Source: git
Version: 1:2.43.0-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for git.
CVE-2024-32002[0]:
| Git is a revision control system. Prior to versions
close 1070395 1.11.1-4
found 1070395 1.11.1-2.1
thanks
Control: retitle -1 tinyproxy: CVE-2023-49606
Hi,
CVE-2023-40533 as a duplicate of CVE-2022-40468 .
Regards,
Salvatore
Source: python-werkzeug
Version: 3.0.2-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for python-werkzeug.
CVE-2024-34069[0]:
| Werkzeug is a comprehensive WSGI web
Source: python-html-sanitizer
Version: 2.2-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for python-html-sanitizer.
CVE-2024-34078[0]:
| html-sanitizer is an
Source: sssd
Version: 2.9.4-2
Severity: grave
Tags: security upstream
Forwarded: https://github.com/SSSD/sssd/pull/7302
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for sssd.
CVE-2023-3758[0]:
| A race condition flaw was found in sssd
Package: ruby-sidekiq
Version: 7.2.1+dfsg-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
The following vulnerability was published for ruby-sidekiq.
It only affects the experimental version, as the issue was
Source: ruby3.2
Version: 3.2.3-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: clone -1 -2
Control: reassign -2 src;ruby3.1 3.1.2-8
Control: retitle -2 ruby3.1: CVE-2024-27282
Control: found -2 3.1.2-7
Hi,
Source: ruby3.1
Version: 3.1.2-8
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 3.1.2-7
Hi,
The following vulnerability was published for ruby3.1.
CVE-2024-27280[0]:
| Buffer overread
reassign 1069747 src:linux
close 1069747
thanks
The missing pre-requisite backport was specific to the 6.1.y series.
Source: freerdp2
Version: 2.11.5+dfsg1-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for freerdp2.
CVE-2024-32039[0]:
| FreeRDP is a free implementation of the
Hi,
On Sat, Apr 20, 2024 at 07:54:13AM -0400, P. J. McDermott wrote:
> On 2024-04-19 at 15:55, Salvatore Bonaccorso wrote:
> > Hi,
> >
> > FWIW, I'm actually preparing a security update for the two CVEs and
> > for bookworm I was first planning to do a 590-2.1 re
FWIW, I will try to work on the new available upstream version in the
next days and see if the two RC bugs on lnav can be addressed along.
it does not make sense to investigate the testsuite failure right now
without rebasing to the new version.
Control: tag -1 pending
Hello,
Bug #1068938 in less reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
Control: tag -1 pending
Hello,
Bug #1064293 in less reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
contains a newline (CVE-2024-32487)
+(Closes: #1068938)
+
+ -- Salvatore Bonaccorso Fri, 19 Apr 2024 15:09:49 +0200
+
less (590-2) sid; urgency=medium
* d/control: set standards version to 4.6.2
diff -Nru less-590/debian/patches/Fix-bug-when-viewing-a-file-whose-name-contains-a-ne.patch
Hi,
FWIW, I'm actually preparing a security update for the two CVEs and
for bookworm I was first planning to do a 590-2.1 reaching unstable,
and so then 590-2.1~deb12u1 for bookworm.
But if you want to override it with a NMU and proposing to salvage the
package this is equally fine.
Regards,
Hi Martin,
On Tue, Apr 16, 2024 at 09:26:02AM +0200, Martin Pitt wrote:
> Control: tag -1 upstream fixed-upstream patch
> Control: forwarded -1 https://github.com/cockpit-project/cockpit/pull/19790
>
> Hello Salvatore and Santiago,
>
> Salvatore Bonaccorso [2024
Source: cockpit
Version: 287.1-0+deb12u1
Severity: serious
Justification: missing binary builds, FTBFS
X-Debbugs-Cc: t...@security.debian.org, a...@debian.org, car...@debian.org
Hi
The update for cockpit in DSA 5655-1 had problems with the
test-sshbridge test, causing FTBFS:
>From the tail of
Control: tags -1 + confirmed pending
Control: found -1 6.1.82-1
Hi,
On Wed, Apr 10, 2024 at 12:16:21PM -0700, LW wrote:
> Package: src:linux
> Version: 6.1.76-1
> Severity: critical
> Tags: upstream security
> Justification: root security hole
> X-Debbugs-Cc: lw-deb-...@greyskydesigns.com,
Control: tag -1 pending
Hello,
Bug #1064724 in yapet reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
Hi Sebastian,
On Mon, Apr 08, 2024 at 06:43:01PM +0200, Sebastian Andrzej Siewior wrote:
> control: tags -1 patch
> control: reassign -1 yapet 2.6-1
>
> On 2024-04-08 08:32:58 [+0200], Kurt Roeckx wrote:
> > There might be a related change that doesn't allow restarting the
> > operation with the
_proc_files[i] != NULL; i++) {
retval = junction_write_time(junction_proc_files[i], flushtime);
>From 774394df352c249775d51d5d6e3effa775096b4f Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso
Date: Sat, 6 Apr 2024 20:48:43 +0200
Subject: [PATCH] junction: export-cache: cast to a type with a known size to
Hi Sean,
On Sat, Apr 06, 2024 at 04:54:14PM +0800, Sean Whitton wrote:
> control: reassign -1 libssl3,yapet
> control: found -1 libssl3/3.1.5-1
> control: found -1 yapet/2.6-1
> control: retitle -1 libssl3,yapet: YAPET cannot decrypt YAPET1.0-format DB
>
> Hello,
>
> On Sat 30 Mar 2024 at
Hi,
On Thu, Mar 21, 2024 at 09:09:02AM +0100, Salvatore Bonaccorso wrote:
> Hi Vladimir,
>
> On Thu, Mar 21, 2024 at 08:39:32PM +1300, Vladimir Petko wrote:
> > Package: yapet
> > Followup-For: Bug #1064724
> > User: ubuntu-de...@lists.ubuntu.com
> > Usertags:
Source: apache2
Source-Version: 2.4.59-1
- Forwarded message from Debian FTP Masters
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Fri, 05 Apr 2024 08:08:11 +0400
Source: apache2
Built-For-Profiles: nocheck
Architecture: source
Version: 2.4.59-1
Distribution:
Source: trafficserver
Version: 9.2.3+ds-1+deb12u1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 8.1.9+ds-1~deb11u1
Hi,
The following vulnerability was published for trafficserver.
CVE-2024-31309[0].
If you fix the vulnerability
Source: nghttp2
Version: 1.60.0-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for nghttp2.
CVE-2024-28182[0]:
| nghttp2 is an implementation of the Hypertext
Source: nodejs
Source-Version: 18.20.1+dfsg-1
- Forwarded message from Debian FTP Masters
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 03 Apr 2024 16:50:38 +0200
Source: nodejs
Architecture: source
Version: 18.20.1+dfsg-1
Distribution: unstable
Urgency:
Control: reassign -1 src:linux 6.7.9-2
Hi Niels,
On Mon, Apr 01, 2024 at 05:19:43PM +0200, Niels Thykier wrote:
> Salvatore Bonaccorso:
> > Source: debhelper
> > Version: 13.15
> > Severity: serious
> > Tags: ftbfs
> > Justification: Regression for other packa
Source: debhelper
Version: 13.15
Severity: serious
Tags: ftbfs
Justification: Regression for other package builds, FTBFS
X-Debbugs-Cc: car...@debian.org,debian-ker...@lists.debian.org
Control: affects -1 + src:linux,src:linux-signed-amd64,src:linux-signed-arm64
Hi Niels,
Not fully investigated,
Source: util-linux
Version: 2.39.3-11
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 2.38.1-5
Control: found -1 2.36.1-8+deb11u1
Control: found -1 2.36.1-8
Control: found -1 2.33.1-0.1
Hi,
The
Hi Vladimir,
On Thu, Mar 21, 2024 at 08:39:32PM +1300, Vladimir Petko wrote:
> Package: yapet
> Followup-For: Bug #1064724
> User: ubuntu-de...@lists.ubuntu.com
> Usertags: origin-ubuntu noble ubuntu-patch
> Control: tags -1 patch
>
> Dear Maintainer,
>
> The package fails to build due to the
Source: fastdds
Version: 2.11.2+ds-6
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for fastdds.
CVE-2024-28231[0]:
| eprosima Fast DDS is a C++ implementation of the
Hi Adrian,
On Sat, Mar 16, 2024 at 12:12:01AM +0200, Adrian Bunk wrote:
> On Wed, Mar 13, 2024 at 08:39:47PM +0100, Salvatore Bonaccorso wrote:
> > Hi Adrian,
>
> Hi Salvatore,
>
> > On Fri, Mar 08, 2024 at 02:03:55AM +0200, Adrian Bunk wrote:
> > > Control: t
Source: gross
Version: 1.0.2-4
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for gross.
CVE-2023-52159[0]:
| A stack-based buffer overflow vulnerability in gross
Hi Sebastian,
On Sat, Mar 16, 2024 at 11:34:23PM +0100, Sebastian Ramacher wrote:
> Source: lnav
> Version: 0.11.2-1
> Severity: serious
> Tags: ftbfs
> Justification: fails to build from source (but built successfully in the past)
> X-Debbugs-Cc: sramac...@debian.org
>
>
Hi Adrian,
On Sat, Mar 16, 2024 at 12:12:01AM +0200, Adrian Bunk wrote:
> On Wed, Mar 13, 2024 at 08:39:47PM +0100, Salvatore Bonaccorso wrote:
> > Hi Adrian,
>
> Hi Salvatore,
>
> > On Fri, Mar 08, 2024 at 02:03:55AM +0200, Adrian Bunk wrote:
> > > Control: t
Hi Adrian,
On Fri, Mar 08, 2024 at 02:03:55AM +0200, Adrian Bunk wrote:
> Control: tags 1064967 + patch
> Control: tags 1064967 + pending
>
> Dear maintainer,
>
> I've prepared an NMU for fontforge (versioned as 1:20230101~dfsg-1.1) and
> uploaded it to DELAYED/2. Please feel free to tell me if
Source: fastdds
Version: 2.11.2+ds-6.1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 2.11.2+ds-6
Hi,
The following vulnerability was published for fastdds.
CVE-2023-50716[0]:
| eProsima Fast DDS (formerly Fast RTPS) is a C++
Source: intel-microcode
Version: 3.20231114.1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 3.20231114.1~deb12u1
Control: found -1 3.20231114.1~deb11u1
Hi,
The following vulnerabilities were
Hi Dominique,
On Thu, Mar 07, 2024 at 08:58:11AM +0100, Dominique Dumont wrote:
> On Wednesday, 6 March 2024 21:07:56 CET Salvatore Bonaccorso wrote:
> > Thank you very much. Looks good to me, feel free to upload as well to
> > security-master (and build as well with -sa).
>
&
Source: golang-github-go-jose-go-jose
Version: 3.0.1-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for golang-github-go-jose-go-jose.
CVE-2024-28180[0]:
| Package
Control: severity -1 serious
Control: tags -1 + upstream fixed-upstream
Control: forwarded -1
https://lore.kernel.org/regressions/zd2bsv8vsfjml...@archie.me/
https://bugzilla.kernel.org/show_bug.cgi?id=218531
Control: found -1 6.6.15-1
Control: found -1 6.7.4-1~exp1
Hi Lee,
On Sat, Mar 02,
Hi
On Wed, Mar 06, 2024 at 07:06:55PM +0100, Dominique Dumont wrote:
> On Tuesday, 5 March 2024 22:15:50 CET Salvatore Bonaccorso wrote:
> > The debdiff for bookworm-security looks good to me. Please do upload
> > to security-master (and make sure to build with -sa as the o
Hi Dominique,
On Sun, Mar 03, 2024 at 03:51:28PM +0100, Dominique Dumont wrote:
> On Thu, 29 Feb 2024 21:53:07 +0100 Salvatore Bonaccorso
> wrote:
> > libuv1 is as well affected in bullseye and it's still supported. Can
> > you have a look as well at this version?
&
Hi Alex,
On Fri, Mar 01, 2024 at 08:26:31AM +0100, Alexander Kjäll wrote:
> Hi
>
> I was waiting for another transition that was staged in experimental. Due
> to the quality of the different clipboard crates.
>
> But if this block something I will make a temporary solution.
Thanks for the
Hi
On Mon, Dec 11, 2023 at 07:10:22PM +0100, Alexander Kjäll wrote:
> Hi
>
> I'm sorry for the semver breakage, the last version was a bit stressed
> out due to the security problems with libgit2 not verifying server
> signatures (that has since been fixed).
>
> I think the best path forward
Hi Dominique,
[Adding CC to team@s.d.o]
On Tue, Feb 20, 2024 at 07:08:48PM +0100, Dominique Dumont wrote:
> Hi
>
> On Wed, 14 Feb 2024 12:57:52 +0100 Dominique Dumont wrote:
> > I'm still pondering what should be done for stable which ships a libuv
> 1.44.2
>
> I've prepared a fix for
Source: azure-uamqp-python
Version: 1.6.8-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for azure-uamqp-python.
CVE-2024-27099[0]:
| The uAMQP is a C library for AMQP 1.0 communication to Azure
Source: openrefine
Version: 3.7.7-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for openrefine.
Markus, please adjust severity if you think grave/RC severity is not
appropriate. openrefine updates
Hi,
On Fri, Feb 16, 2024 at 04:15:19PM +0100, Moritz Mühlenhoff wrote:
> Source: iwd
> X-Debbugs-CC: t...@security.debian.org
> Severity: grave
> Tags: security
>
> Hi,
>
> The following vulnerability was published for iwd.
>
> CVE-2023-52161[0]:
>
Source: pdns-recursor
Version: 4.9.2-2
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for pdns-recursor.
CVE-2023-50387[0] and CVE-2023-50868[1].
If you fix the vulnerabilities please also make
Hi Bastian,
On Mon, Feb 12, 2024 at 10:16:21PM +0100, Bastian Blank wrote:
> On Mon, Feb 12, 2024 at 10:09:41PM +0100, Salvatore Bonaccorso wrote:
> > kernel-wedge copy-modules 6.6.15 amd64 6.6.15-amd64
> > depmod: ERROR: could not open directory
> > /<>/debian/linux
Source: linux-signed-amd64
Version: 6.6.15+2
Severity: serious
Justification: FTBFS
X-Debbugs-Cc: car...@debian.org, wa...@debian.org, k...@debian.org
The linux-signed-amd64 (and arm64 one) currently FTBFS (only filling
one for amd64, as the same for arm64):
Source: composer
Version: 2.6.6-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for composer.
CVE-2024-24821[0]:
| Composer is a dependency Manager for the PHP
Source: engrampa
Version: 1.26.1-4
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for engrampa.
CVE-2023-52138[0]:
| Engrampa is an archive manager for the MATE
Source: libuv1
Version: 1.46.0-3
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libuv1.
CVE-2024-24806[0]:
| libuv is a multi-platform support library with a focus on
| asynchronous I/O. The
Control: tags -1 + upstream
Control: severity -1 important
Hi
On Wed, Feb 07, 2024 at 10:43:47PM -0500, Dhya wrote:
> Package: src:linux
> Version: 6.1.76-1
> Severity: critical
> Justification: breaks the whole system
>
> Dear Maintainer,
>
> After upgrade to linux-image-6.1.0-18-amd64
Source: libgit2
Version: 1.7.1+ds-2
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1.5.1+ds-1
Control: found -1 1.1.0+dfsg.1-4+deb11u1
Control: found -1 1.1.0+dfsg.1-4
Hi,
The following vulnerability was published for libgit2.
Intreestingly and unfortunately my local test now fails in a different
way. So first sorting that out. The xmldocs build hangs instead now.
Regards,
Salvatore
Source: linux
Version: 6.6.15-1
Severity: serious
Justification: FTBFS
X-Debbugs-Cc: car...@debian.org
The build for arch:all package FTBFS due to a problem in the
documentation build:
[2Kreading sources... [ 98%] userspace-api/media/v4l/vidioc-g-frequency ..
virt/kvm/devices/vfio
Ciao Gennaro,
On Sat, Feb 03, 2024 at 12:28:24PM +0100, Gennaro Oliva wrote:
> Ciao Salvatore,
>
> On Sun, Jan 28, 2024 at 11:37:34AM +0100, Salvatore Bonaccorso wrote:
> > Reviewing your uploaded changes, the changelog mentions
> > CVE-2023-49935, but believe his was
Source: runc
Source-Version: 1.1.12+ds1-1
Control: fixed 1062532 1.0.0~rc93+ds1-5+deb11u3
Control: fixed 1062532 1.1.5+ds1-1+deb12u1
This fixes #1062532. Adding as well the fixed version for the pending
runc update via bullseye-security and bookworm-security.
- Forwarded message from Debian
Source: runc
Version: 1.1.10+ds1-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for runc.
CVE-2024-21626[0]:
| runc is a CLI tool for spawning and running containers
Hi Gennaro,
On Sat, Dec 30, 2023 at 10:55:32PM +0100, Gennaro Oliva wrote:
> Dear Salvatore,
> I prepared an updated version of the slurm-wlm package for bookworm in
> response to CVE-2023-49933/49935/49936/49937/49938
>
> The package can be found here:
>
>
Hi,
On Thu, Jan 25, 2024 at 02:55:52AM +, Dennis Haney wrote:
> Can we please get a new release of a stable kernel?
> This keeps crashing our machines, and it is a pain manually updating
> to the 6.5 kernel on all of them.
A fix for this issue will be released with the upcoming point
Source: atril
Version: 1.26.1-4
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for atril.
CVE-2023-52076[0]:
| Atril Document Viewer is the default document reader of
Control: tags -1 + moreinfo
On Thu, Jan 25, 2024 at 10:01:04PM +0100, r2rien wrote:
> Package: linux-image-6.6.13-amd64
> Version: 6.6.13-1
> Severity: grave
> Justification: renders package unusable
> X-Debbugs-Cc: deb...@r2rien.net
>
> Resuming from suspend keyboard totally unresponsive, thus
Source: shim
Version: 15.7-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 15.7-1~deb11u1
Hi,
The following vulnerabilities were published for shim.
According to [6]:
* Various CVE fixes:
CVE-2023-40546 mok: fix LogError()
close 1061518
thanks
close 1061517
thanks
Source: pillow
Version: 10.1.0-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for pillow.
CVE-2023-50447[0]:
| Pillow through 10.1.0 allows PIL.ImageMath.eval
Source: coreutils
Version: 9.4-3
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for coreutils.
CVE-2024-0684[0]:
| heap overflow in split --line-bytes with very long
Source: mysql-8.0
Version: 8.0.35-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
See
https://www.oracle.com/security-alerts/cpujan2024.html#AppendixMSQL
for a list of CVEs affecting src:mysql-8.0.
Regards,
Source: atril
Version: 1.26.1-3
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for atril.
CVE-2023-51698[0]:
| Atril is a simple multi-page document viewer. Atril is
Hi
A fix for this issue has been queued for the 6.1.y series:
https://lore.kernel.org/stable/zajygki9o5j1u...@eldamar.lan/T/#m934ca5a14db8bcef8f24329c7edee8a3592465b2
If someone additionally might or want to test testbuilds please have a
look at:
Source: golang-github-go-git-go-git
Version: 5.4.2-4
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for go-git.
CVE-2023-49568[0]:
| A denial of service (DoS)
Hi
The issue should be fixed with
https://git.kernel.org/linus/400f6ebbc175286576c7f7fddf3c347d09d12310
. Can you check that commit on top of the most current version in
unstable to confirm?
Regards,
Salvatore
Hi Gennaro,
On Sat, Dec 30, 2023 at 10:55:32PM +0100, Gennaro Oliva wrote:
> Dear Salvatore,
> I prepared an updated version of the slurm-wlm package for bookworm in
> response to CVE-2023-49933/49935/49936/49937/49938
>
> The package can be found here:
>
>
Hi Klaus,
On Sat, Oct 21, 2023 at 08:34:55AM +0100, Klaus Ethgen wrote:
> Hi,
>
> Am Do den 19. Okt 2023 um 20:46 schrieb Salvatore Bonaccorso:
> > On Thu, Oct 12, 2023 at 06:57:20AM +0100, Klaus Ethgen wrote:
> > > Package: src:linux
> > > Version: 6.5.6-1
&g
Source: asterisk
Version: 1:20.5.0~dfsg+~cs6.13.40431414-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for asterisk.
CVE-2023-49786[0]:
| Asterisk is an open source private branch exchange and
Hi,
On Tue, Dec 19, 2023 at 12:41:24PM +0100, Friedhelm Mehnert wrote:
> This is to report, that even with this kernel,
>
> > 2023-12-19T11:19:09.704363+01:00 m2 kernel: [0.00]
> > Linux version 6.1.0-16-amd64 (debian-kern
> > e...@lists.debian.org) (gcc-12 (Debian 12.2.0-14) 12.2.0,
>
Hi Sven,
On Sat, Dec 16, 2023 at 07:44:21PM +0100, Sven Joachim wrote:
> Control: tags -1 + patch
>
> On 2023-12-05 23:03 +0100, Santiago Vila wrote:
>
> > Package: src:bosh
> > Version: 0.6-11
> > Severity: serious
> > Tags: ftbfs
> >
> > Dear maintainer:
> >
> > During a rebuild of all
Control: tag -1 pending
Hello,
Bug #1057545 in bosh reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
Hi Nobuhiro,
On Fri, Dec 15, 2023 at 05:38:17AM +0100, Salvatore Bonaccorso wrote:
> Hi Nobuhiro
>
> On Fri, Dec 15, 2023 at 08:37:13AM +0900, Nobuhiro Iwamatsu wrote:
> > Hi Salvatore,
> >
> > Thanks for your work.
> > This patch looks good to me.
&g
Source: squid
Version: 6.5-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for squid.
CVE-2023-50269[0]:
| Squid is a caching proxy for the Web. Due to an Uncontrolled
| Recursion bug in versions 2.6
Source: slurm-wlm
Version: 23.02.6-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi Gennaro,
The following vulnerabilities were published for slurm-wlm.
CVE-2023-49933[0]:
| An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and
|
Hi Nobuhiro
On Fri, Dec 15, 2023 at 08:37:13AM +0900, Nobuhiro Iwamatsu wrote:
> Hi Salvatore,
>
> Thanks for your work.
> This patch looks good to me.
> Please upload without DELAYED/2 to unstable.
Thanks for the confirmation, so I rescheduled it *but* note due to the
UsrMerge changes it goes
systemdsystemunitdir (Closes: #1052983)
+
+ [ Chris Hofstaedtler ]
+ * Defer udev file placement to udev's pkg-config data (Closes: #1056996)
+ * Install hciconfig into /usr/bin instead of /bin
+
+ [ Salvatore Bonaccorso ]
+ * input.conf: Change default of ClassicBondedOnly (CVE-2023-45866)
+(Closes
Contol: tags -1 + fixed-upstream
Control: found -1 6.1.66-1
Control: found -1 6.5.13-1
On Sun, Oct 29, 2023 at 02:16:57PM +0100, Aurelien Jarno wrote:
> Source: linux
> Version: 5.10.197-1
> Severity: grave
> Tags: upstream patch
> X-Debbugs-Cc: d...@debian.org, debian-m...@lists.debian.org
>
>
Hi
Thanks to all for testing the test build with the one commit revert.
6.1.67-1 is now underway. I will check with stable release managers if
a SUA (update through stable-updates) can be released.
Regards,
Salvatore
As there were some questions along in this thread let me summarize
some points:
The issue affects fs/ext4 code, so no other filesystems are affected
(e.g. btrfs).
The issue affects all kernels which have the commit 91562895f803
("ext4: properly sync file size update after O_SYNC direct IO") from
Hi,
On Mon, Dec 11, 2023 at 01:27:07PM +0100, Kevin Price wrote:
> Thank you Salvatore!
>
> Am 11.12.23 um 12:37 schrieb Salvatore Bonaccorso:
> > It still would be helpfull if you can get to the logs of the previous
> > boot. After booting back in the working kernel,
Control: tags -1 + moreinfo
Hi Kevin,
On Mon, Dec 11, 2023 at 02:55:50AM +0100, Kevin Price wrote:
> Package: linux-image-6.1.0-15-amd64
> Version: 6.1.66-1
> Severity: critical
> Control: -1 notfound 6.1.64-1
>
> When booting 6.1.0-15, my physical amd64/bookworm/gnome computer
> misbehaves in
Control: tags -1 + moreinfo
Hi Steve,
On Sun, Dec 10, 2023 at 07:41:15PM -0800, Steve VanDevender wrote:
> Package: src:linux
> Version: 6.1.66-1
> Severity: grave
> Tags: upstream
> Justification: renders package unusable
>
> I would have tried to report this from the 6.1.66 kernel but once a
Source: bluez
Version: 5.70-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for bluez.
CVE-2023-45866[0]:
| Bluetooth HID Hosts in BlueZ may permit an unauthenticated
| Peripheral role HID Device to
Hi,
On Sat, Dec 09, 2023 at 03:07:37PM +0100, Salvatore Bonaccorso wrote:
> Source: linux
> Version: 6.1.64-1
> Severity: grave
> Tags: upstream
> Justification: causes non-serious data loss
> X-Debbugs-Cc: debian-rele...@lists.debian.org, car...@debian.org,
> a...@debian
Running the single test with ext4:
# LTP_SINGLE_FS_TYPE=ext4 LTP_DEV_FS_TYPE=ext4 ./preadv03_64
tst_device.c:96: TINFO: Found free device 0 '/dev/loop0'
tst_test.c:1690: TINFO: LTP version: 20230929-194-g5c096b2cf
tst_test.c:1574: TINFO: Timeout per run is 0h 00m 30s
tst_supported_fs_types.c:149:
Source: linux
Version: 6.1.64-1
Severity: grave
Tags: upstream
Justification: causes non-serious data loss
X-Debbugs-Cc: debian-rele...@lists.debian.org, car...@debian.org,
a...@debian.org
Hi
I'm filling this for visibility.
There might be a ext4 data corruption issue with the kernel released
1 - 100 of 3851 matches
Mail list logo