2.6/debian/changelog
--- yapet-2.6/debian/changelog 2022-03-14 14:19:11.0 +0100
+++ yapet-2.6/debian/changelog 2024-04-11 20:40:18.0 +0200
@@ -1,3 +1,16 @@
+yapet (2.6-2~deb12u1) bookworm; urgency=medium
+
+ * Rebuild for bookworm
+
+ -- Salvatore Bonaccorso Thu, 11 Apr 2024 20:4
Control: tags -1 + confirmed pending
Control: found -1 6.1.82-1
Hi,
On Wed, Apr 10, 2024 at 12:16:21PM -0700, LW wrote:
> Package: src:linux
> Version: 6.1.76-1
> Severity: critical
> Tags: upstream security
> Justification: root security hole
> X-Debbugs-Cc: lw-deb-...@greyskydesigns.com,
Control: tags -1 + upstream
Hi,
On Wed, Apr 10, 2024 at 07:00:14PM +0200, Cyril Brulebois wrote:
> Cyril Brulebois (2024-04-10):
> > Intermediate results based on upstream stable releases: v6.1.80 is good,
> > v6.1.81 is bad. Still ~200 commits to bisect.
>
> Final results:
>
>
On Wed, Apr 10, 2024 at 03:42:44PM +0200, Salvatore Bonaccorso wrote:
> Control: tags -1 - moreinfo
> Control: tags -1 + confirmed
>
> hi Cyril,
>
> On Wed, Apr 10, 2024 at 03:32:02PM +0200, Cyril Brulebois wrote:
> > Cyril Brulebois (2024-04-10):
> > >
Control: tags -1 - moreinfo
Control: tags -1 + confirmed
hi Cyril,
On Wed, Apr 10, 2024 at 03:32:02PM +0200, Cyril Brulebois wrote:
> Cyril Brulebois (2024-04-10):
> > Salvatore Bonaccorso (2024-04-10):
> > > On Tue, Apr 09, 2024 at 03:33:09PM +0200, Diederik de Haas w
Control: tags -1 + moreinfo
Cyril,
On Tue, Apr 09, 2024 at 03:33:09PM +0200, Diederik de Haas wrote:
> Hi Cyril,
>
> On Tuesday, 9 April 2024 01:06:43 CEST Cyril Brulebois wrote:
> > Upgrading from linux-image-6.1.0-18-amd64 to linux-image-6.1.0-19-amd64
> > leads to losing some SMART
Control: tags -1 + moreinfo
Hi,
On Thu, Mar 14, 2024 at 09:41:18PM +, Tj wrote:
> Source: linux
> Severity: important
>
> Same as: Bug #1061262
>
> I've been seeing this with builds since 6.7 cycle started. It seems to
> show up mostly for hosts with bluetooth hardware since the bluetooth
Hi,
Disclaimer, this is not an authoritative answer as I'm not part of the
stable release managers.
On Mon, Apr 08, 2024 at 12:27:50PM +0300, Maytham Alsudany wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> User: release.debian@packages.debian.org
> Usertags: pu
>
Source: openssl
Version: 3.2.1-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 3.1.5-1
Control: found -1 3.0.11-1~deb12u2
Hi,
The following vulnerability was published for openssl.
CVE-2024-2511[0]:
| Issue summary: Some
Control: tags -1 + moreinfo
Hi,
On Mon, Apr 08, 2024 at 04:44:12PM +0800, dada007 wrote:
> Package: src:linux
> Version: 6.6.15-2
> Severity: important
> X-Debbugs-Cc: peter_malmb...@proton.me
>
> Dear Maintainer,
>
> *** Reporter, please consider answering these questions, where appropriate
Hi Sebastian,
On Mon, Apr 08, 2024 at 06:43:01PM +0200, Sebastian Andrzej Siewior wrote:
> control: tags -1 patch
> control: reassign -1 yapet 2.6-1
>
> On 2024-04-08 08:32:58 [+0200], Kurt Roeckx wrote:
> > There might be a related change that doesn't allow restarting the
> > operation with the
Source: node-express
Source-Version: 4.19.2+~cs8.36.21-1
- Forwarded message from Debian FTP Masters
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 07 Apr 2024 07:52:14 +0400
Source: node-express
Architecture: source
Version: 4.19.2+~cs8.36.21-1
Distribution:
_proc_files[i] != NULL; i++) {
retval = junction_write_time(junction_proc_files[i], flushtime);
>From 774394df352c249775d51d5d6e3effa775096b4f Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso
Date: Sat, 6 Apr 2024 20:48:43 +0200
Subject: [PATCH] junction: export-cache: cast to a type with a known size to
Hi Sean,
On Sat, Apr 06, 2024 at 04:54:14PM +0800, Sean Whitton wrote:
> control: reassign -1 libssl3,yapet
> control: found -1 libssl3/3.1.5-1
> control: found -1 yapet/2.6-1
> control: retitle -1 libssl3,yapet: YAPET cannot decrypt YAPET1.0-format DB
>
> Hello,
>
> On Sat 30 Mar 2024 at
Hi,
On Thu, Mar 21, 2024 at 09:09:02AM +0100, Salvatore Bonaccorso wrote:
> Hi Vladimir,
>
> On Thu, Mar 21, 2024 at 08:39:32PM +1300, Vladimir Petko wrote:
> > Package: yapet
> > Followup-For: Bug #1064724
> > User: ubuntu-de...@lists.ubuntu.com
> > Usertags:
Hi,
On Tue, Apr 02, 2024 at 12:36:53PM +0200, Petter Reinholdtsen wrote:
>
> Btw, what is the timeline for approval or rejection for this security
> upload proposal?
Note that if you are confident that the upload is accepted as it, you
*could* already upload according to the improved workflow.
Hi Marco,
On Thu, Apr 04, 2024 at 11:05:03AM +0200, Marco d'Itri wrote:
> On Apr 04, Salvatore Bonaccorso wrote:
>
> > While I do agree (and it was filled with this severity), the bug
> > severity would not be RC, varnish currently seem to lack active
> > maintainershi
Source: apache2
Source-Version: 2.4.59-1
- Forwarded message from Debian FTP Masters
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Fri, 05 Apr 2024 08:08:11 +0400
Source: apache2
Built-For-Profiles: nocheck
Architecture: source
Version: 2.4.59-1
Distribution:
Source: rust-openssl
Version: 0.10.64-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/sfackler/rust-openssl/issues/2171
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for rust-openssl.
CVE-2024-3296[0]:
| A
Source: trafficserver
Version: 9.2.3+ds-1+deb12u1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 8.1.9+ds-1~deb11u1
Hi,
The following vulnerability was published for trafficserver.
CVE-2024-31309[0].
If you fix the vulnerability
Source: nghttp2
Version: 1.60.0-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for nghttp2.
CVE-2024-28182[0]:
| nghttp2 is an implementation of the Hypertext
Source: nodejs
Source-Version: 18.20.1+dfsg-1
- Forwarded message from Debian FTP Masters
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 03 Apr 2024 16:50:38 +0200
Source: nodejs
Architecture: source
Version: 18.20.1+dfsg-1
Distribution: unstable
Urgency:
Hi Marco,
[CC'ing security team]
On Mon, Apr 01, 2024 at 04:25:05PM +0200, Marco d'Itri wrote:
> Control: found -1 5.0.0-1
> Control: fixed -1 7.4.2
>
> On Nov 17, Salvatore Bonaccorso wrote:
>
> > CVE-2023-44487[0]:
> > | The HTTP/2 protocol allows a denial
Hi,
On Wed, Apr 03, 2024 at 02:31:01PM +0700, ValdikSS wrote:
> Package: bpfcc-tools
> Version: 0.26.0+ds-1
> Severity: normal
> Tags: security
> X-Debbugs-Cc: i...@valdikss.org.ru
>
> Dear Maintainer,
>
> Last year there was a Debian fix for the upstream issue of bpfcc package
>
Hi Alexander,
On Tue, Apr 02, 2024 at 10:27:40PM +0300, Alexander Gerasiov wrote:
> On Sun, 31 Mar 2024 22:00:58 +0200
> Salvatore Bonaccorso wrote:
>
> > Source: minidlna
> > Version: 1.3.3+dfsg-1
> > Severity: important
> > Tags: security upstream
> &g
Control: reassign -1 src:linux 6.7.9-2
Hi Niels,
On Mon, Apr 01, 2024 at 05:19:43PM +0200, Niels Thykier wrote:
> Salvatore Bonaccorso:
> > Source: debhelper
> > Version: 13.15
> > Severity: serious
> > Tags: ftbfs
> > Justification: Regression for other packa
Source: debhelper
Version: 13.15
Severity: serious
Tags: ftbfs
Justification: Regression for other package builds, FTBFS
X-Debbugs-Cc: car...@debian.org,debian-ker...@lists.debian.org
Control: affects -1 + src:linux,src:linux-signed-amd64,src:linux-signed-arm64
Hi Niels,
Not fully investigated,
Source: cimg
Version: 3.2.1+dfsg-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/GreycLab/CImg/issues/403
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for cimg.
CVE-2024-26540[0]:
| A heap-based buffer overflow
Source: ruby-carrierwave
Version: 1.3.2-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for ruby-carrierwave.
CVE-2023-49090[0]:
| CarrierWave is a solution for file uploads for Rails, Sinatra and
Source: minidlna
Version: 1.3.3+dfsg-1
Severity: important
Tags: security upstream
Forwarded: https://sourceforge.net/p/minidlna/bugs/361/
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for minidlna.
CVE-2023-47430[0]:
|
Source: pcp
Version: 6.2.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for pcp.
CVE-2024-3019[0]:
| A flaw was found in PCP. The default pmproxy configuration exposes
| the Redis server
Source: wireshark
Version: 4.2.2-1
Severity: important
Tags: security upstream
Forwarded: https://gitlab.com/wireshark/wireshark/-/issues/19695
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for wireshark.
CVE-2024-2955[0]:
| T.38 dissector
Source: netty
Version: 1:4.1.48-9
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for netty.
CVE-2024-29025[0]:
| Netty is an asynchronous event-driven network application framework
| for rapid
Control: severity -1 serious
Control: found -1 3.6.0-1
Hi Russ,
On Fri, Mar 29, 2024 at 07:24:13PM -0700, Russ Allbery wrote:
> Package: libarchive13t64
> Version: 3.7.2-1.1
> Severity: important
> X-Debbugs-Cc: r...@debian.org
>
> So far it looks like no one has been able to figure out an
Reinhard,
On Thu, Mar 28, 2024 at 07:30:00AM -0400, Reinhard Tartler wrote:
> I've uploaded a fixed version of buildah to sid yesterday, and a new
> upstream version of libpod that builds against the fixed buildah just now.
>
> thanks for filing this report, I believe we should be all set now
Source: util-linux
Version: 2.39.3-11
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 2.38.1-5
Control: found -1 2.36.1-8+deb11u1
Control: found -1 2.36.1-8
Control: found -1 2.33.1-0.1
Hi,
The
Source: node-katex
Version: 0.16.4+~cs6.1.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for node-katex.
CVE-2024-28243[0]:
| KaTeX is a JavaScript library for TeX math rendering on the web.
Source: ruby3.2
Version: 3.2.3-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: clone -1 -2
Control: reassign -2 src:ruby3.1 3.1.2-8
Control: retitle -2 ruby3.1: CVE-2024-27281
Control: found -2 3.1.2-7
Hi,
The following vulnerability
Source: golang-github-containers-buildah
Version: 1.33.5+ds1-4
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for golang-github-containers-buildah.
CVE-2024-1753[0]:
| A flaw was found in Buildah
Source: wolfssl
Version: 5.6.6-1.2
Severity: important
Tags: security upstream
Forwarded: https://github.com/wolfSSL/wolfssl/issues/7089
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for wolfssl.
CVE-2024-0901[0]:
| Remotely executed SEGV
Source: ldap-account-manager
Source-Version: 8.7-1
On Sun, Mar 24, 2024 at 08:59:47PM +, Debian FTP Masters wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Format: 1.8
> Date: Sat, 16 Mar 2024 07:35:21 +0200
> Source: ldap-account-manager
> Architecture: source
> Version:
Source: python-djangorestframework-simplejwt
Version: 5.3.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for
python-djangorestframework-simplejwt.
CVE-2024-22513[0]:
|
Source: commons-configuration2
Version: 2.8.0-2
Severity: important
Tags: security upstream
Forwarded: https://issues.apache.org/jira/browse/CONFIGURATION-841
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for commons-configuration2.
Source: commons-configuration2
Version: 2.8.0-2
Severity: important
Tags: security upstream
Forwarded: https://issues.apache.org/jira/browse/CONFIGURATION-840
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for commons-configuration2.
Control: severity -1 serious
Hi Andreas,
On Thu, Mar 14, 2024 at 09:08:50PM +0100, Salvatore Bonaccorso wrote:
> Hi Andreas,
>
> On Thu, Mar 14, 2024 at 03:22:58PM +0100, Andreas Beckmann wrote:
> > Control: severity -1 important
> > On Sun, 21 May 2023 20:43:40 +0200
Source: gnutls28
Version: 3.8.3-1
Severity: important
Tags: security upstream
Forwarded: https://gitlab.com/gnutls/gnutls/-/issues/1516
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for gnutls28.
CVE-2024-28834[0]:
| A flaw was found in
Source: gnutls28
Version: 3.8.3-1
Severity: important
Tags: security upstream
Forwarded: https://gitlab.com/gnutls/gnutls/-/issues/1525
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for gnutls28.
CVE-2024-28835[0]:
| A flaw has been
Source: libvirt
Version: 10.1.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libvirt.
CVE-2024-2494[0]:
| A flaw was found in the RPC library APIs of libvirt. The RPC server
|
Hi Vladimir,
On Thu, Mar 21, 2024 at 08:39:32PM +1300, Vladimir Petko wrote:
> Package: yapet
> Followup-For: Bug #1064724
> User: ubuntu-de...@lists.ubuntu.com
> Usertags: origin-ubuntu noble ubuntu-patch
> Control: tags -1 patch
>
> Dear Maintainer,
>
> The package fails to build due to the
Source: fastdds
Version: 2.11.2+ds-6
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for fastdds.
CVE-2024-28231[0]:
| eprosima Fast DDS is a C++ implementation of the
Hi
[disclaimer, not an authoritative answer as not part of the stable
release managers]
On Sat, Mar 16, 2024 at 09:09:05AM +0100, Petter Reinholdtsen wrote:
>
> Package: release.debian.org
>
> The https://tracker.debian.org/pkg/newlib > package got an open
> security problem with malloc and
Hi Adrian,
On Sat, Mar 16, 2024 at 12:12:01AM +0200, Adrian Bunk wrote:
> On Wed, Mar 13, 2024 at 08:39:47PM +0100, Salvatore Bonaccorso wrote:
> > Hi Adrian,
>
> Hi Salvatore,
>
> > On Fri, Mar 08, 2024 at 02:03:55AM +0200, Adrian Bunk wrote:
> > > Control: t
Hi Mathias,
On Sun, Mar 17, 2024 at 05:41:30PM +, Mathias Gibbens wrote:
> On Sun, 2024-01-28 at 08:44 +0100, Salvatore Bonaccorso wrote:
> > Thanks for the update. Do you know of any plans of making
> > distrobuilder available?
>
> distrobuilder is now avai
Source: gross
Version: 1.0.2-4
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for gross.
CVE-2023-52159[0]:
| A stack-based buffer overflow vulnerability in gross
Hi Sebastian,
On Sat, Mar 16, 2024 at 11:34:23PM +0100, Sebastian Ramacher wrote:
> Source: lnav
> Version: 0.11.2-1
> Severity: serious
> Tags: ftbfs
> Justification: fails to build from source (but built successfully in the past)
> X-Debbugs-Cc: sramac...@debian.org
>
>
Hi,
On Sat, Mar 16, 2024 at 08:13:44PM +0100, Harald Dunkel wrote:
> Package: nfs-common
> Version: 1:2.6.4-3
>
> Restarting rpc-statd.service (e.g via needrestart at upgrade time)
> runs into a timeout:
>
> Mar 16 20:06:58 lola.afaics.de systemd[1]: rpc-statd.service: State
> 'stop-sigterm'
Source: node-follow-redirects
Version: 1.15.3+~1.14.2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/psf/requests/issues/1885
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-follow-redirects.
Source: libcrypt-openssl-rsa-perl
Version: 0.33-3
Severity: important
Tags: security upstream
Forwarded: https://github.com/toddr/Crypt-OpenSSL-RSA/issues/42
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 0.31-1
Hi,
The following vulnerability was published for
Hi Adrian,
On Sat, Mar 16, 2024 at 12:12:01AM +0200, Adrian Bunk wrote:
> On Wed, Mar 13, 2024 at 08:39:47PM +0100, Salvatore Bonaccorso wrote:
> > Hi Adrian,
>
> Hi Salvatore,
>
> > On Fri, Mar 08, 2024 at 02:03:55AM +0200, Adrian Bunk wrote:
> > > Control: t
Source: zookeeper
Version: 3.9.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for zookeeper.
CVE-2024-23944[0]:
| Information disclosure in persistent watchers handling in Apache
| ZooKeeper
Hi,
On Fri, Mar 15, 2024 at 11:22:52AM -0700, Vagrant Cascadian wrote:
> On 2024-03-13, Vagrant Cascadian wrote:
> > On 2024-03-12, Vagrant Cascadian wrote:
> >> On 2024-03-12, Salvatore Bonaccorso wrote:
> > I have now tested an updated 1.4.x package on bookworm
Hi Andreas,
On Thu, Mar 14, 2024 at 03:22:58PM +0100, Andreas Beckmann wrote:
> Control: severity -1 important
> On Sun, 21 May 2023 20:43:40 +0200 Salvatore Bonaccorso
> wrote:
> > Source: virtuoso-opensource
> > Version: 7.2.5.1+dfsg1-0.3
> > Severity: grave
>
&g
Source: rpyc
Version: 5.3.1-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/tomerfiliba-org/rpyc/issues/551
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for rpyc.
CVE-2024-27758[0]:
| In RPyC before 6.0.0, when
Source: tomcat10
Version: 10.1.16-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for tomcat10.
CVE-2024-23672[0]:
| Denial of Service via incomplete cleanup vulnerability in Apache
| Tomcat. It
Source: tomcat10
Version: 10.1.16-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for tomcat10.
CVE-2024-24549[0]:
| Denial of Service due to improper input validation vulnerability for
| HTTP/2
Source: python-aiosmtpd
Version: 1.4.4.post2-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for python-aiosmtpd.
CVE-2024-27305[0]:
| aiosmtpd is a reimplementation of the Python stdlib smtpd.py
Hi Adrian,
On Fri, Mar 08, 2024 at 02:03:55AM +0200, Adrian Bunk wrote:
> Control: tags 1064967 + patch
> Control: tags 1064967 + pending
>
> Dear maintainer,
>
> I've prepared an NMU for fontforge (versioned as 1:20230101~dfsg-1.1) and
> uploaded it to DELAYED/2. Please feel free to tell me if
Control: clone -1 -2
Control: reassign -2 src:nix 2.18.1+dfsg-1
Control: retitle -2 nix: CVE-2024-27297
Hi,
On Tue, Mar 12, 2024 at 04:01:26PM -0700, Vagrant Cascadian wrote:
> Control: found 1066113 1.4.0-3
> Control: tags 1066113 pending
>
> On 2024-03-12, Salvatore Bona
Source: 389-ds-base
Version: 2.4.4+dfsg1-3
Severity: important
Tags: security upstream
Forwarded: https://github.com/389ds/389-ds-base/issues/5647
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for 389-ds-base.
CVE-2024-1062[0]:
| A heap
Source: fastdds
Version: 2.11.2+ds-6.1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 2.11.2+ds-6
Hi,
The following vulnerability was published for fastdds.
CVE-2023-50716[0]:
| eProsima Fast DDS (formerly Fast RTPS) is a C++
Source: guix
Version: 1.4.0-5
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1.2.0-4+deb11u1
Hi,
Vagrant, knowing that you are awaere already, but filling for having a
Debian bug tracking reference.
The following
Source: intel-microcode
Version: 3.20231114.1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 3.20231114.1~deb12u1
Control: found -1 3.20231114.1~deb11u1
Hi,
The following vulnerabilities were
Source: libreswan
Version: 4.12-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 https://github.com/libreswan/libreswan/issues/1609
Control: found -1 4.10-2+deb12u1
Control: found -1 4.10-2
Control: found -1 4.3-1+deb11u4
Source: libvirt
Version: 10.0.0-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 9.0.0-4
Control: found -1 7.0.0-3+deb11u2
Control: found -1 7.0.0-3
Hi,
The following vulnerability was published for libvirt.
CVE-2024-1441[0]:
Source: expat
Version: 2.6.1-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/libexpat/libexpat/pull/842
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for expat.
CVE-2024-28757[0]:
| libexpat through 2.6.1 allows
Source: gpac
Version: 2.2.1+dfsg1-3.1
Severity: important
Tags: security upstream
Forwarded: https://github.com/gpac/gpac/issues/2713
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for gpac.
CVE-2024-22749[0]:
| GPAC v2.3 was detected to
Source: jboss-xnio
Version: 3.8.10-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for jboss-xnio.
CVE-2023-5685[0]:
| StackOverflowException when the chain of notifier states becomes
|
Hi Dominique,
On Thu, Mar 07, 2024 at 08:58:11AM +0100, Dominique Dumont wrote:
> On Wednesday, 6 March 2024 21:07:56 CET Salvatore Bonaccorso wrote:
> > Thank you very much. Looks good to me, feel free to upload as well to
> > security-master (and build as well with -sa).
>
&
Source: golang-github-go-jose-go-jose
Version: 3.0.1-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for golang-github-go-jose-go-jose.
CVE-2024-28180[0]:
| Package
Source: python-jwcrypto
Version: 1.5.4-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for python-jwcrypto.
CVE-2024-28102[0]:
| JWCrypto implements JWK, JWS, and JWE specifications using python-
Source: golang-github-jackc-pgx
Version: 4.18.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for golang-github-jackc-pgx.
CVE-2024-27304[0]:
| pgx is a PostgreSQL driver and toolkit for Go. SQL
Source: golang-github-jackc-pgx
Version: 4.18.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for golang-github-jackc-pgx.
CVE-2024-27289[0]:
| pgx is a PostgreSQL driver and toolkit for Go.
Source: golang-google-protobuf
Version: 1.32.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for golang-google-protobuf.
CVE-2024-24786[0]:
| The protojson.Unmarshal function can enter an
Source: libgcrypt20
Version: 1.10.3-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libgcrypt20. Mainly
filling the bug to track the upstream status with respec of
libgcrypt's status against
Hi Jacques,
On Mon, Mar 04, 2024 at 10:10:35AM +0100, Jacques wrote:
> Hi Salvatore
>
> Le 03/03/2024 à 16:25, Salvatore Bonaccorso a écrit :
> >
> > Ok that is great to hear. So firstmost: Then this iwill be fixed in
> > the next upload for bookworm, as we do
Control: severity -1 serious
Control: tags -1 + upstream fixed-upstream
Control: forwarded -1
https://lore.kernel.org/regressions/zd2bsv8vsfjml...@archie.me/
https://bugzilla.kernel.org/show_bug.cgi?id=218531
Control: found -1 6.6.15-1
Control: found -1 6.7.4-1~exp1
Hi Lee,
On Sat, Mar 02,
Source: tgt
Version: 1:1.0.85-1.1
Severity: wishlist
X-Debbugs-Cc: car...@debian.org
Hi
Since the bookworm release there were some tgt upstream versions
available. Can you consider packaging the current newest version?
Regards,
Salvatore
Source: targetcli-fb
Version: 1:2.1.53-1.1
Severity: normal
X-Debbugs-Cc: car...@debian.org
Hi
The current debian/watch file does not get the 2.1.58 upstream release
which is new. The debian/watch adapted to github changes might be uses
as attached (or improved further):
version=4
Source: targetcli-fb
Version: 1:2.1.53-1.1
Severity: wishlist
X-Debbugs-Cc: car...@debian.org
Hi
there is a new upstream version available for targetcli-fb:
https://github.com/open-iscsi/targetcli-fb/releases/tag/v2.1.58
Regards,
Salvatore
-- System Information:
Debian Release: trixie/sid
Source: php-dompdf-svg-lib
Source-Version: 0.5.2-1
This addresses as well #1064781.
On Wed, Mar 06, 2024 at 10:23:06PM +, Debian FTP Masters wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Format: 1.8
> Date: Wed, 06 Mar 2024 22:47:59 +0100
> Source: php-dompdf-svg-lib
>
Hi
On Wed, Mar 06, 2024 at 07:06:55PM +0100, Dominique Dumont wrote:
> On Tuesday, 5 March 2024 22:15:50 CET Salvatore Bonaccorso wrote:
> > The debdiff for bookworm-security looks good to me. Please do upload
> > to security-master (and make sure to build with -sa as the o
Hi Dominique,
On Sun, Mar 03, 2024 at 03:51:28PM +0100, Dominique Dumont wrote:
> On Thu, 29 Feb 2024 21:53:07 +0100 Salvatore Bonaccorso
> wrote:
> > libuv1 is as well affected in bullseye and it's still supported. Can
> > you have a look as well at this version?
&
Source: dwarfutils
Version: 20210528-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for dwarfutils.
CVE-2024-2002[0]:
No description was found (try on a search engine)
If you fix the
Hi,
On Mon, Mar 04, 2024 at 01:05:09PM -0700, Jonathan Corbet wrote:
> Salvatore Bonaccorso writes:
>
> > Ok. In the sprit of the stable series rules we might try the later and
> > if it's not feasible pick the first variant?
>
> Well, "the spirit of the stable se
Source: iwd
Version: 2.15-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for iwd.
CVE-2024-28084[0]:
| p2putil.c in iNet wireless daemon (IWD) through 2.15 allows
| attackers to cause a denial of
Hi Jonathan,
On Mon, Mar 04, 2024 at 06:39:26AM -0700, Jonathan Corbet wrote:
> Salvatore Bonaccorso writes:
>
> > Hi,
> >
> > Ben Hutchings reported in https://bugs.debian.org/1064035 a problem
> > with the kernel-doc builds once 3080ea5553cc ("stddef: Introd
Hi Jacques,
On Sun, Mar 03, 2024 at 10:14:33AM +0100, Jacques wrote:
> Hi Salvatore
>
> Le 01/03/2024 à 13:39, Salvatore Bonaccorso a écrit :
> > Would it be possible to try the most recent upstream kernel in 6.1.y
> > series (soon 6.1.80, or at least 6.1.79) to see
Hi Andreas,
On Thu, Feb 01, 2024 at 06:35:38AM +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Sat, 2024-01-20 at 15:53 +0100, Andreas Metzler wrote:
> > I would like to fix both CVE-2024-0567 and CVE-2024-0553 via a
> > oldstable-updates since they do not require a DSA.
>
>
Hi Jacques,
On Fri, Feb 16, 2024 at 10:44:34AM +0100, Jacques wrote:
> Package: src:linux
> Version: 6.1.76-1
> Severity: important
> Tags: newcomer
>
> Dear Maintainer,
>
> After suspend on ram on my laptop (Dell latitude 3340), I can not anymore use
> the keyboard. In difference with bug
Hi,
Ben Hutchings reported in https://bugs.debian.org/1064035 a problem
with the kernel-doc builds once 3080ea5553cc ("stddef: Introduce
DECLARE_FLEX_ARRAY() helper") got applied in 5.10.210 (as
prerequisite of another fix in 5.10.y):
> The backport of commit 3080ea5553cc "stddef: Introduce
>
101 - 200 of 11202 matches
Mail list logo
