Hi Ben,
On Mon, Feb 19, 2024 at 09:27:07PM +0100, Bastian Germann wrote:
> On Tue, 5 Sep 2023 17:30:44 +0200 Bastian Germann wrote:
> > Can you please drop carl9170-1.fw and the associated things from the
> > package?
> > The carl9170fw package should be ready with revision
Hi Alex,
On Fri, Mar 01, 2024 at 08:26:31AM +0100, Alexander Kjäll wrote:
> Hi
>
> I was waiting for another transition that was staged in experimental. Due
> to the quality of the different clipboard crates.
>
> But if this block something I will make a temporary solution.
Thanks for the
Hi
On Mon, Dec 11, 2023 at 07:10:22PM +0100, Alexander Kjäll wrote:
> Hi
>
> I'm sorry for the semver breakage, the last version was a bit stressed
> out due to the security problems with libgit2 not verifying server
> signatures (that has since been fixed).
>
> I think the best path forward
Source: frr
Version: 8.4.4-1.1
Severity: important
Tags: security upstream
Forwarded: https://github.com/FRRouting/frr/pull/15431
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for frr.
CVE-2024-27913[0]:
| ospf_te_parse_te in
Source: rails
Version: 2:6.1.7.3+dfsg-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for rails.
CVE-2024-26144[0]:
| Rails is a web-application framework. Starting with version 5.2.0,
| there is
Source: yard
Version: 0.9.34-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 0.9.28-2
Control: found -1 0.9.24-1
Hi,
The following vulnerability was published for yard.
CVE-2024-27285[0]:
| YARD is a Ruby Documentation tool.
Source: flask-appbuilder
Version: 4.1.4+ds-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for flask-appbuilder.
CVE-2024-27083[0]:
| Flask-AppBuilder is an application development framework,
Source: flask-appbuilder
Version: 4.1.4+ds-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for flask-appbuilder.
CVE-2024-25128[0]:
| Flask-AppBuilder is an application development framework,
Source: python-scrapy
Version: 2.11.0-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for python-scrapy.
CVE-2024-1892[0]:
| Parts of the Scrapy API were found to be vulnerable to a ReDoS
|
Source: freeipa
Version: 4.10.2-2
Severity: important
Tags: security upstream
Forwarded: https://pagure.io/freeipa/issue/9541
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for freeipa.
CVE-2024-1481[0]:
| specially crafted HTTP requests
Hi Dominique,
[Adding CC to team@s.d.o]
On Tue, Feb 20, 2024 at 07:08:48PM +0100, Dominique Dumont wrote:
> Hi
>
> On Wed, 14 Feb 2024 12:57:52 +0100 Dominique Dumont wrote:
> > I'm still pondering what should be done for stable which ships a libuv
> 1.44.2
>
> I've prepared a fix for
Hi,
On Thu, Feb 29, 2024 at 07:55:11AM +1100, Craig Small wrote:
> >
> > As per https://www.cve.org/CVERecord?id=CVE-2024-26464 the CVE has
> > been rejected now.
> >
> > Reason: This candidate was withdrawn by its CNA. Further investigation
> > showed that it was not a security issue.
> >
> I
Source: azure-uamqp-python
Version: 1.6.8-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for azure-uamqp-python.
CVE-2024-27099[0]:
| The uAMQP is a C library for AMQP 1.0 communication to Azure
Source: etcd
Source-Version: 3.4.30-1
- Forwarded message from Debian FTP Masters
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 28 Feb 2024 17:43:49 +0800
Source: etcd
Architecture: source
Version: 3.4.30-1
Distribution: unstable
Urgency: medium
Maintainer:
Package: wnpp
Severity: wishlist
X-Debbugs-Cc: car...@debian.org
* Package name: bpftop
Version : 0.2.2
Upstream Contact: Netflix Inc. (maybe Jose Fernandez directly)
* URL : https://github.com/Netflix/bpftop
* License : Apache 2.0
Programming Lang: Rust
Source: node-es5-ext
Version: 0.10.62+dfsg1+~1.1.0-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/medikoo/es5-ext/issues/201
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-es5-ext.
CVE-2024-27088[0]:
|
Source: jetty9
Version: 9.4.53-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/jetty/jetty.project/issues/11256
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for jetty9.
CVE-2024-22201[0]:
| Jetty is a Java based
Source: ruby-rack-cors
Version: 2.0.1-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/cyu/rack-cors/issues/274
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for ruby-rack-cors.
CVE-2024-27456[0]:
| rack-cors (aka
Source: node-sanitize-html
Version: 2.8.0+~2.6.2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/apostrophecms/sanitize-html/pull/650
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-sanitize-html.
Source: php-dompdf-svg-lib
Version: 0.5.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for php-dompdf-svg-lib.
CVE-2024-25117[0]:
| php-svg-lib is a scalable vector graphics (SVG) file
|
Source: python-cryptography
Version: 41.0.7-3
Severity: important
Tags: security upstream
Forwarded: https://github.com/pyca/cryptography/pull/10423
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for python-cryptography.
CVE-2024-26130[0]:
|
Source: cbor2
Version: 5.6.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for cbor2.
CVE-2024-26134[0]:
| cbor2 provides encoding and decoding for the Concise Binary Object
| Representation
Source: libcommons-compress-java
Version: 1.25.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1.22-1
Hi,
The following vulnerability was published for libcommons-compress-java.
CVE-2024-26308[0]:
| Allocation of Resources
Source: libcommons-compress-java
Version: 1.25.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1.22-1
Control: found -1 1.20-1
Hi,
The following vulnerability was published for libcommons-compress-java.
CVE-2024-25710[0]:
Source: node-undici
Version: 5.28.2+dfsg1+~cs23.11.12.3-6
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-undici.
CVE-2024-24758[0]:
| Undici is an HTTP/1.1 client, written from scratch for
Source: dav1d
Version: 1.3.0-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for dav1d.
CVE-2024-1580[0]:
| An integer overflow in dav1d AV1 decoder that can occur when
| decoding videos with
Control: tags -1 + pending confirmed
Hi,
The fix for this issue landed in v6.1.78 and is pending for a next
upload.
Regards,
Salvatore
Hi,
On Mon, Feb 19, 2024 at 10:35:13AM +0800, Chao Yu wrote:
> On 2024/2/9 4:19, Salvatore Bonaccorso wrote:
> > Hi Jaegeuk Kim, Chao Yu,
> >
> > In Debian the following regression was reported after a Dhya updated
> > to 6.1.76:
> >
> > On Wed, Feb 0
Source: less
Version: 590-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for less.
CVE-2022-48624[0]:
| close_altfile in filename.c in less before 606 omits shell_quote
| calls for LESSCLOSE.
Source: firmware-nonfree
Version: 20230625-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for firmware-nonfree.
They are addressed in the linux-firmware/20231211 upstream version.
Source: openrefine
Version: 3.7.7-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for openrefine.
Markus, please adjust severity if you think grave/RC severity is not
appropriate. openrefine updates
Source: opensc
Version: 0.24.0~rc1-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/OpenSC/OpenSC/pull/2948
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for opensc.
CVE-2023-5992[0]:
| A vulnerability was found
Source: libapache2-mod-auth-openidc
Version: 2.4.15.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libapache2-mod-auth-openidc.
CVE-2024-24814[0]:
| mod_auth_openidc is an OpenID Certified™
Hi,
On Fri, Feb 16, 2024 at 04:15:19PM +0100, Moritz Mühlenhoff wrote:
> Source: iwd
> X-Debbugs-CC: t...@security.debian.org
> Severity: grave
> Tags: security
>
> Hi,
>
> The following vulnerability was published for iwd.
>
> CVE-2023-52161[0]:
>
Source: pdns-recursor
Version: 4.9.2-2
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for pdns-recursor.
CVE-2023-50387[0] and CVE-2023-50868[1].
If you fix the vulnerabilities please also make
Hi Andreas,
On Mon, Feb 12, 2024 at 12:37:44AM +0100, Andreas Beckmann wrote:
> On 11/02/2024 21.36, Salvatore Bonaccorso wrote:
> > If I can add a comment: I (but note I'm not wearing a
> > nvidia-graphics-drivers maintainer hat) would support that, as there
> > are e
Hi Bastian,
On Mon, Feb 12, 2024 at 10:16:21PM +0100, Bastian Blank wrote:
> On Mon, Feb 12, 2024 at 10:09:41PM +0100, Salvatore Bonaccorso wrote:
> > kernel-wedge copy-modules 6.6.15 amd64 6.6.15-amd64
> > depmod: ERROR: could not open directory
> > /<>/debian/linux
Source: linux-signed-amd64
Version: 6.6.15+2
Severity: serious
Justification: FTBFS
X-Debbugs-Cc: car...@debian.org, wa...@debian.org, k...@debian.org
The linux-signed-amd64 (and arm64 one) currently FTBFS (only filling
one for amd64, as the same for arm64):
Source: freeglut
Version: 3.4.0-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/freeglut/freeglut/pull/155
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for freeglut.
Those were previously associated with
Hi Jonathan,
On Sun, Feb 11, 2024 at 12:29:45AM +, Jonathan Wiltshire wrote:
> Control: tag -1 confirmed
>
> On Sat, Feb 10, 2024 at 11:00:58PM +0100, Andreas Beckmann wrote:
> > [ Reason ]
> > 1) A backported (by upstream) change in Linux 6.1.76 (included in
> > today's point release) broke
Control: clone 1061256 -1 -2
Control: retitle 1061256 edk2: CVE-2023-45229 CVE-2023-45230 CVE-2023-45231
CVE-2023-45232 CVE-2023-45233 CVE-2023-45234 CVE-2023-45235
Conytol: retitle -1 edk2: CVE-2023-45236
Control: retitle -2 edk2: CVE-2023-45237
Control: fixed 1061256 2023.11-6
Hi Dann,
On
> by
> replying to this email.
>
>
> --
> 1063554: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063554
> Debian Bug Tracking System
> Contact ow...@bugs.debian.org with problems
> From: Helmut Grohne
> Date: Fri, 9 Feb 2024 22:48:44 +0100
> To: Salvatore Bonaccorso
Control: tags -1 + moreinfo
Hi Helmut,
On Fri, Feb 09, 2024 at 04:02:42PM +0100, Helmut Grohne wrote:
> Package: firmware-linux-free
> Version: 20200122-2
> Tags: patch
> User: helm...@debian.org
> Usertags: dep17m2
>
> Hi,
>
> we want to finalize the /usr-merge transition by moving all
Source: sogo
Source-Version: 5.9.1-1
Fixes CVE-2023-48104, #1060925, so closing it with this version.
On Fri, Feb 09, 2024 at 07:59:18PM +, Debian FTP Masters wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Format: 1.8
> Date: Wed, 07 Feb 2024 16:39:36 +0100
> Source: sogo
>
Source: composer
Version: 2.6.6-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for composer.
CVE-2024-24821[0]:
| Composer is a dependency Manager for the PHP
Source: engrampa
Version: 1.26.1-4
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for engrampa.
CVE-2023-52138[0]:
| Engrampa is an archive manager for the MATE
Source: openvswitch
Version: 3.3.0~git20240118.e802fe7-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 3.1.0-2
Hi,
The following vulnerability was published for openvswitch.
CVE-2023-3966[0]:
| Invalid memory access in
Hi Jaegeuk Kim, Chao Yu,
In Debian the following regression was reported after a Dhya updated
to 6.1.76:
On Wed, Feb 07, 2024 at 10:43:47PM -0500, Dhya wrote:
> Package: src:linux
> Version: 6.1.76-1
> Severity: critical
> Justification: breaks the whole system
>
> Dear Maintainer,
>
> After
Source: libuv1
Version: 1.46.0-3
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libuv1.
CVE-2024-24806[0]:
| libuv is a multi-platform support library with a focus on
| asynchronous I/O. The
Source: clamav
Version: 1.0.4+dfsg-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1.0.3+dfsg-1~deb12u1
Hi,
The following vulnerabilities were published for clamav.
CVE-2024-20290[0]:
| A vulnerability in the OLE2 file
Control: tags -1 + upstream
Control: severity -1 important
Hi
On Wed, Feb 07, 2024 at 10:43:47PM -0500, Dhya wrote:
> Package: src:linux
> Version: 6.1.76-1
> Severity: critical
> Justification: breaks the whole system
>
> Dear Maintainer,
>
> After upgrade to linux-image-6.1.0-18-amd64
Hi Alexander,
On Wed, Feb 07, 2024 at 04:27:48PM -0500, Alexander Aring wrote:
> Hi,
>
> On Wed, Feb 7, 2024 at 1:33 PM Jordan Rife wrote:
> >
> > On Wed, Feb 7, 2024 at 2:39 AM Salvatore Bonaccorso
> > wrote:
> > >
> > > Hi Valentin, hi all
>
Source: libgit2
Version: 1.7.1+ds-2
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1.5.1+ds-1
Control: found -1 1.1.0+dfsg.1-4+deb11u1
Control: found -1 1.1.0+dfsg.1-4
Hi,
The following vulnerability was published for libgit2.
Source: libgit2
Version: 1.7.1+ds-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1.5.1+ds-1
Hi,
The following vulnerability was published for libgit2.
CVE-2024-24575[0]:
| libgit2 is a portable C implementation of the Git
Source: openexr
Version: 3.1.5-5
Severity: important
Tags: security upstream
Forwarded: https://github.com/AcademySoftwareFoundation/openexr/issues/1625
https://github.com/AcademySoftwareFoundation/openexr/pull/1627
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following
Hi Valentin, hi all
[This is about a regression reported in Debian for 6.1.67]
On Tue, Feb 06, 2024 at 01:00:11PM +0100, Valentin Kleibel wrote:
> Package: linux-image-amd64
> Version: 6.1.76+1
> Source: linux
> Source-Version: 6.1.76+1
> Severity: important
> Control: notfound -1 6.6.15-2
>
>
Hi Nicolas,
On Tue, Feb 06, 2024 at 01:46:04PM -0500, Nicolas Mora wrote:
> Control: tag - moreinfo
>
> Thanks,
>
> Sorry, it seems that I'm not very well aware of the BTS process, according
> to [1] this is how I should untag the bug.
>
> [1] https://www.debian.org/Bugs/server-control
If you
Source: puma
Source-Version: 6.4.2-1
On Tue, Jan 09, 2024 at 10:15:07PM +0100, Salvatore Bonaccorso wrote:
> Source: puma
> Version: 5.6.7-1
> Severity: important
> Tags: security upstream
> X-Debbugs-Cc: car...@debian.org, Debian Security Team
>
>
> Hi,
>
&g
Source: expat
Version: 2.5.0-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/libexpat/libexpat/pull/777
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for expat.
CVE-2023-52426[0]:
| libexpat through 2.5.0 allows
Source: expat
Version: 2.5.0-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/libexpat/libexpat/pull/789
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for expat.
CVE-2023-52425[0]:
| libexpat through 2.5.0 allows
Source: libxml2
Version: 2.9.14+dfsg-1.3
Severity: important
Tags: security upstream
Forwarded: https://gitlab.gnome.org/GNOME/libxml2/-/issues/604
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 2.9.14+dfsg-1.3~deb12u1
Control: found -1 2.9.10+dfsg-6.7+deb11u4
Hi,
The
Package: wnpp
Severity: wishlist
X-Debbugs-Cc: car...@debian.org
* Package name: pwru
Version : 1.0.5
Upstream Contact: Tobias Klauser
* URL : https://github.com/cilium/pwru
* License : Apache-2.0
Programming Lang: Go
Description : eBPF-based Linux
Intreestingly and unfortunately my local test now fails in a different
way. So first sorting that out. The xmldocs build hangs instead now.
Regards,
Salvatore
Source: linux
Version: 6.6.15-1
Severity: serious
Justification: FTBFS
X-Debbugs-Cc: car...@debian.org
The build for arch:all package FTBFS due to a problem in the
documentation build:
[2Kreading sources... [ 98%] userspace-api/media/v4l/vidioc-g-frequency ..
virt/kvm/devices/vfio
Source: linux
Source-Version: 6.6.13-1
Hi,
On Sun, Feb 04, 2024 at 08:51:13AM +0100, kjell.myksv...@gmail.com wrote:
> lør. 27. jan. 2024 kl. 14:00 skrev Salvatore Bonaccorso :
>
> > Control: tags -1 + moreinfo
> >
> > On Sun, Jan 21, 2024 at 06:43:11PM +0100,
Source: libowasp-antisamy-java
Version: 1.7.4-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libowasp-antisamy-java.
CVE-2024-23635[0]:
| AntiSamy is a library for performing fast,
Source: ledgersmb
Version: 1.6.33+ds-2.1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1.6.9+ds-2+deb11u3
Hi,
The following vulnerability was published for ledgersmb.
CVE-2024-23831[0]:
| LedgerSMB is a free web-based
Hi,
On Sat, Feb 03, 2024 at 04:29:17PM +0100, Salvatore Bonaccorso wrote:
> Hi,
>
> On Wed, Jan 31, 2024 at 10:05:04AM +0100, Robert Luberda wrote:
> > clone 1021738 -1
> > retitle 1021738 man2html: CVE-2021-40647
> > tags 1021738 +pending
> > retitle -1 man
Hi,
On Wed, Jan 31, 2024 at 10:05:04AM +0100, Robert Luberda wrote:
> clone 1021738 -1
> retitle 1021738 man2html: CVE-2021-40647
> tags 1021738 +pending
> retitle -1 man2html: CVE-2021-40648
> tags -1 +moreinfo
> thanks
>
> Moritz Mühlenhoff pisze:
>
> Hi
>
> First of all I'm sorry for not
Ciao Gennaro,
On Sat, Feb 03, 2024 at 12:28:24PM +0100, Gennaro Oliva wrote:
> Ciao Salvatore,
>
> On Sun, Jan 28, 2024 at 11:37:34AM +0100, Salvatore Bonaccorso wrote:
> > Reviewing your uploaded changes, the changelog mentions
> > CVE-2023-49935, but believe his was
Source: kanboard
Version: 1.2.31+ds2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/kanboard/kanboard/issues/5411
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for kanboard.
CVE-2024-22720[0]:
| Kanboard 1.2.34
Source: python-aiohttp
Version: 3.9.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for python-aiohttp.
CVE-2024-23334[0]:
| aiohttp is an asynchronous HTTP client/server framework for asyncio
|
Source: python-aiohttp
Version: 3.9.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for python-aiohttp.
CVE-2024-23829[0]:
| aiohttp is an asynchronous HTTP client/server framework for asyncio
|
Source: runc
Source-Version: 1.1.12+ds1-1
Control: fixed 1062532 1.0.0~rc93+ds1-5+deb11u3
Control: fixed 1062532 1.1.5+ds1-1+deb12u1
This fixes #1062532. Adding as well the fixed version for the pending
runc update via bullseye-security and bookworm-security.
- Forwarded message from Debian
Source: runc
Version: 1.1.10+ds1-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for runc.
CVE-2024-21626[0]:
| runc is a CLI tool for spawning and running containers
Control: tags -1 + moreinfo
Hi,
On Sun, Jan 28, 2024 at 06:02:44PM +, Breno Leitao wrote:
> Package: src:linux
> Version: 6.6.13-1
> Severity: critical
> X-Debbugs-Cc: lei...@debian.org
>
>
> System is crashing from time to time with the most recent kernel
> (6.6.13).
>
> I was able to
Source: libcoap3
Version: 4.3.4-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/obgm/libcoap/issues/1310
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libcoap3.
CVE-2024-0962[0]:
| A vulnerability was found
Hi Gennaro,
On Sat, Dec 30, 2023 at 10:55:32PM +0100, Gennaro Oliva wrote:
> Dear Salvatore,
> I prepared an updated version of the slurm-wlm package for bookworm in
> response to CVE-2023-49933/49935/49936/49937/49938
>
> The package can be found here:
>
>
Hi John,
On Sun, Jan 28, 2024 at 12:43:33AM -0800, John Johansen wrote:
> On 12/30/23 20:24, Mathias Gibbens wrote:
> > On Sat, 2023-12-30 at 16:44 +0100, Salvatore Bonaccorso wrote:
> > > John, did you had a chance to work on this backport for 6.1.y stable
> > >
Hi,
On Sun, Jan 28, 2024 at 12:51:58AM +, Mathias Gibbens wrote:
> Control: tags -1 + wontfix
>
> lxc-templates is essentially deprecated upstream in favor of
> distrobuilder. From the launchpad discussion:
Thanks for the update. Do you know of any plans of making
distrobuilder available?
Hi
In Debian (https://bugs.debian.org/1061449) we got the following
quotred report:
On Wed, Jan 24, 2024 at 07:38:16PM +0100, Patrice Duroux wrote:
> Package: src:linux
> Version: 6.7.1-1~exp1
> Severity: normal
>
> Dear Maintainer,
>
> Giving a try to 6.7, here is a message extracted from
Control: tags -1 + moreinfo
On Sun, Jan 21, 2024 at 06:43:11PM +0100, Kjell M. Myksvoll wrote:
> Package: ecdh-nist-p256
> Severity: normal
> X-Debbugs-Cc: kjell.myksv...@gmail.com
>
> Dear Maintainer,
>
> *** Reporter, please consider answering these questions, where appropriate ***
>
>*
Hi,
On Thu, Jan 25, 2024 at 02:55:52AM +, Dennis Haney wrote:
> Can we please get a new release of a stable kernel?
> This keeps crashing our machines, and it is a pain manually updating
> to the 6.5 kernel on all of them.
A fix for this issue will be released with the upcoming point
Hi John,
On Sun, Dec 31, 2023 at 04:24:47AM +, Mathias Gibbens wrote:
> On Sat, 2023-12-30 at 16:44 +0100, Salvatore Bonaccorso wrote:
> > John, did you had a chance to work on this backport for 6.1.y stable
> > upstream so we could pick it downstream in Debian in one of the
Hi Antoine,
On Fri, Jan 26, 2024 at 06:26:48PM +0100, Antoine wrote:
> On 1/25/24 22:08, Salvatore Bonaccorso wrote:
> > can you please try to bisect the changes in upstreams 6.6.11 to 6.6.13
> Hi, Before considering bisecting,
>
> > do you get anything logged in the kerne
Source: openssl
Version: 3.1.4-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for openssl.
CVE-2024-0727[0]:
| Issue summary: Processing a maliciously formatted PKCS12 file may
| lead OpenSSL to
Source: tiff
Version: 4.5.1+git230720-3
Severity: important
Tags: security upstream
Forwarded: https://gitlab.com/libtiff/libtiff/-/issues/622
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for tiff.
CVE-2023-52356[0]:
| A segment fault
Source: atril
Version: 1.26.1-4
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for atril.
CVE-2023-52076[0]:
| Atril Document Viewer is the default document reader of
Control: tags -1 + moreinfo
On Thu, Jan 25, 2024 at 10:01:04PM +0100, r2rien wrote:
> Package: linux-image-6.6.13-amd64
> Version: 6.6.13-1
> Severity: grave
> Justification: renders package unusable
> X-Debbugs-Cc: deb...@r2rien.net
>
> Resuming from suspend keyboard totally unresponsive, thus
Source: mathtex
Version: 1.03-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for mathtex.
CVE-2023-51885[0]:
| Buffer Overflow vulnerability in Mathtex v.1.05 and before allows a
| remote
Source: shim
Version: 15.7-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 15.7-1~deb11u1
Hi,
The following vulnerabilities were published for shim.
According to [6]:
* Various CVE fixes:
CVE-2023-40546 mok: fix LogError()
Source: firmware-nonfree
Version: 20230625-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for firmware-nonfree.
CVE-2023-4969[0]:
| A GPU kernel can read sensitive data from another GPU kernel
Control: forcemerge 1058887 -1
Hi Thomas,
On Tue, Jan 23, 2024 at 04:19:18PM +0100, Thomas Goirand wrote:
> Source: linux
> Version: 6.1.69-1
> Severity: important
>
> Hi,
>
> In some cases, when I disable wifi with the network manager GUI
> (ie: right click, "Enable Wifi" to disable it), my
Hi,
On Sun, Jan 14, 2024 at 05:48:54PM +0100, Salvatore Bonaccorso wrote:
> Hi,
>
> On Sun, Jan 14, 2024 at 04:41:00PM +, Bastien Roucari?s wrote:
> > On Sun, 31 Dec 2023 07:14:26 +0100 Salvatore Bonaccorso
> > wrote:
> > Hi Guilhem, hi Moritz,
Hi,
On Thu, Jan 18, 2024 at 02:30:08PM +0100, Salvatore Bonaccorso wrote:
> Source: xorg-server
> Version: 2:21.1.11-1
> Severity: important
> Tags: upstream
> X-Debbugs-Cc: car...@debian.org, jcris...@debian.org, a...@debian.org,
> t...@security.debian.org
>
> Wh
Source: edk2
Version: 2023.11-5
Severity: important
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for edk2.
CVE-2023-45229[0]:
| EDK2's Network Package is susceptible to an out-of-bounds read
| vulnerability when processing the IA_NA or
Source: jupyterlab
Version: 4.0.10+ds1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for jupyterlab.
CVE-2024-22420[0]:
| JupyterLab is an extensible environment for interactive and
|
Hi,
On Sat, Jan 20, 2024 at 03:53:45PM +0100, Andreas Metzler wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bullseye
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: gnutl...@packages.debian.org, t...@security.debian.org
> Control: affects -1 +
Hi,
On Sat, Jan 20, 2024 at 01:28:33PM +0100, Andreas Metzler wrote:
> Hello,
>
> do you plan/would you rather fix these two issues (CVE-2024-0567 and
> CVE-2024-0553) by DSA or should I go for a (old)stable update?
IMHO they can go as well via the point releases (which should be,
though yet
; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix boundary checking in base-256 decoder (CVE-2022-48303)
+ * Fix handling of extended header prefixes (CVE-2023-39804)
+(Closes: #1058079)
+
+ -- Salvatore Bonaccorso Sat, 20 Jan 2024 10:59:10 +0100
+
tar (1.34+dfsg-1) unstable; urgency
201 - 300 of 11202 matches
Mail list logo