package: taliesin
Severity: wishlist
Owner: 'Nicolas Mora'
*Package Name : Taliesin
Version : 1.0.16
Upstream Author : Nicolas Mora
*URL : https://github.com/babelouest/taliesin
*License : GPL3
*Description : Lightweight audio media server with a REST API interface
and a React JS client
signature.asc
Description: OpenPGP digital signature
signature.asc
Description: OpenPGP digital signature
package: node-serialize-javascript
Severity: whishlist
Owner: 'Nicolas Mora'
*Package Name : node-serialize-javascript
Version : 1.5.0
Upstream Author : Eric Ferraiuolo
*URL : https://github.com/yahoo/serialize-javascript
*License : BSD-3-Clause
*Description : Serialize JavaScript
package: node-jest-worker
Severity: whishlist
Owner: 'Nicolas Mora'
*Package Name : node-jest-worker
Version : 23.2.0
Upstream Author : Facebook Inc.
*URL :
https://github.com/facebook/jest/tree/master/packages/jest-worker
*License : Expat
*Description : Module for executing heavy tasks
package: node-rollup-plugin-uglify
Severity: whishlist
Owner: 'Nicolas Mora'
*Package Name : node-rollup-plugin-uglify
Version : 6.0.0
Upstream Author : Bogdan Chadkin
*URL : https://github.com/TrySound/rollup-plugin-uglify#readme
*License : Expat
*Description : Uses UglifyJS under
package: node-react-audio-player
Severity: whishlist
Owner: 'Nicolas Mora'
*Package Name : node-react-audio-player
Version : 0.11.0
Upstream Author : Justin McCandless
*URL : https://github.com/justinmc/react-audio-player#readme
*License : Expat
*Description : This is a light React wrapper
package: node-i18next
Severity: whishlist
Owner: 'Nicolas Mora'
*Package Name : node-i18next
Version : 1.5.1
Upstream Author : Jan Mühlemann
*URL : https://github.com/i18next/i18next-xhr-backend
*License : Expat
*Description : This is a simple i18next backend to be used in the
browser
package: node-i18next
Severity: whishlist
Owner: 'Nicolas Mora'
*Package Name : node-i18next
Version : 12.0.0
Upstream Author : Jan Mühlemann
*URL : http://i18next.com
*License : Expat
*Description : i18next is a very popular internationalization framework
for browser or any other
package: node-i18next-browser-languagedetector
Severity: whishlist
Owner: 'Nicolas Mora'
*Package Name : node-i18next-browser-languagedetector
Version : 2.2.3
Upstream Author : Jan Mühlemann
*URL : https://github.com/i18next/i18next-browser-languageDetector
*License : Expat
*Description
Thanks for the MR, I guess I was too confident about the initial change
I made to close this issue.
The new package is named gir1.2-ical-3.0, shouldn't it be named
gir1.2-libical-3.0 ? I may be wrong though, I don't know the habits in
the other packages that have this feature.
Also, if the new
Hello,
Thanks for the report.
It's due to a change in the librairies header files recently. This
change is incompatible with older glewlwyd cmake scripts.
Glewlwyd 1.4.9 fixes that and the package will be uploaded soon.
Package: wnpp
Severity: wishlist
Owner: Nicolas Mora
X-Debbugs-CC: debian-de...@lists.debian.org
* Package name: node-memory-streams
Version : 0.1.3
Upstream Author : Paul Jackson (http://jaaco.uk/)
* URL : https://github.com/paulja/memory-streams-js
* License
Package: wnpp
Severity: wishlist
Owner: Nicolas Mora
X-Debbugs-CC: debian-de...@lists.debian.org
* Package name: node-append-transform
Version : 1.0.0
Upstream Author : James Talmage
(github.com/jamestalmage)
* URL : https://github.com/istanbuljs/append-transform
Package: wnpp
Severity: wishlist
Owner: Nicolas Mora
X-Debbugs-CC: debian-de...@lists.debian.org
* Package name: node-default-require-extensions
Version : 2.0.0
Upstream Author : James Talmage
(github.com/jamestalmage)
* URL : https://github.com/avajs/default
Package: wnpp
Severity: wishlist
Owner: Nicolas Mora
X-Debbugs-CC: debian-de...@lists.debian.org
* Package name: node-fileset
Version : 2.0.3
Upstream Author : mklabs
* URL : https://github.com/mklabs/node-fileset
* License : Expat
Programming Lang
Package: wnpp
Severity: wishlist
Owner: Nicolas Mora
X-Debbugs-CC: debian-de...@lists.debian.org
* Package name: node-path-parse
Version : 1.0.6
Upstream Author : Javier Blanco <http://jbgutierrez.info>
* URL : https://github.com/jbgutierrez/path-parse
* L
Package: wnpp
Severity: wishlist
Owner: Nicolas Mora
X-Debbugs-CC: debian-de...@lists.debian.org
* Package name: node-istanbuljs
Version : 1.x
Upstream Author : Ben Coe
* URL : https://github.com/istanbuljs/istanbuljs
* License : ISC
Programming Lang
Le 2018-11-22 03:54, Pirate Praveen a écrit :
I suggest you embed it inside (same for other simple dependencies)
node-istanbuljs. See
https://wiki.debian.org/Javascript/Nodejs/Npm2Deb#Embedding_some_modules
Thanks, I will do that.
One question about this process though.
In this case, the
Le 19-01-11 à 10 h 39, Jeremy Bicha a écrit :
> 1. Please drop autopkgtest from Build-Depends. The autopkgtest system
> doesn't need it.
>
I don't recall where I saw that autopkgtest is required in build-dep but
since then I apply it like a cargo cultist... Thanks for the tip!
> 2. Please
Le 19-01-12 à 10 h 01, Jeremy Bicha a écrit :
>
> I could help move that to the https://salsa.debian.org/debian/ group
> if you wanted but it's not required.
I'd like that, if you can create the repo and grant me write access in
it, that would be much appreciated
> Could you please add Vcs fields
Le 19-01-12 à 10 h 17, Jeremy Bicha a écrit :
>
> Ok, please grant my account ( jbicha ) owner privileges for your repo
> so I can do the move.
>
Done
Hello,
I'm not sure I understand the problem.
Libyder relies on libsystemd to write logs in journald, but it's one of the log
output available, like syslog, a file, a callback or the console. But you can
use libyder without systemd if you don't use it as log output.
Also, in Debian packages,
soon.
Thanks
Le 19-04-04 à 10 h 25, Harald Welte a écrit :
> Hi Nicolas,
>
> thanks for your response.
>
> On Thu, Apr 04, 2019 at 09:10:10AM -0400, Nicolas Mora wrote:
>> Libyder relies on libsystemd to write logs in journald, but it's one of the
>> log output ava
Package: wnpp
Severity: wishlist
Owner: Nicolas Mora
X-Debbugs-CC: debian-de...@lists.debian.org
* Package name: libgraphqlparser
Version : 0.7.0
Upstream Author : Facebook Inc.
* URL : https://github.com/graphql/libgraphqlparser
* License : Expat
signature.asc
Description: OpenPGP digital signature
Package: wnpp
Severity: wishlist
Owner: Nicolas Mora
X-Debbugs-CC: debian-de...@lists.debian.org
* Package name: node-qrcode-generator
Version : 1.4.4
Upstream Author : Kazuhiko Arase
* URL : https://github.com/kazuhikoarase/qrcode-generator#readme
* License
Package: node-sourcemap-codec
Version: 1.4.5
Severity: normal
Tags: patch
The link usr/lib/nodejs/sourcemap-codec/index.js included in the package
points to the file usr/lib/nodejs/sourcemap-codec/sourcemap-codec.js
where it should link to
Package: node-rollup-plugin-commonjs
Version: 10.0.1
Severity: normal
Tags: patch
The link usr/lib/nodejs/rollup-plugin-commonjs/index.js included in the package
points to the file
usr/lib/nodejs/rollup-plugin-commonjs/rollup-plugin-commonjs.cjs.js
where it should link to
Le 20-02-10 à 06 h 02, Iain Lane a écrit :
>
> Since this is breaking the build of reverse dependencies, I'm proposing
> to NMU a fix to DELAYED/5. The debdiff is attached. Feel free to fix it
> yourself sooner, though.
>
Thanks for the patch, I apply it to the package now!
Le 20-02-11 à 06 h 26, Iain Lane a écrit :
>
> Thanks! Would you mind if I reschedule the NMU to be uploaded straight
> away so we don't have to wait to be able to build evolution-data-server?
>
That's ok, I reupload the package 3.0.7-2 with your fix, it should be
available in sid soon now.
I agree but we should merge both packages content then, the package
libjs-i18next provides UMD format.
Le 20-01-03 à 05 h 29, Xavier a écrit :
>
> Not needed: libjs-i18next from src:node-i18next provides UMD files while
> libjs-i18next from src:libjs-i18next just use index.js file. That's why
> I suggest to remove src:libjs-i18next and keep node-i18next which
> provides libjs-i18next ;-)
>
> NB:
Package: wnpp
Severity: wishlist
Owner: Nicolas Mora
X-Debbugs-CC: debian-de...@lists.debian.org
* Package name: node-redux
Version : 4.0.5
Upstream Author : Dan Abramov
* URL : https://redux.js.org/
* License : Expat
Programming Lang: JavaScript
Package: wnpp
Severity: wishlist
Owner: Nicolas Mora
X-Debbugs-CC: debian-iot-maintain...@lists.alioth.debian.org
* Package name : liboauth2
Version : 1.3.0
Upstream Author : ZmartZone Holding BV - www.zmartzone.eu
* URL : https://github.com/zmartzone/liboauth2/
* License : AGPL-3+
Programming
Hello,
Le 20-09-05 à 03 h 42, Gianfranco Costamagna a écrit :>
> Hello, your package FTBFS on s390x. Please have a look if possible
>
[...]
> Start 3: framework
> 3/4 Test #3: framework ***Failed0.65 sec
> Running suite(s): Ulfius framework function tests
> 86%:
Package: wnpp
Severity: wishlist
Owner: Nicolas Mora
X-Debbugs-CC: pkg-javascript-de...@lists.alioth.debian.org
* Package name : node-i18next-http-backend
Version : 1.0.18
Upstream Author : i18next
* URL : https://github.com/i18next/i18next-http-backend
* License : Expat
Programming Lang
Package: wnpp
Severity: wishlist
Owner: Nicolas Mora
X-Debbugs-CC: Debian IoT Maintainers
* Package name: rhonabwy
Version : 0.9.9
Upstream Author : Nicolas Mora
* URL : https://github.com/babelouest/rhonabwy
* License : LGPL-2.1
Programming Lang: C
Thanks Chris!
Le 20-08-01 à 06 h 11, Chris Lamb a écrit :
>
> This is because it used the full, absolute path name as an (sanitised)
> input to a filename, resulting in the binary package containing
>
I've already added the following patch [1] in last release 0.15-1
This patch sets the
Hello,
Le 20-08-02 à 04 h 29, Chris Lamb a écrit :
>
> I did not see that... unfortunately because your patch was not actually
> sufficient. :) In other words, your package was still unreproducible
> even with your 0002-doxygen patch.
>
Sorry to insist but can you explain why the package is
Hello,
On Wed, 08 Jul 2020 11:22:18 +0200 Andreas Beckmann wrote:
>
> openzwave-controlpanel recently started to FTBFS with
>
libmicrohttpd has recent API changes. The attached patch file should fix
the ftbfs with libmicrohttpd 0.9.71. It also fixes a gcc warning with
uninitialized value.
Build has been fixed for mipsel and mips64el but it remains impossible
on armel since nodejs isn't available on this platform.
The thing is nodejs is used during package build only, to transpile the
reactjs front-end single-page-application. Then the result is the same
for all architecture.
If
> Hello, can you please apply the two patches below to fix the build failure
> with new libmicrohttpd and to give a more useful error message in case curl
> fails?
> (I don't know yet why, but the autopkgtest is failing in Ubuntu)
>
Since I'm also the upstream author, I'll fix the ftbfs in the
This bug will be resolved when Glewlwyd 2.x will be packaged into unstable.
I'm currently waiting for iddawc in the NEW queue to be accepted in
experimental to move on.
signature.asc
Description: OpenPGP digital signature
Package: wnpp
Severity: wishlist
Owner: Nicolas Mora
X-Debbugs-CC: Debian IoT Maintainers
* Package name : iddawc
Version : 0.9.5
Upstream Author : Nicolas Mora
* URL : https://github.com/babelouest/iddawc
* License : LGPL-2.1
Programming Lang: C
Description : OAuth2 and OIDC client library
Le 20-07-26 à 18 h 01, Pirate Praveen a écrit :
>
>>
>> File in node-lodash unstable package:
>> 4.17.19+dfsg-1 _baseOrderBy.js https://paste.debian.net/1157886/
>>
I made a dirty hack to check my theory and it looks like if I patch this
file by replacing 'isArray' with 'Array.IsArray' or if I
I'm not sure yet if this would fix the bug but in all the build log
errors, I see that the file /usr/share/nodejs/lodash/_baseOrderBy.js is
always the source of the error.
The file _baseOrderBy.js in the package seems buggy for an unresolved reson.
File in node-lodash unstable package:
signature.asc
Description: OpenPGP digital signature
>
> I was able to whip up the attatched patch which partially splits the
> arch dependent and independent
> builds (an arch only build now only builds the arch stuff but an indep
> only build still builds
> everything) and do a succesfull arch only build on armel.
>
Thanks a lot Peter, I was
OpenPGP_0xFE82139440BD22B9.asc
Description: application/pgp-keys
OpenPGP_signature
Description: OpenPGP digital signature
Hello,
On Wed, 06 May 2020 15:10:41 +0200 Benjamin Riefenstahl
wrote:
Scanning the changelogs of libssh2, it seems that there are important
updates for both of these problems in libssh2 in the current version
1.9. So before investigating further, we would like to ask, when we can
expect
Hello, package libssh2 1.9.0-1 has been uploaded to unstable, can you confirm
if the problem is fixed with this new version?
I do no longer need this package, canceling the ITP
OpenPGP_0xFE82139440BD22B9.asc
Description: application/pgp-keys
OpenPGP_signature
Description: OpenPGP digital signature
On Mon, 14 Dec 2020 10:53:53 +0100 Gianfranco Costamagna
wrote:
Hello, looks like the new ulfius version is missing a zlib1g-dev dependency on
the -dev package, leading to reverse-dependencies FTBFS in tests (e.g. in
src:iddawc)
Indeed, I missed that one, thanks!
Le 2021-01-17 à 10 h 30, Vincent Bernat a écrit :
How outdated is the package for you?
Right now it isn't.
My package glewlwyd doesn't use the new features and I've tested it with
libcbor 0.8 with no noticeable bug so here's no rush AFAICT. But the
versions since 0.5 fix lots of bugs and
Source: libcbor
Version: 0.5.0+dfsg-2
Severity: normal
Hello,
libcbor 0.8.0 has been released, is it possible to upgrade the debian package
before bullseye soft freeze? The current version is outdated.
Thanks in advance
-- System Information:
Debian Release: 10.7
APT prefers stable-updates
Source: libmicrohttpd
Version: 0.9.71-1
Severity: normal
Hello,
libmicrohttpd 0.9.72 has been recently relesed:
https://ftp.gnu.org/gnu/libmicrohttpd/libmicrohttpd-0.9.72.tar.gz
Is it possible to update the Debian package before bullseye soft freeze?
If you need help packaging libmicrohttpd
Le 2021-01-17 à 11 h 03, Vincent Bernat a écrit :
I have pushed 0.8.0 to salsa. Once bullseye is released, I'll upload and
you are welcome to do a backport.
Thanks!
Hello
Le 2021-06-01 à 10 h 34, Bastian Germann a écrit :
Hi,
Can you please apply for a bullseye unblock so that this change can
migrate?
This package will not be unblocked for Bullseye due to its status of
system package and the fact that the new package was uploaded way after
the
Hi
Le 2021-03-26 à 21 h 22, Bastian Germann a écrit :
there is no requirement of an OpenSSL clause anymore.
FTP Masters have reconsidered the use of OpenSSL and it can be used by
GPL software now with invoking the system library exception.
See the last comments on #924937.
It would be very
Hello,
Thanks for the patch! I'm about to upload a new package to fix the
postgresql install, including pgcrypto.
Although upgrading the package from Debian Buster will not upgrade the
database content. I added a debian/NEWS file to make this more clear on
package upgrade.
/Nicolas
Hello,
Le 2021-02-02 à 06 h 44, Arto Jantunen a écrit :
Under version 1.6 the device database isn't being installed since the
packaging wasn't updated to do that when upgrading from version 1.5. I
have created an MR on Salsa with the fix:
Hello,
Le 2021-02-09 à 10 h 45, Benjamin Riefenstahl a écrit :
Sorry for taking so long, I just now found the time to test this. Sad
to say that both the memory leak and the problem with ECDSA still exist,
when I run our test in a container with Debian testing and libssh2-1
1.9.0-2.
I'm
Package: librhonabwy0.9
Version: 0.9.13-3
Severity: important
Tags: patch
-- System Information:
Debian Release: 11.0
APT prefers stable-security
APT policy: (500, 'stable-security'), (500, 'proposed-updates'), (500,
'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-8-amd64 (SMP
Package: glewlwyd
Version: 2.5.2-2
Severity: important
Tags: patch security
X-Debbugs-Cc: Debian Security Team
-- System Information:
Debian Release: 11.0
APT prefers stable-security
APT policy: (500, 'stable-security'), (500, 'proposed-updates'), (500,
'stable')
Architecture: amd64
Hello,
7 septembre 2021 12:19 "Salvatore Bonaccorso" a écrit:
>
> Can you report the issue upstream?
>
The issue is already fixed upstream (I'm the upstream author):
https://github.com/babelouest/glewlwyd/commit/0efd112bb62f566877750ad62ee828bff579b4e2
Le 2021-09-07 à 15 h 03, Salvatore Bonaccorso a écrit :
Embarassing, I can assure you I did check the git repo.
That's ok, the commit message wasn't about the buffer overflow and it
was a few weeks ago, so no worries :)
/Nicolas
Hello,
Le 2021-08-28 à 07 h 54, Helmut Grohne a écrit :
libssh2 fails to build from source. A build ends as follows:
I can reproduce that too, not sure why it fails now...
libssh2 version 1.10 builds successfully though, and I'm currently
working on packaging libssh2 1.10 with openssl 3.0.
Hello,
Friendly ping request for this bug.
If you need help, I'll be happy to help you with this upgrade.
/Nicolas
The package libssh2 1.10.0-2 has successfully migrated to testing so I
believe this bug is fixed now
On Thu, 14 Oct 2021 16:02:07 +0200 Kevin Funk wrote:
The Debian maintainer removed those in:
https://salsa.debian.org/debian/libical3/-/commit/51ff45c7
... without documenting the change.
My bad, I must have removed these files without noticing it.
I'm uploading a new package to fix
5.10.0-8-amd64 (SMP w/4 CPU threads)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8), LANGUAGE not
set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Description: Fix CVE-2021-40540
Author: Nicolas Mora
Forwarded: not-needed
--- a/src/ulfius.c
+++ b/src
07:29:46.0 -0400
@@ -1,3 +1,11 @@
+rhonabwy (0.9.13-3+deb11u1) bullseye; urgency=medium
+
+ * d/patches/bugfixes: apply upstream bugfixes
+ jwe cbc tag computation error
+ jws alg:none signature verification issue
+
+ -- Nicolas Mora Wed, 22 Sep 2021 07:29:46 -0400
+
rhonabwy
/changelog 2021-09-22 08:42:59.0 -0400
@@ -1,3 +1,11 @@
+glewlwyd (2.5.2-2+deb11u1) bullseye; urgency=medium
+
+ * d/patches: Fix CVE-2021-40818
+ possible buffer overflow during FIDO2 signature validation
+ in webauthn registration
+
+ -- Nicolas Mora Wed, 22 Sep 2021 08:42
--- ulfius-2.7.1/debian/changelog 2021-01-03 09:03:05.0 -0500
+++ ulfius-2.7.1/debian/changelog 2021-09-19 15:39:39.0 -0400
@@ -1,3 +1,9 @@
+ulfius (2.7.1-1+deb11u1) bullseye; urgency=medium
+
+ * d/patches: Fix CVE-2021-40540 (Closes: #994763)
+
+ -- Nicolas Mora Sun
2021-09-20 08:15:27.0 -0400
@@ -1,3 +1,9 @@
+ulfius (2.5.2-4+deb10u1) buster; urgency=medium
+
+ * d/patches: Fix CVE-2021-40540
+
+ -- Nicolas Mora Mon, 20 Sep 2021 08:15:27 -0400
+
ulfius (2.5.2-4) unstable; urgency=medium
* debian/rules: remove override_dh_auto_test since now
merge 993851 994763
: Nicolas Mora
Forwarded: not-needed
--- a/src/webservice.c
+++ b/src/webservice.c
@@ -259,10 +259,6 @@
if (check_result_value(j_result, G_ERROR_UNAUTHORIZED)) {
y_log_message(Y_LOG_LEVEL_WARNING, "Security - Authorization
invalid for username %s at IP Addre
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
[ Reason ]
A bug has been fixed in Glewlwyd 2.6.1 to avoid possible possible privilege
escalation
[ Impact ]
Users accounts might be compromised
[ Changes ]
Remove a misplaced
) bullseye; urgency=medium
+
+ * d/patches: Fix possible privilege escalation (Closes: #1001849)
+
+ -- Nicolas Mora Fri, 17 Dec 2021 07:51:46 -0500
+
glewlwyd (2.5.2-2+deb11u1) bullseye; urgency=medium
* d/patches: Fix CVE-2021-40818
diff -Nru glewlwyd-2.5.2/debian/patches/auth.patch
glewlwyd
Hello Ayoyimika,
I've updated the webpack patch for webpack 5. Now the build goes
further, but it fails anyway:
make[1]: Entering directory '/<>'
webpack -p
internal/modules/cjs/loader.js:818
throw err;
^
Error: Cannot find module 'import-local'
Require stack:
-
Hello Salvatore,
Le 2021-12-24 à 14 h 36, Salvatore Bonaccorso a écrit :
Any news on the CVE assignment? Did MITRE respond?
Not yet, still waiting for the submission to be reviewed according to
the mitre...
/Nicolas
Hello,
Le 2021-12-30 à 06 h 22, Ayoyimika Ajibade a écrit :
We are starting to build against webpack5 in experimental and the
package needed for local build is webpack and node-webpack-source from
experimental.
During a test rebuild, node-react-audio-player was found to fail to
build in
Hello,
On Fri, 24 Dec 2021 14:39:14 -0500 Nicolas Mora
wrote:
Hello Salvatore,
Le 2021-12-24 à 14 h 36, Salvatore Bonaccorso a écrit :
>
> Any news on the CVE assignment? Did MITRE respond?
>
The CVE has been attributed for this bug: CVE-2021-45379
Also, the bug is only for 2.x versions.
The package glewlwyd 1.4.9-1 in oldstable isn't vulnerable
Package: wnpp
Severity: wishlist
Owner: Nicolas Mora
X-Debbugs-CC: debian-de...@lists.debian.org
* Package name: node-jose
Version : 4.3.7
Upstream Author : Filip Skokan
* URL : https://github.com/panva/jose
* License : Expat
Programming Lang: JavaScript
Hello,
Le 2021-11-23 à 15 h 20, peter green a écrit :
Package: glewlwyd
Version: 2.5.2-3
Severity: serious
Tags: ftbfs
Unfortunately it seems that even after the cross-fetch fix, glewlwyd
still FTBFS as a
result of changes in iddawc/rhonabwy.
Thanks, that's because the dependencies were
Source: libcbor
Version: 0.8.0-1
Severity: normal
Dear maintainer,
Please upload a source-only package for libcbor in unstable, so the package can
migrate to testing and allow dependencies to migrate as well.
Thanks in advance!
/Nicolas
Hello,
The package node-cross-fetch is in the NEW queue [1].
When it will be accepted in unstable, a quick change in the package
i18next-http-backend will fix glewlwyd's ftbfs.
/Nicolas
[1] https://ftp-master.debian.org/new/node-cross-fetch_3.1.4%2Bds.1-1.html
Package: wnpp
Severity: wishlist
Owner: Nicolas Mora
X-Debbugs-CC: debian-de...@lists.debian.org
* Package name: node-whatwg-fetch
Version : 3.6.2
Upstream Author : GitHub, Inc.
* URL : https://github.com/github/fetch#readme
* License : Expat
Programming
Hi Andrius,
Le 2021-11-06 à 15 h 15, Andrius Merkys a écrit :
In one of my packages I managed to drop-in replace cross-fetch with
node-fetch [1], and it seems to work, just FYI. But since you have
packaged cross-fetch, I will probably switch back to it. Thanks!
Yes, I saw that too and
Package: wnpp
Severity: wishlist
Owner: Nicolas Mora
X-Debbugs-CC: debian-de...@lists.debian.org
* Package name: node-cross-fetch
Version : 3.1.4
Upstream Author : Leonardo Quixada
* URL : https://github.com/lquixada/cross-fetch
* License : Expat
+deb11u2) bullseye; urgency=medium
+
+ * d/patches: Uses o_malloc instead of malloc (Closes: #1001384)
+
+ -- Nicolas Mora Thu, 09 Dec 2021 08:06:15 -0500
+
ulfius (2.7.1-1+deb11u1) bullseye; urgency=medium
* d/patches: Fix CVE-2021-40540 (Closes: #994763)
diff -Nru ulfius-2.7.1/debian
Source: ulfius
Version: 2.7.1-1+deb11u1
Severity: important
Tags: patch
-- System Information:
Debian Release: 11.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign
That's ok, I will fill a bug for the stable package and upload it in the
proposed-updates queue.
The bug #1001384 has been filed to fix the malloc bug in stable
Hello,
Le 2021-12-09 à 05 h 13, Harald Welte a écrit :
> Thanks a lot for the very fast response in tagging 2.7.7 and hence
fixing the problem
> for unstable.
>
> However, I am not sure if this bug should be closed yet as 'stable'
> (debian 11 / bullseye) also must be fixed. As bullseye
This is the backport of the patch for the bug #1001328 fixed in unstable
Hello,
I've been investigating with your calendar file using libical3 on
korganizer and I've found out that libical3.10 and libical3.12 are
correctly importing your file, when libical3.11 doesn't, so I'm guessing
your problem is fixed with the last package.
Can you test with package
as fixed in unstable
[ Changes ]
Check the length of the signature before verifying it
[ Other info ]
CVE ID request pending
Description: Fix buffer overflow
Author: Nicolas Mora
Forwarded: not-needed
--- a/src/scheme/webauthn.c
+++ b/src/scheme/webauthn.c
@@ -2336,12 +2336,24 @@
break
The CVE ID is CVE-2022-27240
1 - 100 of 169 matches
Mail list logo