Source: salt
Version: 3002.2+dfsg1-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for salt.
CVE-2020-28243[0]:
| An issue was discovered in SaltStack Salt before
Source: zint
Version: 2.9.1-1
Severity: serious
Tags: security upstream
Forwarded: https://sourceforge.net/p/zint/tickets/218/
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for zint.
CVE-2021-27799[0]:
| ean_leading_zeroes in
Hi Chris,
On Thu, Feb 25, 2021 at 04:47:34PM +, Chris Lamb wrote:
> Sébastien Delafond wrote:
>
> > > > Django is vulnerable because it embeds parse_qsl:
> > > >
> > > > https://www.djangoproject.com/weblog/2021/feb/19/security-releases/
> > >
> > > Security team, let me know if you
Hi Markus,
On Thu, Feb 25, 2021 at 09:11:47AM +0100, Markus Koschany wrote:
> Hello security team, hello Hugo, I hope you are doing well!
>
> I have just uploaded a NMU for xcftools fixing CVE-2019-5086 and
> CVE-2019-5087.
> The new patch also addresses the 32 bit portability issues. The
Hi,
On Mon, Jul 08, 2019 at 07:19:54PM +0100, Anton Ivanov wrote:
> Hi list,
>
> NFS caching appears broken in 4.19.37.
>
> The more cores/threads the easier to reproduce. Tested with identical
> results on Ryzen 1600 and 1600X.
>
> 1. Mount an openwrt build tree over NFS v4
> 2. Run make -j
Control: reopen -1
Hi Anton,
On Sat, Feb 20, 2021 at 12:59:17PM +, Anton Ivanov wrote:
> On 20/02/2021 10:33, Debian Bug Tracking System wrote:
> > This is an automatic notification regarding your Bug report
> > which was filed against the src:linux package:
> >
> > #940821:
Source: asterisk
Version: 1:16.15.1~dfsg-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for asterisk, filling as RC
but this might not be warranted, if you feel otherwise please
downgrade. I made it
Hi Utkarsh,
On Fri, Feb 19, 2021 at 10:44:08PM +0530, Utkarsh Gupta wrote:
> Hi Axel, Salvatore,
>
> On Fri, Feb 19, 2021 at 2:44 PM Axel Beckert wrote:
> > No issue popped up so far during production use on Stretch and Buster.
> > I'd say, we can publish these in good conscience.
>
> Perfect,
Source: bind9
Version: 1:9.16.11-2
Severity: grave
Tags: security upstream fixed-upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1:9.11.5.P4+dfsg-5.1+deb10u2
Control: found -1 1:9.11.5.P4+dfsg-5.1
Control: fixed -1
On Thu, Feb 11, 2021 at 08:33:58AM +0100, Sebastien Delafond wrote:
> Package: zstd
> Version: 1.4.8+dfsg-1
> Severity: grave
> Tags: security
> X-Debbugs-Cc: t...@security.debian.org
>
> The recently applied patch still creates the file with the default
> umask[0], before chmod'ing down to 0600,
Source: mumble
Version: 1.3.3-1
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/mumble-voip/mumble/pull/4733
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for mumble.
Source: php-horde-text-filter
Version: 2.3.6-7
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 2.3.5-3+deb10u1
Control: found -1 2.3.5-3
Hi,
The following vulnerability was published for php-horde-text-filter.
CVE-2021-26929[0]:
|
Control: tags -1 + moreinfo
Control: severity - 1 important
Hi,
On Mon, Nov 02, 2020 at 09:30:56AM -0500, Koutheir Attouchi wrote:
> Package: cifs-utils
> Version: 2:6.9-1
> Severity: critical
> Justification: breaks unrelated software
> X-Debbugs-Cc: kouth...@gmail.com
>
> Dear Maintainer,
>
Hi
so it turned out that for the other two involved packages it was
possible, so we should continue pursue that goal. There are probably
two options: use convert in debian/rules (and live/auto/config).
live/auto/config has a comment on using convert, depending if this is
still valid just using
Source: stunnel4
Version: 3:5.56+dfsg-6
Severity: grave
Tags: patch security upstream fixed-upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for stunnel4.
CVE-2021-20230[0]:
| client certificate not
Hi Axel,
[dropping upstream lists and other people, + team@s.d.o]
On Thu, Feb 11, 2021 at 11:39:09PM +0100, Axel Beckert wrote:
[...]
> Salvatore, Utkarsh: Will also prepare and test at least patches in Git
> for Buster and Stretch. (Hey, I don't want my mutt screen sessions to
> be killed
Hi Feri,,
On Thu, Feb 11, 2021 at 11:26:47AM +0100, wf...@niif.hu wrote:
> Hi,
>
> The patch in this bug report very much shrinks the window of the
> vulnerability, but doesn't close it completely: the file is still
> created with default permissions, then chmodded as a separate step.
> It's
Hi Markus,
On Thu, Feb 11, 2021 at 03:03:19AM +0100, Markus Koschany wrote:
> Hi Salvatore,
>
> Am Mittwoch, den 10.02.2021, 22:03 +0100 schrieb Salvatore Bonaccorso:
> [...]
> >
> > I'm not fully in favor to have all the (build-)rdeps forced out of
>
Hi Simon
You are fast! :)
On Thu, Feb 11, 2021 at 12:38:22AM +, Simon McVittie wrote:
> On Wed, 10 Feb 2021 at 22:47:35 +0100, Salvatore Bonaccorso wrote:
> > game-data-packager uild-Depends on xcftools which ideally should not
> > be released with bullseye. As it looks x
Hi James,
On Wed, Feb 10, 2021 at 08:49:39PM -0500, James McCoy wrote:
> On Wed, Feb 10, 2021 at 09:21:54PM +0100, Salvatore Bonaccorso wrote:
> > Hi James,
> >
> > On Wed, Feb 10, 2021 at 03:20:22PM -0500, James McCoy wrote:
> > > On Wed, Feb 10, 2021 at 03:36:11
Source: neurodebian
Version: 0.40.1
Severity: serious
Justification: Depends on xcftools unfit for bullseye release
X-Debbugs-Cc: car...@debian.org,t...@security.debian.org
Control: block 982499 by -1
neurodebian Build-Depends on xcftools which ideally should not be
released with bullseye. As it
Source: game-data-packager
Version: 66
Severity: serious
Justification: Depends on xcftools unfit for bullseye release
X-Debbugs-Cc: car...@debian.org,t...@security.debian.org
Control: block 982499 by -1
Hi
game-data-packager uild-Depends on xcftools which ideally should not
be released with
Source: castle-game-engine
Version: 6.4+dfsg1-5
Severity: serious
Justification: Depends on xcftools unfit for bullseye release
X-Debbugs-Cc: car...@debian.org,t...@security.debian.org
Control: block 982499 by -1
Hi
castle-game-engine Build-Depends on xcftools which ideally should not
be
Source: xcftools
Version: 1.0.7-6
Severity: serious
Justification: dead upstream, not fit for stable release
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi
xcftools is at it looks dead upstream and on the last security issues
reported (CVE-2019-5086 CVE-2019-5087, #945317) there never
Hi James,
On Wed, Feb 10, 2021 at 03:20:22PM -0500, James McCoy wrote:
> On Wed, Feb 10, 2021 at 03:36:11PM +0100, Salvatore Bonaccorso wrote:
> > The following vulnerability was published for subversion.
> >
> > CVE-2020-17525[0]:
> > | Remote unauthenticated deni
Source: openvswitch
Version: 2.15.0~git20210104.def6eb1ea+dfsg1-4
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 2.10.6+ds1-0+deb10u1
Control: found -1
Source: subversion
Version: 1.14.0-3
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1.10.4-1+deb10u1
Control: found -1 1.10.4-1
Hi,
The following vulnerability was published for subversion.
Source: screen
Version: 4.8.0-3
Severity: grave
Tags: security upstream
Forwarded: https://lists.gnu.org/archive/html/screen-devel/2021-02/msg0.html
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for screen, filling it for
now as RC
> Version: 20~git20201216.e48beee+dfsg-1
>
> tt-rss (20~git20201216.e48beee+dfsg-1) unstable; urgency=high
>
> * new upstream snapshot (Closes: #970633)
>- Fixes: CVE-2020-25787, CVE-2020-25788, CVE-2020-25789
Uh :( Apparently this version never was uploaded actually? There is
not trace
Hi,
[Not a conclusive answer]
On Sun, Feb 07, 2021 at 06:49:25PM +0100, Chris Hofstaedtler wrote:
> 2) possibly unpatched exploit here: https://www.exploit-db.com/exploits/48170
JFTR, this one was CVE-2020-10188 and in Debian was fixed in earlier
times.
Replacing telnetd package with an empy
Hi Jörg,
On Sun, Jan 03, 2021 at 05:21:42PM +0100, Jörg Frings-Fürst wrote:
> tags 950761 - pending
> thanks
>
> Hello Salvatore,
> hello @All,
>
>
> following a tip from Salvatore, I have added the missing commits.
> Although these can be incorporated manually, they are not reliably
>
Source: php8.0
Severity: serious
Justification: not fit for the bullseye release
X-Debbugs-Cc: car...@debian.org,debian-rele...@lists.debian.org
Hi Ondřej
Filling this "blocking bug" for php8.0. In #976811 the conclusion was
to remain with php7.4 for bullseye and so for the bugfix and security
Control: severity -1 serous
Hi PHP maintainers,
On Mon, Jan 18, 2021 at 08:03:42PM -0400, David Prévot wrote:
> Package: php-pear
> Version: 1:1.10.9+submodules+notgz-1.1
> Severity: important
> Tags: security
> X-Debbugs-Cc: Debian Security Team
>
> Hi,
>
> The latest (1.4.11) Archive_Tar
Hi Andrej,
On Sat, Feb 06, 2021 at 06:05:20PM +0100, Andrej Shadura wrote:
> Hi,
>
> On Sat, 6 Feb 2021, at 17:53, Salvatore Bonaccorso wrote:
> > Dear maintainer,
> >
> > I've prepared an NMU for wpa (versioned as 2:2.9.0-16.1) and
> > uploaded it to DELAYED/2.
client
+(CVE-2021-0326) (Closes: #981971)
+
+ -- Salvatore Bonaccorso Sat, 06 Feb 2021 17:27:31 +0100
+
wpa (2:2.9.0-16) unstable; urgency=high
* Restrict eapoltest to linux-any kfreebsd-any.
diff -Nru wpa-2.9.0/debian/patches/series wpa-2.9.0/debian/patches/series
--- wpa-2.9.0/debian
Control: retitle -1 wpa: CVE-2021-0326: wpa_supplicant P2P group information
processing vulnerability
On Fri, Feb 05, 2021 at 02:13:22PM +0100, Salvatore Bonaccorso wrote:
> Source: wpa
> Version: 2:2.9.0-16
> Severity: grave
> Tags: security upstream
> X-Debbugs-Cc: car...@deb
Source: wpa
Version: 2:2.9.0-16
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi
Details are published in the advisory at
https://w1.fi/security/2020-2/wpa_supplicant-p2p-group-info-processing-vulnerability.txt
Patch:
Source: nomad
Version: 0.12.9+dfsg1-3
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for nomad.
CVE-2021-3283[0]:
| HashiCorp Nomad and Nomad Enterprise up to 0.12.9
HI Benjamin,
On Mon, Jan 18, 2021 at 07:19:14PM -0800, Benjamin Kaduk wrote:
> On Mon, Jan 18, 2021 at 06:04:39PM +, Jeremy Stanley wrote:
> > Thanks for pulling this into unstable and testing! Is there any work
> > in progress to fix it in stable as well? I took a quick peek in
> > Salsa and
Hi Carsten, hi Christoph,
On Thu, Jan 28, 2021 at 05:15:46PM +0100, Carsten Schoenert wrote:
> retitle -1 ITA: picking up maintenance of libpam-radius-auth
>
> Hello Salvatore,
>
> Am Fri, Feb 21, 2020 at 03:03:12PM +0100 schrieb Salvatore Bonaccorso:
> > Source: libpam-ra
Source: mysql-5.7
Version: 5.7.26-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi
See
https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL
for a list of CVEs affecting src:mysql-5.7.
Regards,
Source: qemu
Version: 1:5.2+dfsg-3
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for qemu, filling it with RC
severity due to the privilege escalation potential (it
Source: python-pysaml2
Version: 6.1.0-3
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for python-pysaml2.
CVE-2021-21238[0]:
| PySAML2 is a pure python implementation
Source: python-pysaml2
Version: 6.1.0-3
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for python-pysaml2.
CVE-2021-21239[0]:
| PySAML2 is a pure python implementation
Control: tag -1 pending
Hello,
Bug #980595 in arping reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
Hi,
On Wed, Jan 20, 2021 at 10:23:30PM +, Thomas Habets wrote:
> libcheck made a breaking change.
> Patch for arping to make it build:
> https://github.com/ThomasHabets/arping/commit/e0773bc26ae14d4a19825023307d1496d7c7d0f1
>
> I aim to release 2.22 tomorrow with this change.
> But there are
Hi,
On Wed, Jan 20, 2021 at 09:25:15PM +0100, Lucas Nussbaum wrote:
> Source: arping
> Version: 2.21-1
> Severity: serious
> Justification: FTBFS on amd64
> Tags: bullseye sid ftbfs
> Usertags: ftbfs-20210120 ftbfs-bullseye
>
> Hi,
>
> During a rebuild of all packages in sid, your package
Hi,
On Mon, Jan 11, 2021 at 05:23:50PM +0100, Michel Le Bihan wrote:
[...]
> The window for getting in Bullseye will close soon and this issue is
> blocking. Will you be able to maintain Chromium in Bullseye? I can help
> with it if needed.
Thanks for you both which were involved in the last two
Source: chromium
Version: 87.0.4280.141-0.1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi
For Details please see
https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html
covering
for regular expressions (CVE-2021-21236)
+(Closes: #979597)
+
+ -- Salvatore Bonaccorso Sat, 16 Jan 2021 09:45:26 +0100
+
cairosvg (2.5.0-1) unstable; urgency=low
[ Debian Janitor ]
diff -Nru cairosvg-2.5.0/debian/patches/0002-Don-t-use-overlapping-groups-for-regular-expressions.patch cairosvg
Source: erlang
Version: 1:23.2.1+dfsg-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for erlang.
CVE-2020-35733[0]:
| An issue was discovered in Erlang/OTP before
Hi Thomas,
On Fri, Jan 15, 2021 at 01:59:18PM +0100, Salvatore Bonaccorso wrote:
> Hi Thomas,
>
> On Fri, Jan 15, 2021 at 09:29:47AM +0100, Thomas Goirand wrote:
> > On 1/14/21 10:38 PM, Salvatore Bonaccorso wrote:
> > > Source: openvswitch
> > > Version: 2.1
On Fri, Jan 15, 2021 at 08:59:31PM +0100, Salvatore Bonaccorso wrote:
[...]
> Admitelly the CVE description currently on MITRE is quite confusing
> reffering to Flask-Security-Too package. But the other references
> pointed out and reviewing the changes seem to apply to the original
Source: flask-security
Version: 3.4.2-2
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/Flask-Middleware/flask-security/issues/421
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for
Hi Thomas,
On Fri, Jan 15, 2021 at 09:29:47AM +0100, Thomas Goirand wrote:
> On 1/14/21 10:38 PM, Salvatore Bonaccorso wrote:
> > Source: openvswitch
> > Version: 2.15.0~git20210104.def6eb1ea+dfsg1-3
> > Severity: grave
> > Tags: security upstream
> > Justif
Source: openvswitch
Version: 2.15.0~git20210104.def6eb1ea+dfsg1-3
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 2.10.0+2018.08.28+git.8ca7c82b7d+ds1-12+deb10u2
Control: found -1
Control: retitle -1 tcmu: VE-2021-3139
On Tue, Jan 12, 2021 at 09:15:30PM +0100, Salvatore Bonaccorso wrote:
> Source: tcmu
> Version: 1.5.2-5
> Severity: grave
> Tags: security upstream
> Justification: user security hole
> X-Debbugs-Cc: car...@debian.org, Debian Securit
Source: linux
Source-Version: 5.9.11-1
Hi Simon,
On Fri, Oct 30, 2020 at 11:09:40AM +0100, Simon Kainz wrote:
> Package: src:linux
> Version: 5.9.1-1
> Severity: critical
> Justification: breaks the whole system
>
> Dear Maintainer,
>
> Please see the attached crash dump. This machine is a
Source: tcmu
Version: 1.5.2-5
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for tcmu.
CVE-2020-28374[0]:
| Linux SCSI target (LIO) unrestricted copy offload
A patch
Hi,
[dropping the 971216 but from recipients for those]
On Sat, Jan 09, 2021 at 09:54:36AM +, Bastien ROUCARIES wrote:
> hi,
>
> I am ok with this but could you mention, the whole list of format
> instead of ghostscript format in changelog aka (pdf, eps, ps)
Yes right would be ok.
Note
Source: wolfssl
Version: 4.5.0+dfsg-4
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/wolfSSL/wolfssl/pull/3426
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for wolfssl.
Source: chromium
Version: 87.0.4280.88-0.4
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 87.0.4280.88-0.4~deb10u1
Hi
Please see
Source: python-django-channels
Version: 3.0.2-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for python-django-channels.
CVE-2020-35681[0]:
| Potential leakage of
Source: asterisk
Version: 1:16.15.0~dfsg-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1:16.2.1~dfsg-1+deb10u2
Hi,
The following vulnerability was published for asterisk.
Rationale: Choosed RC
Hi Jörg,
Thanks a lot for your work on this package!
On Sun, Jan 03, 2021 at 05:21:42PM +0100, Jörg Frings-Fürst wrote:
> tags 950761 - pending
> thanks
>
> Hello Salvatore,
> hello @All,
>
>
> following a tip from Salvatore, I have added the missing commits.
> Although these can be
Hi Adam, hi Alexander,
On Fri, Jan 01, 2021 at 06:20:32PM +, Adam D. Barratt wrote:
> Hi,
>
> On Fri, 2021-01-01 at 14:21 +0100, Salvatore Bonaccorso wrote:
> > Uplaoding 1.2.1+dfsg-1 + CVE fix cannot work. We have already
> > released 1.2.1+dfsg-2+deb10u1 in the secu
Source: nodejs
Version: 12.19.0~dfsg-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 10.21.0~dfsg-1~deb10u1
Control: found -1 14.13.0~dfsg-1
Hi,
The following vulnerabilities were published for
Source: dovecot
Version: 1:2.3.11.3+dfsg1-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1:2.3.4.1-5+deb10u4
Control: fixed -1 1:2.3.4.1-5+deb10u5
Control: found -1 1:2.2.27-3+deb9u6
Control:
) (Closes: #977683)
+
+ -- Salvatore Bonaccorso Sun, 03 Jan 2021 21:12:39 +0100
+
bouncycastle (1.65-1) unstable; urgency=medium
* Team upload.
diff -Nru bouncycastle-1.65/debian/patches/corrected-constant-time-equals.patch bouncycastle-1.65/debian/patches/corrected-constant-time-equals.patch
assphrase support when rendering PDF's
+
+ -- Salvatore Bonaccorso Sun, 03 Jan 2021 15:06:17 +0100
+
imagemagick (8:6.9.11.24+dfsg-1) unstable; urgency=medium
* Acknowledge NMU
diff -Nru
imagemagick-6.9.11.24+dfsg/debian/patches/0023-disable-ghostscript-formats.patch
imagemagick-6.9.11.24+df
Hi Jörg,
On Sat, Jan 02, 2021 at 01:22:09PM +0100, Salvatore Bonaccorso wrote:
> Control: severity -1 grave
>
> Hi Jörg, Adam,
>
> On Wed, Feb 05, 2020 at 10:11:58PM +0100, Salvatore Bonaccorso wrote:
> > Source: ipmitool
> > Version: 1.8.18-8
> > Severity: impo
Hi Utkarsh,
On Sat, Jan 02, 2021 at 06:38:37PM +0530, Utkarsh Gupta wrote:
> Hi Salvatore,
>
> On Sat, Jan 2, 2021 at 5:55 PM Salvatore Bonaccorso wrote:
> > > Of course. Uploaded a fix! :)
> > > (thanks for the explicit CC, please do it next time as well if you
Hi Utkarsh
On Sat, Jan 02, 2021 at 05:45:04PM +0530, Utkarsh Gupta wrote:
> Hello,
>
> On Sat, Jan 2, 2021 at 2:02 AM Salvatore Bonaccorso wrote:
> > While strictly speaking this issue is no-dsa for buster, I'm raising
> > the severity to RC, would it be possible
Hi,
On Mon, Jul 06, 2020 at 10:15:43PM +0300, Adrian Bunk wrote:
> Source: quagga
> Version: 1.2.4-4
> Severity: serious
>
> The maintained fork from quagga that continues the zebra codebase is frr,
> which is already in buster:
> https://tracker.debian.org/pkg/frr
>
> Additionally shipping
Hi Alexander,
Sorry for the late reply.
On Sat, Dec 26, 2020 at 08:16:28PM +0300, Alexander Gerasiov wrote:
> On Thu, 24 Dec 2020 06:31:31 +0100
> Salvatore Bonaccorso wrote:
>
> > Hi Alexander,
> >
> > On Tue, Dec 22, 2020 at 07:57:15PM +0300, Alexander Gerasiov
Control: tags -1 + moreinfo
Hi Markus,
Thanks for your report.
On Thu, Dec 31, 2020 at 12:45:47PM +0200, Markus Bäcklund wrote:
> Package: src:linux-image-4.19.0-13-amd64
> Version: 4.19.160-2
> Severity: critical
> Justification: breaks the whole system
>
>
>
> -- Package-specific info:
>
close 976211 9.4.35-1
thanks
Control: tag -1 pending
Hello,
Bug #975803 in lnav reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
/changelog atftp-0.7.git20120829/debian/changelog
--- atftp-0.7.git20120829/debian/changelog
+++ atftp-0.7.git20120829/debian/changelog
@@ -1,3 +1,10 @@
+atftp (0.7.git20120829-3.2) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix for DoS issue CVE-2020-6097 (Closes: #970066)
+
+ -- Salvatore
Source: influxdb
Version: 1.6.4-2
Severity: grave
Tags: security upstream
Forwarded: https://github.com/influxdata/influxdb/issues/12927
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1.6.4-1
Control: found -1 1.0.2+dfsg1-1
Control: fixed -1 1.1.1+dfsg1-4+deb9u1
Hi,
The
Hi Alexander,
On Tue, Dec 22, 2020 at 07:57:15PM +0300, Alexander Gerasiov wrote:
> On Sun, 20 Dec 2020 11:50:42 +0200
> Adrian Bunk wrote:
> > this is a regression in 1.2.1+dfsg-2 that is currently in both
> > buster-security (which was done on top of 1.2.1+dfsg-2 that
> > introduced the
Control: tags -1 + moreinfo
Hi Anton,
On Fri, Sep 20, 2019 at 11:09:29AM +0100, Anton Ivanov wrote:
> Package: src:linux
> Version: 5.2.9-2
> Severity: critical
> Justification: breaks unrelated software
>
> Dear Maintainer,
>
> NFSv4 caching is completely broken on SMP.
>
> How to reproduce:
Hi,
On Sat, Dec 19, 2020 at 10:46:16AM +0100, Christoph Biedl wrote:
> Control: tags 977467 pending
>
> Moritz Muehlenhoff wrote...
>
> > https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/
> > is for nodejs, but the underlying issue is in http-parser, which Debian's
> >
Source: bouncycastle
Version: 1.65-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for bouncycastle, it affects
1.65 and 1.66 and is fixed in 1.67.
CVE-2020-28052[0]:
Source: libxstream-java
Version: 1.4.14-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1.4.11.1-1+deb10u1
Control: found -1 1.4.11.1-1
Hi,
The following vulnerability was published for
Source: linux
Version: 5.10~rc6-1~exp1
Severity: serious
Tags: ftbfs
Justification: FTBFS
X-Debbugs-Cc:
car...@debian.org,rogershim...@gmail.com,u...@kleine-koenig.org,vagr...@debian.org
Hi
X-Debbugs-CC explicitly Roger, Uwe and Vagrant.
src:linux is currently and since 5.10~rc6-1~exp1 FTBFS
Source: imagemagick
Version: 8:6.9.11.24+dfsg-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for imagemagick.
A very extensive blogpost[1] explains the issue, and
close 968335 4.19.146-1
thanks
Closing according to reporters and affected users feedback.
+submodules+notgz-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * ensure we catch additional malicious/crafted filenames (CVE-2020-28948,
+CVE-2020-28949) (Closes: #976108)
+
+ -- Salvatore Bonaccorso Sun, 06 Dec 2020 14:40:37 +0100
+
php-pear (1:1.10.9+submodules+notgz-1) unstable
Source: minidlna
Version: 1.2.1+dfsg-2
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1.2.1+dfsg-1
Hi,
The following vulnerability was published for minidlna.
CVE-2020-28926[0]:
| ReadyMedia (aka MiniDLNA) before versions 1.3.0
Source: dlt-daemon
Version: 2.18.5-0.2
Severity: grave
Tags: security upstream
Forwarded: https://github.com/GENIVI/dlt-daemon/issues/274
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 2.18.0-1
Hi,
The following vulnerability was published for dlt-daemon.
Source: xorg-server
Version: 2:1.20.4-1+deb10u1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 2:1.20.4-1
Control: found -1 2:1.20.8-2
Control: found -1 2:1.20.9-2
Hi,
The following vulnerabilities were published for xorg-server.
Source: jetty9
Version: 9.4.33-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 9.4.15-1
Hi,
The following vulnerability was published for jetty9.
CVE-2020-27218[0]:
| In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102,
Source: xen
Version: 4.14.0+80-gd101b417b7-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for xen.
CVE-2020-29040[0]:
| An issue was discovered in Xen through 4.14.x
Source: php-pear
Version: 1:1.10.9+submodules+notgz-1
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/pear/Archive_Tar/issues/33
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1:1.10.6+submodules+notgz-1.1
Hi,
The
Hi,
On Sun, Nov 29, 2020 at 07:17:06AM +0200, jim_p wrote:
> Package: nvidia-legacy-340xx-driver
> Version: 340.108-8
> Severity: normal
> X-Debbugs-Cc: pitsior...@gmail.com
>
> Dear Maintainer,
>
> That was unexpected! I noticed that kernel 5.4.11 reached unstable today, so I
> upgraded to it
Hi Antoni,
On Fri, Nov 27, 2020 at 02:24:16PM +, Antoni Villalonga wrote:
> Control: tag -1 pending
>
> Hello,
>
> Bug #975875 in x11vnc reported by you has been fixed in the
> Git repository and is awaiting an upload. You can see the commit
> message below and you can check the diff of the
} for the
+target path. (Closes: #976022)
+
+ -- Salvatore Bonaccorso Sat, 28 Nov 2020 14:59:08 +0100
+
mupdf (1.17.0+ds1-1.1) unstable; urgency=medium
* Non-maintainer upload.
Hi Jonas,
On Thu, Nov 26, 2020 at 08:59:11PM +0100, Jonas Smedegaard wrote:
> Version: 0.20.1~dfsg-1
>
> Quoting Salvatore Bonaccorso (2019-09-06 21:18:30)
> > The following vulnerability was published for bitcoin.
> >
> > CVE-2019-15947[0]:
> > | In Bitco
Control: tags -1 + confirmed
Hi,
On Wed, Nov 25, 2020 at 09:07:55PM +0100, Lucas Nussbaum wrote:
> Source: lnav
> Version: 0.8.5-3
> Severity: serious
> Justification: FTBFS on amd64
> Tags: bullseye sid ftbfs
> Usertags: ftbfs-20201125 ftbfs-bullseye
>
> Hi,
>
> During a rebuild of all
801 - 900 of 3865 matches
Mail list logo