package release.debian.org
tags 1025137 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: g810-led
Version:
package release.debian.org
tags 1025083 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: omnievents
Version:
package release.debian.org
tags 1025700 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: virglrenderer
Version:
package release.debian.org
tags 1024850 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: spf-engine
Version:
package release.debian.org
tags 1017723 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: nftables
Version:
On Thu, 2022-12-08 at 17:28 -0500, Jeremy Bicha wrote:
> On Thu, Dec 8, 2022 at 4:04 PM Adam D. Barratt <
> a...@adam-barratt.org.uk> wrote:
> > Control: tags -1 + confirmed
> >
> > On Thu, 2022-12-08 at 15:45 -0500, Jeremy Bicha wrote:
> > &
On Thu, 2022-12-08 at 16:16 -0500, Jeremy Bicha wrote:
> On Thu, Dec 8, 2022 at 4:02 PM Adam D. Barratt <
> a...@adam-barratt.org.uk> wrote:
> > On Thu, 2022-12-08 at 15:49 -0500, Jeremy Bicha wrote:
> > > Adapt to Google Contacts API change
> > >
&g
Control: tags -1 + confirmed
On Thu, 2022-12-08 at 18:09 +0100, Andreas Beckmann wrote:
> A huge bunch of CVEs has been fixed upstream in the supported
> branches
> of the proprietary nvidia driver. This is probably related to the
> release of an open source variant of the kernel module (with the
Control: tags -1 + confirmed
On Thu, 2022-12-08 at 16:57 +0100, Andreas Beckmann wrote:
> A huge bunch of CVEs has been fixed upstream in the supported
> branches
> of the proprietary nvidia driver. This is probably related to the
> release of an open source variant of the kernel module (with the
Control: tags -1 + confirmed
On Tue, 2022-12-06 at 23:28 +0100, Andreas Beckmann wrote:
> A huge bunch of CVEs has been fixed upstream in the supported
> branches
> of the proprietary nvidia driver. This is probably related to the
> release of an open source variant of the kernel module (with the
Control: tags -1 + confirmed
On Fri, 2022-12-09 at 00:49 +0800, Shengjing Zhu wrote:
> Backport patch for CVE-2022-23471.
>
> https://github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9
>
> > A bug was found in containerd's CRI implementation where a user can
> > exhaust
>
Control: tags -1 + confirmed
On Tue, 2022-12-06 at 23:06 +0100, Andreas Beckmann wrote:
> A huge bunch of CVEs has been fixed upstream in the supported
> branches
> of the proprietary nvidia driver. This is probably related to the
> release of an open source variant of the kernel module (with the
Control: tags -1 + confirmed
On Thu, 2022-12-08 at 19:24 +0200, Adrian Bunk wrote:
> * Fix occasional FTBFS due to incorrect dependency.
> Closes: #1010996.
>
> 1.9.2-1 parallel build was flaky:
> https://tests.reproducible-builds.org/debian/history/arm64/efitools.html
Please go ahead.
Control: tags -1 + confirmed
On Thu, 2022-12-08 at 19:22 +0200, Adrian Bunk wrote:
> On Thu, Dec 08, 2022 at 06:59:10PM +0200, Adrian Bunk wrote:
> > * Generate dependency on dovecot ABI in use during build.
> > Technique stolen from dovecot-antispam packaging.
> > Thanks to Ron Lee
Control: tags -1 + confirmed
On Thu, 2022-12-08 at 15:45 -0500, Jeremy Bicha wrote:
> Adapt to Google Contacts API change
>
> [ Impact ]
> Google Contacts integration in Evolution and the GNOME Contacts app
> won't work without this fix.
>
Please go ahead.
Regards,
Adam
Control: tags -1 + confirmed
On Thu, 2022-12-08 at 21:25 +0200, Adrian Bunk wrote:
> On Thu, Dec 08, 2022 at 09:17:53PM +0200, Adrian Bunk wrote:
> > * Add upstream fix for intermittent test failures. (Closes:
> > #848055)
> >
> > Test-only change to fix flaky build:
> >
Control: tags -1 + confirmed
On Thu, 2022-12-08 at 20:41 +0200, Adrian Bunk wrote:
> * Add upstream fix for test to match French translation change
> in iso-codes. (Closes: #991653)
>
> Test-only change to fix FTBFS.
Please go ahead.
Regards,
Adam
On Thu, 2022-12-08 at 15:49 -0500, Jeremy Bicha wrote:
> Adapt to Google Contacts API change
>
> [ Impact ]
> Google Contacts integration in Evolution won't work without this fix.
+evolution (3.38.3-1+deb11u1) unstable; urgency=medium
^ s/unstable/bullseye/
> This bug fix requires
On Thu, 2022-12-08 at 14:47 +, Steve McIntyre wrote:
> On Thu, Dec 08, 2022 at 08:36:50AM +0100, Salvatore Bonaccorso wrote:
> > Hi Steve,
> > On Thu, Dec 08, 2022 at 12:15:57AM +, Steve McIntyre wrote:
[...]
> > > * What's the preferred way to go for Bullseye, given we're just
> > >
Control: tags -1 + confirmed
On Wed, 2022-12-07 at 18:02 +0100, Tobias Frost wrote:
> I'm currently preparing a security update for virglrenderer for LTS
> and figured out that there is one of the fixed CVEs is not adressed
> in bullseye
> yet.
>
> The CVE fixed is CVE-2022-0135: (#1009073)
>
Control: tags -1 + confirmed
On Tue, 2022-12-06 at 16:26 +0100, Helmut Grohne wrote:
> CVE-2022-38266 is a low impact vulnerability where leptonlib would
> crash
> with arithmetic exceptions on certain JPEG files. Since this is only
> DoS, it does not go via bullseye-security.
>
and thus:
Control: tags -1 + confirmed
On Sun, 2022-12-04 at 11:42 +0100, Yadd wrote:
> node-hawk used a regular expression to parse `Host` HTTP header
> (`Hawk.utils.parseHost()`), which was subject to regular expression
> DoS attack
> (CVE-2022-29167).
>
Please go ahead.
Regards,
Adam
Control: tags -1 + confirmed
On Sat, 2022-12-03 at 20:25 +0100, Yadd wrote:
> node-qs is vulnerable to prototype pollution, this affects web
> applications using node-express (CVE-2022-24999)
>
Please go ahead.
Regards,
Adam
Control: tags -1 + confirmed
On Fri, 2022-12-02 at 16:33 +0100, Michael R. Crusoe wrote:
> cwltool is not usable without the python3-distutils package also
> installed. This is rare, but can happen on fresh Debian installs.
>
> I discovered this today while testing instructions for WSL2 users.
>
Control: tags -1 + confirmed d-i
On Fri, 2022-12-02 at 15:42 +0100, Jordi Mallach wrote:
> I'm requesting the acceptance of a new nano update for stable,
> with 3 additional upstream patches that fix two crash conditions
> and a data-loss condition.
>
Please go ahead.
Regards,
Adam
Control: tags -1 + confirmed
On Wed, 2022-11-30 at 22:42 +0100, Moritz Muehlenhoff wrote:
> This updates fixes various minor crashes in mplayer, which
> don't warrant a DSA by itself. I've run the PoCs against
> the updated build where applicable and also tested various
> random media files.
>
>
Control: tags -1 + confirmed
On Wed, 2022-11-30 at 08:32 +0100, Stephen Kitt wrote:
> g810-led has a security issue in stable; it leaves /dev/input/eventXX
> device nodes world-readable and writable (CVE-2022-46338). The issue
> is marked no-dsa, but I would like to provide a fix in the next
>
Control: tags -1 + confirmed
On Tue, 2022-11-29 at 14:58 -0300, Guilherme de Paula Xavier
Segundoomnievents enables CORBA applications to communicate through
> asynchronous
> broadcast channels rather than direct method calls.
>
> omnievents-doc is a package that can be installed as a
Control: tags -1 + confirmed
On Mon, 2022-11-28 at 20:35 +0100, Moritz Muehlenhoff wrote:
> openjdk bumped the requirements for the test suite within
> their 11.x branch (which is what we ship in Bullseye), it
> now needs jtreg6.
>
"Yay". Please go ahead.
Regards,
Adam
Control: tags -1 + confirmed
On Thu, 2022-11-24 at 09:26 +0100, Yadd wrote:
> node-xmldom is vulnerable: it doesn't verify that root element is
> uniq
> (#1024736, CVE-2022-39353)
>
Please go ahead.
Regards,
Adam
Control: tags -1 + confirmed
On Sat, 2022-11-26 at 14:21 -0500, Scott Kitterman wrote:
> Currently the pyspf-milter fails to start due to a leftover, invalid
> import statement. This fixes it, backported from the upstream fix.
> There is no risk of regression since the milter binary doesn't work
Control: tags -1 + confirmed
On Fri, 2022-11-25 at 15:19 +0100, Guido Günther wrote:
> Fix lxc container reboots and shutdown (#983871, #991773).
>
Please go ahead.
Regards,
Adam
Control: tags -1 + confirmed
On Sun, 2022-09-04 at 15:09 +0100, Jeremy Sowden wrote:
> On 2022-09-03, at 14:53:45 +0100, Adam D. Barratt wrote:
> > On Fri, 2022-08-19 at 16:05 +0100, Jeremy Sowden wrote:
> > > The related nftables bug is:
> > >
> > &g
Control: tags -1 + confirmed
On Sat, 2022-09-03 at 22:12 +0300, Michael Tokarev wrote:
> There's a FTBFS issue with cifs-utils on bullseye, #993014.
> This update address that FTBFS issue only, with no other
> changes
>
> [ Reason ]
> The package fails to build from source when doing
On Mon, 2022-09-19 at 19:25 +0200, Alberto Gonzalez Iniesta wrote:
> modsecurity-crs has been released today [1]. It fixes a security
> issue,
> here is the announcement:
>
> CVE-2022-39956 - Content-Type or Content-Transfer-Encoding MIME
> header fields
> abuse
>
[...]
> Important: The
Control: reopen -1
Control: tags -1 + pending
On Wed, 2022-12-07 at 19:02 +, Debian FTP Masters wrote:
> Source: evolution-ews
> Source-Version: 3.38.3-1+deb11u1
> Done: Claudius Heine
>
> We believe that the bug you reported is fixed in the latest version
> of
> evolution-ews, which is due
package release.debian.org
tags 1024054 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: mariadb-10.5
Version:
package release.debian.org
tags 1025173 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: libdatetime-timezone-perl
package release.debian.org
tags 1025646 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: libapache2-mod-auth-mellon
package release.debian.org
tags 1025553 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: core-async-clojure
Version:
package release.debian.org
tags 1025204 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: speech-dispatcher
Version:
package release.debian.org
tags 1023981 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: onionshare
Version:
package release.debian.org
tags 1021651 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: evolution-ews
Version:
Control: tags -1 + confirmed
On Tue, 2022-12-06 at 21:11 +0100, Thijs Kinkhorst wrote:
> I propose this upload to bullseye to fix a relatively minor security
> issue
> (open redirect) in libapache2-mod-auth-mellon.
>
Please go ahead.
Regards,
Adam
Control: tags -1 + confirmed
On Sun, 2022-12-04 at 17:14 -0800, Otto Kekäläinen wrote:
> Hello!
> mariadb-10.5 (1:10.5.18-0+deb11u1) bullseye; urgency=medium
>
> * New upstream version 10.5.18.
> * New upstream version 10.5.17. Includes security fixes for
> - CVE-2018-25032
> -
On Sun, 2022-12-04 at 19:07 +0100, Yadd wrote:
> On 04/12/2022 19:03, Adam D. Barratt wrote:
> > On Tue, 2022-11-29 at 11:14 +0100, Yadd wrote:
> > > On 29/11/2022 10:56, Yadd wrote:
> > > > On 28/11/2022 22:11, Paul Gevers wrote:
> > > > > Hi Yadd,
&
On Tue, 2022-11-29 at 11:14 +0100, Yadd wrote:
> On 29/11/2022 10:56, Yadd wrote:
> > On 28/11/2022 22:11, Paul Gevers wrote:
> > > Hi Yadd,
> > >
> > > On Sat, 26 Nov 2022 13:01:22 + Adam D Barratt
> > > wrote:
> > > >
package release.debian.org
tags 1024480 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: libvncserver
Version:
package release.debian.org
tags 1024385 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: openvpn-auth-radius
package release.debian.org
tags 1023423 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: pysubnettree
Version:
package release.debian.org
tags 1023798 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: node-loader-utils
Version:
package release.debian.org
tags 1023263 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: clickhouse
Version:
package release.debian.org
tags 1023105 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: tinyxml
Version:
package release.debian.org
tags 1023602 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: xfig
Version:
package release.debian.org
tags 1022122 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: node-minimatch
Version:
package release.debian.org
tags 1023261 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: libtasn1-6
Version:
package release.debian.org
tags 1021963 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: dcfldd
Version:
package release.debian.org
tags 1021838 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: binfmt-support
Version:
package release.debian.org
tags 1021645 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: postfix
Version:
On Sun, 2022-11-13 at 22:10 -0800, Otto Kekäläinen wrote:
> I propose that the latest version of MariaDB 10.5.18 would be
> included
> in the upcoming stable release update of Debian. Package almost ready
> at
> https://salsa.debian.org/mariadb-team/mariadb-10.5/-/commits/bullseye
>
> Before I
Control: tags -1 + confirmed
On Sat, 2022-11-19 at 01:21 +0800, Shengjing Zhu wrote:
> Fix #954264: Support for verify-client-cert openvpn 2.4 directive.
>
> [ Impact ]
> The current version doesn't work with openvpn version (2.5.1) in
> stable.
> The old workaround only works for openvpn 2.4.
>
Control: tags -1 + confirmed
On Sun, 2022-11-13 at 14:57 +0100, Clément Hermann wrote:
> Following discussion with Security Team about vulnerabilities in
> onionshare (see
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014966 ), I
> prepared a
> patched version which backport upstream fixes
Control: tags -1 + confirmed
On Mon, 2022-11-14 at 11:05 +0100, Yadd wrote:
> On 14/11/2022 11:01, Yadd wrote:
> > Hi,
> >
> > here is another update to fix CVE-2022-37599 (trivial patch).
> >
> > Cheers,
> > Yadd
>
> This fix also CVE-2022-37603 (duplicate of CVE-2022-37599)
Please go ahead.
Control: tags -1 + confirmed
On Mon, 2022-11-07 at 14:16 +0100, Roland Rosenfeld wrote:
> This fixes CVE-2021-40241 (a potential buffer overflow in reading an
> environment variable).
>
Please go ahead.
Regards,
Adam
Control: tags -1 + confirmed
On Thu, 2022-11-03 at 16:32 -0400, Scott Kitterman wrote:
> Package is totally broken in Bullseye (see #1005044) and this fixes
> it.
>
Please go ahead.
Regards,
Adam
Control: tags -1 + confirmed
On Tue, 2022-11-01 at 12:24 +0100, Tobias Frost wrote:
> I'm currently preparing a security update for clickhouse for LTS.
> As the versions are quite similar, I've also prepared an update for
> bullseye,
> even if the issues are marked "minor".
>
> The CVE's are:
>
Control: tags -1 + confirmed
On Tue, 2022-11-01 at 12:11 +0100, Andreas Metzler wrote:
> I would like to fix CVE-2021-46848 in bullseye. This was fixed in
> sid/testing by new upstream 4.19.0. I already had some correspondence
> with debian-security, no DSA is planned.
>
Please go ahead.
Control: tags -1 + confirmed
On Sun, 2022-10-30 at 10:31 +0100, Felix Geyer wrote:
> Fixing the no-dsa tagged CVE-2021-42260
>
> [ Impact ]
> DoS vulnerability
>
Please go ahead.
Regards,
Adam
Control: tags -1 + confirmed
On Thu, 2022-10-20 at 17:22 +0200, Yadd wrote:
> node-minimatch is vulnerable to ReDoS
>
Please go ahead.
Regards,
Adam
Control: tags -1 + confirmed
On Mon, 2022-10-17 at 21:35 -0300, Joao Eriberto Mota Filho wrote:
> This is not a regression, but a discovered bug.
>
> dcfldd is an enhanced dd command that is able to calculate the
> following hashes
> when copying data: MD5, SHA1 and SHA2.
>
> The SHA1 was being
Control: tags -1 + confirmed
On Sat, 2022-10-15 at 18:11 +0100, Colin Watson wrote:
> https://bugs.debian.org/1012154 reported a startup issue due to a
> race
> between systemd-binfmt.service and binfmt-support.service (which has
> probably been around for a long time).
>
Control: tags -1 + confirmed
On Wed, 2022-10-12 at 00:05 -0400, Scott Kitterman wrote:
> This is another in my occasional series of postfix updates to
> keep up with upstream maintenance updates to the version in
> stable (v3.5). Upstream is still judicious and reasonable in
> their approach to
Hi,
The next point release for "bullseye" (11.6) is scheduled for Saturday,
December 17th. Processing of new uploads into bullseye-proposed-updates
will be frozen during the preceding weekend.
Regards,
Adam
On Thu, 2022-11-17 at 21:33 +, Adam D. Barratt wrote:
> We've managed to slip behind on getting a bullseye point release
> sorted, again. :-( I realise we're heading towards the holidays at a
> surprising rate of knots, but hopefully we can find a generally
> agreeable date.
>
Hi,
We've managed to slip behind on getting a bullseye point release
sorted, again. :-( I realise we're heading towards the holidays at a
surprising rate of knots, but hopefully we can find a generally
agreeable date.
Please could you indicate your availability and preferences between:
-
package release.debian.org
tags 1023118 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: distro-info-data
Version:
package release.debian.org
tags 1022860 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: powerline-gitstatus
package release.debian.org
tags 1020596 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: mod-wsgi
Version:
package release.debian.org
tags 1021647 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: node-xmldom
Version:
package release.debian.org
tags 1021130 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: tinyexr
Version:
package release.debian.org
tags 1021426 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: glibc
Version:
package release.debian.org
tags 1021777 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: libdatetime-timezone-perl
package release.debian.org
tags 1019915 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: dojo
Version:
package release.debian.org
tags 1019539 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: lemonldap-ng
Version:
On Fri, 2022-10-14 at 13:58 +0200, Timo Röhling wrote:
> * Adam D. Barratt [2022-10-14 12:53]:
> > On Fri, 2022-10-14 at 11:53 +0100, Adam D. Barratt wrote:
> > > Control: tags -1 + confirmed
> > >
> > > On Sun, 2022-10-02 at 19:38 +0200, Timo Röhling
On Fri, 2022-10-14 at 11:53 +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Sun, 2022-10-02 at 19:38 +0200, Timo Röhling wrote:
> > The update fixes two vulnerabilities with low priority, i.e.
> > the security team has decided not to issue a DSA.
> &
package release.debian.org
tags 1021214 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: libconfuse
Version:
package release.debian.org
tags 1021186 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: debmirror
Version:
package release.debian.org
tags 1021172 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: x2gothinclient
Version:
Control: tags -1 + confirmed
On Wed, 2022-10-12 at 09:14 +0200, Yadd wrote:
> node-xmldom is vulnerable to prototype pollution
>
>
Please go ahead.
Regards,
Adam
Control: tags -1 + confirmed
On Sat, 2022-10-08 at 11:30 +0200, Aurelien Jarno wrote:
> The glibc/2.31-13+deb11u4 update introduced a regression (bug
> #1019855) on some early Intel Haswell processors which expose the
> AVX2 instructions, but lack the BMI2 instructions. On such systems
> the
Control: tags -1 + confirmed
On Sun, 2022-10-02 at 19:38 +0200, Timo Röhling wrote:
> The update fixes two vulnerabilities with low priority, i.e.
> the security team has decided not to issue a DSA.
>
> [ Impact ]
> CVE-2022-34300: Heap overflow in DecodePixelData
> CVE-2022-38529: Heap overflow
Control: tags -1 + confirmed
On Fri, 2022-09-23 at 22:59 +, Thorsten Alteholz wrote:
> The attached debdiff for mod-wsgi fixes CVE-2022-2255 in Bullseye.
> This
> CVE has been marked as no-dsa by the security team.
>
Please go ahead.
Regards,
Adam
Control: tags -1 + confirmed
On Fri, 2022-09-16 at 10:46 +0200, Yadd wrote:
> dojo is vulnerable to prototype pollution (#1014785, CVE-2021-23450)
>
Please go ahead.
Regards,
Adam
Control: tags -1 + confirmed
On Sun, 2022-09-11 at 15:13 +0200, Yadd wrote:
> lemonldap-ng before version 2.0.15 has an issue that may maintain
> a session active on a Lemonldap::NG's handler if user has a
> continuous
> activity on this handler after session expiration or deletion
>
On Tue, 2022-10-11 at 09:57 +0200, Yadd wrote:
> On 11/10/2022 09:27, Sebastian Ramacher wrote:
> > On 2022-10-11 06:50:09 +0200, Yadd wrote:
> > > node-jest is still blocked in unstable but I can't understand
> > > why:
> > > * tracker.d.o reports nothing
> > > * Britney output is
Control: tags -1 + confirmed
On Mon, 2022-10-03 at 14:05 +0100, Colin Watson wrote:
> Support mirroring of the new non-free-firmware section. See
> https://lists.debian.org/debian-boot/2022/10/msg00026.html.
>
> [ Impact ]
> The non-free-firmware section will be absent from debmirror-managed
>
package release.debian.org
tags 1020443 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: libbluray
Version:
package release.debian.org
tags 1020853 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: libdatetime-timezone-perl
Control: tags -1 + bullseye
On Wed, 2022-09-21 at 13:47 +0200, Ondřej Surý wrote:
> nmu bind-dyndb-ldap_11.6-3 . ANY . bullseye . -m "rebuild for
> bind9_9.16.33-1~deb11u1"
>
> Hi,
>
> after the bind9_9.16.33-1~deb11u1 is release to bullseye-security,
> the
> bind-dyndb-ldap plugin will require
901 - 1000 of 12248 matches
Mail list logo
