWKxrYJMeBO7nSL0WeblgNC2H0ZofB 1azxhTRpZOMcB/y3cHMl4/hgUDlX9t8rHcvyzDDj22cqHGr0wnGMOHi2hFzF2nSb hvWKset5gDmpuOe9yxzQ3g1LZRenEdVZsoDmYz1l3iixiVW0bWc= =ssLt -END PGP SIGNATURE-
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2758-1 for sssd
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: b8cab4f9 by Anton Gladky at 2021-09-15T21:01:50+02:00 Reserve DLA-2758-1 for sssd - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[15 Sep 2021] DLA-2758-1 sssd - security update + {CVE-2021-3621} + [stretch] - sssd 1.15.0-3+deb9u2 [13 Sep 2021] DLA-2757-1 thunderbird - security update {CVE-2021-38493} [stretch] - thunderbird 1:78.14.0-1~deb9u1 = data/dla-needed.txt = @@ -121,8 +121,5 @@ smarty3 (Abhijith PA) NOTE: 20210829: Track regression (abhijith) NOTE: 20210906: prepared a build for testing. Waiting for bug submitter's reply (abhijith) -- -sssd (Anton Gladky) - NOTE: Fix is ready, testing phase. DLA will be released soon. --- tiff (Utkarsh) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8cab4f961d8eda84c6544c8f432968222cd65da -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8cab4f961d8eda84c6544c8f432968222cd65da You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: sssd status update
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 6ae7950e by Anton Gladky at 2021-09-12T08:50:31+02:00 LTS: sssd status update - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -116,7 +116,7 @@ smarty3 (Abhijith PA) NOTE: 20210906: prepared a build for testing. Waiting for bug submitter's reply (abhijith) -- sssd (Anton Gladky) - NOTE: Prepared repo + NOTE: Fix is ready, testing phase. DLA will be released soon. -- thunderbird (Emilio) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ae7950ee5f4a13c6fb9e66f2d1f0a14d097a73e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ae7950ee5f4a13c6fb9e66f2d1f0a14d097a73e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: take mupdf
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 25d3c84d by Anton Gladky at 2021-09-11T22:25:59+02:00 LTS: take mupdf - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -53,7 +53,7 @@ mosquitto NOTE: 20210805: coordinating upload to buster before DLA for Stretch (codehelp) NOTE: 20210806: CVE-2021-34432 ignored in buster and stretch. Vulnerable code not accessible. (codehelp) -- -mupdf +mupdf (Anton Gladky) NOTE: 20210817: fix for CVE-2020-19609 and CVE-2021-37220 in buster are to be put into a point release. -- nettle (Markus Koschany) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25d3c84d2a7b0e8644b9090382af07082e347921 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25d3c84d2a7b0e8644b9090382af07082e347921 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: drop rustc. Affected CVE was marked as ignored
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 50cd4099 by Anton Gladky at 2021-09-11T20:47:22+02:00 LTS: drop rustc. Affected CVE was marked as ignored - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -99,12 +99,6 @@ ruby2.3 (Utkarsh) NOTE: 20210802: Utkarsh already uploaded a fix for sid/bullseye. (utkarsh) NOTE: 20210816: wip, backporting patches; a bit hard. (utkarsh) -- -rustc (Anton Gladky) - NOTE: rust-doc in stretch-lts (and jessie-lts) is not installable - NOTE: https://bugs.debian.org/928422 - NOTE: Perhaps fix with the next rustc update for a new Firefox? (bunk) - NOTE: Trying to fix compilation issues.. The package is huge (gladk) --- salt NOTE: 20210329: WIP (utkarsh) NOTE: 20210510: patches ready; reviewing and testing with donfede, damien, and bdrung. (utkarsh) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50cd4099cf824319daf83a03ca27611fa9539647 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50cd4099cf824319daf83a03ca27611fa9539647 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: LTS: Mark CVE-2021-29922 as ignored for stretch
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 4da929a6 by Anton Gladky at 2021-09-11T20:44:39+02:00 LTS: Mark CVE-2021-29922 as ignored for stretch - - - - - a3be1927 by Anton Gladky at 2021-09-11T20:45:45+02:00 LTS: fix package name - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -26164,6 +26164,7 @@ CVE-2021-29922 (library/std/src/net/parser.rs in Rust before 1.53.0 does not pro - rustc [bullseye] - rustc (Minor issue) [buster] - rustc (Minor issue) + [stretch] - rustc (Minor issue. Patch can be backported, but risky.) NOTE: https://github.com/rust-lang/rust/issues/83648 NOTE: https://github.com/rust-lang/rust/pull/83652 NOTE: https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-015.md = data/dla-needed.txt = @@ -121,5 +121,5 @@ sssd (Anton Gladky) -- thunderbird (Emilio) -- -tifftUtkarsh +tiff (Utkarsh) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d5e803761232f02085cb6b17cf2b7def6e509961...a3be19272960e3b54186f0e767e6b30eda8e9cd6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d5e803761232f02085cb6b17cf2b7def6e509961...a3be19272960e3b54186f0e767e6b30eda8e9cd6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: take Update dla-needed.txt
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 65571a4a by Anton Gladky at 2021-09-10T06:11:13+00:00 LTS: take Update dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -41,7 +41,7 @@ grilo (Thorsten Alteholz) krb5 (Adrian Bunk) NOTE: 20210905: testing fixes -- -libxstream-java +libxstream-java (Anton Gladky) NOTE: 20210901: See thread at https://www.mail-archive.com/debian-lts@lists.debian.org/msg09588.html -- linux (Ben Hutchings) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65571a4a89699e4486016e65e7247e66554162cf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65571a4a89699e4486016e65e7247e66554162cf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Re: [Yade-users] [Question #698654]: libopenblas problem after updating to Ubuntu 20
Question #698654 on Yade changed: https://answers.launchpad.net/yade/+question/698654 Anton Gladky posted a new comment: OK, I am glad that the problem is fixed. But I do not really know, why it libopenblas0 package was not installed on your system. >From here [1]: libyade strictly depends on libopenblas0, so it HAS to be >installed by the package manager. >From here [2] libopenblas0 can be provided by libopenblas0-pthread, >libopenblas0-openmp or libopenblas0-serial and all of them are providing >libopenblas0.so No idea, what was wrong there. [1] https://packages.debian.org/unstable/libyade [2] https://packages.debian.org/sid/libopenblas0 Anton -- You received this question notification because your team yade-users is an answer contact for Yade. ___ Mailing list: https://launchpad.net/~yade-users Post to : yade-users@lists.launchpad.net Unsubscribe : https://launchpad.net/~yade-users More help : https://help.launchpad.net/ListHelp
Re: [Yade-users] [Question #698654]: libopenblas problem after updating to Ubuntu 20
Question #698654 on Yade changed: https://answers.launchpad.net/yade/+question/698654 Status: Needs information => Answered Anton Gladky proposed the following answer: It is very strange. Could you please check, whether maybe LD_LIBRARY_PATH is set in your environment? echo $LD_LIBRARY_PATH And please check, how libyade is linked: ldd /usr/lib/x86_64-linux-gnu/yade/libyade.so | grep -i openblas >>> libopenblas.so.0 => /lib/x86_64-linux-gnu/libopenblas.so.0 (0x7f409ddb) I have just installed yade in Ubuntu 20.04 docker-container and it works as it should. Please also show all your environmental variables: env -- You received this question notification because your team yade-users is an answer contact for Yade. ___ Mailing list: https://launchpad.net/~yade-users Post to : yade-users@lists.launchpad.net Unsubscribe : https://launchpad.net/~yade-users More help : https://help.launchpad.net/ListHelp
Bug#788411: Please update the patch
Hi Helmut, thanks a lot for updated patch! Please cancel NMU upload, because I am preparing the next gmp version, where some more bug sare fixed. Also this debdiff introduces lintian-error [1] which should be fixed. [1] https://salsa.debian.org/science-team/gmp/-/jobs/1917314 Thanks again Anton Am Mo., 6. Sept. 2021 um 08:11 Uhr schrieb Helmut Grohne : > Control: tags -1 -moreinfo +pending > > Hi Anton, > > On Mon, Aug 30, 2021 at 10:44:34PM +0200, Anton Gladky wrote: > > It looks like the symbol-file cannot be applied any more. > > Yes, it (the shell form) can still be applied. > > > Could you please update it, if this bug is still relevant? > > Yes, it still is relevant. There is no need to update it. > > > If not - please close it. Thanks. > > Closing it with my 2:6.2.1+dfsg-1.1 upload. Thanks. > > NMU diff attached for conformance with dev-ref. > > Helmut > -- debian-science-maintainers mailing list debian-science-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
Bug#788411: Please update the patch
Hi Helmut, thanks a lot for updated patch! Please cancel NMU upload, because I am preparing the next gmp version, where some more bug sare fixed. Also this debdiff introduces lintian-error [1] which should be fixed. [1] https://salsa.debian.org/science-team/gmp/-/jobs/1917314 Thanks again Anton Am Mo., 6. Sept. 2021 um 08:11 Uhr schrieb Helmut Grohne : > Control: tags -1 -moreinfo +pending > > Hi Anton, > > On Mon, Aug 30, 2021 at 10:44:34PM +0200, Anton Gladky wrote: > > It looks like the symbol-file cannot be applied any more. > > Yes, it (the shell form) can still be applied. > > > Could you please update it, if this bug is still relevant? > > Yes, it still is relevant. There is no need to update it. > > > If not - please close it. Thanks. > > Closing it with my 2:6.2.1+dfsg-1.1 upload. Thanks. > > NMU diff attached for conformance with dev-ref. > > Helmut >
[Git][security-tracker-team/security-tracker][master] Update status sssd
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 2402fcf4 by Anton Gladky at 2021-09-05T21:03:16+00:00 Update status sssd - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -113,4 +113,5 @@ smarty3 (Abhijith PA) NOTE: 20210829: Track regression (abhijith) -- sssd (Anton Gladky) + NOTE: Prepared repo -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2402fcf4bd44995500375e0991d2783ea7109679 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2402fcf4bd44995500375e0991d2783ea7109679 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Bug#788411: Please update the patch
control: tags -1 +moreinfo Thanks for the patch! It looks like the symbol-file cannot be applied any more. Could you please update it, if this bug is still relevant? If not - please close it. Thanks. Anton
Bug#788411: Please update the patch
control: tags -1 +moreinfo Thanks for the patch! It looks like the symbol-file cannot be applied any more. Could you please update it, if this bug is still relevant? If not - please close it. Thanks. Anton -- debian-science-maintainers mailing list debian-science-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
[Git][security-tracker-team/security-tracker][master] LTS: Take rustc, status update
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 8c6c7fda by Anton Gladky at 2021-08-30T19:31:48+02:00 LTS: Take rustc, status update - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -88,10 +88,11 @@ ruby2.3 NOTE: 20210802: Utkarsh already uploaded a fix for sid/bullseye. (utkarsh) NOTE: 20210816: wip, backporting patches; a bit hard. (utkarsh) -- -rustc +rustc (Anton Gladky) NOTE: rust-doc in stretch-lts (and jessie-lts) is not installable NOTE: https://bugs.debian.org/928422 NOTE: Perhaps fix with the next rustc update for a new Firefox? (bunk) + NOTE: Trying to fix compilation issues.. The package is huge (gladk) -- salt NOTE: 20210329: WIP (utkarsh) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c6c7fdae79b0ad280c7fba3ada3fa78b1ad9cd7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c6c7fdae79b0ad280c7fba3ada3fa78b1ad9cd7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: status update, unclaim firmware-nonfree
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: d69713ca by Anton Gladky at 2021-08-30T13:47:11+02:00 LTS: status update, unclaim firmware-nonfree - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -23,10 +23,9 @@ btrbk (Thorsten Alteholz) cacti (Roberto C. Sánchez) NOTE: 20210829: not really sure whether affected, please recheck -- -firmware-nonfree (Anton Gladky) +firmware-nonfree NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree - NOTE: 20210815: Planed to be finished on CW 34/2021 - NOTE: 20210822: Work is delayed due to urgent regression fix in another package + NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding possible "ignore" tag -- grilo (Thorsten Alteholz) NOTE: 20210825: ssl-use-system-ca-file is used in libsoup2.4 since version 2.38 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d69713caaf7ba99e13498bd337c4c538ad4f0002 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d69713caaf7ba99e13498bd337c4c538ad4f0002 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[SECURITY] [DLA 2742-2] ffmpeg regression update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2742-2debian-...@lists.debian.org https://www.debian.org/lts/security/ Anton Gladky August 22, 2021 https://wiki.debian.org/LTS - - Package: ffmpeg Version: 7:3.2.15-0+deb9u4 During the backporting of one of patches in CVE-2020-22021 one line was wrongly interpreted and it caused the regression during the deinterlacing process. Thanks to Jari Ruusu for the reporting the issue and for the testing of prepared update. For Debian 9 stretch, this problem has been fixed in version 7:3.2.15-0+deb9u4. We recommend that you upgrade your ffmpeg packages. For the detailed security status of ffmpeg please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ffmpeg Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmEiyT4ACgkQ0+Fzg8+n /waoGg//cD08sZ9mZZcnti+jVxUm2JNQKhm5w8djrNP9Dzi+wuhEF+LO6py05P3r UgFDC72uvf4be8BkjbPlZ55R3pM31Vm6372m3jUoXUPuxMDqBbKTgtg1FEdtvpzK bIfb05ixx7Fhpx9OATa1GwypC8vzx25e9vIKA3kWSbOIFK5PADQT4MUNbkwBFD7/ EXWomfAcKF94XTjgsztov4lbgeHmdmKreGLefWnCgFr6Wi0ey8PbGHAb/wGw/BNC XedgcV8Bbr1kbDqJSYvm9q5BvSX2lQInmCaRUNr15wsnq5KzmIQpJ/pvoqAlm48+ EoxxNpz2pnGFTTDkOReREI7rNMLPFaGFP576RGx39sVvDFj3GLURqsyLlRPHfTjs uqdow+Xu3z1PLDH0qqQFJBLk3BWBXzcVKpVNgXVsAKDuDD4YnCQ8F33DWGpSdowL ef73o92lOQoDkA4y5XqY9xdj20SwGGFyMosgrexrrmGzQHVJHY6NpLRWfwdMm3Pn MxUkSKCe4m8vHtTqmXvM1pp5gQO+fPwOU6jM+xCKPIy33xgpMAhyXom1nrtA/KK0 ecX0YcwwwagOak5OzRaqnF0fYsXIJr4RgZJgkqAf+DBoxjNWA3NfGDu6j2zDMzOq zCfjyfoG0opGH2yiaFVm//HsMSRCNKVrcBVReuN7GjkoN14RHbY= =37ez -END PGP SIGNATURE-
[Git][security-tracker-team/security-tracker][master] LTS: status update
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 86bbe58c by Anton Gladky at 2021-08-22T22:08:55+02:00 LTS: status update - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -27,6 +27,7 @@ exiv2 (Utkarsh Gupta) firmware-nonfree (Anton Gladky) NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree NOTE: 20210815: Planed to be finished on CW 34/2021 + NOTE: 20210822: Work is delayed due to urgent regression fix in another package -- gpac (Thorsten Alteholz) NOTE: 20210815: WIP, almost done, still testing package View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86bbe58c8070978c22a54817f424d71b5c1c97f7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86bbe58c8070978c22a54817f424d71b5c1c97f7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2742-2 for ffmpeg
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 7597c4b8 by Anton Gladky at 2021-08-22T22:07:30+02:00 Reserve DLA-2742-2 for ffmpeg - - - - - 1 changed file: - data/DLA/list Changes: = data/DLA/list = @@ -1,3 +1,5 @@ +[22 Aug 2021] DLA-2742-2 ffmpeg - regression update + [stretch] - ffmpeg 7:3.2.15-0+deb9u4 [22 Aug 2021] DLA-2747-1 ircii - security update {CVE-2021-29376} [stretch] - ircii 20151120-1+deb9u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7597c4b8b9a1ed1da520479313d33c7c588f7644 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7597c4b8b9a1ed1da520479313d33c7c588f7644 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Bug#962728: F3D
Hello Francois, I will take a look in the next few days. Regards Anton Am So., 22. Aug. 2021 um 01:57 Uhr schrieb François Mazen : > Hello Sylwester, > > Thanks for your interest in F3D, I'm working on the packaging of this > software [1]. > > The package is already on mentors [2], so let's hope that it will bring > some DD's attention! [3] > > Best, > François > > [1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985993 > [2]: https://mentors.debian.net/package/f3d/ > [3]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986108 > > > -- > debian-science-maintainers mailing list > debian-science-maintain...@alioth-lists.debian.net > > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers >
Bug#962728: F3D
Hello Francois, I will take a look in the next few days. Regards Anton Am So., 22. Aug. 2021 um 01:57 Uhr schrieb François Mazen : > Hello Sylwester, > > Thanks for your interest in F3D, I'm working on the packaging of this > software [1]. > > The package is already on mentors [2], so let's hope that it will bring > some DD's attention! [3] > > Best, > François > > [1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985993 > [2]: https://mentors.debian.net/package/f3d/ > [3]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986108 > > > -- > debian-science-maintainers mailing list > debian-science-maintainers@alioth-lists.debian.net > > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers > -- debian-science-maintainers mailing list debian-science-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers