Processed: bug 1014460 is forwarded to https://release.debian.org/transitions/html/php8.2.html
Processing commands for cont...@bugs.debian.org: > forwarded 1014460 https://release.debian.org/transitions/html/php8.2.html Bug #1014460 [release.debian.org] transition: php8.2 Set Bug forwarded-to-address to 'https://release.debian.org/transitions/html/php8.2.html'. > thanks Stopping processing here. Please contact me if you need assistance. -- 1014460: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014460 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1016771: nmu: liboqs_0.7.2~rc1-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu Hello, I want to request binNMU on amd64 for recently accepted new package. nmu liboqs_0.7.2~rc1-1 . amd64 . unstable . -m "Rebuild on buildd" Thanks, Andrius
NEW changes in stable-new
Processing changes file: rustc-mozilla_1.59.0+dfsg1-1~deb11u3_mips64el-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: grub2_2.06-3~deb11u1_amd64-buildd.changes ACCEPT Processing changes file: grub2_2.06-3~deb11u1_i386-buildd.changes ACCEPT Processing changes file: xtables-addons_3.13-1+deb11u1_amd64-buildd.changes ACCEPT Processing changes file: xtables-addons_3.13-1+deb11u1_i386-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: grub2_2.06-3~deb11u1_armel-buildd.changes ACCEPT Processing changes file: grub2_2.06-3~deb11u1_mips64el-buildd.changes ACCEPT Processing changes file: grub2_2.06-3~deb11u1_mipsel-buildd.changes ACCEPT Processing changes file: rust-cbindgen_0.23.0-1~deb11u1_mipsel-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: commons-daemon_1.0.15-8+deb11u1_all-buildd.changes ACCEPT Processing changes file: commons-daemon_1.0.15-8+deb11u1_amd64-buildd.changes ACCEPT Processing changes file: commons-daemon_1.0.15-8+deb11u1_arm64-buildd.changes ACCEPT Processing changes file: commons-daemon_1.0.15-8+deb11u1_armel-buildd.changes ACCEPT Processing changes file: commons-daemon_1.0.15-8+deb11u1_armhf-buildd.changes ACCEPT Processing changes file: commons-daemon_1.0.15-8+deb11u1_mips64el-buildd.changes ACCEPT Processing changes file: commons-daemon_1.0.15-8+deb11u1_mipsel-buildd.changes ACCEPT Processing changes file: commons-daemon_1.0.15-8+deb11u1_ppc64el-buildd.changes ACCEPT Processing changes file: dbus-broker_26-1+deb11u2_amd64-buildd.changes ACCEPT Processing changes file: dbus-broker_26-1+deb11u2_arm64-buildd.changes ACCEPT Processing changes file: dbus-broker_26-1+deb11u2_armel-buildd.changes ACCEPT Processing changes file: dbus-broker_26-1+deb11u2_armhf-buildd.changes ACCEPT Processing changes file: dbus-broker_26-1+deb11u2_mips64el-buildd.changes ACCEPT Processing changes file: dbus-broker_26-1+deb11u2_mipsel-buildd.changes ACCEPT Processing changes file: dbus-broker_26-1+deb11u2_ppc64el-buildd.changes ACCEPT Processing changes file: dnsproxy_1.16-0.1+deb11u1_amd64-buildd.changes ACCEPT Processing changes file: dnsproxy_1.16-0.1+deb11u1_arm64-buildd.changes ACCEPT Processing changes file: dnsproxy_1.16-0.1+deb11u1_armel-buildd.changes ACCEPT Processing changes file: dnsproxy_1.16-0.1+deb11u1_armhf-buildd.changes ACCEPT Processing changes file: dnsproxy_1.16-0.1+deb11u1_i386-buildd.changes ACCEPT Processing changes file: dnsproxy_1.16-0.1+deb11u1_mips64el-buildd.changes ACCEPT Processing changes file: dnsproxy_1.16-0.1+deb11u1_mipsel-buildd.changes ACCEPT Processing changes file: dnsproxy_1.16-0.1+deb11u1_ppc64el-buildd.changes ACCEPT Processing changes file: grub2_2.06-3~deb11u1_arm64-buildd.changes ACCEPT Processing changes file: grub2_2.06-3~deb11u1_armhf-buildd.changes ACCEPT Processing changes file: grub2_2.06-3~deb11u1_ppc64el-buildd.changes ACCEPT Processing changes file: libayatana-appindicator_0.5.5-2+deb11u1_all-buildd.changes ACCEPT Processing changes file: libayatana-appindicator_0.5.5-2+deb11u1_amd64-buildd.changes ACCEPT Processing changes file: libayatana-appindicator_0.5.5-2+deb11u1_arm64-buildd.changes ACCEPT Processing changes file: libayatana-appindicator_0.5.5-2+deb11u1_armel-buildd.changes ACCEPT Processing changes file: libayatana-appindicator_0.5.5-2+deb11u1_armhf-buildd.changes ACCEPT Processing changes file: libayatana-appindicator_0.5.5-2+deb11u1_i386-buildd.changes ACCEPT Processing changes file: libayatana-appindicator_0.5.5-2+deb11u1_mips64el-buildd.changes ACCEPT Processing changes file: libayatana-appindicator_0.5.5-2+deb11u1_mipsel-buildd.changes ACCEPT Processing changes file: libayatana-appindicator_0.5.5-2+deb11u1_ppc64el-buildd.changes ACCEPT Processing changes file: libayatana-appindicator_0.5.5-2+deb11u1_s390x-buildd.changes ACCEPT Processing changes file: xtables-addons_3.13-1+deb11u1_all-buildd.changes ACCEPT Processing changes file: xtables-addons_3.13-1+deb11u1_arm64-buildd.changes ACCEPT Processing changes file: xtables-addons_3.13-1+deb11u1_armel-buildd.changes ACCEPT Processing changes file: xtables-addons_3.13-1+deb11u1_armhf-buildd.changes ACCEPT Processing changes file: xtables-addons_3.13-1+deb11u1_mips64el-buildd.changes ACCEPT Processing changes file: xtables-addons_3.13-1+deb11u1_mipsel-buildd.changes ACCEPT Processing changes file: xtables-addons_3.13-1+deb11u1_ppc64el-buildd.changes ACCEPT Processing changes file: xtables-addons_3.13-1+deb11u1_s390x-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: commons-daemon_1.0.15-8+deb11u1_i386-buildd.changes ACCEPT Processing changes file: commons-daemon_1.0.15-8+deb11u1_s390x-buildd.changes ACCEPT Processing changes file: dbus-broker_26-1+deb11u2_i386-buildd.changes ACCEPT Processing changes file: dbus-broker_26-1+deb11u2_s390x-buildd.changes ACCEPT Processing changes file: dnsproxy_1.16-0.1+deb11u1_s390x-buildd.changes ACCEPT Processing changes file: grub2_2.06-3~deb11u1_s390x-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: rustc-mozilla_1.59.0+dfsg1-1~deb11u3_mipsel-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: rustc-mozilla_1.59.0+dfsg1-1~deb11u3_ppc64el-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: rustc-mozilla_1.59.0+dfsg1-1~deb11u3_arm64-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: rustc-mozilla_1.59.0+dfsg1-1~deb11u3_s390x-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: rustc-mozilla_1.59.0+dfsg1-1~deb11u3_armhf-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: rustc-mozilla_1.59.0+dfsg1-1~deb11u3_amd64-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: rustc-mozilla_1.59.0+dfsg1-1~deb11u3_all-buildd.changes ACCEPT Processing changes file: rustc-mozilla_1.59.0+dfsg1-1~deb11u3_i386-buildd.changes ACCEPT
Bug#1016391: bullseye-pu: libhttp-daemon-perl/6.12-1+deb11u1
On Sat, 6 Aug 2022, Adam D. Barratt wrote: Please go ahead. ... and uploaded. Thanks! Thorsten
NEW changes in oldstable-new
Processing changes file: commons-daemon_1.0.15-8+deb10u1_mips-buildd.changes ACCEPT Processing changes file: dropbear_2018.76-5+deb10u1_armel-buildd.changes ACCEPT Processing changes file: dropbear_2018.76-5+deb10u1_mips-buildd.changes ACCEPT Processing changes file: fribidi_1.0.5-3.1+deb10u2_armel-buildd.changes ACCEPT Processing changes file: fribidi_1.0.5-3.1+deb10u2_mips-buildd.changes ACCEPT Processing changes file: grub2_2.06-3~deb10u1_amd64-buildd.changes ACCEPT Processing changes file: grub2_2.06-3~deb10u1_armel-buildd.changes ACCEPT Processing changes file: grub2_2.06-3~deb10u1_i386-buildd.changes ACCEPT Processing changes file: grub2_2.06-3~deb10u1_mipsel-buildd.changes ACCEPT Processing changes file: minidlna_1.2.1+dfsg-2+deb10u3_armel-buildd.changes ACCEPT Processing changes file: minidlna_1.2.1+dfsg-2+deb10u3_mips-buildd.changes ACCEPT Processing changes file: unrar-nonfree_5.6.6-1+deb10u1_armel-buildd.changes ACCEPT Processing changes file: unrar-nonfree_5.6.6-1+deb10u1_armhf-buildd.changes ACCEPT Processing changes file: unrar-nonfree_5.6.6-1+deb10u1_mips-buildd.changes ACCEPT
NEW changes in oldstable-new
Processing changes file: commons-daemon_1.0.15-8+deb10u1_armel-buildd.changes ACCEPT Processing changes file: commons-daemon_1.0.15-8+deb10u1_armhf-buildd.changes ACCEPT Processing changes file: commons-daemon_1.0.15-8+deb10u1_i386-buildd.changes ACCEPT Processing changes file: dropbear_2018.76-5+deb10u1_armhf-buildd.changes ACCEPT Processing changes file: dropbear_2018.76-5+deb10u1_i386-buildd.changes ACCEPT Processing changes file: flac_1.3.2-3+deb10u2_mips64el-buildd.changes ACCEPT Processing changes file: fribidi_1.0.5-3.1+deb10u2_armhf-buildd.changes ACCEPT Processing changes file: fribidi_1.0.5-3.1+deb10u2_i386-buildd.changes ACCEPT Processing changes file: grub2_2.06-3~deb10u1_armhf-buildd.changes ACCEPT Processing changes file: grub2_2.06-3~deb10u1_mips-buildd.changes ACCEPT Processing changes file: htmldoc_1.9.3-1+deb10u4_i386-buildd.changes ACCEPT Processing changes file: htmldoc_1.9.3-1+deb10u4_mips-buildd.changes ACCEPT Processing changes file: minidlna_1.2.1+dfsg-2+deb10u3_armhf-buildd.changes ACCEPT Processing changes file: minidlna_1.2.1+dfsg-2+deb10u3_i386-buildd.changes ACCEPT Processing changes file: mutt_1.10.1-2.1+deb10u6_armel-buildd.changes ACCEPT Processing changes file: mutt_1.10.1-2.1+deb10u6_armhf-buildd.changes ACCEPT Processing changes file: mutt_1.10.1-2.1+deb10u6_i386-buildd.changes ACCEPT Processing changes file: mutt_1.10.1-2.1+deb10u6_mips-buildd.changes ACCEPT Processing changes file: nvidia-graphics-drivers_418.226.00-3_amd64-buildd.changes ACCEPT Processing changes file: nvidia-graphics-drivers_418.226.00-3_armhf-buildd.changes ACCEPT Processing changes file: nvidia-graphics-drivers_418.226.00-3_i386-buildd.changes ACCEPT Processing changes file: unrar-nonfree_5.6.6-1+deb10u1_amd64-buildd.changes ACCEPT Processing changes file: unrar-nonfree_5.6.6-1+deb10u1_i386-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: commons-daemon_1.0.15-8+deb11u1_source.changes ACCEPT Processing changes file: dnsproxy_1.16-0.1+deb11u1_source.changes ACCEPT Processing changes file: xtables-addons_3.13-1+deb11u1_source.changes ACCEPT
Processed: xtables-addons 3.13-1+deb11u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1014705 = bullseye pending Bug #1014705 [release.debian.org] bullseye-pu: package xtables-addons/3.13-1+deb11u1 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1014705: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014705 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: dnsproxy 1.16-0.1+deb11u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1014315 = bullseye pending Bug #1014315 [release.debian.org] bullseye-pu: package dnsproxy/1.16-0.1+deb11u1 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1014315: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014315 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: commons-daemon 1.0.15-8+deb11u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1015244 = bullseye pending Bug #1015244 [release.debian.org] bullseye-pu: package commons-daemon/1.0.15-8 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1015244: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015244 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1015244: commons-daemon 1.0.15-8+deb11u1 flagged for acceptance
package release.debian.org tags 1015244 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: commons-daemon Version: 1.0.15-8+deb11u1 Explanation: fix JVM detection
Bug#1014705: xtables-addons 3.13-1+deb11u1 flagged for acceptance
package release.debian.org tags 1014705 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: xtables-addons Version: 3.13-1+deb11u1 Explanation: support both old and new versions of security_skb_classify_flow()
Bug#1014315: dnsproxy 1.16-0.1+deb11u1 flagged for acceptance
package release.debian.org tags 1014315 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: dnsproxy Version: 1.16-0.1+deb11u1 Explanation: listen on localhost by defualt, rather than the possibly unavailable 192.168.168.1
NEW changes in oldstable-new
Processing changes file: commons-daemon_1.0.15-8+deb10u1_all-buildd.changes ACCEPT Processing changes file: commons-daemon_1.0.15-8+deb10u1_amd64-buildd.changes ACCEPT Processing changes file: commons-daemon_1.0.15-8+deb10u1_arm64-buildd.changes ACCEPT Processing changes file: commons-daemon_1.0.15-8+deb10u1_mips64el-buildd.changes ACCEPT Processing changes file: commons-daemon_1.0.15-8+deb10u1_mipsel-buildd.changes ACCEPT Processing changes file: commons-daemon_1.0.15-8+deb10u1_ppc64el-buildd.changes ACCEPT Processing changes file: commons-daemon_1.0.15-8+deb10u1_s390x-buildd.changes ACCEPT Processing changes file: dropbear_2018.76-5+deb10u1_all-buildd.changes ACCEPT Processing changes file: dropbear_2018.76-5+deb10u1_amd64-buildd.changes ACCEPT Processing changes file: dropbear_2018.76-5+deb10u1_arm64-buildd.changes ACCEPT Processing changes file: dropbear_2018.76-5+deb10u1_mips64el-buildd.changes ACCEPT Processing changes file: dropbear_2018.76-5+deb10u1_mipsel-buildd.changes ACCEPT Processing changes file: dropbear_2018.76-5+deb10u1_ppc64el-buildd.changes ACCEPT Processing changes file: dropbear_2018.76-5+deb10u1_s390x-buildd.changes ACCEPT Processing changes file: flac_1.3.2-3+deb10u2_all-buildd.changes ACCEPT Processing changes file: flac_1.3.2-3+deb10u2_amd64-buildd.changes ACCEPT Processing changes file: flac_1.3.2-3+deb10u2_arm64-buildd.changes ACCEPT Processing changes file: flac_1.3.2-3+deb10u2_armel-buildd.changes ACCEPT Processing changes file: flac_1.3.2-3+deb10u2_armhf-buildd.changes ACCEPT Processing changes file: flac_1.3.2-3+deb10u2_mips-buildd.changes ACCEPT Processing changes file: flac_1.3.2-3+deb10u2_mipsel-buildd.changes ACCEPT Processing changes file: flac_1.3.2-3+deb10u2_ppc64el-buildd.changes ACCEPT Processing changes file: fribidi_1.0.5-3.1+deb10u2_amd64-buildd.changes ACCEPT Processing changes file: fribidi_1.0.5-3.1+deb10u2_arm64-buildd.changes ACCEPT Processing changes file: fribidi_1.0.5-3.1+deb10u2_mips64el-buildd.changes ACCEPT Processing changes file: fribidi_1.0.5-3.1+deb10u2_mipsel-buildd.changes ACCEPT Processing changes file: fribidi_1.0.5-3.1+deb10u2_ppc64el-buildd.changes ACCEPT Processing changes file: fribidi_1.0.5-3.1+deb10u2_s390x-buildd.changes ACCEPT Processing changes file: golang-github-russellhaering-goxmldsig_0.0~git20170911.b7efc62-1+deb10u1_all-buildd.changes ACCEPT Processing changes file: grub2_2.06-3~deb10u1_arm64-buildd.changes ACCEPT Processing changes file: grub2_2.06-3~deb10u1_mips64el-buildd.changes ACCEPT Processing changes file: grub2_2.06-3~deb10u1_ppc64el-buildd.changes ACCEPT Processing changes file: htmldoc_1.9.3-1+deb10u4_amd64-buildd.changes ACCEPT Processing changes file: htmldoc_1.9.3-1+deb10u4_arm64-buildd.changes ACCEPT Processing changes file: htmldoc_1.9.3-1+deb10u4_armel-buildd.changes ACCEPT Processing changes file: htmldoc_1.9.3-1+deb10u4_armhf-buildd.changes ACCEPT Processing changes file: htmldoc_1.9.3-1+deb10u4_mips64el-buildd.changes ACCEPT Processing changes file: htmldoc_1.9.3-1+deb10u4_mipsel-buildd.changes ACCEPT Processing changes file: htmldoc_1.9.3-1+deb10u4_ppc64el-buildd.changes ACCEPT Processing changes file: htmldoc_1.9.3-1+deb10u4_s390x-buildd.changes ACCEPT Processing changes file: minidlna_1.2.1+dfsg-2+deb10u3_amd64-buildd.changes ACCEPT Processing changes file: minidlna_1.2.1+dfsg-2+deb10u3_arm64-buildd.changes ACCEPT Processing changes file: minidlna_1.2.1+dfsg-2+deb10u3_mips64el-buildd.changes ACCEPT Processing changes file: minidlna_1.2.1+dfsg-2+deb10u3_mipsel-buildd.changes ACCEPT Processing changes file: minidlna_1.2.1+dfsg-2+deb10u3_ppc64el-buildd.changes ACCEPT Processing changes file: minidlna_1.2.1+dfsg-2+deb10u3_s390x-buildd.changes ACCEPT Processing changes file: mutt_1.10.1-2.1+deb10u6_amd64-buildd.changes ACCEPT Processing changes file: mutt_1.10.1-2.1+deb10u6_arm64-buildd.changes ACCEPT Processing changes file: mutt_1.10.1-2.1+deb10u6_mips64el-buildd.changes ACCEPT Processing changes file: mutt_1.10.1-2.1+deb10u6_mipsel-buildd.changes ACCEPT Processing changes file: mutt_1.10.1-2.1+deb10u6_ppc64el-buildd.changes ACCEPT Processing changes file: mutt_1.10.1-2.1+deb10u6_s390x-buildd.changes ACCEPT Processing changes file: php-guzzlehttp-psr7_1.4.2-0.1+deb10u1_all-buildd.changes ACCEPT Processing changes file: unrar-nonfree_5.6.6-1+deb10u1_arm64-buildd.changes ACCEPT Processing changes file: unrar-nonfree_5.6.6-1+deb10u1_mips64el-buildd.changes ACCEPT Processing changes file: unrar-nonfree_5.6.6-1+deb10u1_mipsel-buildd.changes ACCEPT Processing changes file: unrar-nonfree_5.6.6-1+deb10u1_ppc64el-buildd.changes ACCEPT Processing changes file: unrar-nonfree_5.6.6-1+deb10u1_s390x-buildd.changes ACCEPT
NEW changes in oldstable-new
Processing changes file: composer_1.8.4-1+deb10u2_all-buildd.changes ACCEPT Processing changes file: flac_1.3.2-3+deb10u2_i386-buildd.changes ACCEPT Processing changes file: flac_1.3.2-3+deb10u2_s390x-buildd.changes ACCEPT Processing changes file: grub2_2.06-3~deb10u1_s390x-buildd.changes ACCEPT Processing changes file: htmldoc_1.9.3-1+deb10u4_all-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: dbus-broker_26-1+deb11u2_source.changes ACCEPT Processing changes file: grub2_2.06-3~deb11u1_source.changes ACCEPT Processing changes file: jetty9_9.4.39-3+deb11u1_source.changes ACCEPT Processing changes file: jetty9_9.4.39-3+deb11u1_all-buildd.changes ACCEPT Processing changes file: libayatana-appindicator_0.5.5-2+deb11u1_source.changes ACCEPT Processing changes file: libpgjava_42.2.15-1+deb11u1_source.changes ACCEPT Processing changes file: libpgjava_42.2.15-1+deb11u1_all-buildd.changes ACCEPT Processing changes file: libreoffice_7.0.4-4+deb11u2_source.changes ACCEPT Processing changes file: xorg-server_1.20.11-1+deb11u2_source.changes ACCEPT Processing changes file: xorg-server_1.20.11-1+deb11u2_all-buildd.changes ACCEPT Processing changes file: xorg-server_1.20.11-1+deb11u2_amd64-buildd.changes ACCEPT Processing changes file: xorg-server_1.20.11-1+deb11u2_arm64-buildd.changes ACCEPT Processing changes file: xorg-server_1.20.11-1+deb11u2_armel-buildd.changes ACCEPT Processing changes file: xorg-server_1.20.11-1+deb11u2_armhf-buildd.changes ACCEPT Processing changes file: xorg-server_1.20.11-1+deb11u2_i386-buildd.changes ACCEPT Processing changes file: xorg-server_1.20.11-1+deb11u2_mips64el-buildd.changes ACCEPT Processing changes file: xorg-server_1.20.11-1+deb11u2_mipsel-buildd.changes ACCEPT Processing changes file: xorg-server_1.20.11-1+deb11u2_ppc64el-buildd.changes ACCEPT Processing changes file: xorg-server_1.20.11-1+deb11u2_s390x-buildd.changes ACCEPT
Processed: Re: Bug#1014705: bullseye-pu: package xtables-addons/3.13-1
Processing control commands: > tags -1 -moreinfo +confirmed Bug #1014705 [release.debian.org] bullseye-pu: package xtables-addons/3.13-1+deb11u1 Removed tag(s) moreinfo. Bug #1014705 [release.debian.org] bullseye-pu: package xtables-addons/3.13-1+deb11u1 Added tag(s) confirmed. -- 1014705: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014705 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1014705: bullseye-pu: package xtables-addons/3.13-1
Control: tags -1 -moreinfo +confirmed On Sat, 2022-08-06 at 20:57 +0100, Jeremy Sowden wrote: > On 2022-08-06, at 19:24:52 +0100, Adam D. Barratt wrote: > > Control: tags -1 + moreinfo > > > > On Sun, 2022-07-10 at 17:19 +0100, Jeremy Sowden wrote: > > > The related xtables-addons bug is: > > > > > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014680 > > > > > > [ Reason ] > > > xtables-addons-dkms and xtables-addons-source contain sources for > > > building > > > kernel modules with DKMS and module-assistant, respectively. The > > > 5.10.0-16 > > > kernel introduced in the 11.4 point release included a patch > > > back- > > > ported from > > > 5.11 to 5.10.121: > > > > > > > The metadata of #1014680 implies that it affects the package in > > unstable and is not yet fixed there - is that correct? If so, then > > the > > fix needs to happen in unstable first; if not, please add an > > appropriate fixed version to make the situation clearer. > > The problem arose because an API-changing patch was back-ported from > 5.11 to 5.10 and this was picked up by the kernel released in 11.4. > This part was clear... > The version of xtables-addons in unstable at the time 11.4 was > released > (3.19-1) supported the new API for kernel versions >= 5.11, and so > was > unaffected wrt. the kernel in unstable. > ...but this was not, at least to me, hence the question. Thanks for clarifying. > I have since uploaded the latest upstream release to unstable (3.21- > 1), > and that includes support for the problematic 5.10 kernels. The > patch I > have added in 3.13-1+deb11u1 is the one from upstream. I have added > a > fixed version to #1014680. > Thanks. > If you are happy to accept this change, is it a suitable candidate > for > stable-updates given that the package has been broken since 11.4 came > out? Potentially. Regards, Adam
Processed: grub2 2.06-3~deb11u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1016672 = bullseye pending Bug #1016672 [release.debian.org] bullseye-pu: package grub2/2.06-3~deb11u1 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 1016672: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016672 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: dbus-broker 26-1+deb11u2 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1016655 = bullseye pending Bug #1016655 [release.debian.org] bullseye-pu: package dbus-broker/26-1+deb11u2 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 1016655: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016655 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1016672: grub2 2.06-3~deb11u1 flagged for acceptance
package release.debian.org tags 1016672 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: grub2 Version: 2.06-3~deb11u1 Explanation: new upstream release
Processed: libreoffice 7.0.4-4+deb11u2 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1016037 = bullseye pending Bug #1016037 [release.debian.org] bullseye-pu: package libreoffice/1:7.0.4-4+deb11u2 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 1016037: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016037 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1016655: dbus-broker 26-1+deb11u2 flagged for acceptance
package release.debian.org tags 1016655 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: dbus-broker Version: 26-1+deb11u2 Explanation: fix assertion failure when disconnecting peer groups; fix memory leak; fix null pointer dereference [CVE-2022-31213]
Bug#1016037: libreoffice 7.0.4-4+deb11u2 flagged for acceptance
package release.debian.org tags 1016037 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: libreoffice Version: 7.0.4-4+deb11u2 Explanation: support EUR in .hr locale; add HRK<->EUR conversion rate to Calc and the Euro Wizard; security fixes [CVE-2021-25636 CVE-2022-26305 CVE-2022-26306 CVE-2022-26307]
Bug#1014705: bullseye-pu: package xtables-addons/3.13-1
On 2022-08-06, at 19:24:52 +0100, Adam D. Barratt wrote: > Control: tags -1 + moreinfo > > On Sun, 2022-07-10 at 17:19 +0100, Jeremy Sowden wrote: > > The related xtables-addons bug is: > > > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014680 > > > > [ Reason ] > > xtables-addons-dkms and xtables-addons-source contain sources for > > building > > kernel modules with DKMS and module-assistant, respectively. The > > 5.10.0-16 > > kernel introduced in the 11.4 point release included a patch back- > > ported from > > 5.11 to 5.10.121: > > > > The metadata of #1014680 implies that it affects the package in > unstable and is not yet fixed there - is that correct? If so, then the > fix needs to happen in unstable first; if not, please add an > appropriate fixed version to make the situation clearer. The problem arose because an API-changing patch was back-ported from 5.11 to 5.10 and this was picked up by the kernel released in 11.4. The version of xtables-addons in unstable at the time 11.4 was released (3.19-1) supported the new API for kernel versions >= 5.11, and so was unaffected wrt. the kernel in unstable. I have since uploaded the latest upstream release to unstable (3.21-1), and that includes support for the problematic 5.10 kernels. The patch I have added in 3.13-1+deb11u1 is the one from upstream. I have added a fixed version to #1014680. If you are happy to accept this change, is it a suitable candidate for stable-updates given that the package has been broken since 11.4 came out? J. signature.asc Description: PGP signature
Bug#1016763: transition: foonathan-memory
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Release Team, I'd like to transition foonathan-memory after a SONAME bump. Its reverse dependency fastdds builds fine on amd64. The auto-generated transition https://release.debian.org/transitions/html/auto-foonathan-memory.html also looks good. Cheers Timo -BEGIN PGP SIGNATURE- iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmLuvOwACgkQ+C8H+466 LVlFbwwAosyY9Z0G7/xVe79e6W551tnOsVnPgtFEKNartcJxdxKW5lBmqAhmIV9o xrRA4CJFiuSqO2vFUtpQQpQlcKL+agtJVFBTtxcxV/xphecyetTuaJSNkWSqo7Gs u189sdFXulmFfxob5nElIhwEQ/PTBl580Qqy//urpsiCAvZsIk9aF8yooXHouygN s1W8uDOm6kaeehGjaDJKN3PF8msUXps8HRFT24VG+CNu3g+NqEYvd5DmeCAL8rKm F+3rSaFuJQ9GVL62cO29h7EAgO36eJ25tBqjr76dp7yTgKExTXMrwmMZA2Lu+9/6 Z8lvOBKccCEjAURKpPg+bVWnokIYYZOcYwysnS3LQoeA+mrlCfWKWRIDoLTnBefi xianUvlaXJ9lUMAFWY4H0B4SfLTbnXkkq9U2qXpWduBFt88Xqk3tvQemvisJ1IQP 9x6cNalXALuZHhWVa3lPFWGUco7AjeSPu4tRX3mGdfbIHPrNhkcbQfrD4cq7qiJr TlSO1sd2 =oEaE -END PGP SIGNATURE-
Processed: Re: Bug#1014705: bullseye-pu: package xtables-addons/3.13-1
Processing control commands: > tags -1 + moreinfo Bug #1014705 [release.debian.org] bullseye-pu: package xtables-addons/3.13-1+deb11u1 Added tag(s) moreinfo. -- 1014705: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014705 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1014705: bullseye-pu: package xtables-addons/3.13-1
Control: tags -1 + moreinfo On Sun, 2022-07-10 at 17:19 +0100, Jeremy Sowden wrote: > The related xtables-addons bug is: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014680 > > [ Reason ] > xtables-addons-dkms and xtables-addons-source contain sources for > building > kernel modules with DKMS and module-assistant, respectively. The > 5.10.0-16 > kernel introduced in the 11.4 point release included a patch back- > ported from > 5.11 to 5.10.121: > The metadata of #1014680 implies that it affects the package in unstable and is not yet fixed there - is that correct? If so, then the fix needs to happen in unstable first; if not, please add an appropriate fixed version to make the situation clearer. Regards, Adam
Bug#1002956: New debdiff
On Sat, 2022-01-29 at 22:53 +0100, Thomas Goirand wrote:
> On 1/29/22 20:31, Salvatore Bonaccorso wrote:
> > Control: tags -1 + moreinfo
> >
> > Hi Thomas,
> >
> > On Sat, Jan 29, 2022 at 07:55:15PM +0100, Thomas Goirand wrote:
> > > My appologies for opening a new bug. I didn't realize #1002956
> > > was still
> > > pending my input. I merged both bugs.
> > >
> > > Please see, attached to this message, the new debdiff, adding the
> > > fix for
> > > CVE-2021-22116 as well.
> >
> > See my comment from
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002956#10 .
> > Isn't
> > the the debian/patches/series missing the listing of
> > CVE-2021-32718_Escape_username_before_displaying_it.patch to
> > actually
> > apply the patch?
> >
> > Regards,
> > Salvatore
>
> Correct, fixed, thanks and sorry for the mistake.
>
+ * Stop moving mv /etc/rabbitmq/rabbitmq.conf /etc/rabbitmq/rabbitmq-env.conf.
This could do with an explanation as to _why_ this move should not be
happening.
+ if ! [ -e /var/lib/rabbitmq/.erlang.cookie ] ; then
+ OLD_UMASK=$(umask)
+ umask 077; openssl rand -base64 -out
/var/lib/rabbitmq/.erlang.cookie 42
+ umask ${OLD_UMASK}
+ else
+ # This matches an Erlang generated cookie file: 20 upper case
chars
+ if grep -q -E '^[A-Z]{20}$' /var/lib/rabbitmq/.erlang.cookie ;
then
+ OLD_UMASK=$(umask)
+ umask 077; openssl rand -base64 -out
/var/lib/rabbitmq/.erlang.cookie 42
+ umask ${OLD_UMASK}
+ if [ ""$(ps --no-headers -o comm 1) = "systemd" ] ; then
+ if systemctl is-active --quiet
rabbitmq-server.service ; then
+ systemctl restart
rabbitmq-server.service
[...]
+Since 3.9.8-3, the rabbitmq-server node will use openssl to generate a
+cryptographically-secure cookie during first installation, mitigating
+this vulnerability.
+
+Servers which installed a prior version, and are upgrading to 3.9.8-3
+or higher, ARE STILL VULNERABLE, as the package will not regenerate
+the secret if it exists already. This is because the secret is
+designed to be shared between nodes in a cluster, and thus
+regenerating it would break existing clusters.
This seems to be inaccurate. The latter block quoted above specifically
*does* regenerate an existing secret if it deems it to be not "good
enough", so far as I can tell?
Regards,
Adam
Bug#1015254: transition: opencascade
Hi, On Mon, Aug 01, 2022 at 08:29:45AM +0100, Graham Inggs wrote: > Control: tags -1 confirmed > > Hi Tobi > > On Sun, 31 Jul 2022 at 16:51, Tobias Frost wrote: > > I've uploading 7.6.3 right now to experimental; as I removed the confirmed > > tag, please reACK > > the "go ahead" -- I've tested that all r-depends that worked before are > > still compiling > > reACK opencascade has now built on all release archs. I'd suggest to start binNMU freecad and maybe then proceed to remove netgen together with gmsh and deal.ii temporarily from testing. (the later two need an updated netgen…) (I'll poked the maintainer of netgen already, but no respons… As netgen has a "+really" version without really documenting the reason, I fear if I NMU a newer version I could break stuff…) -- Cheers, tobi
Processed: Re: Bug#1014447: bullseye-pu: package lwip/2.1.2+dfsg1-8
Processing control commands: > tags -1 + confirmed Bug #1014447 [release.debian.org] bullseye-pu: package lwip/2.1.2+dfsg1-8 Added tag(s) confirmed. -- 1014447: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014447 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1014447: bullseye-pu: package lwip/2.1.2+dfsg1-8
Control: tags -1 + confirmed On Wed, 2022-07-06 at 11:26 +0200, Joan Lledó wrote: > This patch fixes CVE-2020-22283 and CVE-2020-22284 in bullseye. > Please go ahead. Regards, Adam
Processed: Re: Bug#1014315: bullseye-pu: package dnsproxy/1.16-0.1+deb11u1
Processing control commands: > tags -1 + confirmed Bug #1014315 [release.debian.org] bullseye-pu: package dnsproxy/1.16-0.1+deb11u1 Added tag(s) confirmed. -- 1014315: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014315 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1014315: bullseye-pu: package dnsproxy/1.16-0.1+deb11u1
Control: tags -1 + confirmed On Sun, 2022-07-03 at 18:01 -0300, Marcos Talau wrote: > The dnsproxy package fails to install when you do not have the IP > address "192.168.168.1" configured on the machine. This bug remains > since its initial release. > Please go ahead. Regards, Adam
Processed: Re: Bug#1014571: bullseye-pu: package node-log4js/6.3.0+~cs8.3.10-1+deb11u1
Processing control commands: > tags -1 + confirmed Bug #1014571 [release.debian.org] bullseye-pu: package node-log4js/6.3.0+~cs8.3.10-1+deb11u1 Added tag(s) confirmed. -- 1014571: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014571 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1014571: bullseye-pu: package node-log4js/6.3.0+~cs8.3.10-1+deb11u1
Control: tags -1 + confirmed On Fri, 2022-07-08 at 07:49 +0200, Yadd wrote: > node-log4js creates log files with permissive rights (644). This > causes > a security issue (CVE-2022-21704) > Please go ahead. Regards, Adam
NEW changes in oldstable-new
Processing changes file: commons-daemon_1.0.15-8+deb10u1_source.changes ACCEPT Processing changes file: composer_1.8.4-1+deb10u2_source.changes ACCEPT Processing changes file: dropbear_2018.76-5+deb10u1_source.changes ACCEPT Processing changes file: flac_1.3.2-3+deb10u2_source.changes ACCEPT Processing changes file: fribidi_1.0.5-3.1+deb10u2_source.changes ACCEPT Processing changes file: golang-github-russellhaering-goxmldsig_0.0~git20170911.b7efc62-1+deb10u1_source.changes ACCEPT Processing changes file: grub2_2.06-3~deb10u1_source.changes ACCEPT Processing changes file: htmldoc_1.9.3-1+deb10u4_source.changes ACCEPT Processing changes file: minidlna_1.2.1+dfsg-2+deb10u3_source.changes ACCEPT Processing changes file: mutt_1.10.1-2.1+deb10u6_sourceonly.changes ACCEPT Processing changes file: nvidia-graphics-drivers_418.226.00-3_source.changes ACCEPT Processing changes file: php-guzzlehttp-psr7_1.4.2-0.1+deb10u1_source.changes ACCEPT Processing changes file: unrar-nonfree_5.6.6-1+deb10u1_source.changes ACCEPT
Bug#1015244: bullseye-pu: package commons-daemon/1.0.15-8
Control: tags -1 + confirmed On Mon, 2022-07-18 at 12:10 +0200, Chris Hofstaedtler wrote: > Running a java daemon using jsvc and the JVM from (old)stable does > not > work. It appears no java programs inside Debian still use jsvc, > otherwise people would have noticed earlier. This is bug #935336, > and I want to fix it in oldstable/buster (#1015243) and > stable/bullseye > (this bug). > > [ Impact ] > > jsvc just does not work except if on upgrades one keeps the JVM from > oldoldstable (openjdk 8). > Please go ahead. Regards, Adam
Processed: Re: Bug#1015244: bullseye-pu: package commons-daemon/1.0.15-8
Processing control commands: > tags -1 + confirmed Bug #1015244 [release.debian.org] bullseye-pu: package commons-daemon/1.0.15-8 Added tag(s) confirmed. -- 1015244: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015244 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#1014900: bullseye-pu: package node-moment/2.29.1+ds-2+deb11u2
Processing control commands: > tags -1 + confirmed Bug #1014900 [release.debian.org] bullseye-pu: package node-moment/2.29.1+ds-2+deb11u2 Added tag(s) confirmed. -- 1014900: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014900 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1014900: bullseye-pu: package node-moment/2.29.1+ds-2+deb11u2
Control: tags -1 + confirmed On Thu, 2022-07-14 at 07:44 +0200, Yadd wrote: > node-moment is vulnerable to ReDoS (#1014845, CVE-2022-31129) > Please go ahead. Regards, Adam
Processed: Re: Bug#1016199: bullseye-pu: package gif2apng/1.9+srconly-3+deb11u1
Processing control commands: > tags -1 + confirmed Bug #1016199 [release.debian.org] bullseye-pu: package gif2apng/1.9+srconly-3+deb11u1 Added tag(s) confirmed. -- 1016199: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016199 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1016199: bullseye-pu: package gif2apng/1.9+srconly-3+deb11u1
Control: tags -1 + confirmed On Fri, 2022-07-29 at 08:59 +0200, Håvard F.Aasen wrote: > This upload fixes three CVE's; > * CVE-2021-45909, Closes: #1002668: > heap based buffer overflow in the DecodeLZW > * CVE-2021-45910, Closes: #1002667: > heap-based buffer overflow within the main function > * CVE-2021-45911, Closes: #1002687: > heap based buffer overflow in processing of delays in the main > function > Please go ahead. Regards, Adam
Processed: Re: Bug#1016458: bullseye-pu: package dovecot/2.3.13+dfsg1-2+deb11u1
Processing control commands: > tags -1 + confirmed Bug #1016458 [release.debian.org] bullseye-pu: package dovecot/2.3.13+dfsg1-2+deb11u1 Added tag(s) confirmed. -- 1016458: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016458 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1016458: bullseye-pu: package dovecot/2.3.13+dfsg1-2+deb11u1
Control: tags -1 + confirmed On Sun, 2022-07-31 at 18:06 -0700, Noah Meyerhans wrote: > Dovecot 2.3.13+dfsg1-2+deb11u1 contains a backported fix for #1016351 > (CVE-2022-30550). The fix is cherry-picked from upstream and is > identical > to the fix recently uploaded to unstable in dovecot_2.3.19.1+dfsg1- > 2. The > stable security team and the package maintainers have determined that > this > issue does not warrant a DSA and should be fixed in the next bullseye > point release. > Please go ahead. Regards, Adam
Processed: Re: Bug#1016391: bullseye-pu: libhttp-daemon-perl/6.12-1+deb11u1
Processing control commands: > tags -1 + confirmed Bug #1016391 [release.debian.org] bullseye-pu: libhttp-daemon-perl/6.12-1+deb11u1 Added tag(s) confirmed. -- 1016391: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016391 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1016391: bullseye-pu: libhttp-daemon-perl/6.12-1+deb11u1
Control: tags -1 + confirmed On Sat, 2022-07-30 at 22:11 +, Thorsten Alteholz wrote: > The attached debdiff for libhttp-daemon-perl fixes CVE-2022-31081 in > Bullseye. This CVE has been marked as no-dsa by the security team. > > The patch is accompanied by a new test and should not create any > issue. > Please go ahead. Regards, Adam
Processed: Re: Bug#991120: buster-pu: package postsrsd/1.5-2+deb10u2
Processing control commands: > tags -1 -moreinfo +confirmed Bug #991120 [release.debian.org] buster-pu: package postsrsd/1.5-2+deb10u2 Removed tag(s) moreinfo. Bug #991120 [release.debian.org] buster-pu: package postsrsd/1.5-2+deb10u2 Added tag(s) confirmed. -- 991120: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991120 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#991120: buster-pu: package postsrsd/1.5-2+deb10u2
Control: tags -1 -moreinfo +confirmed On Sun, 2021-07-18 at 18:29 +0100, Adam D. Barratt wrote: > Control: tags -1 + moreinfo > > On Wed, 2021-07-14 at 22:00 +0200, Oxan van Leeuwen wrote: > > [ Checklist ] > > [x] *all* changes are documented in the d/changelog > > [x] I reviewed all changes and I approve them > > [x] attach debdiff against the package in (old)stable > > [ ] the issue is verified as fixed in unstable > > > > As of writing the fix isn't in unstable yet, since I don't have > > upload rights. > > I've asked my sponsor to upload the fix for both stable and > > unstable > > at the > > same time -- it seemed unnecessary to add another roundtrip delay, > > as > > it's > > exactly the same fix. > > Tagging as "moreinfo" for now on that basis. Please remove the tag > once > the upload has happened. > Apparently the unstable upload happened at some point, but the tag was never removed. If this is still something you're interested in fixing in buster, please go ahead. Regards, Adam
Processed: Re: Bug#983841: buster-pu: package libvirt-php/0.5.4-3+deb10u1
Processing control commands: > tags -1 -moreinfo + confirmed Bug #983841 [release.debian.org] buster-pu: package libvirt-php/0.5.4-3+deb10u1 Removed tag(s) moreinfo. Bug #983841 [release.debian.org] buster-pu: package libvirt-php/0.5.4-3+deb10u1 Added tag(s) confirmed. -- 983841: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983841 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#983841: buster-pu: package libvirt-php/0.5.4-3+deb10u1
Control: tags -1 -moreinfo + confirmed On Wed, 2021-03-17 at 18:32 +, Adam D. Barratt wrote: > Control: tags -1 + moreinfo > > On Tue, 2021-03-02 at 08:47 +0100, Ondřej Surý wrote: > > [ Reason ] > > The package update fixes segmentation fault caused by incomplete > > PHP > > 7.3 support > > in the upstream package. > > > > [ Impact ] > > The PHP crashes when calling libvirt_node_get_cpu_stats (See > > #982804) > > The metadata for that bug implies that it affects the package in > unstable, and is not yet fixed there. Is that correct? > That appears to have been resolved in the meantime. If this is something that you're still interested in fixing in buster, please go ahead. Regards, Adam
Bug#983531: buster-pu: package python2.7/2.7.16-2+deb10u2
Hi Moritz, On Thu, 2021-03-18 at 20:17 +0100, Moritz Mühlenhoff wrote: > Am Sat, Mar 13, 2021 at 06:46:38PM + schrieb Adam D. Barratt: > > On Fri, 2021-02-26 at 16:30 +0100, Moritz Muehlenhoff wrote: > > > On Fri, Feb 26, 2021 at 07:49:38AM +0100, Matthias Klose wrote: > > > > On 2/25/21 7:41 PM, Moritz Muehlenhoff wrote: > > > > > + * CVE-2021-3177 > > > > > > > > are all the ctypes tests passing with this patch? See #983516. > > > > > > I'll have a look at Marc' updated patch and revise if needed. > > > > Was there a conclusion on that? > > I won't have time for preparing/testing a revised update, this will > need to wait for 10.10 Are you still looking at getting this fixed in buster? Regards, Adam
Processed: unrar-nonfree 5.6.6-1+deb10u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1010858 = buster pending Bug #1010858 [release.debian.org] buster-pu: package unrar-nonfree/1:5.6.6-1+deb10u1 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1010858: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010858 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: php-guzzlehttp-psr7 1.4.2-0.1+deb10u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1011943 = buster pending Bug #1011943 [release.debian.org] buster-pu: package php-guzzlehttp-psr7/1.4.2-0.1+deb10u1 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1011943: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011943 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: nvidia-graphics-drivers 418.226.00-3 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1009652 = buster pending Bug #1009652 [release.debian.org] buster-pu: package nvidia-graphics-drivers/418.226.00-3 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1009652: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009652 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: mutt 1.10.1-2.1+deb10u6 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1010060 = buster pending Bug #1010060 [release.debian.org] buster-pu: package mutt/1.10.1-2.1+deb10u6 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1010060: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010060 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: minidlna 1.2.1+dfsg-2+deb10u3 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1009076 = buster pending Bug #1009076 [release.debian.org] buster-pu: minidlna/1.2.1+dfsg-2+deb10u3 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1009076: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009076 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: grub2 2.06-3~deb10u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1016671 = buster pending Bug #1016671 [release.debian.org] buster-pu: package grub2/2.06-3~deb10u1 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 1016671: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016671 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: htmldoc 1.9.3-1+deb10u4 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1011030 = buster pending Bug #1011030 [release.debian.org] buster-pu: package htmldoc/1.9.3-1+deb10u4 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1011030: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011030 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: golang-github-russellhaering-goxmldsig 0.0~git20170911.b7efc62-1+deb10u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1008578 = buster pending Bug #1008578 [release.debian.org] buster-pu: golang-github-russellhaering-goxmldsig/0.0~git20170911.b7efc62-1+deb10u1 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1008578: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008578 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: fribidi 1.0.5-3.1+deb10u2 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1009251 = buster pending Bug #1009251 [release.debian.org] buster-pu: fribidi/1.0.5-3.1+deb10u2 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1009251: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009251 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: flac 1.3.2-3+deb10u2 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1010380 = buster pending Bug #1010380 [release.debian.org] buster-pu: flac/1.3.2-3+deb10u2 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1010380: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010380 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: dropbear 2018.76-5+deb10u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1009065 = buster pending Bug #1009065 [release.debian.org] buster-pu: package dropbear/2018.76-5+deb10u1 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1009065: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009065 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: user release.debian....@packages.debian.org, tagging 1016391, usertagging 1016734 ...
Processing commands for cont...@bugs.debian.org: > user release.debian@packages.debian.org Setting user to release.debian@packages.debian.org (was a...@adam-barratt.org.uk). > tags 1016391 + bullseye Bug #1016391 [release.debian.org] bullseye-pu: libhttp-daemon-perl/6.12-1+deb11u1 Added tag(s) bullseye. > usertags 1016734 + pu There were no usertags set. Usertags are now: pu. > usertags 1016416 + transition There were no usertags set. Usertags are now: transition. > thanks Stopping processing here. Please contact me if you need assistance. -- 1016391: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016391 1016416: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016416 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1015243: commons-daemon 1.0.15-8+deb10u1 flagged for acceptance
package release.debian.org tags 1015243 = buster pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian buster. Thanks for your contribution! Upload details == Package: commons-daemon Version: 1.0.15-8+deb10u1 Explanation: fix JVM detection
Processed: composer 1.8.4-1+deb10u2 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1012048 = buster pending Bug #1012048 [release.debian.org] buster-pu: package composer/1.8.4-1+deb10u2 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1012048: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012048 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1012048: composer 1.8.4-1+deb10u2 flagged for acceptance
package release.debian.org tags 1012048 = buster pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian buster. Thanks for your contribution! Upload details == Package: composer Version: 1.8.4-1+deb10u2 Explanation: fix code injection vulnerability [CVE-2022-24828]; update GitHub token pattern; use Authorization header instead of deprecated access_token query parameter
Processed: commons-daemon 1.0.15-8+deb10u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1015243 = buster pending Bug #1015243 [release.debian.org] buster-pu: package commons-daemon/1.0.15-8 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1015243: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015243 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1011943: php-guzzlehttp-psr7 1.4.2-0.1+deb10u1 flagged for acceptance
package release.debian.org tags 1011943 = buster pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian buster. Thanks for your contribution! Upload details == Package: php-guzzlehttp-psr7 Version: 1.4.2-0.1+deb10u1 Explanation: fix improper header parsing [CVE-2022-24775]
Bug#1016671: grub2 2.06-3~deb10u1 flagged for acceptance
package release.debian.org tags 1016671 = buster pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian buster. Thanks for your contribution! Upload details == Package: grub2 Version: 2.06-3~deb10u1 Explanation: new upstream release
Bug#1011030: htmldoc 1.9.3-1+deb10u4 flagged for acceptance
package release.debian.org tags 1011030 = buster pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian buster. Thanks for your contribution! Upload details == Package: htmldoc Version: 1.9.3-1+deb10u4 Explanation: fix infinite loop [CVE-2022-24191], integer overflow issues [CVE-2022-27114] and heap buffer overflow issue [CVE-2022-28085]
Bug#1010858: unrar-nonfree 5.6.6-1+deb10u1 flagged for acceptance
package release.debian.org tags 1010858 = buster pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian buster. Thanks for your contribution! Upload details == Package: unrar-nonfree Version: 5.6.6-1+deb10u1 Explanation: fix directory traversal issue [CVE-2022-30333]
Bug#1010380: flac 1.3.2-3+deb10u2 flagged for acceptance
package release.debian.org tags 1010380 = buster pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian buster. Thanks for your contribution! Upload details == Package: flac Version: 1.3.2-3+deb10u2 Explanation: fix out-of-bounds write issue [CVE-2021-0561]
Bug#1010060: mutt 1.10.1-2.1+deb10u6 flagged for acceptance
package release.debian.org tags 1010060 = buster pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian buster. Thanks for your contribution! Upload details == Package: mutt Version: 1.10.1-2.1+deb10u6 Explanation: fix uudecode buffer overflow [CVE-2022-1328]
Bug#1009652: nvidia-graphics-drivers 418.226.00-3 flagged for acceptance
package release.debian.org tags 1009652 = buster pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian buster. Thanks for your contribution! Upload details == Package: nvidia-graphics-drivers Version: 418.226.00-3 Explanation: new upstream release
Bug#1009251: fribidi 1.0.5-3.1+deb10u2 flagged for acceptance
package release.debian.org tags 1009251 = buster pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian buster. Thanks for your contribution! Upload details == Package: fribidi Version: 1.0.5-3.1+deb10u2 Explanation: fix buffer overflow issues [CVE-2022-25308 CVE-2022-25309]; fix crash [CVE-2022-25310]
Bug#1009076: minidlna 1.2.1+dfsg-2+deb10u3 flagged for acceptance
package release.debian.org tags 1009076 = buster pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian buster. Thanks for your contribution! Upload details == Package: minidlna Version: 1.2.1+dfsg-2+deb10u3 Explanation: validate HTTP requests to protect against DNS rebinding attacks [CVE-2022-26505]
Bug#1009065: dropbear 2018.76-5+deb10u1 flagged for acceptance
package release.debian.org tags 1009065 = buster pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian buster. Thanks for your contribution! Upload details == Package: dropbear Version: 2018.76-5+deb10u1 Explanation: fix possible username enumeration issue [CVE-2019-12953]
Bug#1008578: golang-github-russellhaering-goxmldsig 0.0~git20170911.b7efc62-1+deb10u1 flagged for acceptance
package release.debian.org tags 1008578 = buster pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian buster. Thanks for your contribution! Upload details == Package: golang-github-russellhaering-goxmldsig Version: 0.0~git20170911.b7efc62-1+deb10u1 Explanation: fix NULL pointer dereference issue [CVE-2020-7711]
Bug#1016756: transition: meshoptimizer
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Release Team, I'd like to transition meshoptimizer after a SONAME bump. The only reverse dependency, filament, builds fine on amd64. The auto-generated transition https://release.debian.org/transitions/html/auto-meshoptimizer.html also looks good. Cheers Timo -BEGIN PGP SIGNATURE- iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmLumN8ACgkQ+C8H+466 LVkKeQv/Vb0+mfmqH9Ex5++1vxoY3m4TcsvEOX7n6RHMGBV464XesvSl1SnneH+D +/7sqNDZz1kCbA/CW09D4SV1/VN2E9nS7xDiZjxAUiSB6ggzdFsZOuFpFAtG2T5Z V+6LAiLJDLGsjkqmN3sDUgErh7eFpREYNz2E2En3zk0XsJ9WXDqkZCEB14lv5DtK hqWcAg5jC5PFjKw2BkrL3XvW9Gv2TvXufx+smgRpj9QId2NZ+sJDgBYq+6A878Ao KYp6tmxYEHvC5mRKwT4YdowJPQQ2bULUJeY666dKAhikSuee1IGWEc2TzqehflhD qRlxufy0raIsu+zob+wHe7kkJUu4bZ9M73pDGHDFn5BNwD5zlkiFme3rwz9Nq9Na oAh3ZMUKL7BodGc8FgDaOs7iCA35sDs8E6ZXpCOlEYyCzpP1XjdnYBfQjDdTmGGV QABHAJBI2rAzk7zK7cPTBhcnZOreosORNP+Cu16MZikCiYDfgYJLGW9CZgyW/Y++ dn8NRlU/ =HMqu -END PGP SIGNATURE-
NEW changes in stable-new
Processing changes file: rustc-mozilla_1.59.0+dfsg1-1~deb11u3_source.changes ACCEPT
Processed: rustc-mozilla 1.59.0+dfsg1-1~deb11u3 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1014324 = bullseye pending Bug #1014324 [release.debian.org] bullseye-pu: package rustc-mozilla/1.59.0+dfsg1-1~deb11u1 Ignoring request to alter tags of bug #1014324 to the same tags previously set > thanks Stopping processing here. Please contact me if you need assistance. -- 1014324: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014324 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1014324: rustc-mozilla 1.59.0+dfsg1-1~deb11u3 flagged for acceptance
package release.debian.org tags 1014324 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: rustc-mozilla Version: 1.59.0+dfsg1-1~deb11u3 Explanation: fix use of mips stage0 binaries
Processed (with 1 error): buster-pu: package nvidia-graphics-drivers-legacy-390xx/390.154-1~deb10u1
Processing control commands: > clone -1 -2 Bug #1016733 [release.debian.org] buster-pu: package nvidia-graphics-drivers-legacy-390xx/390.154-1~deb10u1 Bug 1016733 cloned as bug 1016734 > retitle -2 bullseye-pu: package > nvidia-graphics-drivers-legacy-390xx/390.154-1~deb11u1 Bug #1016734 [release.debian.org] buster-pu: package nvidia-graphics-drivers-legacy-390xx/390.154-1~deb10u1 Changed Bug title to 'bullseye-pu: package nvidia-graphics-drivers-legacy-390xx/390.154-1~deb11u1' from 'buster-pu: package nvidia-graphics-drivers-legacy-390xx/390.154-1~deb10u1'. > usertag -2 pu Unknown command or malformed arguments to command. > tags -2 = bullseye Bug #1016734 [release.debian.org] bullseye-pu: package nvidia-graphics-drivers-legacy-390xx/390.154-1~deb11u1 Added tag(s) bullseye; removed tag(s) buster. -- 1016733: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016733 1016734: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016734 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1016733: buster-pu: package nvidia-graphics-drivers-legacy-390xx/390.154-1~deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu Control: clone -1 -2 Control: retitle -2 bullseye-pu: package nvidia-graphics-drivers-legacy-390xx/390.154-1~deb11u1 Control: usertag -2 pu Control: tags -2 = bullseye Another new upstream release, fixing some CVEs, again ... This is a rebuild of the package from sid with no further changes. Packaging changes include a simplification of the generation of the -source package, i.e. less duplication of cofiguration that neweds to be kept in sync. There is also an autopkgtest for the -source package now, but it might fail like the -dkms one on buster. The buster upload will get an additional rebuild-for-buster changelog entry for version 390.154-1~deb10u1. Andreas ngd-390xx-390.154-1~deb11u1.diff.xz Description: application/xz
Bug#1006550: marked as done (buster-pu: package tiff/4.1.0+git191117-2~deb10u4)
Your message dated Sat, 6 Aug 2022 14:05:59 +0200 with message-id and subject line Re: Bug#1006550: buster-pu: package tiff/4.1.0+git191117-2~deb10u4 has caused the Debian Bug report #1006550, regarding buster-pu: package tiff/4.1.0+git191117-2~deb10u4 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1006550: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006550 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org User: release.debian@packages.debian.org Tags: buster Severity: normal Hi RMs, A security update of tiff for issues not warrant a DSA but still would be good to have fixed. Work done by Thorsten Alteholz that I've double checked. Debdiff is attached. Thanks for consideration, Laszlo/GCS diff -Nru tiff-4.1.0+git191117/debian/changelog tiff-4.1.0+git191117/debian/changelog --- tiff-4.1.0+git191117/debian/changelog 2021-10-31 09:31:11.0 +0100 +++ tiff-4.1.0+git191117/debian/changelog 2022-02-27 17:01:41.0 +0100 @@ -1,3 +1,20 @@ +tiff (4.1.0+git191117-2~deb10u4) buster; urgency=high + + [ Thorsten Alteholz ] + * CVE-2022-22844 +out-of-bounds read in _TIFFmemcpy in certain situations involving a +custom tag and 0x0200 as the second word of the DE field. + * CVE-2022-0562 +Null source pointer passed as an argument to memcpy() function within +TIFFReadDirectory(). This could result in a Denial of Service via +crafted TIFF files. + * CVE-2022-0561 +Null source pointer passed as an argument to memcpy() function within +TIFFFetchStripThing(). This could result in a Denial of Service via +crafted TIFF files. + + -- Laszlo Boszormenyi (GCS) Sun, 27 Feb 2022 17:01:41 +0100 + tiff (4.1.0+git191117-2~deb10u3) buster-security; urgency=high * Non-maintainer upload by the Security Team. diff -Nru tiff-4.1.0+git191117/debian/patches/CVE-2022-0561.patch tiff-4.1.0+git191117/debian/patches/CVE-2022-0561.patch --- tiff-4.1.0+git191117/debian/patches/CVE-2022-0561.patch 1970-01-01 01:00:00.0 +0100 +++ tiff-4.1.0+git191117/debian/patches/CVE-2022-0561.patch 2022-02-27 16:58:38.0 +0100 @@ -0,0 +1,26 @@ +From eecb0712f4c3a5b449f70c57988260a667ddbdef Mon Sep 17 00:00:00 2001 +From: Even Rouault +Date: Sun, 6 Feb 2022 13:08:38 +0100 +Subject: [PATCH] TIFFFetchStripThing(): avoid calling memcpy() with a null + source pointer and size of zero (fixes #362) + +--- + libtiff/tif_dirread.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +Index: tiff-4.1.0+git191117/libtiff/tif_dirread.c +=== +--- tiff-4.1.0+git191117.orig/libtiff/tif_dirread.c 2022-02-22 23:44:35.619605527 +0100 tiff-4.1.0+git191117/libtiff/tif_dirread.c 2022-02-22 23:46:28.843560813 +0100 +@@ -5682,8 +5682,9 @@ + _TIFFfree(data); + return(0); + } +-_TIFFmemcpy(resizeddata,data,(uint32)dir->tdir_count*sizeof(uint64)); +-_TIFFmemset(resizeddata+(uint32)dir->tdir_count,0,(nstrips-(uint32)dir->tdir_count)*sizeof(uint64)); ++if( dir->tdir_count ) ++_TIFFmemcpy(resizeddata,data, (uint32)dir->tdir_count * sizeof(uint64)); ++_TIFFmemset(resizeddata+(uint32)dir->tdir_count, 0, (nstrips - (uint32)dir->tdir_count) * sizeof(uint64)); + _TIFFfree(data); + data=resizeddata; + } diff -Nru tiff-4.1.0+git191117/debian/patches/CVE-2022-0562.patch tiff-4.1.0+git191117/debian/patches/CVE-2022-0562.patch --- tiff-4.1.0+git191117/debian/patches/CVE-2022-0562.patch 1970-01-01 01:00:00.0 +0100 +++ tiff-4.1.0+git191117/debian/patches/CVE-2022-0562.patch 2022-02-27 16:58:38.0 +0100 @@ -0,0 +1,24 @@ +From 561599c99f987dc32ae110370cfdd7df7975586b Mon Sep 17 00:00:00 2001 +From: Even Rouault +Date: Sat, 5 Feb 2022 20:36:41 +0100 +Subject: [PATCH] TIFFReadDirectory(): avoid calling memcpy() with a null + source pointer and size of zero (fixes #362) + +--- + libtiff/tif_dirread.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +Index: tiff-4.1.0+git191117/libtiff/tif_dirread.c +=== +--- tiff-4.1.0+git191117.orig/libtiff/tif_dirread.c 2022-02-22 23:46:41.891555692 +0100 tiff-4.1.0+git191117/libtiff/tif_dirread.c 2022-02-22 23:48:35.983511234 +0100 +@@ -4126,7 +4126,8 @@ + goto bad; + } + +-memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16)); ++if (old_extrasamples > 0) ++
Bug#1016405: marked as done (transition: rocksdb)
Your message dated Sat, 6 Aug 2022 13:03:36 +0200 with message-id and subject line Re: Bug#1016405: transition: rocksdb has caused the Debian Bug report #1016405, regarding transition: rocksdb to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1016405: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016405 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Hi RMs, Small transition of RocksDB from 7.2.2 to 7.3.1 which affects only balboa. I've rebuilt it successfully. Thanks for considering, Laszlo/GCS --- End Message --- --- Begin Message --- On 2022-07-31 12:45:31, Sebastian Ramacher wrote: > On 2022-07-31 08:12:53 +0200, László Böszörményi wrote: > > Package: release.debian.org > > Severity: normal > > User: release.debian@packages.debian.org > > Usertags: transition > > > > Hi RMs, > > > > Small transition of RocksDB from 7.2.2 to 7.3.1 which affects only > > balboa. I've rebuilt it successfully. > > Please go ahead This transition is done. Cheers -- Sebastian Ramacher--- End Message ---
Bug#1016371: marked as done (transition: lerc)
Your message dated Sat, 6 Aug 2022 13:02:10 +0200 with message-id and subject line Re: Bug#1016371: transition: lerc has caused the Debian Bug report #1016371, regarding transition: lerc to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1016371: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016371 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition For the Debian GIS team I'd like to transition to LERC 4.0.0. The only reverse dependency is tiff and it rebuilds successfully with LERC 4.0.0 form experimental. Transition: liblerc3 (3.0+ds-1) -> liblerc4 (4.0.0+ds-1~exp2) The status of the most recent rebuilds is as follows. tiff(4.4.0-3) OK Ben file: title = "lerc"; is_affected = .depends ~ "liblerc3" | .depends ~ "liblerc4"; is_good = .depends ~ "liblerc4"; is_bad = .depends ~ "liblerc3"; --- End Message --- --- Begin Message --- On 2022-07-30 23:21:55, Sebastian Ramacher wrote: > Control: tags -1 confirmed > > On 2022-07-30 15:02:41 +0200, Antonio Valentino wrote: > > Package: release.debian.org > > Severity: normal > > User: release.debian@packages.debian.org > > Usertags: transition > > > > > > For the Debian GIS team I'd like to transition to LERC 4.0.0. > > > > The only reverse dependency is tiff and it rebuilds successfully > > with LERC 4.0.0 form experimental. > > > > Transition: > > > > liblerc3 (3.0+ds-1) -> liblerc4 (4.0.0+ds-1~exp2) > > > > > > The status of the most recent rebuilds is as follows. > > > > tiff(4.4.0-3) OK > > Please go ahead. The old packages got removed from testing. Cheers -- Sebastian Ramacher--- End Message ---
Processed: Re: Bug#1016724: transition: libwebsockets
Processing control commands: > tags -1 confirmed Bug #1016724 [release.debian.org] transition: libwebsockets Added tag(s) confirmed. -- 1016724: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016724 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
