Bug#1043269: bookworm-pu: package autofs/5.1.8-2+deb12u2

that cant send packet (Closes: #1041051) + + -- Salvatore Bonaccorso Tue, 08 Aug 2023 10:27:23 +0200 + autofs (5.1.8-2+deb12u1) bookworm; urgency=medium * debian/patches: diff -Nru autofs-5.1.8/debian/patches/dont-probe-interface-that-cant-send-pac.patch autofs-5.1.8/debian/patches

Bug#1043163: golang-golang-x-net: CVE-2023-3978

Source: golang-golang-x-net Version: 1:0.10.0-1 Severity: important Tags: security upstream Forwarded: https://go.dev/issue/61615 X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for golang-golang-x-net. CVE-2023-3978[0]: | Text nodes not in

Bug#1043162: matrix-sydent: CVE-2023-38686

Source: matrix-sydent Version: 2.5.1-1.1 Severity: important Tags: security upstream Forwarded: https://github.com/matrix-org/sydent/pull/574 X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for matrix-sydent. CVE-2023-38686[0]: | Sydent is an

Bug#1043161: i2p: CVE-2023-36325

Source: i2p Version: 0.9.48-1.1 Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for i2p. CVE-2023-36325[0]: | Attackers can de-anonymize i2p hidden services with a message replay |

Bug#1043159: golang-golang-x-image: CVE-2023-29407 CVE-2023-29408

Source: golang-golang-x-image Version: 0.7.0-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerabilities were published for golang-golang-x-image. CVE-2023-29407[0]: | A maliciously-crafted image can cause excessive CPU

Bug#1043078: linux-image-6.3.0-2-amd64: kernel NULL pointer dereference with MD write-back journal

Control: tags -1 + moreinfo On Sat, Aug 05, 2023 at 12:45:18PM -0700, Corey Hickey wrote: > Package: src:linux > Version: 6.3.11-1 > Severity: normal > > Dear Maintainer, > > I was testing RAID-5 write-back journal (AKA cache) for the first time. > >

Bug#1043033: ghostscript: CVE-2023-38559

Source: ghostscript Version: 10.01.2~dfsg-1 Severity: important Tags: security upstream Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=706897 X-Debbugs-Cc: car...@debian.org, Debian Security Team Control: found -1 10.0.0~dfsg-11+deb12u1 Control: found -1 10.0.0~dfsg-11 Control: found -1

Bug#1043004: mozillavpn: CVE-2023-4104

Source: mozillavpn Version: 2.9.0-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for mozillavpn. CVE-2023-4104[0]: | Privileged vpndaemon on Linux wrongly and incompletely implements | Polkit

Bug#1025489: Accepted rxvt-unicode 9.31-1 (source) into unstable

Source: rxvt-unicode Source-Version: 9.31-1 On Thu, Aug 03, 2023 at 02:42:53PM +, Debian FTP Masters wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Format: 1.8 > Date: Thu, 03 Aug 2023 10:05:54 -0400 > Source: rxvt-unicode > Architecture: source > Version: 9.31-1 >

Bug#1035026: singularity-container: CVE-2023-30549

Hi Nilesh, On Tue, Aug 01, 2023 at 09:33:16PM +0530, Nilesh Patra wrote: > On Tue, Aug 01, 2023 at 05:10:10PM +0200, Salvatore Bonaccorso wrote: > > On Tue, Aug 01, 2023 at 07:57:22PM +0530, Nilesh Patra wrote: > > > I asked this upstream[1] and upstream thinks tha

Bug#1035026: singularity-container: CVE-2023-30549

Hi On Tue, Aug 01, 2023 at 07:57:22PM +0530, Nilesh Patra wrote: > Hi Salvatore, > > On Thu, 27 Apr 2023 22:06:36 +0200 Salvatore Bonaccorso > wrote: > > Source: singularity-container > > Version: 3.11.0+ds1-1 > > Severity: important > > Tags: security upst

Bug#1042815: linux-image-6.1.0-10-amd64: Fails to load kernel modules due to bpf/btf issue

Control: tags -1 + moreinfo Hi, On Tue, Aug 01, 2023 at 07:22:17PM +1000, AP wrote: > Package: linux-image-6.1.0-10-amd64 > Severity: important > Tags: patch > > Dear Maintainer, > > Current kernel failed to load modules for MASQUERADE nat rules giving the > following > in dmesg: > >

Bug#1042811: poppler: CVE-2023-34872: crash in pdftohtml

Source: poppler Version: 22.12.0-2 Severity: important Tags: security upstream Forwarded: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1399 X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for poppler. CVE-2023-34872[0]: | A

Bug#1041810: librsvg: CVE-2023-38633

Hi Simon, On Sun, Jul 30, 2023 at 04:07:50PM +0100, Simon McVittie wrote: > On Sun, 23 Jul 2023 at 21:13:38 +0200, Salvatore Bonaccorso wrote: > > The following vulnerability was published for librsvg. > > > > CVE-2023-38633[0]: > > | A directory traversal problem in

Bug#1042550: spectre-meltdown-checker: Update to 0.46 upstream to support Zenbleed detection

Source: spectre-meltdown-checker Version: 0.45-2 Severity: wishlist X-Debbugs-Cc: car...@debian.org Hi The new 0.46 upstream adds: feat: detect the vulnerability and mitigation of Zenbleed (CVE-2023-20593) in particular. Can you update the package to the new upstream version? (Might it be an

Bug#1041007: linux-image-6.1.0-0.deb11.7-amd64: Please enable TPM hardware RNG support (CONFIG_HW_RANDOM_TPM)

hi Vincent, On Sat, Jul 29, 2023 at 12:33:35AM +0200, Vincent Blut wrote: > Hello, > > Le 2023-07-13 23:10, jflf_ker...@gmx.com a écrit : > > Package: src:linux > > Version: 6.1.20-2~bpo11+1 > > Severity: normal > > X-Debbugs-Cc: jflf_ker...@gmx.com > > > > Dear Maintainer, > > > > Currently

Bug#1042475: modsecurity: CVE-2023-38285

Source: modsecurity Version: 3.0.9-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for modsecurity. CVE-2023-38285[0]: | Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic |

Bug#1042474: golang-github-elazarl-goproxy: CVE-2023-37788

Source: golang-github-elazarl-goproxy Version: 1.1-1 Severity: important Tags: security upstream Forwarded: https://github.com/elazarl/goproxy/issues/502 X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for golang-github-elazarl-goproxy.

Bug#1042473: frr: CVE-2023-3748

Source: frr Version: 8.4.4-1 Severity: important Tags: security upstream Forwarded: https://github.com/FRRouting/frr/issues/11808 X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for frr. CVE-2023-3748[0]: | A flaw was found in FRRouting when

Bug#1041863: amd64-microcode: CVE-2023-20593: use-after-free in AMD Zen2 processors

Source: amd64-microcode Version: 3.20230414.1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team Control: found -1 3.20191218.1 Hi, The following vulnerability was published for amd64-microcode. CVE-2023-20593[0]: |

Bug#1036744: PTP in combination with vclocks partially broken on Debian kernels

Hi Florian, On Mon, Jul 24, 2023 at 01:08:16PM +0200, Florian Bezdeka wrote: > On Thu, 2023-05-25 at 15:55 +0200, Salvatore Bonaccorso wrote: > > > > > Thanks for confirming, so this change can go into the master branch > > first. > > I expected to have this bug f

Bug#1039883: The issue impacts SSD disks as well

Control: tags -1 + moreinfo Hi, [Ted, Andreas, context in https://bugs.debian.org/1039883] On Sun, Jul 02, 2023 at 09:14:50PM +, Hervé Werner wrote: > I've just faced this issue on the SSD disk as well, so it seems that > the probability is just lower on a speedier disk. Are you able to

Bug#1041338: linux autopkg test blocks gcc-12 migration

Hi Matthias, On Mon, Jul 17, 2023 at 06:07:59PM +0200, Matthias Klose wrote: > Package: src:linux > Version: 6.3.7-1 > Severity: serious > Tags: sid trixie > > seen on amd64, the issue doesn't look related to gcc-12. > > see >

Bug#1041160: linux-image-6.3.0-2-amd64: no pairing with 6.3.0.1 possible

Control: tags -1 + moreinfo Hi, On Wed, Jul 19, 2023 at 10:26:30PM +0200, Dietmar Czekay wrote: > I checked different versions. Here are the results: > > beginning right after clicking "add device" until the device manager says > "not able to pair" > > Just Debian 6.1.37-1 works. > > #1 SMP

Bug#1041819: mysql-8.0: CVE-2023-22058 CVE-2023-22057 CVE-2023-22056 CVE-2023-22054 CVE-2023-22053 CVE-2023-22048 CVE-2023-22046 CVE-2023-22038 CVE-2023-22033 CVE-2023-22008 CVE-2023-22007 CVE-2023-22

Source: mysql-8.0 Version: 8.0.33-2 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerabilities were published for mysql-8.0. CVE-2023-22058[0]: | Vulnerability in the MySQL Server product of

Bug#1041818: openssl: CVE-2023-2975

Source: openssl Version: 3.0.9-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for openssl. CVE-2023-2975[0]: | Issue summary: The AES-SIV cipher implementation contains a bug that | causes it to

Bug#1041817: openssl: CVE-2023-3446

Source: openssl Version: 3.0.9-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Control: found -1 1.1.1n-0+deb11u4 Control: found -1 1.1.1n-0+deb11u5 Hi, The following vulnerability was published for openssl. CVE-2023-3446[0]: | Issue summary:

Bug#1041814: python-mechanicalsoup: CVE-2023-34457

Source: python-mechanicalsoup Version: 0.10.0-6 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Control: found -1 0.10.0-4 Hi, The following vulnerability was published for python-mechanicalsoup. The severity choosen for the bugreport might be

Bug#1041812: curl: CVE-2023-32001

Source: curl Version: 7.88.1-10 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for curl. CVE-2023-32001[0]: | fopen race condition If you fix the vulnerability please also make sure to include

Bug#1041811: libvirt: CVE-2023-3750

Source: libvirt Version: 9.5.0-1 Severity: important Tags: security upstream Forwarded: https://listman.redhat.com/archives/libvir-list/2023-July/240776.html X-Debbugs-Cc: car...@debian.org, Debian Security Team Control: found -1 8.3.0-1 Hi, The following vulnerability was published for

Bug#1041810: librsvg: CVE-2023-38633

Source: librsvg Version: 2.54.5+dfsg-3 Severity: important Tags: security upstream Forwarded: https://gitlab.gnome.org/GNOME/librsvg/-/issues/996 X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for librsvg. CVE-2023-38633[0]: | A directory

Bug#1041706: debian-handbook: Wrong advice on APT::Default-Release preventing security updates

FWIW, there is a related discussion in #1041708, so cross-referencing. Regards, Salvatore

Bug#1041643: ITP: ktls-utils -- TLS handshake utilities for in-kernel TLS consumers

Hi, On Sat, Jul 22, 2023 at 11:51:55PM +0200, Ben Hutchings wrote: > I've prepared a package in the Git repository > . > > As of Linux 6.4, the only in-kernel user of TLS is the NFS server. > Linux 6.5 adds support in the NFS client. With just

Bug#1041363: nft BUG: kernel NULL pointer dereference, address: 0000000000000038

Control: tags -1 + moreinfo Hi Daniel, On Tue, Jul 18, 2023 at 02:35:25AM +0200, Daniel Gröber wrote: > Package: src:linux > Version: 6.1.27-1 > Severity: normal > > Dear Maintainer, > > I got the following BUG on my router while working on my nftables > ruleset. After this happened network

Bug#1040945: tiff: CVE-2023-3618

Hi László On Mon, Jul 17, 2023 at 06:36:37PM +0200, László Böszörményi (GCS) wrote: > Hi Salvatore, > > On Thu, Jul 13, 2023 at 8:42 PM Salvatore Bonaccorso > wrote: > > On Wed, Jul 12, 2023 at 10:12:50PM +0200, László Böszörményi wrote: > > > In short, it seems: >

Bug#1037761: lnav: ftbfs with GCC-13

Control: tags -1 + upstream confirmed Hi On Wed, Jun 14, 2023 at 09:28:00AM +, Matthias Klose wrote: > Package: src:lnav > Version: 0.11.1-3 > Severity: normal > Tags: sid trixie > User: debian-...@lists.debian.org > Usertags: ftbfs-gcc-13 > > [This bug is targeted to the upcoming trixie

Bug#1037610: criu: ftbfs with GCC-13

Control: tags -1 + confirmed upstream Hi, On Wed, Jun 14, 2023 at 09:22:39AM +, Matthias Klose wrote: > Package: src:criu > Version: 3.17.1-2 > Severity: normal > Tags: sid trixie > User: debian-...@lists.debian.org > Usertags: ftbfs-gcc-13 > > [This bug is targeted to the upcoming trixie

Bug#1040955: linux-image-6.1.0-10-amd64 | drm/i915 Intel GFX Driver crashes kernel

Hi Víctor Thanks for your response. On Fri, Jul 14, 2023 at 11:16:04AM -0300, Victor A. Bettachini wrote: > Hi Salvatore, > > Sorry, but I'll not provide help following either of your > suggestions. > > Regarding testing in current or experimental branch, I need to keep this > machine sticked

Bug#1041051: autofs: Regression: Don't probe interface that can't send packet

Source: autofs Version: 5.1.8-3 Severity: important Tags: upstream X-Debbugs-Cc: car...@debian.org Control: found -1 5.1.8-2+deb12u1 Control: found -1 5.1.8-2 Control: found -1 5.1.7-1+deb11u1 Control: found -1 5.1.7-1 Control: tags -1 + bullseye bookworm trixie sid Control: forwarded -1

Bug#1040945: tiff: CVE-2023-3618

Hi László, On Wed, Jul 12, 2023 at 10:12:50PM +0200, László Böszörményi wrote: > Hi Salvatore, > > On Wed, Jul 12, 2023 at 9:39 PM Salvatore Bonaccorso > wrote: > > Source: tiff > > Version: 4.5.1-1 > > CVE-2023-3618[0]: > > | A flaw was found in libtiff. A

Bug#1037100: cpp-httplib: CVE-2023-26130

Hi Andrea, On Thu, Jul 13, 2023 at 12:11:07PM +0200, Bastian Germann wrote: > Am 13.07.23 um 12:09 schrieb Andrea Pappacoda: > > Il giorno gio 13 lug 2023 alle 12:08:28 +02:00:00, Bastian Germann > > ha scritto: > > > 2.: Please email the security team with the debdiff instead. > > > > Ok, so

Bug#1040955: linux-image-6.1.0-10-amd64 | drm/i915 Intel GFX Driver crashes kernel

Control: tags -1 + moreinfo Hi Victor, On Thu, Jul 13, 2023 at 12:54:01AM -0300, Victor A. Bettachini wrote: > Package: src:linux > Version: 6.1.37-1 > Severity: important > X-Debbugs-Cc: vict...@gmx.net > > Dear Maintainer, > > I'd like to report this behaviour present when booting to >

Bug#1040945: tiff: CVE-2023-3618

Source: tiff Version: 4.5.1-1 Severity: important Tags: security upstream Forwarded: https://gitlab.com/libtiff/libtiff/-/issues/529 X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for tiff. CVE-2023-3618[0]: | A flaw was found in libtiff. A

Bug#1040880: nsis: CVE-2023-37378

Source: nsis Version: 3.08-3 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Control: found -1 3.06.1-1 Hi, The following vulnerability was published for nsis. CVE-2023-37378[0]: | Nullsoft Scriptable Install System (NSIS) before 3.09

Bug#1040879: redis: CVE-2023-36824: Heap overflow in COMMAND GETKEYS and ACL evaluation

Source: redis Version: 5:7.0.11-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for redis. CVE-2023-36824[0]: | Redis is an in-memory database that persists on disk. In Redit 7.0 | prior to 7.0.12,

Bug#1040714: dhcpcd: Missing epoch from souce package version

Hi, On Tue, Jul 11, 2023 at 10:37:44PM +0300, Martin-Éric Racine wrote: > On Tue, Jul 11, 2023 at 10:05 PM Salvatore Bonaccorso > wrote: > > On Tue, Jul 11, 2023 at 06:30:38PM +0300, Martin-Éric Racine wrote: > > > Reintroducing the epoch produces the following Lintian

Bug#1040714: dhcpcd: Missing epoch from souce package version

Hi martin-Eric, On Tue, Jul 11, 2023 at 06:30:38PM +0300, Martin-Éric Racine wrote: > On Mon, Jul 10, 2023 at 7:30 PM Martin-Éric Racine > wrote: > > > > On Mon, Jul 10, 2023 at 7:05 PM Salvatore Bonaccorso > > wrote: > > > On Sun, Jul 09, 2023 at 10:39:59P

Bug#1037190: closed by Debian FTP Masters (reply to Martin-Éric Racine ) (Bug#1037190: fixed in dhcpcd 10.0.1-1)

Hi Martin-Éric, On Tue, Jul 11, 2023 at 08:05:18AM +0300, Martin-Éric Racine wrote: > On Sun, Jul 9, 2023 at 10:26 PM Martin-Éric Racine > wrote: > > > > On Sun, Jul 9, 2023 at 4:32 PM Martin-Éric Racine > > wrote: > > > > > > On Sat, Jul 8, 2023 at 12:57 PM Martin-Éric Racine > > > wrote: > >

Bug#1040818: bookworm-pu: package libxml2/2.9.14+dfsg-1.3~deb12u1

ore Bonaccorso Mon, 10 Jul 2023 21:58:07 +0200 + +libxml2 (2.9.14+dfsg-1.3) unstable; urgency=medium + + * Non-maintainer upload. + * Reset nsNr in xmlCtxtReset (CVE-2022-2309) (Closes: #1039991) + * Also reset nsNr in htmlCtxtReset (CVE-2022-2309) (Closes: #1039991) + + -- Salvatore Bonacco

Bug#1040714: dhcpcd: Missing epoch from souce package version

Control: reopen -1 Hi Martin-Eric, On Sun, Jul 09, 2023 at 10:39:59PM +0300, Martin-Éric Racine wrote: > On Sun, Jul 9, 2023 at 10:33 PM Salvatore Bonaccorso > wrote: > > On Sun, Jul 09, 2023 at 09:25:33PM +0200, Salvatore Bonaccorso wrote: > > > Source: dhcpcd &g

Bug#1040714: dhcpcd: Missing epoch from souce package version

Hi, On Sun, Jul 09, 2023 at 10:29:58PM +0300, Martin-Éric Racine wrote: > On Sun, Jul 9, 2023 at 10:27 PM Salvatore Bonaccorso > wrote: > > > > Source: dhcpcd > > Version: 10.0.1-1 > > Severity: serious > > Justification: Debian version goes backwards f

Bug#1040714: dhcpcd: Missing epoch from souce package version

Hi, On Sun, Jul 09, 2023 at 09:25:33PM +0200, Salvatore Bonaccorso wrote: > Source: dhcpcd > Version: 10.0.1-1 > Severity: serious > Justification: Debian version goes backwards from previous released versions > X-Debbugs-Cc: car...@debian.org > > Hi > > The new src

Bug#1040714: dhcpcd: Missing epoch from souce package version

Source: dhcpcd Version: 10.0.1-1 Severity: serious Justification: Debian version goes backwards from previous released versions X-Debbugs-Cc: car...@debian.org Hi The new src:dhcpcd has a lower version of any previous released src:dhcpd version, which had an epoch: 1:3.2.3-11+deb7u1 1:3.2.3-11

Bug#1039965: linux-image-6.1.0-9-amd64: crash on boot

Control: tags -1 - moreinfo Control: tags -1 + upstream Hi Richard, On Sat, Jul 08, 2023 at 09:16:35AM +, Richard Rahl wrote: > After some further testing, I verified that it's an upstream bug, so > will report something upstream, after I figured out which commit is > to blame. Ok that is

Bug#1039991: libxml2: diff for NMU version 2.9.14+dfsg-1.3

. + * Reset nsNr in xmlCtxtReset (CVE-2022-2309) (Closes: #1039991) + * Also reset nsNr in htmlCtxtReset (CVE-2022-2309) (Closes: #1039991) + + -- Salvatore Bonaccorso Sat, 08 Jul 2023 21:18:29 +0200 + libxml2 (2.9.14+dfsg-1.2) unstable; urgency=medium * Non-maintainer upload. diff -Nru

Bug#1038856: libx11-xcb1: The package update modified some settings in gnome control center

Control: tags -1 + moreinfo On Wed, Jun 21, 2023 at 08:18:59PM -0400, zezamoral wrote: > Package: libx11-xcb1 > Version: 2:1.8.4-2+deb12u1 > Severity: normal > X-Debbugs-Cc: sazamor...@gmail.com, t...@security.debian.org > > Dear Maintainer, > >* What led up to the situation? >

Bug#1040407: linux-image-6.3.0-1-amd64: X1 Carbon 9th gen, docked, external display stops working after suspend and there are kernel traces in the logs

Control: tags -1 + moreinfo On Wed, Jul 05, 2023 at 10:19:48PM +0300, Claudio Saavedra wrote: > > That commit is part of 6.4-rc7 and Experimental currently has 6.4.1-1 > > so it > > should be fixed with that kernel. > > Verification whether that's indeed the case would be appreciated. > >

Bug#1040346: linux-image-6.3.0-2-amd64: AMDGPU only with unusable high resolution available

Hi Klaus, On Wed, Jul 05, 2023 at 02:17:34PM +0100, Klaus Ethgen wrote: > Hi, > > Am Mi den 5. Jul 2023 um 12:59 schrieb Bastian Blank: > > On Wed, Jul 05, 2023 at 11:31:06AM +0100, Klaus Ethgen wrote: > > > > But this is what you want, you want to use the full resolution of the > > > > output

Bug#1040338: pypdf: CVE-2023-36464

Source: pypdf Version: 3.4.1-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Control: clone -1 -2 Control: reassign -2 src:pypdf2 2.12.1-3 Control: retitle -2 pypdf2: CVE-2023-36464 Hi, The following vulnerability was published for pypdf.

Bug#1040012: Possible missing firmware /lib/firmware/i915/dg2_huc_gsc.bin for module i915 that is part of the source

Hi Daniel, On Sat, Jul 01, 2023 at 02:14:43AM +0200, Daniel Leidert wrote: > Package: firmware-misc-nonfree > Version: 20230515-2 > Severity: normal > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > The file dg2_huc_gsc.bin is part of the source, but it is not shipped as part > of

Bug#1035607: [ftpmas...@ftp-master.debian.org: Accepted libheif 1.16.2-1 (amd64 source) into unstable]

Source: libheif Source-Version: 1.16.2-1 This fixes as well CVE-2023-29659, #1035607, closing it manually. - Forwarded message from Debian FTP Masters - -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 20 Jun 2023 11:37:08 +0200 Binary: heif-gdk-pixbuf

Bug#1040050: bouncycastle: CVE-2023-33201: potential blind LDAP injection attack using a self-signed certificate

Source: bouncycastle Version: 1.72-2 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for bouncycastle. CVE-2023-33201[0]: | potential blind LDAP injection attack using a self-signed | certificate

Bug#1039883: linux-image-6.3.0-1-amd64: ext4 corruption with symlinks

Control: tags -1 + upstream Hi, On Thu, Jun 29, 2023 at 10:38:07AM +0200, dud225 wrote: > Package: linux-image-6.3.0-1-amd64 > Version: linux-image-6.3.0-1-amd64 > Severity: important > Tags: upstream > X-Debbugs-Cc: dud...@hotmail.com > > Hello > > I've stored data on a USB external hard

Bug#1039965: linux-image-6.1.0-9-amd64: crash on boot

Control: tags -1 + moreinfo Control: fixed -1 6.3.7-1 On Fri, Jun 30, 2023 at 10:54:34AM +0200, Richard Rahl wrote: > Package: src:linux > Version: 6.1.27-1 > Severity: important > X-Debbugs-Cc: rra...@proton.me > > Dear Maintainer, > > When I installed Debian 12 (mostly default, except XFS as

Bug#1040000: plantuml: CVE-2023-3432

Source: plantuml Version: 1:1.2020.2+ds-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for plantuml. CVE-2023-3432[0]: | Server-Side Request Forgery (SSRF) in GitHub repository |

Bug#1039999: plantuml: CVE-2023-3431

Source: plantuml Version: 1:1.2020.2+ds-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for plantuml. CVE-2023-3431[0]: | Improper Access Control in GitHub repository plantuml/plantuml prior | to

Bug#1039990: [Pkg-javascript-devel] Bug#1039990: nodejs: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590

Hi [CC'ing the security team alias] On Fri, Jun 30, 2023 at 08:12:37PM +0200, Jérémy Lal wrote: > Hi, > > Le ven. 30 juin 2023 à 19:21, Salvatore Bonaccorso a > écrit : > > > Source: nodejs > > Version: 18.13.0+dfsg1-1 > > Severity: important > > Tags:

Bug#1039991: libxml2: CVE-2022-2309

Source: libxml2 Version: 2.9.14+dfsg-1.2 Severity: important Tags: security upstream Forwarded: https://gitlab.gnome.org/GNOME/libxml2/-/issues/378 X-Debbugs-Cc: car...@debian.org, Debian Security Team Control: found -1 2.9.10+dfsg-6.7+deb11u4 Control: found -1 2.9.10+dfsg-1 Hi, The following

Bug#1039990: nodejs: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590

Source: nodejs Version: 18.13.0+dfsg1-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerabilities were published for nodejs. CVE-2023-30581[0], CVE-2023-30588[1], CVE-2023-30589[2] and CVE-2023-30590[3]. If you fix the

Bug#1039989: plantuml: CVE-2022-1231

Source: plantuml Version: 1:1.2020.2+ds-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for plantuml. CVE-2022-1231[0]: | XSS via Embedded SVG in SVG Diagram Format in GitHub repository |

Bug#1039606: Don't display unimportant issues as "vulnerable"

Hi, On Tue, Jun 27, 2023 at 08:33:08PM +0200, Moritz Muehlenhoff wrote: > Package: security-tracker > Severity: wishlist > > "unimportant" issues don't have security impact, but currently they get shown > as "vulnerable" in red, both in a package overview page, e.g. >

Bug#1039576: mt76x2u 4-6:1.0: Direct firmware load for mt7662_rom_patch.bin failed with error -2

Hi, On Tue, Jun 27, 2023 at 01:35:51PM +0200, Wolfgang Walter wrote: > Package: firmware-misc-nonfree > Version: 20230515-1 > Severity: important > > After upgrading firmware-misc-nonfree to 20230515-1 my usb-wlan adapter > stopped working. The kernel logs: > > mt76x2u 4-6:1.0: Direct firmware

Bug#1038979: guava-libraries: CVE-2020-8908 CVE-2023-2976

Source: guava-libraries Version: 31.1-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerabilities were published for guava-libraries. CVE-2020-8908[0]: | A temp directory creation vulnerability exists in all versions of

Bug#1038977: flvmeta: CVE-2023-36243

Source: flvmeta Version: 1.2.1-1 Severity: important Tags: security upstream Forwarded: https://github.com/noirotm/flvmeta/issues/19 X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for flvmeta. CVE-2023-36243[0]: | FLVMeta v1.2.1 was

Bug#1038976: gifsicle: CVE-2023-36193

Source: gifsicle Version: 1.93-2 Severity: normal Tags: security upstream Forwarded: https://github.com/kohler/gifsicle/issues/191 X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for gifsicle. CVE-2023-36193[0]: | Gifsicle v1.9.3 was

Bug#1038975: sngrep: CVE-2023-36192

Source: sngrep Version: 1.7.0-1 Severity: normal Tags: security upstream Forwarded: https://github.com/irontec/sngrep/issues/438 X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for sngrep. CVE-2023-36192[0]: | Sngrep v1.6.0 was discovered to

Bug#1034847: lua5.3: CVE-2021-43519

Hi Guilhem, On Fri, Jun 23, 2023 at 12:27:32PM +0200, Guilhem Moulin wrote: > On Thu, 22 Jun 2023 at 18:08:39 +0200, Guilhem Moulin wrote: > > bullseye > > > > > > $ lua5.1 ./cstack.lua > > testing stack overflow detection > > nesting coroutines running after recoverable errors > >

Bug#1038829: python-websockets: CVE-2021-33880 fix for bullseye

Hi, On Thu, Jun 22, 2023 at 07:58:39PM +0200, Bastian Germann wrote: > Control: reopen -1 > Control: notfixed -1 python-websockets/9.1-1 > > I am not sure you have read the "bullseye" part. v9.1 is not the version in > bullseye. It looks we are working against each others. Yes I have read the

Bug#1038885: cups: CVE-2023-34241: use-after-free in cupsdAcceptClient()

Source: cups Version: 2.4.2-4 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for cups. CVE-2023-34241[0]: | use-after-free in cupsdAcceptClient() If you fix the vulnerability please also make sure to

Bug#1038860: trafficserver: Wrong version for trafficserver security-update in DSA-5435-1

Source: trafficserver Version: 9.2.0+ds-1~deb12u1 Severity: serious Justification: wrong version number, does not allow updates to fixed version X-Debbugs-Cc: car...@debian.org,t...@security.debian.org Control: affects -1 + security.debian.org,release.debian.org Hi The update for trafficserver

Bug#1038248: Accepted trafficserver 9.2.1+ds-1 (source) into unstable

Source: trafficserver Source-Version: 9.2.1+ds-1 - Forwarded message from Debian FTP Masters - -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 19 Jun 2023 11:44:27 +0200 Source: trafficserver Architecture: source Version: 9.2.1+ds-1 Distribution: unstable

Bug#1036701: closed by Debian FTP Masters (reply to Reinhard Tartler ) (Bug#1036701: fixed in gpac 2.2.1+dfsg1-1)

Control: reopen -1 Hi Looking at the upstream tag v2.2.1 thos echanges are not yet included. Can you double check please as well? For instance https://github.com/gpac/gpac/commit/ba59206b3225f0e8e95a27eff41cb1c49ddf9a3 for CVE-2023-2840 still applies. Regards, Salvatore

Bug#1034890: closed by Debian FTP Masters (reply to Reinhard Tartler ) (Bug#1034890: fixed in gpac 2.2.1+dfsg1-1)

Control: reopen -1 Hi Reinhard, I'm unsure on this one, can you elaborate where CVE-2023-0841 has been fixed with the 2.2.1 upstream version? This was particularly confusing as the only reference given for the CVE is as Moritz mentioned,

Bug#1033257: Accepted libde265 1.0.12-1 (source) into unstable

Source: libde265 Source-Version: 1.0.12-1 - Forwarded message from Debian FTP Masters - -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 20 Jun 2023 09:10:00 +0200 Source: libde265 Architecture: source Version: 1.0.12-1 Distribution: unstable Urgency: medium

Bug#1038665: CONFIG_VIRTIO_MEM=m missing in debian 12 kernels

Control: tags -1 + confirmed Hi, On Mon, Jun 19, 2023 at 09:44:51PM +0200, Laurent GUERBY wrote: > Package: linux-image-amd64 > Severity: important > > Hi, > > CONFIG_VIRTIO_MEM=m is missing in debian 12, it was there in debian 11 > and 10 and may be before. > > It's still there unchanged in

Bug#1037052: minidlna: diff for NMU version 1.3.2+dfsg-1.1

. + * upnphttp: Fix chunk length parsing (CVE-2023-33476) (Closes: #1037052) + + -- Salvatore Bonaccorso Mon, 19 Jun 2023 21:14:33 +0200 + minidlna (1.3.2+dfsg-1) unstable; urgency=medium * New upstream release (Closes: #1005219, #1011629, #1017183, #1024905). diff -Nru minidlna-1.3.2+dfsg/debian

Bug#1038408: ruby3.1: CVE-2023-28755 CVE-2023-28756

Source: ruby3.1 Version: 3.1.2-7 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerabilities were published for ruby3.1. CVE-2023-28755[0]: | A ReDoS issue was discovered in the URI component through 0.12.0 in | Ruby

Bug#1038390: bookworm-pu: package vte2.91/0.70.6-1~deb12u1

Hi Simon, On Sat, Jun 17, 2023 at 03:22:21PM +0100, Simon McVittie wrote: > Package: release.debian.org > Severity: normal > Tags: bookworm > User: release.debian@packages.debian.org > Usertags: pu > X-Debbugs-Cc: vte2...@packages.debian.org, debian-b...@lists.debian.org, >

Bug#1038253: cpdb-libs: CVE-2023-34095

Source: cpdb-libs Version: 1.2.0-2 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for cpdb-libs. CVE-2023-34095[0]: | cpdb-libs provides frontend and backend libraries for the Common | Printing

Bug#1038251: hoteldruid: CVE-2023-33817 CVE-2023-34537

Source: hoteldruid Version: 3.0.5-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerabilities were published for hoteldruid. CVE-2023-33817[0]: | hoteldruid v3.0.5 was discovered to contain a SQL injection |

Bug#1038248: trafficserver: CVE-2022-47184 CVE-2023-30631 CVE-2023-33933

Source: trafficserver Version: 9.2.0+ds-2 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Control: found -1 8.1.6+ds-1~deb11u1 Control: found -1 8.0.2+ds-1+deb10u6 Hi, The following vulnerabilities were published for trafficserver.

Bug#1038133: Accepted libx11 2:1.8.6-1 (source) into unstable

Source: libx11 Source-Version: 2:1.8.6-1 - Forwarded message from Debian FTP Masters - -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 16 Jun 2023 14:36:12 +0200 Source: libx11 Architecture: source Version: 2:1.8.6-1 Distribution: unstable Urgency: medium

Bug#1038133: libx11: CVE-2023-3138

Source: libx11 Version: 2:1.8.4-2 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for libx11. CVE-2023-3138[0]: | Buffer overflows in InitExt.c in libX11 If you fix the vulnerability please also make

Bug#1038119: tang: CVE-2023-1672

Source: tang Version: 11-2 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for tang. CVE-2023-1672[0]: | Fix race condition when creating/rotating keys If you fix the vulnerability please also

Bug#1037982: libnet-route-perl needs dependency net-tools for system route command.

Package: libnet-route-perl Version: 0.02-3 Severity: serious X-Debbugs-CC: Craig Manley As reported by Craig: On Wed, Jun 14, 2023 at 12:33:44PM +0200, Craig Manley wrote: > Hello, > > Our builds were failing because libnet-route-perl called the missing system > command /sbin/route which is

Bug#1037542: bookworm-pu: package xerial-sqlite-jdbc/3.40.1.0+dfsg-1+deb12u1

Hi Pierre, On Wed, Jun 14, 2023 at 12:01:18AM +0200, Pierre Gruet wrote: > Package: release.debian.org > Severity: normal > Tags: bookworm > User: release.debian@packages.debian.org > Usertags: pu > X-Debbugs-Cc: xerial-sqlite-j...@packages.debian.org > Control: affects -1 +

Bug#1037444: bookworm-pu: package kanboard/1.2.26+ds-4

Hi Joseph, [disclaimer, not a release team member but I believe can give input on the debdiff below] On Mon, Jun 12, 2023 at 08:19:55PM -0400, Joseph Nahmias wrote: > Package: release.debian.org > Severity: normal > Tags: bookworm > User: release.debian@packages.debian.org > Usertags: pu >

Bug#1037959: BUG: kernel NULL pointer dereference in kthread md2_raid6

Hi Timo, On Wed, Jun 14, 2023 at 10:44:01AM +0200, Timo Weingärtner wrote: > Package: src:linux > Version: 6.1.27-1 > Severity: important > > Dear Maintainer, > > yesterday I upgraded my home server to bookworm. When cutting a > recording in vdr (reading a big video file while writing out a big

Bug#1035671: [ftpmas...@ftp-master.debian.org: Accepted hoteldruid 3.0.5-1 (source) into unstable]

Source: hoteldruid Source-Version: 3.0.5-1 - Forwarded message from Debian FTP Masters - -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 16 Mar 2023 09:34:09 + Source: hoteldruid Architecture: source Version: 3.0.5-1 Distribution: unstable Urgency: low

Bug#1035023: [ftpmas...@ftp-master.debian.org: Accepted cloud-init 23.2-1 (source) into unstable]

Source: cloud-init Source-Version: 23.2-1 Fixes as well CVE-2023-1786. - Forwarded message from Debian FTP Masters - -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 14 Jun 2023 09:42:18 -0700 Source: cloud-init Architecture: source Version: 23.2-1 Distribution:

<    4   5   6   7   8   9   10   11   12   13   >