Control: reassign -1 src:systemd
On Sat, May 18, 2024 at 10:25:14PM +0200, Matteo Settenvini wrote:
> Package: src:linux
> Version: 6.8.9-1
> Severity: important
> Tags: upstream
>
> Dear Maintainer,
>
> booting kernel 6.8.9-1 with dracut, systemd, and btrfs as the root device
> fails
> to
Hi John,
On Fri, May 17, 2024 at 04:01:56PM -0400, John Waffle wrote:
> This report came from a free tool, trivy, I filed a Github discussion about
> it here: https://github.com/aquasecurity/trivy/discussions/6722
Thanks a lot for bringing that upstream.
So to add some additional datapoint: The
Hi,
On Fri, May 17, 2024 at 10:43:26AM -0400, John Waffle wrote:
> Package: zlib
> Version: 1:1.2.13.dfsg-1
>
> Related bug reports:
> - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054290
> - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056718
>
> These were marked as resolved but
Source: sogo
Version: 5.10.0-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for sogo.
CVE-2024-34462[0]:
| Alinto SOGo through 5.10.0 allows XSS during attachment preview.
If you fix the
Source: libxml2
Version: 2.9.14+dfsg-1.3
Severity: normal
Tags: security upstream
Forwarded: https://gitlab.gnome.org/GNOME/libxml2/-/issues/720
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libxml2.
CVE-2024-34459[0]:
| An issue was
Source: git
Version: 1:2.43.0-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for git.
CVE-2024-32002[0]:
| Git is a revision control system. Prior to versions
Hi Simon,
On Fri, May 10, 2024 at 02:40:48PM +0100, Simon McVittie wrote:
> Source: glib2.0
> Version: 2.74.6-2+deb12u1
> Severity: minor
> Tags: patch fixed-upstream
> X-Debbugs-Cc: secur...@debian.org
> Control: found -1 2.79.0+git20240110~g38f5ba3c-1
> Control: found -1 2.66.8-1+deb11u2
>
Hi Roland,
On Fri, May 10, 2024 at 11:18:17AM +0200, Roland Rosenfeld wrote:
> Control: fixed -1 6.1.90+1
>
> In the meantime I upgraded to linux-image-6.1.0-21-amd64 (6.1.90+1).
> With this version the issue is solved for me.
Thanks for confirming. I in fact missed to add the bug closer for
Control: reassign -1 src:linux 5.10.216-1
Hi
The report is very vague, but I assume it's about the kernel update
recently released as DSA, so reassigning it to src:linux.
Can you please provide more information. Is this a regression from
5.10.209-2 to 5.10.216-1?
It might be helpful to
Control: retitle -1 tinyproxy: CVE-2023-49606
Hi,
CVE-2023-40533 as a duplicate of CVE-2022-40468 .
Regards,
Salvatore
Control: tags -1 + upstream
Control: forwarded -1 https://github.com/ThomasHabets/arping/pull/54
Hi,
This is upstream in
https://github.com/ThomasHabets/arping/commit/99b5445cda5da420983ce1fe4ecd550e9638d523
Regards,
Salvatore
Hi,
On Wed, May 08, 2024 at 09:52:01AM +0200, Thomas Goirand wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: python-glance-st...@packages.debian.org
> Control: affects -1 +
Source: pcp
Source-Version: 6.2.1-1
On Tue, May 07, 2024 at 06:03:03PM +, Debian FTP Masters wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Format: 1.8
> Date: Wed, 10 Apr 2024 09:14:46 +1100
> Source: pcp
> Binary: libpcp-archive1 libpcp-archive1-dev libpcp-gui2
Hi,
On Tue, May 07, 2024 at 06:35:06PM +, Kari Lempiäinen wrote:
> Hi,
>
> Looks like this fixed the problem. I ran a couple of backup jobs to
> cifs-mounted shares and no error messages so far. Thanks!
Thanks for the confirmation!
Regards,
Salvatore
Control: tags -1 + moreinfo
Hi Tito,
On Tue, May 07, 2024 at 10:19:44AM +0200, Tito Ragusa wrote:
> Package: src:linux
> Version: 6.1.90-1
> Severity: normal
>
> Dear Maintainer,
>
>* What led up to the situation?
>
>Rebooting the box after kernel package upgrade
>
>* What
Source: jinja2
Version: 3.1.3-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for jinja2.
CVE-2024-34064[0]:
| Jinja is an extensible templating engine. The `xmlattr` filter in
| affected versions
Source: python-werkzeug
Version: 3.0.2-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for python-werkzeug.
CVE-2024-34069[0]:
| Werkzeug is a comprehensive WSGI web
Source: python-html-sanitizer
Version: 2.2-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for python-html-sanitizer.
CVE-2024-34078[0]:
| html-sanitizer is an
Hi,
On Tue, May 07, 2024 at 03:30:58PM +, Kari Lempiäinen wrote:
> Hi,
>
> New kernel 6.1.0-21 seems to be out. Could you verify if this bus is fixed in
> it?
>
> I found from
> https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.90 that
> there is a commit
Source: python-aiohttp
Version: 3.9.1-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/aio-libs/aiohttp/pull/8319
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for python-aiohttp.
CVE-2024-27306[0]:
| aiohttp is
Source: sssd
Version: 2.9.4-2
Severity: grave
Tags: security upstream
Forwarded: https://github.com/SSSD/sssd/pull/7302
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for sssd.
CVE-2023-3758[0]:
| A race condition flaw was found in sssd
Source: python-aiohttp
Version: 3.9.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for python-aiohttp.
CVE-2024-30251[0]:
| aiohttp is an asynchronous HTTP client/server framework for asyncio
|
Source: libcoap3
Version: 4.3.1-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/obgm/libcoap/issues/1351
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libcoap3.
CVE-2024-31031[0]:
| An issue in `coap_pdu.c`
Hi Guido,
On Fri, May 03, 2024 at 09:47:30PM +0200, Guido Günther wrote:
> control: -1 +pending
>
> Hi,
> On Fri, May 03, 2024 at 09:10:23PM +0200, Salvatore Bonaccorso wrote:
> > Source: libvirt
> > Version: 10.2.0-1
> > Severity: important
> > Tags: sec
Source: libvirt
Version: 10.2.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libvirt.
CVE-2024-4418[0]:
| stack use-after-free in virNetClientIOEventLoop()
If you fix the vulnerability
Hi Milan,
On Thu, May 02, 2024 at 12:54:10PM -0400, Milan Kupcevic wrote:
> Hi Salvatore,
>
> On 5/2/24 10:45, Salvatore Bonaccorso wrote:
> [...]
> >
> > I did ponder about it and trying to add this fix as well for the
> > upcoming less DSA, but it won't g
Hi Milan,
On Tue, Apr 23, 2024 at 09:08:55AM +0200, Salvatore Bonaccorso wrote:
> Hi,
>
> On Mon, Apr 22, 2024 at 12:25:45PM -0400, Milan Kupcevic wrote:
> > forwarded 1069681 https://github.com/gwsw/less/issues/503
> > thanks
>
> Thanks. For now I will hold-back t
Hi,
On Fri, Apr 26, 2024 at 02:27:12PM -0700, Otto Kekäläinen wrote:
> We can put 10.11.7 in Stable until it yas been accepted in Testing first.
> It is on the way though.
I guess it won't migrate very soon yet to testing (due to tim64
transition?). In such case it would still be good to ask SRM
Hi
On Wed, Feb 21, 2024 at 07:57:06PM +, Debian Bug Tracking System wrote:
[...]
> Version: 1.949-1
>
> On Tue, 28 Nov 2023 11:43:27 +0100, Miriam Espana Acebal wrote:
>
> > I'm working on this package on Ubuntu, to promote it from universe to main.
> > I saw this bug, and it could be a
Hi Patrick,
On Mon, Apr 22, 2024 at 09:36:54PM +0200, Patrick Franz wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> X-Debbugs-Cc: delta...@debian.org
> User: release.debian@packages.debian.org
> Usertags: pu
>
> [ Reason ]
> There is a bug in libkf5sieve where the
Source: dcmtk
Version: 3.6.7-13
Severity: important
Tags: security upstream
Forwarded: https://support.dcmtk.org/redmine/issues/1120
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 3.6.7-9
Control: found -1 3.6.7-8
Hi,
The following vulnerability was published for dcmtk.
Source: sqlparse
Version: 0.4.4-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for sqlparse.
CVE-2024-4340[0]:
| Passing a heavily nested list to sqlparse.parse() leads to a Denial
| of Service
Hi Steve,
On Tue, Apr 30, 2024 at 05:19:22PM +0100, Steve McIntyre wrote:
> Hi!
>
> On Fri, Mar 08, 2024 at 10:42:40PM +0100, Salvatore Bonaccorso wrote:
> >Source: python-jwcrypto
> >Version: 1.5.4-1
> >Severity: important
> >Tags: security upstream
> >
Source: tpm2-tss
Version: 4.0.1-7
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for tpm2-tss.
CVE-2024-29040[0].
If you fix the vulnerability please also make sure to include the
CVE (Common
Source: tpm2-tools
Version: 5.6-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for tpm2-tools.
CVE-2024-29038[0] and CVE-2024-29039[1].
If you fix the vulnerabilities please also make sure to
Hi,
On Tue, Apr 30, 2024 at 02:10:20AM +0500, Alex Volkov wrote:
> Source: linux
> Severity: normal
>
> Dear Maintainer,
>
> I can't see why something which can be done with a kernel boot parameter or a
> sysctl variable
> needs to be forced in the source since 2011. Also, the very existence of
Source: node-sanitize-html
Source-Version: 2.13.0+~2.11.0-1
On Sun, Apr 28, 2024 at 02:40:18PM +, Debian FTP Masters wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Format: 1.8
> Date: Sun, 28 Apr 2024 17:48:12 +0400
> Source: node-sanitize-html
> Built-For-Profiles: nocheck
>
Source: node-ip
Source-Version: 2.0.1+~1.1.3-1
On Sun, Apr 28, 2024 at 02:40:08PM +, Debian FTP Masters wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Format: 1.8
> Date: Sun, 28 Apr 2024 17:44:01 +0400
> Source: node-ip
> Architecture: source
> Version: 2.0.1+~1.1.3-1
>
Source: node-es5-ext
Source-Version: 0.10.64+dfsg1+~1.1.0-1
On Sun, Apr 28, 2024 at 02:39:58PM +, Debian FTP Masters wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Format: 1.8
> Date: Sun, 28 Apr 2024 17:42:38 +0400
> Source: node-es5-ext
> Architecture: source
> Version:
Package: ruby-sidekiq
Version: 7.2.1+dfsg-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
The following vulnerability was published for ruby-sidekiq.
It only affects the experimental version, as the issue was
Source: ruby3.2
Version: 3.2.3-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: clone -1 -2
Control: reassign -2 src;ruby3.1 3.1.2-8
Control: retitle -2 ruby3.1: CVE-2024-27282
Control: found -2 3.1.2-7
Hi,
Source: ruby3.1
Version: 3.1.2-8
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 3.1.2-7
Hi,
The following vulnerability was published for ruby3.1.
CVE-2024-27280[0]:
| Buffer overread
Source: freerdp3
Version: 3.5.0+dfsg1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for freerdp3.
CVE-2024-32658[0]:
| FreeRDP is a free implementation of the Remote Desktop Protocol.
|
Source: freerdp2
Version: 2.11.5+dfsg1-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for freerdp2.
CVE-2024-32039[0]:
| FreeRDP is a free implementation of the
Hi,
On Mon, Apr 22, 2024 at 12:25:45PM -0400, Milan Kupcevic wrote:
> forwarded 1069681 https://github.com/gwsw/less/issues/503
> thanks
Thanks. For now I will hold-back the prepared security update to see
if there is something else which needs to be done here.
Regards,
Salvatore
Hi,
On Sat, Apr 20, 2024 at 07:54:13AM -0400, P. J. McDermott wrote:
> On 2024-04-19 at 15:55, Salvatore Bonaccorso wrote:
> > Hi,
> >
> > FWIW, I'm actually preparing a security update for the two CVEs and
> > for bookworm I was first planning to do a 590-2.1 re
FWIW, I will try to work on the new available upstream version in the
next days and see if the two RC bugs on lnav can be addressed along.
it does not make sense to investigate the testsuite failure right now
without rebasing to the new version.
Control: tags -1 + moreinfo
Hi Jeremy,
On Fri, Apr 19, 2024 at 05:37:41PM +0200, Jeremy Lainé wrote:
> Package: src:linux
> Version: 6.1.85-1
> Severity: important
> X-Debbugs-Cc: jeremy.la...@m4x.org
>
> Dear Maintainer,
>
> After upgrading from linux-image-6.1.0-18-amd64 to
>
contains a newline (CVE-2024-32487)
+(Closes: #1068938)
+
+ -- Salvatore Bonaccorso Fri, 19 Apr 2024 15:09:49 +0200
+
less (590-2) sid; urgency=medium
* d/control: set standards version to 4.6.2
diff -Nru less-590/debian/patches/Fix-bug-when-viewing-a-file-whose-name-contains-a-ne.patch
Hi,
FWIW, I'm actually preparing a security update for the two CVEs and
for bookworm I was first planning to do a 590-2.1 reaching unstable,
and so then 590-2.1~deb12u1 for bookworm.
But if you want to override it with a NMU and proposing to salvage the
package this is equally fine.
Regards,
Hi Kari,
On Thu, Apr 18, 2024 at 05:31:33AM +, Kari Lempiäinen wrote:
> Hi,
>
> I think I spoke too soon. I removed 'noserverino' options from all
> my cifs mounts yesterday and u/remounted them. From last night
> syslog I can still find the "directory entry name would overflow
> frame end
Source: libreswan
Version: 4.14-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/libreswan/libreswan/issues/1665
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 4.10-2+deb12u1
Control: found -1 4.10-2
Control: found -1 4.3-1+deb11u4
Control:
Source: glibc
Version: 2.37-17
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 2.37-15
Control: found -1 2.36-9+deb12u5
Control: found -1 2.36-9+deb12u4
Control: found -1 2.36-9
Control: found -1 2.31-13+deb11u8
Control: found -1
On Tue, Apr 16, 2024 at 10:49:54PM +0200, Salvatore Bonaccorso wrote:
> Hi,
>
> On Tue, Apr 16, 2024 at 05:46:33PM +0200, Salvatore Bonaccorso wrote:
> > Control: tags -1 + moreinfo
> >
> > Hi
> >
> >
> > On Tue, Apr 16, 2024 at 02:17:49P
Hi,
On Tue, Apr 16, 2024 at 05:46:33PM +0200, Salvatore Bonaccorso wrote:
> Control: tags -1 + moreinfo
>
> Hi
>
>
> On Tue, Apr 16, 2024 at 02:17:49PM +0200, Manfred Larcher wrote:
> > Package: src:linux
> > Version: 6.1.85-1
> > Severity
Control: forwarded -1
https://lore.kernel.org/regressions/zh7flxvnddfat...@eldamar.lan/T/#u
Hi both,
On Tue, Apr 16, 2024 at 08:31:23PM +0200, Roland Rosenfeld wrote:
> Hi Salvatore and Diederik!
>
> On Di, 16 Apr 2024, Salvatore Bonaccorso wrote:
>
> > If you revert
Source: python-idna
Version: 3.6-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for python-idna.
CVE-2024-3651[0]:
| potential DoS via resource consumption via specially crafted inputs to
|
Source: gunicorn
Version: 20.1.0-6
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for gunicorn.
CVE-2024-1135[0]:
| Gunicorn fails to properly validate Transfer-Encoding headers,
| leading to HTTP
Control: tags -1 + moreinfo
Hi
On Tue, Apr 16, 2024 at 02:17:49PM +0200, Manfred Larcher wrote:
> Package: src:linux
> Version: 6.1.85-1
> Severity: important
>
> Dear Maintainer,
>
>* What led up to the situation?
> kernel update from version 6.1.0-18 to 6.1.0-20
>
>* What exactly
Control: tags -1 + moreinfo
Hi Roland,
On Tue, Apr 16, 2024 at 09:29:28AM +0200, Roland Rosenfeld wrote:
> Package: src:linux
> Version: 6.1.85-1
> Severity: important
>
> Dear Maintainer,
>
> when upgrading from 6.1.76-1 to 6.1.85-1 my USB ethernet device
> ID 0b95:1790 ASIX Electronics
Hi Martin,
On Tue, Apr 16, 2024 at 09:26:02AM +0200, Martin Pitt wrote:
> Control: tag -1 upstream fixed-upstream patch
> Control: forwarded -1 https://github.com/cockpit-project/cockpit/pull/19790
>
> Hello Salvatore and Santiago,
>
> Salvatore Bonaccorso [2024
Source: cockpit
Version: 287.1-0+deb12u1
Severity: serious
Justification: missing binary builds, FTBFS
X-Debbugs-Cc: t...@security.debian.org, a...@debian.org, car...@debian.org
Hi
The update for cockpit in DSA 5655-1 had problems with the
test-sshbridge test, causing FTBFS:
>From the tail of
Source: openexr
Version: 3.1.5-5
Severity: important
Tags: security upstream
Forwarded: https://github.com/AcademySoftwareFoundation/openexr/issues/1680
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for openexr.
CVE-2024-31047[0]:
| An
Source: less
Version: 590-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for less.
CVE-2024-32487[0]:
| less through 653 allows OS command execution via a newline character
| in the name of a
Hi Sebastian,
On Tue, Apr 09, 2024 at 06:18:13PM +0200, Sebastian Andrzej Siewior wrote:
> On 2024-04-07 23:46:28 [+0200], To Adam D. Barratt wrote:
> > On 2024-03-24 20:06:12 [+], Adam D. Barratt wrote:
> > >
> > > Sorry for not getting to this sooner. Is this still the case?
> >
> > So.
2.6/debian/changelog
--- yapet-2.6/debian/changelog 2022-03-14 14:19:11.0 +0100
+++ yapet-2.6/debian/changelog 2024-04-11 20:40:18.0 +0200
@@ -1,3 +1,16 @@
+yapet (2.6-2~deb12u1) bookworm; urgency=medium
+
+ * Rebuild for bookworm
+
+ -- Salvatore Bonaccorso Thu, 11 Apr 2024 20:4
Control: tags -1 + confirmed pending
Control: found -1 6.1.82-1
Hi,
On Wed, Apr 10, 2024 at 12:16:21PM -0700, LW wrote:
> Package: src:linux
> Version: 6.1.76-1
> Severity: critical
> Tags: upstream security
> Justification: root security hole
> X-Debbugs-Cc: lw-deb-...@greyskydesigns.com,
Control: tags -1 + upstream
Hi,
On Wed, Apr 10, 2024 at 07:00:14PM +0200, Cyril Brulebois wrote:
> Cyril Brulebois (2024-04-10):
> > Intermediate results based on upstream stable releases: v6.1.80 is good,
> > v6.1.81 is bad. Still ~200 commits to bisect.
>
> Final results:
>
>
On Wed, Apr 10, 2024 at 03:42:44PM +0200, Salvatore Bonaccorso wrote:
> Control: tags -1 - moreinfo
> Control: tags -1 + confirmed
>
> hi Cyril,
>
> On Wed, Apr 10, 2024 at 03:32:02PM +0200, Cyril Brulebois wrote:
> > Cyril Brulebois (2024-04-10):
> > >
Control: tags -1 - moreinfo
Control: tags -1 + confirmed
hi Cyril,
On Wed, Apr 10, 2024 at 03:32:02PM +0200, Cyril Brulebois wrote:
> Cyril Brulebois (2024-04-10):
> > Salvatore Bonaccorso (2024-04-10):
> > > On Tue, Apr 09, 2024 at 03:33:09PM +0200, Diederik de Haas w
Control: tags -1 + moreinfo
Cyril,
On Tue, Apr 09, 2024 at 03:33:09PM +0200, Diederik de Haas wrote:
> Hi Cyril,
>
> On Tuesday, 9 April 2024 01:06:43 CEST Cyril Brulebois wrote:
> > Upgrading from linux-image-6.1.0-18-amd64 to linux-image-6.1.0-19-amd64
> > leads to losing some SMART
Control: tags -1 + moreinfo
Hi,
On Thu, Mar 14, 2024 at 09:41:18PM +, Tj wrote:
> Source: linux
> Severity: important
>
> Same as: Bug #1061262
>
> I've been seeing this with builds since 6.7 cycle started. It seems to
> show up mostly for hosts with bluetooth hardware since the bluetooth
Hi,
Disclaimer, this is not an authoritative answer as I'm not part of the
stable release managers.
On Mon, Apr 08, 2024 at 12:27:50PM +0300, Maytham Alsudany wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> User: release.debian@packages.debian.org
> Usertags: pu
>
Source: openssl
Version: 3.2.1-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 3.1.5-1
Control: found -1 3.0.11-1~deb12u2
Hi,
The following vulnerability was published for openssl.
CVE-2024-2511[0]:
| Issue summary: Some
Control: tags -1 + moreinfo
Hi,
On Mon, Apr 08, 2024 at 04:44:12PM +0800, dada007 wrote:
> Package: src:linux
> Version: 6.6.15-2
> Severity: important
> X-Debbugs-Cc: peter_malmb...@proton.me
>
> Dear Maintainer,
>
> *** Reporter, please consider answering these questions, where appropriate
Hi Sebastian,
On Mon, Apr 08, 2024 at 06:43:01PM +0200, Sebastian Andrzej Siewior wrote:
> control: tags -1 patch
> control: reassign -1 yapet 2.6-1
>
> On 2024-04-08 08:32:58 [+0200], Kurt Roeckx wrote:
> > There might be a related change that doesn't allow restarting the
> > operation with the
Source: node-express
Source-Version: 4.19.2+~cs8.36.21-1
- Forwarded message from Debian FTP Masters
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 07 Apr 2024 07:52:14 +0400
Source: node-express
Architecture: source
Version: 4.19.2+~cs8.36.21-1
Distribution:
_proc_files[i] != NULL; i++) {
retval = junction_write_time(junction_proc_files[i], flushtime);
>From 774394df352c249775d51d5d6e3effa775096b4f Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso
Date: Sat, 6 Apr 2024 20:48:43 +0200
Subject: [PATCH] junction: export-cache: cast to a type with a known size to
Hi Sean,
On Sat, Apr 06, 2024 at 04:54:14PM +0800, Sean Whitton wrote:
> control: reassign -1 libssl3,yapet
> control: found -1 libssl3/3.1.5-1
> control: found -1 yapet/2.6-1
> control: retitle -1 libssl3,yapet: YAPET cannot decrypt YAPET1.0-format DB
>
> Hello,
>
> On Sat 30 Mar 2024 at
Hi,
On Thu, Mar 21, 2024 at 09:09:02AM +0100, Salvatore Bonaccorso wrote:
> Hi Vladimir,
>
> On Thu, Mar 21, 2024 at 08:39:32PM +1300, Vladimir Petko wrote:
> > Package: yapet
> > Followup-For: Bug #1064724
> > User: ubuntu-de...@lists.ubuntu.com
> > Usertags:
Hi,
On Tue, Apr 02, 2024 at 12:36:53PM +0200, Petter Reinholdtsen wrote:
>
> Btw, what is the timeline for approval or rejection for this security
> upload proposal?
Note that if you are confident that the upload is accepted as it, you
*could* already upload according to the improved workflow.
Hi Marco,
On Thu, Apr 04, 2024 at 11:05:03AM +0200, Marco d'Itri wrote:
> On Apr 04, Salvatore Bonaccorso wrote:
>
> > While I do agree (and it was filled with this severity), the bug
> > severity would not be RC, varnish currently seem to lack active
> > maintainershi
Source: apache2
Source-Version: 2.4.59-1
- Forwarded message from Debian FTP Masters
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Fri, 05 Apr 2024 08:08:11 +0400
Source: apache2
Built-For-Profiles: nocheck
Architecture: source
Version: 2.4.59-1
Distribution:
Source: rust-openssl
Version: 0.10.64-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/sfackler/rust-openssl/issues/2171
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for rust-openssl.
CVE-2024-3296[0]:
| A
Source: trafficserver
Version: 9.2.3+ds-1+deb12u1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 8.1.9+ds-1~deb11u1
Hi,
The following vulnerability was published for trafficserver.
CVE-2024-31309[0].
If you fix the vulnerability
Source: nghttp2
Version: 1.60.0-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for nghttp2.
CVE-2024-28182[0]:
| nghttp2 is an implementation of the Hypertext
Source: nodejs
Source-Version: 18.20.1+dfsg-1
- Forwarded message from Debian FTP Masters
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 03 Apr 2024 16:50:38 +0200
Source: nodejs
Architecture: source
Version: 18.20.1+dfsg-1
Distribution: unstable
Urgency:
Hi Marco,
[CC'ing security team]
On Mon, Apr 01, 2024 at 04:25:05PM +0200, Marco d'Itri wrote:
> Control: found -1 5.0.0-1
> Control: fixed -1 7.4.2
>
> On Nov 17, Salvatore Bonaccorso wrote:
>
> > CVE-2023-44487[0]:
> > | The HTTP/2 protocol allows a denial
Hi,
On Wed, Apr 03, 2024 at 02:31:01PM +0700, ValdikSS wrote:
> Package: bpfcc-tools
> Version: 0.26.0+ds-1
> Severity: normal
> Tags: security
> X-Debbugs-Cc: i...@valdikss.org.ru
>
> Dear Maintainer,
>
> Last year there was a Debian fix for the upstream issue of bpfcc package
>
Hi Alexander,
On Tue, Apr 02, 2024 at 10:27:40PM +0300, Alexander Gerasiov wrote:
> On Sun, 31 Mar 2024 22:00:58 +0200
> Salvatore Bonaccorso wrote:
>
> > Source: minidlna
> > Version: 1.3.3+dfsg-1
> > Severity: important
> > Tags: security upstream
> &g
Control: reassign -1 src:linux 6.7.9-2
Hi Niels,
On Mon, Apr 01, 2024 at 05:19:43PM +0200, Niels Thykier wrote:
> Salvatore Bonaccorso:
> > Source: debhelper
> > Version: 13.15
> > Severity: serious
> > Tags: ftbfs
> > Justification: Regression for other packa
Source: debhelper
Version: 13.15
Severity: serious
Tags: ftbfs
Justification: Regression for other package builds, FTBFS
X-Debbugs-Cc: car...@debian.org,debian-ker...@lists.debian.org
Control: affects -1 + src:linux,src:linux-signed-amd64,src:linux-signed-arm64
Hi Niels,
Not fully investigated,
Source: cimg
Version: 3.2.1+dfsg-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/GreycLab/CImg/issues/403
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for cimg.
CVE-2024-26540[0]:
| A heap-based buffer overflow
Source: ruby-carrierwave
Version: 1.3.2-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for ruby-carrierwave.
CVE-2023-49090[0]:
| CarrierWave is a solution for file uploads for Rails, Sinatra and
Source: minidlna
Version: 1.3.3+dfsg-1
Severity: important
Tags: security upstream
Forwarded: https://sourceforge.net/p/minidlna/bugs/361/
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for minidlna.
CVE-2023-47430[0]:
|
Source: pcp
Version: 6.2.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for pcp.
CVE-2024-3019[0]:
| A flaw was found in PCP. The default pmproxy configuration exposes
| the Redis server
Source: wireshark
Version: 4.2.2-1
Severity: important
Tags: security upstream
Forwarded: https://gitlab.com/wireshark/wireshark/-/issues/19695
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for wireshark.
CVE-2024-2955[0]:
| T.38 dissector
Source: netty
Version: 1:4.1.48-9
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for netty.
CVE-2024-29025[0]:
| Netty is an asynchronous event-driven network application framework
| for rapid
Control: severity -1 serious
Control: found -1 3.6.0-1
Hi Russ,
On Fri, Mar 29, 2024 at 07:24:13PM -0700, Russ Allbery wrote:
> Package: libarchive13t64
> Version: 3.7.2-1.1
> Severity: important
> X-Debbugs-Cc: r...@debian.org
>
> So far it looks like no one has been able to figure out an
Reinhard,
On Thu, Mar 28, 2024 at 07:30:00AM -0400, Reinhard Tartler wrote:
> I've uploaded a fixed version of buildah to sid yesterday, and a new
> upstream version of libpod that builds against the fixed buildah just now.
>
> thanks for filing this report, I believe we should be all set now
1 - 100 of 11167 matches
Mail list logo