On 2024-04-18 Sebastian Ramacher wrote:
[...]
> Let's start with the first category. Those are packages that could be
> binNMUed, but there are issues that make those rebuilds not have the
> desired effect. This list include packages that
> * are BD-Uninstallabe,
> * FTBFS but with out
On 2024-03-26 Andreas Metzler wrote:
[...]
> nmu exim4_4.97-5 . armel armhf hppa m68k . unstable . -m "Rebuild against
> libspf2-dev >= 1.2.10-8.1 (64-bit time_t transition)"
> The first t64-changed libspf2 was uninstallable on the 32bit archs,
> which is wh
Package: release.debian.org
Severity: normal
Control: affects -1 + src:exim4
User: release.debian@packages.debian.org
Usertags: binnmu
Hello,
nmu exim4_4.97-5 . armel armhf hppa m68k . unstable . -m "Rebuild against
libspf2-dev >= 1.2.10-8.1 (64-bit time_t transition)"
The first
On 2024-03-01 Salvatore Bonaccorso wrote:
> On Thu, Feb 01, 2024 at 06:35:38AM +, Adam D. Barratt wrote:
>> Control: tags -1 + confirmed
>> On Sat, 2024-01-20 at 15:53 +0100, Andreas Metzler wrote:
>>> I would like to fix both CVE-2024-0567 and CVE-2024-0553 via
: #1061045
+Fix more timing side-channel inside RSA-PSK key exchange. CVE-2024-0553
+GNUTLS-SA-2024-01-14 Closes: #1061046
+
+ -- Andreas Metzler Sat, 20 Jan 2024 07:56:15 +0100
+
gnutls28 (3.7.1-5+deb11u4) bullseye; urgency=medium
* Backport fix for CVE-2023-5981 / GNUTLS-SA-2023-10-23
Closes: #1061046
+
+ -- Andreas Metzler Fri, 19 Jan 2024 18:28:37 +0100
+
gnutls28 (3.7.9-2+deb12u1) bookworm; urgency=medium
* Backport fix for CVE-2023-5981 / GNUTLS-SA-2023-10-23 (timing sidechannel
diff -Nru gnutls28-3.7.9/debian/patches/61-x509-detect-loop-in-certificate-chain.patch
-11-30 11:37:44.0 +0100
@@ -1,3 +1,10 @@
+gnutls28 (3.7.1-5+deb11u4) bullseye; urgency=medium
+
+ * Backport fix for CVE-2023-5981 / GNUTLS-SA-2023-10-23 (timing sidechannel
+in RSA-PSK key exchange) from 3.8.2. Closes: #1056188
+
+ -- Andreas Metzler Thu, 30 Nov 2023 11:37:44 +0100
) from 3.8.2. Closes: #1056188
+
+ -- Andreas Metzler Thu, 30 Nov 2023 07:50:48 +0100
+
gnutls28 (3.7.9-2) unstable; urgency=medium
* CI: Do not try to run tests/ktls.sh, it uses a helper binary. (Plus gnutls
diff -Nru gnutls28-3.7.9/debian/patches/60-auth-rsa_psk-side-step-potential-side
On 2023-11-04 Andreas Metzler wrote:
[...]
> Thank you, updated.
Another iteration, adding
+ 76-14-Lookups-Fix-dnsdb-lookup-of-multi-chunk-TXT.-Bug-305.patch Fix
regression in dnsdb in CVE-2023-42119 fix. (Upstream bug 3054)
dnsdb lookups were swallowing the last charac
On 2023-11-04 Salvatore Bonaccorso wrote:
> On Wed, Nov 01, 2023 at 12:03:37PM +0100, Andreas Metzler wrote:
[...]
> > * Update code to 4.96.2, fixing issues with the proxy protocol
> > (CVE-2023-42117) and the `dnsdb` lookup subsystem (CVE-2023-42219). It
> > als
he `dnsdb` lookup subsystem (CVE-2023-42219). It
+also includes additional hardening for spf lookups, however CVE-2023-42218
+was diagnosed as a vulnerability in the libspf2 library and needs to be
+addressed there. Closes: #1053310
+
+ -- Andreas Metzler Wed, 01 Nov 2023 07:07:57 +0100
erability in the libspf2 library and needs to be
+addressed there. Closes: #1053310
+
+ -- Andreas Metzler Wed, 01 Nov 2023 07:07:57 +0100
+
exim4 (4.96-15+deb12u2) bookworm-security; urgency=high
* Non-maintainer upload by the Security Team.
diff -Nru exim4-4.96/debian/patches/75_74-Cancel-e
On 2023-10-07 Jonathan Wiltshire wrote:
[...]
> The version number in this request matches one we've had via a DSA (5512);
> are they the same or does the proposed upload supercede it?
[...]
Hello,
I will need to rebase the proposed changes version on top of the DSA. I
got early notice that a
On 2023-08-16 Andreas Metzler wrote:
[...]
> I would like to push another round of cherry-picked upstream fixes to
> bookworm. They have been part of the uploads to sid up to and including
> 4.96-19.
[...]
Hello,
I had to update the update since 75_78-Fix-free-of-value-after-run.pa
.-Bug-3014.patch: Fix on-demand
+ TLS cert expiry date. Closes: #1043233
+ (Upstream bug 3014)
+
+ -- Andreas Metzler Wed, 16 Aug 2023 15:12:39 +0200
+
exim4 (4.96-15+deb12u1) bookworm; urgency=medium
* 75_42-Fix-run-arg-parsing.patch (From upstream GIT master, backported by
diff
occurred. Closes: #1025420
+ * 75_68-Fix-srs_encode-.-for-mod-1024-day-zero.patch from upstream GIT
+master: Fix ${srs_encode ..}. Previously it would give a bad result for
+one day every 1024 days.
+
+ -- Andreas Metzler Sun, 02 Jul 2023 14:56:17 +0200
+
exim4 (4.96-15) unstable
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
X-Debbugs-Cc: python-ooo...@packages.debian.org, ametz...@bebt.de
Control: affects -1 + src:python-ooolib
Please remove the package from testing, the maintainer was (silently)
waiting for it to
upstream GIT master:
++ 75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch
+ Fix a crash in the smtp transport.
+ https://bugs.exim.org/show_bug.cgi?id=2996
+
+ -- Andreas Metzler Wed, 10 May 2023 18:30:35 +0200
+
exim4 (4.96-14) unstable; urgency=medium
* Pull from
Closes: #1034966
++ pcp-zeroconf Closes: #1034895
++ pcp-export-pcp2xlsx (unfiled)
+
+ -- Andreas Metzler Sun, 07 May 2023 11:36:37 +0200
+
pcp (6.0.3-1) unstable; urgency=low
* New release (full details in CHANGELOG).
diff -Nru pcp-6.0.3/debian/control pcp-6.0.3/debian/control
--- pcp
On 2023-01-10 Sam Hartman wrote:
> > "Graham" == Graham Inggs writes:
> Graham> Hi All
> Graham> On Fri, 6 Jan 2023 at 00:33, Bastian Blank
> wrote:
> Graham> Would it be a bad thing to require all uploads that need to
> Graham> go through NEW (source and binary) to target
On 2022-12-29 "Adam D. Barratt" wrote:
> On Thu, 2022-12-29 at 07:21 +0100, Andreas Metzler wrote:
[...]
> > removing spamassassin/4.0.0~rc4-1/amd64 from testing makes claws-
[...]
> That's due to the arch:all build failing, which means there is no
> "spamassass
Hello,
I do not understand why spamassassin 4.0.0 does not prpagate to testing.
Tracker/excuses https://qa.debian.org/excuses.php?package=spamassassin
says:
Issues preventing migration:
[...]
removing spamassassin/4.0.0~rc4-1/amd64 from testing makes
claws-mail-spamassassin/4.1.1-2/amd64
-ETYPE_OK-off-by-one-array-size-check.-Closes-32.patch
+
+ -- Andreas Metzler Tue, 01 Nov 2022 11:57:42 +0100
+
libtasn1-6 (4.16.0-2) unstable; urgency=low
* Upload to unstable.
diff -Nru libtasn1-6-4.16.0/debian/patches/10_Fix-ETYPE_OK-off-by-one-array-size-check.-Closes-32.patch libtasn1-6
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu
X-Debbugs-Cc: ametz...@bebt.de, dh-fortran-...@packages.debian.org
Hello,
according to
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu
nmu sa-exim_4.2.1-20 . ANY . unstable . -m "rebuild against exim4 4.96"
Please rebuild sa-exim allowing exim4 4.96-1 to propagate to testing.
TIA, cu Andreas
--
`What a good friend you
On 2022-05-29 Andreas Metzler wrote:
[...]
> as requested in #1011246 I would like fix miscalculation of SHA384 in
> the SSA accelarated implementation.
> It is a one-line change and was part of the 3.7.3 release.
[...]
Actually this seems like a good opportunity to fix a minor C
fix from 3.7.3. Closes: #1011246
+
+ -- Andreas Metzler Sun, 22 May 2022 13:04:01 +0200
+
gnutls28 (3.7.1-5) unstable; urgency=medium
* Another fix from 3.7.2:
diff -Nru gnutls28-3.7.1/debian/patches/56_40-fix-SSSE3-SHA384-to-work-more-than-once.patch gnutls28-3.7.1/debian/patches/56_40-fix
X-Debbugs-Cc: gnutl...@packages.debian.org, Kurt Roeckx , Paul
Gevers , Sebastian Andrzej Siewior
On 2022-03-21 Sebastian Andrzej Siewior wrote:
> On 2022-03-21 00:12:11 [+0100], To Kurt Roeckx wrote:
> > doesn't help here but
> > -cipher "ALL:@SECLEVEL=1"
> > does.
> Only debci is
+branch: Fix re-expansion of custom message with control=fakereject.
+
+ -- Andreas Metzler Tue, 13 Jul 2021 18:04:57 +0200
+
exim4 (4.94.2-6) unstable; urgency=medium
* Cherrypick
diff -Nru exim4-4.94.2/debian/patches/73_05-Fix-tainted-message-for-fakereject.patch exim4-4.94.2/debian
on to disable daemon notifier socket. Enforce lockstep ugrade of -base
> and *daemon* by temporarily adding a versioned Breaks to exim4-base on
> older *daemon*. Closes: #988844
> (change by Andreas Metzler)
> This fixes a regression from buster.
> Maintainer and bu
On 2021-06-12 "Adam D. Barratt" wrote:
[...]
> As we're getting close to the window for 10.10 closing, please feel
> free to upload the package and we'll handle the d-i coordination from
> there.
Thanks for the heads-up. Done.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His
@@
+libgcrypt20 (1.8.4-5+deb10u1) buster; urgency=medium
+
+ * 31_cipher-Fix-ElGamal-encryption-for-other-implementati.patch from
+upstream LIBGCRYPT-1.8-BRANCH: Fix weak ElGamal encryption with keys *not*
+generated by GnuPG/libgcrypt. CVE-2021-33560
+
+ -- Andreas Metzler Sat, 29 May 2021
+++ libgcrypt20-1.8.7/debian/changelog 2021-05-27 18:07:38.0 +0200
@@ -1,3 +1,26 @@
+libgcrypt20 (1.8.7-6) unstable; urgency=medium
+
+ * Update from LIBGCRYPT-1.8-BRANCH:
++ 30_10-cipher-Fix-ElGamal-encryption-for-other-implementati.patch
+
+ -- Andreas Metzler Thu, 27 May 2021 18:07
1-20232), both together GNUTLS-SA-2021-03-10.
++ 47_rel3.6.16_05-_gnutls_buffer_resize-account-for-unused-area-if-AGG.patch
++ 47_rel3.6.16_06-str-suppress-Wunused-function-if-AGGRESSIVE_REALLOC-.patch
+
+ -- Andreas Metzler Fri, 14 May 2021 13:33:38 +0200
+
gnutls28 (3.6.7-4+deb10u6) buster; urgency=medium
+
+ * Further updates from heiko/exim-4.94+fixes+taintwarn:
++ 75_24-Silence-the-compiler.patch
++ 75_26-Disable-taintchecks-for-mkdir-this-isn-t-part-of-4.9.patch
+ * Upload to unstable.
+
+ -- Andreas Metzler Mon, 26 Apr 2021 18:35:43 +0200
+
+exim4 (4.94-18) experimental; urgency
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: ex...@packages.debian.org
Hello,
Please consider exim4/4.94-19 for bullseye. Due to the newly introduced
tainting mechanism exim upgrades from buster to bullseye currently
log 2021-03-18 13:54:47.0 +0100
@@ -1,3 +1,30 @@
+exim4 (4.94-17) unstable; urgency=medium
+
+ * Let exim4-config Recommend ca-certificates, needed for certificate
+verification.
+
+ -- Andreas Metzler Thu, 18 Mar 2021 13:54:47 +0100
+
+exim4 (4.94-16) unstable; urgency=medium
+
+ * REA
+
+ * 850_f02459498cb4_Prevent_string_vulnerability_by_refusing.diff
+cherry-picked from 2.9.20 rc3: Fixes format string bug, pasing along
+format strings in user specified output filename to printf.
+Closes: #985249
+
+ -- Andreas Metzler Thu, 18 Mar 2021 14:12:08 +0100
+
libpano13 (2.9.19+dfsg-3) unstable; urgency=medium
are possible, but for a stable update documenting
+this is the best compromise.)
+
+ -- Andreas Metzler Thu, 18 Mar 2021 09:10:15 +0100
+
exim4 (4.92-8+deb10u4) buster-security; urgency=high
* Fix authentication bypass in SPA authenticator due to out-of-bound buffer
diff -Nru
exim4-4.92
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu
nmu sa-exim_4.2.1-19 . ANY . unstable . -m "Rebuild against current exim
localscan ABI. (See #981398)"
That is necessary to let sa-exim work again in sid and bulleye. The
wrong Provides of
+Fix test suite error caused by expired certificate.
+Closes: #977552
+
+ -- Andreas Metzler Sat, 02 Jan 2021 14:15:36 +0100
+
gnutls28 (3.6.7-4+deb10u5) buster; urgency=medium
* 42_rel3.6.11_10-session-tickets-parse-extension-during-session-resum.patch
diff -Nru gnutls28-3.6.7/debian
On 2020-07-02 "Adam D. Barratt" wrote:
> Control: tags -1 + confirmed
> On Thu, 2020-06-25 at 17:37 +0200, Andreas Metzler wrote:
>> I would like to make a last bugfix upload to stretch:
>> * Pull fixes for CVE-2019-3836 / [GNUTLS-SA-2019-03-27, #694].
[...]
> Please go ahead.
Thanks, done.
On 2020-06-25 Salvatore Bonaccorso wrote:
> On Thu, Jun 25, 2020 at 05:41:42PM +0200, Andreas Metzler wrote:
> > On 2020-06-25 Andreas Metzler wrote:
> > [...]
> > > * Pull fixes for CVE-2019-3836 / [GNUTLS-SA-2019-03-27, #694].
[...]
> Only noticed too late, but the
On 2020-06-25 Andreas Metzler wrote:
[...]
> * Pull fixes for CVE-2019-3836 / [GNUTLS-SA-2019-03-27, #694].
> + 40_casts_related_to_fix_CVE-2019-3829.patch
> + 40_rel3.6.7_01-Automatically-NULLify-after-gnutls_free.patch
> + 40_rel3.6.7_01-fuzz-added-fuzzer-for
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
Hello,
I would like to make a last bugfix upload to stretch:
* Pull fixes for CVE-2019-3836 / [GNUTLS-SA-2019-03-27, #694].
+ 40_casts_related_to_fix_CVE-2019-3829.patch
+
Control: tags -1 - moreinfo
Control: retitle -1 buster-pu: package gnutls28/3.6.7-4+deb10u5
On 2020-05-26 Andreas Metzler wrote:
> Control: tags 960836 + moreinfo
> Please hold on approving this. I will probably need to add a fix for
> https://gitlab.com/gnutls/gnutls/-/issues/997
Hel
Control: tags 960836 + moreinfo
Please hold on approving this. I will probably need to add a fix for
https://gitlab.com/gnutls/gnutls/-/issues/997
cu Andreas
Control: tags 960836 - moreinfo
On 2020-05-17 "Adam D. Barratt" wrote:
> Control: tags -1 + moreinfo
> On Sun, 2020-05-17 at 14:23 +0200, Andreas Metzler wrote:
>> I would like to update gnutls to fix #95664 aka
>> https://gitlab.com/gnutls/gnutls/-/issues/841
GNUTLS 3.6.11: Fix TL1.2 resumption errors. Closes: #956649
+ * 47_rel3.6.14_10-session_pack-fix-leak-in-error-path.patch from GNUTLS
+3.6.14: One line fix for memory leak. Closes: #958704
+
+ -- Andreas Metzler Sun, 17 May 2020 13:45:29 +0200
+
gnutls28 (3.6.7-4+deb10u3) buster-security
-patch diff instead.
cu Andreas
From de3d573242195eddab914709584242610b2e2762 Mon Sep 17 00:00:00 2001
From: Andreas Metzler
Date: Sun, 19 Jan 2020 18:00:12 +0100
Subject: [PATCH] Fix parsing of certificates using RegisteredID Closes:
#949293
---
debian/binary/cert10.der
On 2020-01-03 Paul Gevers wrote:
> On 31-12-2019 18:26, Andreas Metzler wrote:
[...]
> > Afaict the involved packages should propagate to testing in 3 days, when
> > enblend-enfuse is old enough. I have commited the fix. [1]
> Unfortunately libvigraimpex is (hopefully only te
On 2019-12-31 Sebastiaan Couwenberg wrote:
> On 12/31/19 4:20 PM, Andreas Metzler wrote:
>> as Bas correctly diagnoses I am not currently building for all supported
>> versions but only for the default one because it is not trivial but
>> requires some work. Looking at
On 2019-12-31 Sebastiaan Couwenberg wrote:
> On 12/30/19 9:48 PM, Paul Gevers wrote:
[...]
>> libvigraimpex is also part of the pseudo python3.8 transition [1], but
>> it is still red. This probably means that you are not correctly building
>> Python3 modules for all supported Python3 versions.
On 2019-12-26 Paul Gevers wrote:
> On 25-12-2019 19:29, Andreas Metzler wrote:
>> libvigraimpex is marked for autoremoval because of the python2 removal.
>> This is fixed in experimental, the new version features a soname bump.
[...]
> Normally we don't want python 2 remov
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
Hello,
libvigraimpex is marked for autoremoval because of the python2 removal.
This is fixed in experimental, the new version features a soname bump.
this should be a small scale
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu
nmu sa-exim_4.2.1-18 . ANY . unstable . -m "Rebuild against
exim4-localscanapi-3.1 (exim 4.93)"
Hello,
please binNMU sa-exim to make it installable again.
exim 4.93 broke the local_scan
bid-random-padding.patch
+from 3.6.10: Fix interop problems with gnutls 2.x. Closes: #933538
+(Thanks, Hanno Stock!)
+
+ -- Andreas Metzler Sat, 30 Nov 2019 13:41:59 +0100
+
gnutls28 (3.6.7-4) unstable; urgency=medium
* Cherry-pick important bug-fixes from 3.6.8:
diff -Nru gnutl
Package: release.debian.org
Severity: normal
Hello,
In hindsight I have chosen the wrong urgency for exim4 4.92.1-3, a
remote root command execution should migrate as fast as possible. Could
please bump the urgency/shorten the migration period?
urgent exim4/4.92.1-3
TIA, cu Andreas
-- System
t on smtp response to apply to the whole response instead
+ of resetting for every byte received.
++ 75_15-Fix-detection-of-32b-platform-at-build-time.-Bug-240.patch
+ https://bugs.exim.org/show_bug.cgi?id=2405
+ ${eval } was broken on 32bit archs.
+
+ -- Andreas Metzler Sat, 08 Jun 2
gitlab.com/gnutls/gnutls/issues/754
+
+ -- Andreas Metzler Wed, 12 Jun 2019 19:21:23 +0200
+
gnutls28 (3.6.7-3) unstable; urgency=medium
* Revert debhelper upgrade, use DH 10.
diff -Nru
gnutls28-3.6.7/debian/patches/40_rel3.6.8_01-gnutls_srp_entry_free-follow-consistent-behavior-in.patch
gnutl
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package exim4. This upload pulls 5 patches from upstream
GIT:
+ 75_11-GnuTLS-fix-tls_out_ocsp-under-hosts_request_ocsp.patch
Fix expansion of $tls_out_ocsp under
On 2019-05-20 Paul Gevers wrote:
> On 19-05-2019 10:33, Andreas Metzler wrote:
>> I probably could try to pick the CVE related changes and other important
>> bug-fixes, however I do not think it is the right choice. The changes
>> will be smaller but the risk of breakage
On 2019-05-18 Paul Gevers wrote:
[gnutls]
> Is it reasonably possible to split of the CVE changes and patch the
> version currently in testing? That would be much more comfortable for
> us. Either by reverting the new upstream version with e.g. an +really
> version number, or, but less preferred
On 2019-04-04 Andreas Metzler wrote:
[...]
> This is a upstream bugfix release featuring two security fixes
> + Fixes a memory corruption (double free) vulnerability in the
> certificate verification API.
> https://gitlab.com/gnutls/gnutls/issues/694 CVE-2019-3829
&g
On 2019-04-11 Paul Gevers wrote:
> Control: tags -1 moreinfo
> Hi Andreas,
> On 11-04-2019 19:51, Andreas Metzler wrote:
>> The second notable change is related to sa-exim. Exim in Debian was
>> patched to allow dlopening a localscan() module. The single consumer of
&g
the (working) version of the patch. Drop exim4-dev package. Add a NEWS
+entry for this change.
+
+ -- Andreas Metzler Sun, 07 Apr 2019 13:39:31 +0200
+
+exim4 (4.92-4) unstable; urgency=medium
+
+ * Another patch from exim-4.92+fixes branch:
+75_10-Harden-plaintext-authenticator.patch
+
+ -- A
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package gnutls28.
This is a upstream bugfix release featuring two security fixes
+ Fixes a memory corruption (double free) vulnerability in the
certificate
HA.patch
++ 39_02-dummy_wait-always-hash-the-same-amount-of-blocks-tha.patch
++ 39_03-cbc_mac_verify-require-minimum-padding-under-SSL3.0.patch
++ 39_04-hmac-sha384-and-sha256-ciphersuites-were-removed-fro.patch
++ 39_05-tests-pkcs12_encode-fix-test-for-SHA512.patch
+
+ -- Andreas Metzler
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package libgcrypt20, this is a upstream bugfix/security
release of the stable branch, fixing CVE-2018-0495.
On 2018-04-08 Andreas Metzler <ametz...@bebt.de> wrote:
> On 2018-04-08 Emilio Pozuelo Monfort <po...@debian.org> wrote:
>> On 08/04/18 07:45, Andreas Metzler wrote:
>[...]
>>> it looks like the transition needs some brute force/hint. Both efl and
>
On 2018-04-08 Emilio Pozuelo Monfort <po...@debian.org> wrote:
> On 08/04/18 07:45, Andreas Metzler wrote:
[...]
>> it looks like the transition needs some brute force/hint. Both efl and
>> e17 are valid candidates, but do not propagate. Good somebody please
>>
On 2018-03-13 Ross Vandegrift wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: transition
> Hello,
> I'd like to request a transition for efl from experimental -> unstable. This
> release takes over a few other
On 2018-03-13 Emilio Pozuelo Monfort wrote:
> Control: tags -1 confirmed
> On 13/03/18 08:15, Ross Vandegrift wrote:
>> Package: release.debian.org
>> Severity: normal
>> User: release.debian@packages.debian.org
>> Usertags: transition
>> Hello,
>> I'd like to request a
On 2017-11-26 "Adam D. Barratt" <a...@adam-barratt.org.uk> wrote:
> On Sun, 2017-11-26 at 16:22 +0100, Andreas Metzler wrote:
>> mariadb-10.1 1:10.1.29-6 seems to be stuck in sid. It does not
>> propagate to testing although
>> https://qa.debian.org/e
Hello,
mariadb-10.1 1:10.1.29-6 seems to be stuck in sid. It does not propagate
to testing although
https://qa.debian.org/excuses.php?package=mariadb-10.1 lists it as valid
candidate.
Could you please check the cause?
Thanks, cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package libgcrypt20, it includes the the fix for
CVE-2017-0379 https://www.debian.org/security/2017/dsa-3959
TIA, cu Andreas
unblock libgcrypt20/1.7.9-1
--
`What a good
On 2017-08-08 "Adam D. Barratt" <a...@adam-barratt.org.uk> wrote:
> On Sun, 2017-07-23 at 15:28 +0200, Andreas Metzler wrote:
>> gnutls upstream has pointed out that it would make sense to pull
>> two patches from 3.5.14. These improve interoperability by avoiding
with ecdsa
+signatures.
+https://gitlab.com/gnutls/gnutls/issues/223
+Thanks to Nikos Mavrogiannopoulos for the suggestion.
+
+ -- Andreas Metzler <ametz...@debian.org> Sun, 23 Jul 2017 14:28:37 +0200
+
gnutls28 (3.5.8-5+deb9u2) stretch; urgency=medium
* 37_aarch64-fix-AES-GCM-in
On 2017-07-15 "Adam D. Barratt" <a...@adam-barratt.org.uk> wrote:
> Control: tags -1 + confirmed
> On Sat, 2017-07-08 at 10:52 +0200, Andreas Metzler wrote:
>> I would like to fix #867581 in stable by pulling the patch from 3.5.13.
>> The issue is about
On 2017-07-09 Jonathan Wiltshire <j...@debian.org> wrote:
> Control: tag -1 confirmed
> On Sat, Jul 08, 2017 at 01:22:26PM +0200, Andreas Metzler wrote:
>> wmaker 0.95.8 features a soname bump of libwraster. There are only 3
>> other packages involved (wdm, wmforecast
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
wmaker 0.95.8 features a soname bump of libwraster. There are only 3
other packages involved (wdm, wmforecast and wmweather+) and all of them
build fine against the libwmaker-dev in
. Closes: #867581
+
+ -- Andreas Metzler <ametz...@debian.org> Sat, 08 Jul 2017 10:29:05 +0200
+
gnutls28 (3.5.8-5+deb9u1) stretch-security; urgency=high
* 36_CVE-2017-7507_*.patch: Pulled from 3.5.13, fix crash upon receiving
diff -Nru gnutls28-3.5.8/debian/patches/37_aarch64-fix-A
On 2017-06-27 Cyril Brulebois <k...@debian.org> wrote:
> Andreas Metzler <ametz...@bebt.de> (2017-06-24):
>> would like to fix the following issue in gnutls28/jessie (It was fixed
>> in 3.5.3 and therefore does not apply to stretch/buster
-to-determine-device-u.patch from
+upstream gnutls_3_3_x branch: Improve check for /dev/urandom uniqueness.
+Ensure that when gnutls_global_init() is called for a second time that
+/dev/urandom is re-opened when the inode or device ID has changed.
+Closes: #865297
+
+ -- Andreas Metzler
On 2017-06-18 Jörg Frings-Fürst wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: transition
> Hello,
> I'd want to upload libunistring 0.9.7 to unstable. The ABI is bumped.
[...]
Hello,
Point of
Hello,
I first understood the latest mail to -announce ("Planned release of
stretch") to mean that propagation from sid to stretch is not possible
anymore (except for critical fixes).
However now that I am in a position of wanting to get something into the
1st point release I am wondering
.
+
+ -- Andreas Metzler <ametz...@debian.org> Sat, 03 Jun 2017 10:58:36 +0200
+
libgcrypt20 (1.7.6-1) unstable; urgency=medium
* New upstream version, includes
diff -Nru libgcrypt20-1.7.6/debian/patches/30_gcry177_01-ecc-Store-EdDSA-session-key-in-secure-memory.patch libgcrypt20-1.7.6/
On 2017-04-27 "Adam D. Barratt" <a...@adam-barratt.org.uk> wrote:
> On Mon, 2017-03-06 at 19:24 +0100, Andreas Metzler wrote:
[...]
>> upstream has now released 3.5.10/3.3.27 including these fixes and
>> another one on top:
>> + 55_16_Enforce-the-max-packe
On 2017-04-23 "Adam D. Barratt" <a...@adam-barratt.org.uk> wrote:
> On Sun, 2017-03-05 at 19:08 +0100, Andreas Metzler wrote:
> > I would like fix a number of minor issues in GnuTLS.
> Apologies for the delay in getting back to you.
> Are all of the issue
On 2017-03-11 Andreas Metzler <ametz...@bebt.de> wrote:
[...]
> unblock exim4/4.89-1
> unblock eximdoc4/4.89-1
Ping?
error with custom temporary directory
+50_67c64f0ca1c4_Fixes_a_type_of_format_string.diff
+ error.
+51_401823447b21_Fixes_running_assistant_with_user_defined_temp_directory.diff
+Closes: #822062, #855505
+
+ -- Andreas Metzler <ametz...@debian.org> Sun, 26 Feb 2017 08:23:23
On 2017-03-05 Andreas Metzler <ametz...@bebt.de> wrote:
> Package: release.debian.org
> Severity: normal
> Tags: jessie
> User: release.debian@packages.debian.org
> Usertags: pu
> Hello,
> I would like fix a number of minor issues in GnuTLS.
> Most of th
. No longer allow OpenPGP certificates (public keys) to contain
+ private key sub-packets. Issue found using oss-fuzz project:
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360
+ [GNUTLS-SA-2017-3B]
+
+ -- Andreas
-memory-leak-on-Gnu-TLS-close.patch from upstream exim-4_84_2+fixes
+branch: Fix GnuTLS memory leak. (Thanks, Heiko Schlittermann!)
+Closes: #845569
+
+ -- Andreas Metzler <ametz...@debian.org> Mon, 02 Jan 2017 19:18:05 +0100
+
exim4 (4.84.2-2+deb8u2) jessie-security; urgenc
* Pull 75_Fix-DKIM-information-leakage.patch from upstream GIT, fixing DKIM
+information leakage issue CVE-2016-9963.
+
+ -- Andreas Metzler <ametz...@debian.org> Thu, 22 Dec 2016 16:50:21 +0100
+
exim4 (4.88~RC6-1) unstable; urgency=low
* New upstream version.
@@ -109,7 +121,7 @@
turned
+by PKCS#8 decryption functions when an invalid key is provided. This
+addresses regression on decrypting certain PKCS#8 keys.
+Closes: #848905
+
+ -- Andreas Metzler <ametz...@debian.org> Tue, 20 Dec 2016 18:47:13 +0100
+
gnutls28 (3.5.7-2) unstable; urgency=medium
* Up
On 2016-10-31 "Adam D. Barratt" <a...@adam-barratt.org.uk> wrote:
> On Sun, 2016-10-30 at 07:46 +0100, Andreas Metzler wrote:
[...]
>> I think it makes sense to add the GnuTLS patch for compatibitlity with
>> CVE-2016-6489-patched nettle. (832983).
> jessie's
On 2016-10-09 Salvatore Bonaccorso <car...@debian.org> wrote:
[...]
> Hi Stable Release Managers,
> X-Debbugs-CC'ed Andreas Metzler.
> gnutls28 in jessie is affected by CVE-2016-7444, GNUTLS-SA-2016-3,
> having a flaw in the OCSP certificate check. This was fixed upstr
On 2016-07-26 Salvatore Bonaccorso wrote:
> On Mon, Jul 25, 2016 at 08:50:47PM +0200, Salvatore Bonaccorso wrote:
>> On Mon, Jul 25, 2016 at 07:28:33PM +0100, Adam D. Barratt wrote:
>>> On Mon, 2016-07-25 at 20:14 +0200, Salvatore Bonaccorso wrote:
[...]
Since we claimed
On 2016-06-17 "Adam D. Barratt" <a...@adam-barratt.org.uk> wrote:
> Control: tags -1 + pending
> On Thu, 2016-06-16 at 18:38 +0200, Andreas Metzler wrote:
> > On 2016-06-12 "Adam D. Barratt" <a...@adam-barratt.org.uk> wrote:
> > > Control: ta
1 - 100 of 427 matches
Mail list logo