Hi
Could you test shim that is here
https://salsa.debian.org/efi-team/shim/-/tree/buster/updates?ref_type=heads
I will like to test this on real hardware and kvm.
However, I fail to test the non signed version, and I could not found
documentation of how to test.
Due to particular nature of
I've worked during april on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS
===
Putty
I have tested putty against terrapin and released DLA 3794-1
Fix of CVE-2024-31497 are proposed and wait review
I've worked during mars on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS
===
composer
--
I triaged #1063603/CVE-2024-24821 and confirmed that this CVE does not affect
buster.
I backported local
I've worked during february on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS
===
sudo
---
I have released DLA 3732-1, following previous month work.
Ansible
--
Following previous month work, I
Le mardi 27 février 2024, 05:31:01 UTC Sean Whitton a écrit :
> Hello Bastien,
>
> Is there someway I could help with imagemagick under LTS? It looks like
> the status has been unchanged for some months. I'm not an expert but I
> can review things. Thanks!
>
>
Hi sean
I have made a few
I've worked during january on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
ELTS:
tinyxml
--
Fix CVE-2023-34194 and release ELA-1029-1.
Note that this project is dead upstram, but a fork seems
Le mardi 2 janvier 2024, 14:53:22 UTC Bastien Roucariès a écrit :
Hi,
Obviously the report should be read for decembre 2023
> I've worked during november 2023 on the below listed packages, for Freexian
> LTS/ELTS [1]
>
> Many thanks to Freexian and our sponsors [2] for providing this
I've worked during november 2023 on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
ELTS:
The work consisted to fix libreoffice both for stretch and jessie.
I have fixed CVE-2020-12801 CVE-2020-12802
I've worked during november 2023 on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
ELTS:
python3.5
---
Folowing previous month work, I have finalized to fix testsuite, by
regenerating
I've worked during September 2023 on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS
===
prometheus-alertmanager
---
I have released DLA 3609-1 following fixes from
Le jeudi 12 octobre 2023, 08:07:48 UTC Bastien Roucariès a écrit :
Hi,
> Hi,
>
> I have a FTBFS that I do not achieve to fix on batik
>
> https://salsa.debian.org/lts-team/packages/batik/-/commit/b91844ef6472d9e5ddada7593f844a9c23d55b6c
Solved thanks to all
Bastien
>
>
Hi,
I have a FTBFS that I do not achieve to fix on batik
https://salsa.debian.org/lts-team/packages/batik/-/commit/b91844ef6472d9e5ddada7593f844a9c23d55b6c
I have tried to add maven.compiler.source=1.7 without success
Any idea how to solve ?
Bastien
signature.asc
Description: This is a
Le vendredi 6 octobre 2023, 19:31:43 UTC Roberto C. Sánchez a écrit :
> Hi Bastien,
>
> On Fri, Sep 29, 2023 at 09:12:57PM +, Bastien Roucariès wrote:
> > Hi,
> >
> > I tried to fix CVE-2021-32686 by using patch from upstream.
> >
> > I think the pro
I've worked during September 2023 on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
ELTS:
My work this month was concentrated on libreoffice. This a huge package (with a
lot of line of code), that take a
Le jeudi 28 septembre 2023, 22:46:41 UTC Bastien Roucariès a écrit :
Hi,
An update
> Hi
>
> I am trying to fix the CVE for SALT
Salt need to be updated due to a failure on the custom crypto protocol what was
broken. Both server and client need to be updated due to protoc
Hi,
I tried to fix CVE-2021-32686 by using patch from upstream.
I think the problem is hard to solve:
- patch does not apply cleanly and backport will be difficult (moreover it is
hard to test this kind of race condition)
- ring use a heavy patched PJSIP. A solution will be to use the
Hi
I am trying to fix the CVE for SALT
Unfortunatly this will need a backport of salt 3002.9 that in turn need:
python3-saltfactories >= 0.907 (that need python3-setuptools (>= 50.3.2),
python3-setuptools-scm (>= 3.4) to be investigated)
python3-attr (>= 19.1)
I believe the first one used
I've worked during August 2023 on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS:
===
docker.io:
* Santiago is trying to test my release. Testing is especially complicated due
to lack of integration test
I've worked during July 2023 on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS:
docker.io:
* I have continued my work on docker.io and investigate FTBFS #1040141
linked to fallout of CVE-2022-39253.
Hi,
I have uploaded a docker.io package under https://people.debian.org/~rouca/apt/
I will like some testing, and review particularly swarm mode.
Code is available as usual under git
https://salsa.debian.org/lts-team/packages/docker.io
Review of
Le mercredi 5 juillet 2023, 04:52:48 UTC Anton Gladky a écrit :
> Hello,
>
> I am looking into CVE-2023-33460 and I am not sure that ruby-yajl
> is affected. There is no direct dependency on yajl, where the vulnerability
> was detected.
ruby-yajl include a old version of yajl 1.01.12
The vuln
Source: docker.io
Version: 18.09.1+dfsg1-7.1+deb10u3
Severity: serious
Justification: FTBFS
X-Debbugs-Cc: debian-lts@lists.debian.org
Dear Maintainer,
The current security version FTBFS for me with
-- FAIL: TestCheckoutGit (0.52s)
gitutils_test.go:188: assertion failed: error is not nil:
Hi,
This month activity consisted to:
- release ELA-865-1 for imagemagick
- release ELA-869-1 for php-phpseclib including introducing a test suite.
- release ELA-875-1 for libxpm
- Triage yajl. Fix was not release but yajl is embed in other package. Check if
this CVE affects other package
Le mardi 27 juin 2023, 18:46:25 UTC Tobias Frost a écrit :
> Hi,
>
> time for an small update:
>
> Please note that the packages offered below are WIP status and are intended
> for testing only.
>
> php-cas
> ===
>
> I've verified my patched version of php-cas against the apereo CAS
>
Le vendredi 23 juin 2023, 12:44:59 UTC Bastien Roucariès a écrit :
> Le jeudi 22 juin 2023, 13:51:54 UTC Ben Hutchings a écrit :
> > On Thu, 2023-06-22 at 10:37 +, Bastien Roucariès wrote:
> > > Hi,
> > >
> > > I want to discuss about CVE-2023-2884[0-2].
&g
Le jeudi 22 juin 2023, 13:51:54 UTC Ben Hutchings a écrit :
> On Thu, 2023-06-22 at 10:37 +0000, Bastien Roucariès wrote:
> > Hi,
> >
> > I want to discuss about CVE-2023-2884[0-2].
> >
> > In order to be vulnerable host kernel need to disable the xt_u32 module.
Hi,
I want to discuss about CVE-2023-2884[0-2].
In order to be vulnerable host kernel need to disable the xt_u32 module.
Moreover upstream drop for newer version support of xt_u32 see
https://github.com/moby/moby/commit/4d04068184cf34af7be43272db1687143327cdf7
Do we support only xt_bpf in
Hi,
The last two hours I tried to fix CVE-2022-46871 by backporting the timer
handling patch by patch until I get something approximativly sane.
If believe it is not really the way to go:
- it is quite fragile
- upstream does not correctly create separate commit and create periodic merge
from
Hi,
This month activity consisted to:
- release UWSGI fixing CVE-2023-27522 initially reported against apache2 but
than may affects old version of uwsgi. I have reported this finding to the CVE
database and CVE was updated.
- the main part of the work was on imagemagick package:
*
Hi,
Here is my public monthly report.
Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.
https://www.freexian.com/services/debian-lts.html#sponsors
In april I spend my time on LTS as:
- fixing apache2 CVE-2023-25690 CVE-2023-27522. CVE-2023-25690 created
Hi,
Here is my public monthly report.
Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.
https://www.freexian.com/services/debian-lts.html#sponsors
In march (my first month) I spend my time on LTS as
- creating the right environment (pbuilder, tools) to
Le lundi 20 mars 2023, 08:31:59 UTC Emilio Pozuelo Monfort a écrit :
Hi,
> On 19/03/2023 07:50, Bastien Roucariès wrote:
> > Le jeudi 16 mars 2023 09:34:17 UTC, vous avez écrit :
> > Hi,
> >> Hi,
> >>
> >> I have been working in improving our Sal
be triggered
+via the parse function.
+Fix CVE-2022-21222, CVE-2021-33587 (Closes: #989264, #1032188)
+
+ -- Bastien Roucariès Wed, 01 Mar 2023 15:33:15 +
+
node-css-what (2.1.0-1) unstable; urgency=medium
* new upstream version
diff -Nru node-css-what-2.1.0/debian/patches/0001-Partial
expression in the
+re_attr variable.
+The exploitation of this vulnerability could be triggered
+via the parse function.
+Fix CVE-2022-21222, CVE-2021-33587 (Closes: #989264, #1032188)
+
+ -- Bastien Roucariès Wed, 01 Mar 2023 15:33:15 +
+
node-css-what (2.1.0-1) unstable
Architecture: source amd64 all
Version: 8:6.6.0.4-3+squeeze6
Distribution: squeeze-lts
Urgency: high
Maintainer: ImageMagick Packaging Team
pkg-gmagick-im-t...@lists.alioth.debian.org
Changed-By: Bastien Roucariès roucaries.bastien+deb...@gmail.com
Description:
imagemagick - image manipulation
35 matches
Mail list logo