Hi Nobuhiro,
On Fri, Dec 15, 2023 at 05:38:17AM +0100, Salvatore Bonaccorso wrote:
> Hi Nobuhiro
>
> On Fri, Dec 15, 2023 at 08:37:13AM +0900, Nobuhiro Iwamatsu wrote:
> > Hi Salvatore,
> >
> > Thanks for your work.
> > This patch looks good to me.
&g
Source: squid
Version: 6.5-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for squid.
CVE-2023-50269[0]:
| Squid is a caching proxy for the Web. Due to an Uncontrolled
| Recursion bug in versions 2.6
Source: slurm-wlm
Version: 23.02.6-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi Gennaro,
The following vulnerabilities were published for slurm-wlm.
CVE-2023-49933[0]:
| An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and
|
Hi Nobuhiro
On Fri, Dec 15, 2023 at 08:37:13AM +0900, Nobuhiro Iwamatsu wrote:
> Hi Salvatore,
>
> Thanks for your work.
> This patch looks good to me.
> Please upload without DELAYED/2 to unstable.
Thanks for the confirmation, so I rescheduled it *but* note due to the
UsrMerge changes it goes
systemdsystemunitdir (Closes: #1052983)
+
+ [ Chris Hofstaedtler ]
+ * Defer udev file placement to udev's pkg-config data (Closes: #1056996)
+ * Install hciconfig into /usr/bin instead of /bin
+
+ [ Salvatore Bonaccorso ]
+ * input.conf: Change default of ClassicBondedOnly (CVE-2023-45866)
+(Closes
Contol: tags -1 + fixed-upstream
Control: found -1 6.1.66-1
Control: found -1 6.5.13-1
On Sun, Oct 29, 2023 at 02:16:57PM +0100, Aurelien Jarno wrote:
> Source: linux
> Version: 5.10.197-1
> Severity: grave
> Tags: upstream patch
> X-Debbugs-Cc: d...@debian.org, debian-m...@lists.debian.org
>
>
Hi
Thanks to all for testing the test build with the one commit revert.
6.1.67-1 is now underway. I will check with stable release managers if
a SUA (update through stable-updates) can be released.
Regards,
Salvatore
As there were some questions along in this thread let me summarize
some points:
The issue affects fs/ext4 code, so no other filesystems are affected
(e.g. btrfs).
The issue affects all kernels which have the commit 91562895f803
("ext4: properly sync file size update after O_SYNC direct IO") from
Hi,
On Mon, Dec 11, 2023 at 01:27:07PM +0100, Kevin Price wrote:
> Thank you Salvatore!
>
> Am 11.12.23 um 12:37 schrieb Salvatore Bonaccorso:
> > It still would be helpfull if you can get to the logs of the previous
> > boot. After booting back in the working kernel,
Control: tags -1 + moreinfo
Hi Kevin,
On Mon, Dec 11, 2023 at 02:55:50AM +0100, Kevin Price wrote:
> Package: linux-image-6.1.0-15-amd64
> Version: 6.1.66-1
> Severity: critical
> Control: -1 notfound 6.1.64-1
>
> When booting 6.1.0-15, my physical amd64/bookworm/gnome computer
> misbehaves in
Control: tags -1 + moreinfo
Hi Steve,
On Sun, Dec 10, 2023 at 07:41:15PM -0800, Steve VanDevender wrote:
> Package: src:linux
> Version: 6.1.66-1
> Severity: grave
> Tags: upstream
> Justification: renders package unusable
>
> I would have tried to report this from the 6.1.66 kernel but once a
Source: bluez
Version: 5.70-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for bluez.
CVE-2023-45866[0]:
| Bluetooth HID Hosts in BlueZ may permit an unauthenticated
| Peripheral role HID Device to
Hi,
On Sat, Dec 09, 2023 at 03:07:37PM +0100, Salvatore Bonaccorso wrote:
> Source: linux
> Version: 6.1.64-1
> Severity: grave
> Tags: upstream
> Justification: causes non-serious data loss
> X-Debbugs-Cc: debian-rele...@lists.debian.org, car...@debian.org,
> a...@debian
Running the single test with ext4:
# LTP_SINGLE_FS_TYPE=ext4 LTP_DEV_FS_TYPE=ext4 ./preadv03_64
tst_device.c:96: TINFO: Found free device 0 '/dev/loop0'
tst_test.c:1690: TINFO: LTP version: 20230929-194-g5c096b2cf
tst_test.c:1574: TINFO: Timeout per run is 0h 00m 30s
tst_supported_fs_types.c:149:
Source: linux
Version: 6.1.64-1
Severity: grave
Tags: upstream
Justification: causes non-serious data loss
X-Debbugs-Cc: debian-rele...@lists.debian.org, car...@debian.org,
a...@debian.org
Hi
I'm filling this for visibility.
There might be a ext4 data corruption issue with the kernel released
So the fix landed as well in 5.10.203 and 6.1.66 in particular, will
add a respective closer for this bug with those rebases. This means
the update will be in the next upload rebasing at least to those
versions (it was too late for the next round of point release for
bookworm).
.
+
+ [ Helmut Grohne ]
+ * Install arpwatch@.service only once. (Closes: #1054193)
+
+ -- Salvatore Bonaccorso Thu, 07 Dec 2023 07:12:41 +0100
+
arpwatch (2.1a15-8) unstable; urgency=medium
* Team Upload
Hi Michael,
On Wed, Dec 06, 2023 at 10:54:04AM +0100, Michael Ott wrote:
> Hi,
>
> after updating cryptsetup it works
>
> Thanks for that
Thanks for the confirmation!
Regards,
Salvatore
Hi all,
On Sun, Dec 03, 2023 at 03:05:09PM +0200, Niko Tyni wrote:
> On Sun, Dec 03, 2023 at 01:31:19AM +0100, gregor herrmann wrote:
> > On Sun, 03 Dec 2023 10:46:50 +1100, Tony Cook wrote:
> >
> > > > https://github.com/tonycoz/imager/issues/522
> > > Fixed in 1.022, please let me know if
Hi,
On Tue, Dec 05, 2023 at 05:14:20PM +0100, Salvatore Bonaccorso wrote:
> Control: reassign -1 src:cryptsetup 2:2.6.1-5
>
> Hi
>
> On Tue, Dec 05, 2023 at 04:55:58PM +0100, Salvatore Bonaccorso wrote:
> > Hi,
> >
> > On Tue, Dec 05, 2023 at 04:38:19PM
Control: reassign -1 src:cryptsetup 2:2.6.1-5
Hi
On Tue, Dec 05, 2023 at 04:55:58PM +0100, Salvatore Bonaccorso wrote:
> Hi,
>
> On Tue, Dec 05, 2023 at 04:38:19PM +0100, Salvatore Bonaccorso wrote:
> > Control: tags -1 + confirmed
> >
> > On Tue, Dec 05, 2023 at 06
Hi,
On Tue, Dec 05, 2023 at 04:38:19PM +0100, Salvatore Bonaccorso wrote:
> Control: tags -1 + confirmed
>
> On Tue, Dec 05, 2023 at 06:23:45AM +0100, Michael Ott wrote:
> > Package: src:linux
> > Version: 6.6.4-1~exp1
> > Severity: important
> >
> > D
Control: tags -1 + confirmed
On Tue, Dec 05, 2023 at 06:23:45AM +0100, Michael Ott wrote:
> Package: src:linux
> Version: 6.6.4-1~exp1
> Severity: important
>
> Dear Maintainer,
>
> After updating to the 6.6 kernel the password for my encryption does not
> longer
> work
>
> Please unlock disk
Control: tags -1 + help
On Sat, Nov 25, 2023 at 10:51:21AM +0100, Salvatore Bonaccorso wrote:
> Hi,
>
> On Fri, Nov 17, 2023 at 10:53:11PM +0100, Salvatore Bonaccorso wrote:
> > Hi
> >
> > This should be fixed with 3.18 upstream, so instread of an isolated
>
Source: rust-rsa
Version: 0.9.2-2
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for rust-rsa.
CVE-2023-49092[0]:
| RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to
| a
Hi,
On Fri, Nov 17, 2023 at 10:53:11PM +0100, Salvatore Bonaccorso wrote:
> Hi
>
> This should be fixed with 3.18 upstream, so instread of an isolated
> fix I'm rather going to do that anyway. Can hopefully tackle it soon
> over the next few days.
So it looks like the bui
close 1056281
thanks
According to upstream information the issue dovered in the one CVE is only
affecting Snort Open Source 3.x.
Still likely snort should be removed from the archive?
Hi
This should be fixed with 3.18 upstream, so instread of an isolated
fix I'm rather going to do that anyway. Can hopefully tackle it soon
over the next few days.
Regards,
Salvatore
Source: gst-plugins-bad1.0
Version: 1.22.4-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for gst-plugins-bad1.0.
CVE-2023-44429[0]:
| AV1 codec parser buffer overflow
If you fix the vulnerability
Source: gst-plugins-bad1.0
Version: 1.22.4-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for gst-plugins-bad1.0.
CVE-2023-6[0]:
| MXF demuxer use-after-free
If you fix the vulnerability please
Proposed changes to rebase to 20231114 in
https://salsa.debian.org/hmh/intel-microcode/-/merge_requests/10
Regards,
Salvatore
Source: gimp
Version: 2.10.34-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for gimp.
CVE-2023-1[0]:
| GIMP DDS File Parsing Heap-based Buffer Overflow Remote Code Execution
| Vulnerability
Source: intel-microcode
Version: 3.20230808.1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 3.20230808.1~deb12u1
Control: found -1 3.20230808.1~deb11u1
Hi,
The following vulnerability was published for intel-microcode.
Source: openvpn
Version: 2.6.3-2.1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for openvpn.
CVE-2023-46849[0]:
| Using the --fragment option in certain configuration setups OpenVPN
| version
Hi,
On Fri, Nov 10, 2023 at 10:05:44AM +0100, Pierre Gruet wrote:
> Hi Salvatore,
>
> I am doing some QA overseeeing, I am not the maintainer of i2p. I NMUed it
> one year and a half ago, nothing has happened since then.
>
> On Sun, 06 Aug 2023 21:26:51 +0200 Salvatore B
Source: hoteldruid
Version: 3.0.5-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for hoteldruid.
CVE-2023-47164[0]:
| Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier
| allows a
Source: cryptojs
Version: 3.1.2+dfsg-3
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for cryptojs.
CVE-2023-46233[0]:
| crypto-js is a JavaScript library of crypto standards. Prior to
| version 4.2.0,
Source: redmine
Version: 5.0.4-7
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for redmine.
CVE-2023-47258[0]:
| Redmine before 4.2.11 and 5.0.x before 5.0.6
Source: exiv2
Version: 0.28.0+dfsg-4
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for exiv2.
CVE-2023-44398[0]:
| Exiv2 is a C++ library and a command-line utility
Source: matrix-synapse
Version: 1.95.0-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for matrix-synapse.
CVE-2023-43796[0]:
| Synapse is an open-source Matrix homeserver Prior to versions 1.95.1
|
Source: amanda
Version: 1:3.5.1-11
Severity: grave
Tags: security upstream
Forwarded: https://github.com/zmanda/amanda/pull/228
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1:3.5.1-7
Hi,
The following vulnerability was published for amanda.
CVE-2023-30577[0]:
|
Source: squid
Version: 6.3-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for squid.
CVE-2023-46724[0]:
| Squid is a caching proxy for the Web. Due to an Improper Validation
| of Specified Index bug,
Hi Tomas,
On Tue, Oct 31, 2023 at 11:07:06AM +0100, Tomas Pospisek wrote:
> Hello Exim maintainers,
>
> this ticket, asking for packages with fixes for CVE-2023-42117 and other
> security relavant issues is closed.
>
> However only a package for unstable has been released:
>
>
Source: mysql-8.0
Version: 8.0.34-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for mysql-8.0.
CVE-2023-22032[0]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server:
Hi Yadd,
On Sat, Oct 28, 2023 at 12:05:25PM +0400, Yadd wrote:
> On 10/27/23 20:20, Moritz Mühlenhoff wrote:
> > Source: node-browserify-sign
> > X-Debbugs-CC: t...@security.debian.org
> > Severity: grave
> > Tags: security
> >
> > Hi,
> >
> > The following vulnerability was published for
Source: nodejs
Version: 18.13.0+dfsg1-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for nodejs.
CVE-2023-39333[0]:
| Code injection via WebAssembly export names
CVE-2023-38552[1]:
| When the
close 1027143 2.4.7.1+dfsg-1
found 1027143 2.2.10.1+dfsg-1
thanks
close 1013730
thanks
Hi Magnus,
On Sat, Oct 21, 2023 at 08:09:35PM +0200, Magnus Holmgren wrote:
> Wednesday, 18 October 2023 11:56:01 CEST, Salvatore Bonaccorso wrote:
> > On Fri, Oct 13, 2023 at 12:05:19PM +0200, Bert Van de Poel wrote:
> > > As already outlined on
> > > https://security
Hi,
On Thu, Oct 12, 2023 at 06:57:20AM +0100, Klaus Ethgen wrote:
> Package: src:linux
> Version: 6.5.6-1
> Severity: critical
> Tags: security
> X-Debbugs-Cc: Debian Security Team
>
> It is not fully clear for me, where exactly this bug happens. First I
> was thinking about xscreensaver but
On Mon, Oct 16, 2023 at 04:51:03PM +, Debian Bug Tracking System wrote:
> This is an automatic notification regarding your Bug report
> which was filed against the exim4-base package:
>
> #1053310: exim4-base: Various severe CVE reports are outstanding
>
> It has been closed by Debian FTP
Source: zookeeper
Version: 3.8.0-11
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 3.4.13-6
Hi,
The following vulnerability was published for zookeeper.
CVE-2023-44981[0]:
| Authorization Bypass Through User-Controlled Key
Source: golang-github-crewjam-saml
Version: 0.4.12-2
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for golang-github-crewjam-saml.
CVE-2023-45683[0]:
| github.com/crewjam/saml is a saml library for
Source: libowasp-antisamy-java
Version: 1.5.3+dfsg-1.1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libowasp-antisamy-java.
Note: The severity is set to RC, though 'important' would better fit.
Hi,
On Fri, Oct 13, 2023 at 12:05:19PM +0200, Bert Van de Poel wrote:
> Package: libspf2-2
> Version: 1.2.10-7.1~deb11u1
> Severity: critical
> Tags: security patch
> Justification: root security hole
> X-Debbugs-Cc: Debian Security Team
>
>
> As already outlined on
>
Source: gst-plugins-bad1.0
Version: 1.22.4-1
Severity: grave
Tags: patch security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for gst-plugins-bad1.0.
CVE-2023-40476[0]:
| Integer overflow in H.265 video parser leading to stack
Source: gst-plugins-bad1.0
Version: 1.22.4-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for gst-plugins-bad1.0.
CVE-2023-40474[0]:
| Integer overflow leading to heap overwrite in MXF file handling
Source: gst-plugins-bad1.0
Version: 1.22.4-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for gst-plugins-bad1.0.
CVE-2023-40475[0]:
| Integer overflow leading to heap overwrite in MXF file handling
Hi Sebastian,
On Fri, Sep 29, 2023 at 04:00:17PM +0200, Sebastian Ramacher wrote:
> On 2023-09-28 23:14:20 +0200, Salvatore Bonaccorso wrote:
> > X-Debbugs-CC: Sebastian Ramacher
> >
> > Control: tags 1053182 + patch
> > Control: tags 1053182 + pending
&g
.
+ * encode_api_test: add ConfigResizeChangeThreadCount
+ * VP8: disallow thread count changes (CVE-2023-5217) (Closes: #1053182)
+
+ -- Salvatore Bonaccorso Thu, 28 Sep 2023 23:07:11 +0200
+
libvpx (1.12.0-1) unstable; urgency=medium
* Team upload
diff -Nru libvpx-1.12.0/debian/patches/0002
Source: libvpx
Version: 1.12.0-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libvpx.
CVE-2023-5217[0]:
| Heap buffer overflow in vp8 encoding in libvpx in
Hi,
On Wed, Sep 27, 2023 at 01:19:31PM +0300, Jani Nikula wrote:
> Package: unadf
> Version: 0.7.11a-5
> Severity: grave
> Tags: security
> Justification: user security hole
> X-Debbugs-Cc: Debian Security Team
>
> Dear Maintainer,
>
> See upstream ADFLib commit 8e973d7b8945 ("Fix unsafe
close 1052153
thanks
Not an issue in src:linux. Seems related to (ITP'ed) OOT module rtl8821ce-dkms,
#1037177.
Hi Arturo,
On Sat, Sep 16, 2023 at 09:02:34AM +0200, Arturo Borrero Gonzalez wrote:
> On Sat, Sep 16, 2023, 08:37 Salvatore Bonaccorso wrote:
>
> > Hi
> >
> > Dropping some recipients for the Debian specific handling of this
> > issue. So AFAIU upstream will not c
close 1052416 1:9.18.19-1~deb12u1
close 1052416 1:9.16.44-1~deb11u1
close 1052417 1:9.18.19-1~deb12u1
thanks
Control: severity -1 normal
Control: tags -1 - security
On Fri, Sep 22, 2023 at 09:24:48AM +0200, Salvatore Bonaccorso wrote:
> Source: libwebp
> Version: 1.2.4-0.3
> Severity: grave
> Tags: security upstream
> X-Debbugs-Cc: car...@debian.org, Debian Security Team
>
Source: libwebp
Version: 1.2.4-0.3
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi
While the security fix in bookworm correctly included as well
Source: bind9
Version: 1:9.18.16-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1:9.18.16-1~deb12u1
Hi,
The following vulnerability was published for bind9.
CVE-2023-4236[0]:
| A flaw in the networking code handling
Source: bind9
Version: 1:9.18.16-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1:9.18.16-1~deb12u1
Control: found -1 1:9.16.42-1~deb11u1
Control: found -1 1:9.16.37-1~deb11u1
Hi,
The following vulnerability was published for
Source: rust-bcder
Version: 0.6.1-1
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/NLnetLabs/bcder/pull/74
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for rust-bcder.
Hi ARturo,
On Sat, Sep 16, 2023 at 09:02:34AM +0200, Arturo Borrero Gonzalez wrote:
> On Sat, Sep 16, 2023, 08:37 Salvatore Bonaccorso wrote:
>
> > Hi
> >
> > Dropping some recipients for the Debian specific handling of this
> > issue. So AFAIU upstream will not c
(Closes: #1051592)
+- rule: add helper function to expand chain rules intoi commands
+- rule: expand standalone chain that contains rules
+- src: expand table command before evaluation
+
+ -- Salvatore Bonaccorso Sat, 16 Sep 2023 07:47:15 +0200
+
nftables (1.0.6-2+deb12u1) bookworm
reassign 1051592 src:nftables 1.0.6-2
found 1051592 1.0.6-2+deb12u1
found 1051592 0.9.8-3.1
found 1051592 0.9.8-3.1+deb11u1
close 1051592 1.0.7-1
affects 1051592 + src:linux
thanks
Source: gpac
Version: 2.2.1+dfsg1-3
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/gpac/gpac/issues/2550
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for gpac.
CVE-2023-41000[0]:
|
Source: cups
Version: 2.4.2-5
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for cups.
CVE-2023-32360[0]:
| An authentication issue was addressed with improved state
| management. This issue is fixed
Source: gpac
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi
Some of the CVEs in #1033116 seems to not have been addressed (and in
part were addressed in a DSA already). Here a fresh bug for the
remaining ones.
Hi,
> >>
> >> recently, Debian updated their stable kernel from 6.1.38 to 6.1.52
> >> which broke nftables ruleset loading on one of my machines with lots
> >> of "Operation not supported" errors. I've reported this to the
> >> Debian project (see l
Hi,
On Mon, Sep 11, 2023 at 10:52:12PM +0200, Salvatore Bonaccorso wrote:
> Hi Timo,
>
> On Mon, Sep 11, 2023 at 10:31:56PM +0200, Timo Sigurdsson wrote:
> > Hi Salvatore,
> >
> > Salvatore Bonaccorso schrieb am 11.09.2023 22:20 (GMT +02:00):
> >
> > &
Hi Timo,
On Mon, Sep 11, 2023 at 10:31:56PM +0200, Timo Sigurdsson wrote:
> Hi Salvatore,
>
> Salvatore Bonaccorso schrieb am 11.09.2023 22:20 (GMT +02:00):
>
> > Bisected the issue:
> >
> > $ git bisect log
> > git bisect start
> > # status: waitin
Hi,
On Mon, Sep 11, 2023 at 04:28:34PM +0200, Salvatore Bonaccorso wrote:
> Control: found -1 5.10.191-1
>
> On Mon, Sep 11, 2023 at 04:17:46PM +0200, Salvatore Bonaccorso wrote:
> > Control: tags -1 + confirmed upstream
> >
> > Hi,
> >
> > On Mon, Sep
Source: pmix
Version: 5.0.0~rc1-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for pmix.
CVE-2023-41915[0]:
| OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1
Control: found -1 5.10.191-1
On Mon, Sep 11, 2023 at 04:17:46PM +0200, Salvatore Bonaccorso wrote:
> Control: tags -1 + confirmed upstream
>
> Hi,
>
> On Mon, Sep 11, 2023 at 04:08:07PM +0200, Salvatore Bonaccorso wrote:
> > Control: tags -1 - moreinfo unreproduc
Control: tags -1 + confirmed upstream
Hi,
On Mon, Sep 11, 2023 at 04:08:07PM +0200, Salvatore Bonaccorso wrote:
> Control: tags -1 - moreinfo unreproducible
>
> Hi Timo,
>
> On Mon, Sep 11, 2023 at 03:15:18AM +0200, Timo Sigurdsson wrote:
> > Hi,
> >
> >
Control: tags -1 - moreinfo unreproducible
Hi Timo,
On Mon, Sep 11, 2023 at 03:15:18AM +0200, Timo Sigurdsson wrote:
> Hi,
>
> Salvatore Bonaccorso schrieb am 10.09.2023 12:21 (GMT +02:00):
>
> > Would it be possible to provide a minimal set of rules triggering the
> >
Hi Antonio,
On Sun, Sep 10, 2023 at 03:57:58PM +0200, Antonio Radici wrote:
> On Sun, Sep 10, 2023 at 01:38:33PM +0200, Salvatore Bonaccorso wrote:
> > Hi Antonio,
> >
> > FWIW, I have done the bookworm-security upload already to
> > security-master, and still worki
Hi,
On Sun, Sep 10, 2023 at 01:38:33PM +0200, Salvatore Bonaccorso wrote:
> Hi Antonio,
>
> On Sun, Sep 10, 2023 at 01:05:31PM +0200, Antonio Radici wrote:
> > On Sat, Sep 09, 2023 at 10:23:32PM +0200, Salvatore Bonaccorso wrote:
> > > Source: mutt
> > > Versi
Hi Antonio,
On Sun, Sep 10, 2023 at 01:24:10PM +0200, Antonio Radici wrote:
> On Sun, Sep 10, 2023 at 01:05:31PM +0200, Antonio Radici wrote:
> > Thanks for raising this, I'm uploading the new packages with the fixes
> > today.
>
> apparently someone else did a NMU with the new version and
Hi Antonio,
On Sun, Sep 10, 2023 at 01:05:31PM +0200, Antonio Radici wrote:
> On Sat, Sep 09, 2023 at 10:23:32PM +0200, Salvatore Bonaccorso wrote:
> > Source: mutt
> > Version: 2.2.9-1
> > Severity: grave
> > Tags: security upstream
> > Justification: user se
Control: tags -1 + moreinfo
Hi
On Sun, Sep 10, 2023 at 10:38:45AM +0200, Timo Sigurdsson wrote:
> Package: linux
> Version: 6.1.52-1
> Severity: grave
>
> Dear Maintainers,
>
> linux-image-6.1.0-12-amd64 causes a serious regression in nftables.
> After upgrading one of my machines, nftables
Source: mutt
Version: 2.2.9-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for mutt.
CVE-2023-4874[0]:
| Null pointer dereference when viewing a specially crafted
Source: salt
Version: 3004.1+dfsg-2.2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for salt.
CVE-2023-20897[0]:
| Salt masters prior to 3005.2 or 3006.2 contain a
Source: linux
Version: 6.5~rc4-1~exp1
Severity: serious
Tags: ftbfs
Justification: FTBFS
X-Debbugs-Cc: car...@debian.org
linux/6.5~rc4-1~exp1 onwards in experimental FTBFS for s390x:
https://buildd.debian.org/status/fetch.php?pkg=linux=s390x=6.5%7Erc4-1%7Eexp1=1691173177=0
Regards,
Salvatore
Source: php8.2
Source-Version: 8.2.10-1
This upload fixes as well #1043477, tracking bug for CVE-2023-3823 and
CVE-2023-3824.
- Forwarded message from Debian FTP Masters
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sat, 02 Sep 2023 08:31:05 +0200
Source: php8.2
Source: nodejs
Version: 18.13.0+dfsg1-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for nodejs.
CVE-2023-32002[0]:
| The use of `Module._load()` can bypass the
Hi Simon,
On Sat, Aug 19, 2023 at 06:57:30PM +0200, Salvatore Bonaccorso wrote:
> Hi Simon,
>
> On Sun, Jul 30, 2023 at 09:48:57PM +0100, Simon McVittie wrote:
> > On Sun, 30 Jul 2023 at 22:04:24 +0200, Salvatore Bonaccorso wrote:
> > > For bullseye I think we should
Source: rust-webpki
Version: 0.22.0-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi
Please see https://rustsec.org/advisories/RUSTSEC-2023-0052.html .
FWIW, there is a fix in the rustls-webpki is a fork, which
Source: rust-rustls-webpki
Version: 0.101.3-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi
Please see https://rustsec.org/advisories/RUSTSEC-2023-0053.html .
Regards,
Salvatore
Hi Simon,
On Sun, Jul 30, 2023 at 09:48:57PM +0100, Simon McVittie wrote:
> On Sun, 30 Jul 2023 at 22:04:24 +0200, Salvatore Bonaccorso wrote:
> > For bullseye I think we should simply pick the upstream commit?
>
> Yes: we didn't keep up with upstream 2.50.x so there are a bunch
and Breaks against
+libesmtp5 (<< 1.0.6-1~) (Closes: #1043058)
+
+ -- Salvatore Bonaccorso Sat, 19 Aug 2023 12:04:32 +0200
+
libesmtp (1.1.0-3) unstable; urgency=medium
* debian: Clean up build environment
diff -Nru libesmtp-1.1.0/debian/control libesmtp-1.1.0/debian/c
Hi
Disclaimer, not the maintainer here, but maintainer of a package which
would get autoremoved.
On Sat, Aug 05, 2023 at 02:17:53PM +0200, Andreas Beckmann wrote:
> Package: libesmtp6
> Version: 1.1.0-3
> Severity: serious
> User: debian...@lists.debian.org
> Usertags: piuparts
101 - 200 of 3866 matches
Mail list logo