Source: ofono
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for ofono.
CVE-2023-2794[0]:
| A flaw was found in ofono, an Open Source Telephony on Linux. A
| stack overflow bug is triggered within the decode_deliver() function
Source: openjdk-8
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for openjdk-8.
CVE-2024-21011[0]:
| Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle
| GraalVM Enterprise Edition product of Oracle Java SE
Source: rust-rustls
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for rust-rustls.
CVE-2024-32650[0]:
| Rustls is a modern TLS library written in Rust.
| `rustls::ConnectionCommon::complete_io` could fall into an infinite
|
On Sat, 20 Apr 2024 20:48:06 +0100 Luca Boccassi
wrote:
> On Mon, 15 Apr 2024 at 10:34, Peter Pentchev
wrote:
> >
> > On Sun, Apr 14, 2024 at 07:39:54PM +0100, Luca Boccassi wrote:
> > > > Le 2/13/22 à 09:00, Mihai Moldovan a écrit :
> > > >
> > > > > I'm pretty sure that we can, at some point
Package: timeshift
Version: 22.11.2-1
Severity: normal
X-Debbugs-Cc: marnixjan...@gmail.com
Dear Maintainer,
I manually installed timeshift using apt. I tried launching the graphical
interface from the applications menu and it failed with no feedback. Running it
from the terminal indicated
Package: pure-ftpd
Version: 1.0.50
When I run a STOU command I can't run an APPE properly. It seems to run a
STOR instead. Here is an example using Python's ftplib.
```python
#!/usr/bin/env python3
from ftplib import FTP
pureftp = FTP('ftphost')
pureftp.login('username', 'password')
Quoting Sylvestre Ledru (2024-04-22 15:28:30)
> Le 09/01/2024 à 23:27, Jonas Smedegaard a écrit :
> > Quoting Sylvestre Ledru (2024-01-09 19:07:47)
> >> I really would like to avoid shipping sccache without distributed support.
> >> Currently, these key features have been disabled:
> >>
Package: openssh-client
Version: 1:9.2p1-2+deb12u2
Severity: normal
With .ssh/config:
ControlMaster auto
ControlPath ~/.ssh/cm_master/%r@%h:%p
ControlPersist yes
Set up the mux master on host a to host c:
> echo $DISPLAY
:0
> ssh c xterm
xterm fires up on host a. Kill that
Now,
Hello,
Le 09/01/2024 à 23:27, Jonas Smedegaard a écrit :
Quoting Sylvestre Ledru (2024-01-09 19:07:47)
I really would like to avoid shipping sccache without distributed support.
Currently, these key features have been disabled:
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: openstack-n...@packages.debian.org
Control: affects -1 + src:openstack-nose
Hi,
Swift was the only use of this plugin, but I have just uploaded removing
that build-depends from Swift,
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: flat...@packages.debian.org
Control: affects -1 + src:flatpak
After the dust has settled from CVE-2024-32462, I would like to do a
stable-update of Flatpak using the
Package: src:linux
Version: 6.6.15-2
Severity: normal
If I start a compile run on a ramdisk or download a file of some GB to the
ramdisk and switch to another virtual desktop in the meantime to browse the
internet I often have the effect theaz the make or download is stalled during
my activity
The erfs service was shut down and this tool is no longer functional. It should
be removed.
> On 21 Apr 2024, at 14:57, Paul Gevers wrote:
>
> Source: erfs
> Version: 1.4-1
> Severity: important
> User: debian...@lists.debian.org
> Usertags: isolation-machine
>
> Dear maintainer(s),
>
>
Package: wnpp
Severity: wishlist
* Package name: qft
Version : 0.5.6
Upstream Author :
* URL : https://github.com/tudbut/qft
* License : GP-3
Programming Lang: Rust
Description : Resilient P2P UDP file transfer
UDP file transfer program for two
Source: rust-uuid
Version: 1.6.1-1
Severity: normal
Tags: upstream
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Please update to at least v1.7.
-BEGIN PGP SIGNATURE-
iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmYmQIMACgkQLHwxRsGg
Package: python3-colored
Version: 2.2.3-1
Severity: normal
Tags: upstream
X-Debbugs-Cc: ni...@thykier.net
Hi
When depending on `python3-colored` and using `mypy`, `mypy` will
complain about `python3-colored` is not typed. Upstream does seem to
have some typing, but has not marked the their
Source: rust-chrono
Version: 0.4.31-2
Severity: normal
Tags: upstream
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Please update to at least v0.4.33.
-BEGIN PGP SIGNATURE-
iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmYmPp4ACgkQLHwxRsGg
I've updated my demo repository with your patch.
https://salsa.debian.org/helmutg/bootstrap-usrmerge-demo/-/commit/6425c8cde53596199cd37bb1625d1dfb2a4b74d0
Great. I'll take a look.
I'm happy to call it guest upload while I find team upload slightly
misleading.
I avoid patching changelogs in
Hi,
On Wed, Mar 13, 2024 at 12:52:51PM +0100, Lucas Nussbaum wrote:
https://wiki.debian.org/qa.debian.org/FTBFS#A2024-03-13_-Werror.3Dimplicit-function-declaration
Relevant part (hopefully):
gcc -g -O2 -Werror=implicit-function-declaration
-ffile-prefix-map=/<>=. -fstack-protector-strong
Hi Chris,
On Mon, 22 Apr 2024 at 01:43:26 +0200, Chris Hofstaedtler wrote:
> I've prepared an NMU for netcat-openbsd (versioned as 1.226-1.1) and
> uploaded it to DELAYED/7. Please feel free to tell me if I
> should delay it longer.
Ooops sorry, that bug fell off-screen. No issue with the NMU,
Package: python3-levenshtein
Version: 0.12.2-2+b5
Severity: normal
X-Debbugs-Cc: ni...@thykier.net
Hi
Based on the discussions in
https://github.com/ztane/python-Levenshtein/issues/86, it seems that the
current upstream has been superseded by
https://github.com/rapidfuzz/Levenshtein/
This
El 22/4/24 a las 8:47, Otto Kekäläinen escribió:
I was able to reproduce this for Bookworm both locally and in CI at
https://salsa.debian.org/mariadb-team/galera-4/-/jobs/5620032
After importing latest upstream build/test passes:
https://salsa.debian.org/otto/galera/-/jobs/5624466
Stable
Source: rust-predicates
Version: 3.0.3-1
Severity: normal
Tags: upstream
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Please update to at least v3.1.0.
-BEGIN PGP SIGNATURE-
iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmYmORQACgkQLHwxRsGg
Source: rust-is-terminal
Version: 0.4.9-2
Severity: normal
Tags: upstream
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Please update to at least v0.4.12.
-BEGIN PGP SIGNATURE-
iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmYmOKIACgkQLHwxRsGg
Hi,
any news on this?
Regards
Manfred
Am 16.04.24 um 14:21 schrieb Debian Bug Tracking System:
Thank you for filing a new Bug report with Debian.
You can follow progress on this Bug here: 1069102:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069102.
This is an automatically generated
The attached patches, for the git repository at salsa.debian.org,
remove the depreciation warnings.
I have installed them in my system (version of devscripts: 2.23.7)
and they appear to work fine till now (note: I have tested only git,
bzr and svn repositories; could not find other types).
Source: dub
Version: 1.36.0-1
Severity: wishlist
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: timestamps
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org
Hi,
Whilst working on the Reproducible Builds effort [0], we noticed that
dub could not be built
Package: sponsorship-requests
Severity: important
Tags: patch
X-Debbugs-Cc: 1066...@bugs.debian.org
Dear mentors,
I am looking for a sponsor for my package "libt3window":
* Package name : libt3window
Version : 0.4.0-1.1
Upstream contact : Gertjan Halkes
* URL
Control: tag -1 + pending
22.04.2024 12:18, Alex Murray wrote:
Package: samba
Version: 2:4.19.5+dfsg-4
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu noble ubuntu-patch
Dear Maintainer,
*** /tmp/tmpz7e0qwfp/bug_body
In Ubuntu, the attached patch was
Fab Stz:
[...]
If dh_installman doesn't support nodoc as written in its manpage, then maybe
the manpage should be changed.
For instance this may have to be removed since I was mistaken by it.
"In compat 11 and later, it also supports the default searchdir plus --
sourcedir like dh_install(1)
Package: samba
Version: 2:4.19.5+dfsg-4
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu noble ubuntu-patch
Dear Maintainer,
*** /tmp/tmpz7e0qwfp/bug_body
In Ubuntu, the attached patch was applied to achieve the following:
When samba was updated to ship
This is a upstream bug.
Thanks for reporting
Quirin
forwarded 1068234 efibootguard-...@googlegroups.com
--
Quirin Gylstorff
Siemens AG
Technology
hi dkg,
thanks for these bugreports! I've commited fixes and am doing test
builds now and will upload shortly.
On Sun, Apr 21, 2024 at 04:29:10AM -0400, Daniel Kahn Gillmor wrote:
> Why does the package exclude the diversion when preinst runs on upgrade?
I guess because I used a bad example...
Control: tag -1 -moreinfo +upstream
Control: forwarded -1
https://lore.kernel.org/linux-bluetooth/CADRbXaDqx6S+7tzdDPPEpRu9eDLrHQkqoWTTGfKJSRxY=ht...@mail.gmail.com/
On Monday, 22 April 2024 10:32:00 CEST Jeremy Lainé wrote:
> Over the weekend I reported the issue to the linux-bluetooth mailing
This is a upstream bug.
Thanks for reporting,
Quirin
forwarded 1069372 efibootguard-...@googlegroups.com
On 4/20/24 2:01 PM, Lucas Nussbaum wrote:
Source: efibootguard
Version: 0.16-2
Severity: serious
Justification: FTBFS
Tags: trixie sid ftbfs
User: lu...@debian.org
Usertags: ftbfs-20240420
Control: tags -1 upstream
Control: forwarded -1 https://github.com/patjoly/geo-gpx/issues/6
I've forwarded this issue upstream. Please followup there.
Kind Regards,
Bas
--
GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146 50D1 6750 F10A E88D 4AF1
> I do not see anything in that commit that suggests that `dh_installman`
> does not honor `nodoc`. What I am getting is that you wish that `dh`
> would skip hook targets for any program that might react to `nodoc`
> similar to `nostrip`.
>
> Assuming we agree on this being the ask, my answer
Package: directvnc
Version: 0.7.8-1
Severity: normal
man 1 directvnc:
-p, --password
password string to be passed to the server for authentication. Use
this with care!
OK, so what's care? Well, the password is available for all system
users and crackers to view with just
Package: wnpp
Severity: wishlist
Owner: "Loren M. Lang"
X-Debbugs-Cc: debian-de...@lists.debian.org, lor...@north-winds.org
* Package name: rust-lifeguard
Version : 0.6.1
Upstream Contact: Zack Slayton
* URL : https://crates.io/crates/lifeguard
* License :
Package: python3-lib389
Version: 2.3.1+dfsg1-1
Severity: important
Tags: patch
Dear maintaner,
when following the 389ds documentation [1] to enable TLS for 389ds I noticed
that the step
dsconf security rsa set \
--tls-allow-rsa-certificates on \
--nss-token "internal
Package: libgeo-gpx-perl
Version: 1.10-1
Severity: normal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
i was trying to create gpx waypoints with an utf-8 name which does not
work:
perl -Mutf8 -MGeo::Gpx -e '$g=Geo::Gpx->new(); $g->waypoints_add({ lat => 0,
lon => 0, name => "üöä" });
On 21/04/2024 13.16, Paul Gevers wrote:
Your package has an autopkgtest, great. I recently added support for
isolation-machine tests on ci.debian.net for amd64 and added your
package to the list to use that. However, it fails. Can you please
Nice. Is there a chance to get isolation-machine
Source: rust-clap-complete
Version: 4.4.9-2
Severity: normal
Tags: upstream
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Please update to at least v4.5.1.
-BEGIN PGP SIGNATURE-
iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmYmILQACgkQLHwxRsGg
Control: tags -1 moreinfo
On Mon, 22 Apr 2024 09:37:55 +0200 Fab Stz wrote:
Package: debhelper
Version: 13.15.3
Severity: normal
Dear Maintainer,
According to dh_installman, it should honor the nodoc build profile.
However, it doesn't. As well as execute_before_dh_install.
[...]
Hi,
Control: tags -1 - moreinfo
Le lundi 22 avril 2024 10:12:45 CEST, vous avez écrit :
> Control: tags -1 moreinfo
>
> On Mon, 22 Apr 2024 09:37:55 +0200 Fab Stz wrote:
> > Package: debhelper
> > Version: 13.15.3
> > Severity: normal
> >
> > Dear Maintainer,
> >
> > According to dh_installman,
Over the weekend I reported the issue to the linux-bluetooth mailing
list, which led to bisecting the issue down to a single commit:
https://lore.kernel.org/linux-bluetooth/CADRbXaDqx6S+7tzdDPPEpRu9eDLrHQkqoWTTGfKJSRxY=ht...@mail.gmail.com/
Jeremy
Same problem here, but with a different call trace. The RIP logline had
one of `security_file_permission` and `security_netlink_send`, I don't
remember which one.
On Sat, 16 Sep 2023 20:13:12 +0200 Jonathan Bergh
wrote:
Control: tags -1 + patch
Fixes 1037903 due to upgrade to gcc-13
Hello, I had to add another one for arm64 build failure
---
xrt-202210.2.13.466+dfsg.orig/src/runtime_src/core/edge/user/aie/common_layer/adf_api_config.h
+++
Package: libkf6userfeedback-data
Version: 6.0.0-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts fileconflict
Hi,
during a test with piuparts I noticed your package fails to upgrade from
'sid' to 'experimental'.
It installed fine in 'sid', then the upgrade to
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: s...@packages.debian.org, bdr...@debian.org, on...@debian.org,
wa...@debian.org
Control: affects -1 + src:salt
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove package salt. It was not released in stable. No response
On Mon, 18 Dec 2017 16:40:40 +0100 =?utf-8?q?Rapha=C3=ABl_Hertzog?=
wrote:
> But IMO the default configuration should work even when you make
heavy use
> of the package repositories... so I would like to see this in your
default
> approx.socket. Or at least you should raise the limit to
Source: rust-toml
Version: 0.8.8-2
Severity: normal
Tags: upstream
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Please update to at least v0.8.12.
-BEGIN PGP SIGNATURE-
iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmYmGgYACgkQLHwxRsGg
Source: rust-tokio
Version: 1.35.1-1
Severity: normal
Tags: upstream
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Please update to at least v1.37.0.
-BEGIN PGP SIGNATURE-
iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmYmGdEACgkQLHwxRsGg
Hi,
On Sat, Apr 20, 2024 at 07:54:13AM -0400, P. J. McDermott wrote:
> On 2024-04-19 at 15:55, Salvatore Bonaccorso wrote:
> > Hi,
> >
> > FWIW, I'm actually preparing a security update for the two CVEs and
> > for bookworm I was first planning to do a 590-2.1 reaching unstable,
> > and so then
Source: rust-regex
Version: 1.10.2-1
Severity: normal
Tags: upstream
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Please update to at least v1.10.4.
-BEGIN PGP SIGNATURE-
iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmYmGXUACgkQLHwxRsGg
Source: rust-rayon
Version: 1.8.1-1
Severity: normal
Tags: upstream
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Please update to at least v1.10.0.
-BEGIN PGP SIGNATURE-
iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmYmGT4ACgkQLHwxRsGg
Source: rust-nu-ansi-term
Version: 0.49.0-1
Severity: normal
Tags: upstream
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Please upgrade to, or separately provide, branch v0.50.
-BEGIN PGP SIGNATURE-
iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmYmGQIACgkQLHwxRsGg
Source: rust-ctrlc
Version: 3.4.2-1
Severity: normal
Tags: upstream
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Please update to at least v3.4.4.
-BEGIN PGP SIGNATURE-
iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmYmGLMACgkQLHwxRsGg
Package: python-glance-store
Version: 4.7.0-2
Severity: serious
python-glance-store build-depends on deprecated package python3-boto.
See #1058652
Also it seems to not build at all:
| dpkg-buildpackage: info: source package python-glance-store
| dpkg-buildpackage: info: source version 4.7.0-2
|
Source: rust-color-eyre
Version: 0.6.2-1
Severity: normal
Tags: upstream
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Please update to at least v0.6.3.
-BEGIN PGP SIGNATURE-
iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmYmGIYACgkQLHwxRsGg
Source: rust-async-trait
Version: 0.1.77-1
Severity: normal
Tags: upstream
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Please update to at least v0.1.77.
-BEGIN PGP SIGNATURE-
iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmYmF70ACgkQLHwxRsGg
Source: rust-clap
Version: 4.4.18-1
Severity: normal
Tags: upstream
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Please update to at least v4.5.4.
-BEGIN PGP SIGNATURE-
iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmYmF+8ACgkQLHwxRsGg
Package: debhelper
Version: 13.15.3
Severity: normal
Dear Maintainer,
According to dh_installman, it should honor the nodoc build profile.
However, it doesn't. As well as execute_before_dh_install.
-- System Information:
Debian Release: 12.5
APT prefers stable-updates
APT policy: (991,
Hi,
On 21/4/24 21:58, Moritz Muehlenhoff wrote:
> Hi Victor,
> diff looks fine, but I don't believe this really needs a DSA; it's rather
> obscure attack vector.
> I think addressing this via the next Bookworm point release is perfectly
> fine, what do you think?
Fine for me. No objections
Hi,
With the right versions, sorry for the noise.
nmu uwsgi-plugin-php_2.0.22+4+0.0.15+b2 . ANY . unstable . -m "rebuild against
new uwsgi.h"
nmu uwsgi-plugin-luajit_2.0.22+4+0.0.8+b2 . ANY . unstable . -m "rebuild
against new uwsgi.h"
nmu uwsgi-plugin-mongo_2.0.24+3+0.0.9+b3 . ANY . unstable
Hi,
Can this be backported to older Debian versions via the security repo?
This bug can be used to execute code when using the PHP engine:
* https://www.offensivecon.org/speakers/2024/charles-fol.html
* https://www.openwall.com/lists/oss-security/2024/04/18/4
Lucas Nussbaum wrote:
> Source: mtbl
> Version: 1.3.0-1
> Severity: serious
> Justification: FTBFS
> Tags: trixie sid ftbfs
> User: lu...@debian.org
> Usertags: ftbfs-20240420 ftbfs-trixie ftbfs-t64-armhf
>
> Hi,
>
> During a rebuild of all packages in sid, your package failed to build
> on
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu
X-Debbugs-Cc: uwsgi-plugin-...@packages.debian.org, d...@jones.dk
Control: affects -1 + src:uwsgi-plugin-php
Control: affects -1 + src:uwsgi-plugin-luajit
Control: affects -1 +
Package: libxerces-c-samples
Followup-For: Bug #1069302
X-Debbugs-Cc: k.zmi...@gmail.com
Steps to reproduce the issue :
get up-to-date debian bookworm,
apt-get install apache2 libxerces-c-samples [ see full output of output from
dpkg --list > packages.txt ]
put attached schema.xsd in
Control: tags -1 + patch
Manny wrote:
> The Bookworm release notes instruct users to “upgrade” to the latest point
> release of Bullseye prior to upgrading to Bookworm:
>
>
> https://www.debian.org/releases/stable/i386/release-notes/ch-upgrading.en.html#upgrade-to-latest-point-release
>
>
I was able to reproduce this for Bookworm both locally and in CI at
https://salsa.debian.org/mariadb-team/galera-4/-/jobs/5620032
After importing latest upstream build/test passes:
https://salsa.debian.org/otto/galera/-/jobs/5624466
Stable upload request filed at
On 4/22/24 02:54, Arthur Marsh wrote:
Package: hd-idle
Version: 1.21+ds-1
Severity: normal
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
Setting up hd-idle (1.21+ds-1) ...
Installing new version of config
Package: lintian
Version: 2.117.0
Severity: normal
X-Debbugs-Cc: deb...@voltagex.org
Dear Maintainer,
This is related to #1053710 (but apparently Affects: isn't the right tag here?
There should be a Related: tag IMO)
* What led up to the situation?
Lintian produces messages like "E:
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: mari...@packages.debian.org
Control: affects -1 + src:galera-4
I propose that the latest minor maintenance version of Galera be included in the
stable release update
101 - 174 of 174 matches
Mail list logo