Package: odoo
Version: 14.0.0+dfsg.2-7+deb11u1
Severity: grave
Tags: security
Justification: user security hole
X-Debbugs-Cc: t...@debian.org, Debian Security Team
Hi,
See details of vulnerability at:
https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/
Note
Alexandre,
On 05/06/2024 21:35, Alexandre Rossi wrote:
Now that transmission is back in testing, that's an option.
Will do if I fin sponsorship for this.
I would be happy to sponsor you if you commit to maintaining it
long-term (as per the backports rules)
--
Martina Ferrari
is straightforward (no change) and I publish[1] a built backport
if you want to try.
[1] http://deb.zincube.net/
Thanks,
Alex
--
Martina Ferrari
is that the package fails to build. At most, it would
result
in an improved package, not worse. Or maybe I'm missing anything.
What I described above, but I am really open to suggestions on how to
better handle this.
--
Martina Ferrari
... done.
** does not crash **
Thanks,
Alex
--
Martina Ferrari
to be updated as often as tzdata is. But if you have a
suggestion to make this more automatic, I would love to hear it.. I have
been doing this very repetitive maintenance for years!
--
Martina Ferrari
Package: baresip-gtk
Version: 1.0.0-4+b7
Severity: important
X-Debbugs-Cc: t...@debian.org
Hi,
The baresip-gtk package seems to be completely unusable. There is no menu entry
for it, executing the `baresip` command just starts the CLI, and I cannot load
the gtk module manually either.
$ baresip
Package: borgmatic
Version: 1.7.7-1
Severity: normal
X-Debbugs-Cc: t...@debian.org
Hi,
Today I realised that a borgmatic setup was not performing daily backups,
despite not receiving any errors. Upon inspection, I noticed the
borgmatic.service file has the following option:
kgo-dev so it doesn't have to go through NEW.
--
Martina Ferrari (Tina)
of packaging version 2 of ginko, but it
would have been nice to have some coordination before taking over the
binary and opening an RC bug against this package. Please, let's work
together in the future instead.
--
Martina Ferrari (Tina)
Sorry this took longer than expected. It turns out that the Ubuntu patch
did not work, and it took me a while to find that many of the zone info
symlinks had moved to tzdata-legacy.
I have not just uploaded the fixed package, finally.
On 13/09/2023 18:03, Martina Ferrari wrote:
Hi,
Thanks
ckage was not.
[1]: https://bugs.launchpad.net/ubuntu/+source/tzdata/+bug/2008076
[2]:
https://git.launchpad.net/ubuntu/+source/moment-timezone.js/commit/debian?h=applied/ubuntu/lunar
--
Martina Ferrari (Tina)
Update:
I have just uploaded the package, force-pushed my changes to master, and
submitted the unblock request: #1037049
On 02/06/2023 19:13, Martina Ferrari wrote:
On Sun, 28 May 2023 18:15:14 +0200 gregor herrmann
wrote:
On Sun, 28 May 2023 20:05:09 +0400, Yadd wrote:
> > This
On Sun, 28 May 2023 18:15:14 +0200 gregor herrmann
wrote:
On Sun, 28 May 2023 20:05:09 +0400, Yadd wrote:
> > This looked reasonably easy to fix (cf. attached patch), but the
> > tests fail as follows:
> I fixed it in salsa (needs an update to import 2023 data). I'm waitin
care of this packages (with not enough person power, as
you can see). We would love more help, and if that means transferring to
the python team, I would not be opposed to that.. It just seemed simpler
this way.
--
Martina Ferrari (Tina)
Package: transmission-daemon
Version: 3.00-1
Severity: normal
X-Debbugs-Cc: t...@debian.org
Today I noticed transmission-daemon being down after a reboot, and saw it is
crashing with a malloc error. After some debugging, I found out that this only
happens if I am using the `--portmap` option
attaching the debdiff against 0.5.1-2 here. Do
I need to create a new bug for the release team?
--
Martina Ferrari (Tina)diff -Nru golang-github-prometheus-exporter-toolkit-0.5.1/debian/changelog
golang-github-prometheus-exporter-toolkit-0.5.1/debian/changelog
--- golang-github-prometheus-exporter
/changelog
2022-12-15 22:33:17.0 +
@@ -1,3 +1,10 @@
+golang-github-prometheus-exporter-toolkit (0.5.1-2+deb11u1) bullseye;
urgency=medium
+
+ * Patch tests to avoid race condition. Closes: #1013578.
+Thanks to Santiago Vila for the adjusted patch.
+
+ -- Martina Ferrari Thu
Hi Santiago,
I am sorry I could not look into this before, I have been very busy lately.
On 09/12/2022 00:00, Santiago Vila wrote:
Hi. Could somebody (not necessarily Martina) take care of this?
The proposed debdiff is in the previous message.
I will try this now, I have never done it before
, Martina Ferrari wrote:
On 10/09/2022 16:13, Nilesh Patra wrote:
src:nomad still B-D on consul, although you are right that it is out
of testing, but
IIRC it was in a good shape a while ago(but not now), even made it to
last stable.
So keeping consul _maybe_ useful (dunno for sure)
Also, src:patroni
version of consul that fixes all the
outstanding CVEs, or failing that, to remove consul support from prometheus.
--
Martina Ferrari (Tina)
clone 1015218 -2
retitle 1015218 consul: CVE-2021-37219 CVE-2021-38698
retitle -2 consul: CVE-2022-29153
thanks
I am splitting this bug in two, as the fixes for these CVEs are in
different release trees (1.8 vs 1.9)
--
Martina Ferrari (Tina)
Ugh, I forgot to CC all interested parties, sorry about that.
On 19/08/2022 18:19, Martina Ferrari wrote:
Control: severity -1 important
Hi,
I am also not being able to reproduce this issue, even when setting
GOMAXPROC to 1, and since there has been no more activity I am
downgrading
provide some more
information to reproduce it.
--
Martina Ferrari (Tina)
Package: wnpp
Severity: wishlist
Owner: Martina Ferrari
X-Debbugs-Cc: debian-de...@lists.debian.org
* Package name: sphinxcontrib-mermaid
Version : 0.7.1
Upstream Author : Martín Gaitán
* URL : https://github.com/mgaitan/sphinxcontrib-mermaid/
* License : BSD
, remove it from
Debian.
Thanks.
--
Martina Ferrari (Tina)
Package: pkg-js-tools
Version: 0.14.9
Severity: normal
Tags: patch
Due to a couple of bugs, you currently cannot disable the usage of workspaces
(from lerna.json or packages.json), and if you try to use the nodejs-no-lerna
sequence, the build fails completely.
I have provided a patch in
Package: pkg-js-tools
Version: 0.14.9
Severity: normal
Despite what the documentation says, placing an empty debian/nodejs/main file
does not properly work. There are many parts of the code that still try to use
the main package, and the ${nodejs:Provides} substvar contains an invalid
"node-"
It looks like the tests also failed in testing with chromium v98
(https://ci.debian.net/data/autopkgtest/testing/amd64/n/node-puppeteer/20151806/log.gz),
which did actually allow chromium v99 to migrate to testing, so you can
ignore that part of this bug report.
--
Martina Ferrari (Tina)
the code is to the version of the
protocol. Keeping them separate will mean endless trouble, forcing both
packages to always be updated in step, and if anybody ever updates the
devtools package separately it most surely will break puppeteer.
--
Martina Ferrari (Tina)
nt. That man page is generated from the sphinx
documentation. It was originally in the doc package, but I thought it
made more sense in the main package. Will do the rename as you suggest,
I think section 3 is the right place.
Thanks again.
--
Martina Ferrari (Tina)
between the packages.
cheers,
Andreas
--
Martina Ferrari (Tina)
these kind of hangs any more lately. If you still have
the programs you were using, could you check if this still happens?
Thanks.
--
Martina Ferrari (Tina)
+dfsg
moment-timezone.js full version (U+dfsg1-D+TZVER): 0.5.32+dfsg-1+2021a
I am now uploading a new revision that fixes this.
--
Martina Ferrari (Tina)
One more thing: I see the salsa repos do not have the upstream sources..
Is there a reason for that? What commands/tools do you use to get the
source and build the pacakge?
On 04/01/2022 17:10, Martina Ferrari wrote:
Hi,
On 03/01/2022 08:13, Andrius Merkys wrote:
I have revisited
* will fix that! Firefox support seems to still be
experimental, and in any case, the puppeteer package will not care no?
--
Martina Ferrari (Tina)
Somehow I had missed this bug report. I will prepare a new upload ASAP.
--
Martina Ferrari (Tina)
are
not currently working on it..
Thanks.
--
Martina Ferrari (Tina)
Hi,
On 09/11/2021 12:50, Christoph Berg wrote:
Re: Martina Ferrari
The GH issue you linked seems to be fixed upstream already with this patch:
https://github.com/prometheus/prometheus/pull/8538/files
Is anyone working on getting this uploaded? prometheus just got
removed from testing.
Yes
Source: sphinxcontrib-httpdomain
Version: 1.7.0-1
Severity: grave
Justification: renders package unusable
Last year, in commit e0233aea I backported a fix to a bug in the plugin setup()
function. More recently, in commit 61f14798, the patch was refreshed
incorrectly leading to a duplicated call
://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/prometheus.html
https://ci.debian.net/data/autopkgtest/unstable/amd64/p/prometheus/15535224/log.gz
--
Martina Ferrari (Tina)
prepared an NMU for prometheus-node-exporter (versioned as 1.1.2+ds-2.1)
and uploaded it to DELAYED/2. Please feel free to tell me if I should
cancel it.
cu
Adrian
--
Martina Ferrari (Tina)
7f0d9ba6d.
In a nutshell: we never released this code :)
--
Martina Ferrari (Tina)
all my packages merged under one identity.
Let me know if I can assist in any way.
Thanks a lot, Martina.
On 03/04/2021 00:45, Raúl Benencia wrote:
On Sat, Jun 20, 2020 at 05:07:43PM +0100, Martina Ferrari wrote:
In the past months, I have been gradually switching all my online identities
Package: wnpp
Severity: wishlist
Owner: Martina Ferrari
X-Debbugs-Cc: debian-de...@lists.debian.org
* Package name: python-rocksdb
Version : 0.8.0~rc3
Upstream Author : Martina Ferrari
* URL : https://github.com/NightTsarina/python-rocksdb
* License : BSD-3
Hi Sergio,
On 17/01/2021 01:06, Sergio Durigan Junior wrote:
Thanks for the bug report, Martina.
Yeah, this is strange. I don't think it should require pip, and after
installing python3-pip here and re-running /usr/bin/pyproject-build I
noticed that it (obviously) invokes pip and downloads
Package: python3-build
Version: 0.1.0-2
Severity: normal
As I was trying out the new PEP-517 build system, I installed python3-build and
tried to run it, only to get this stacktrace:
/tmp/build-env-axtchyw0/bin/python: No module named ensurepip
/tmp/build-env-axtchyw0/bin/python: No module named
Package: wnpp
Severity: wishlist
Owner: Martina Ferrari
* Package name: prometheus-mqtt-exporter
Version : 0.1.4-1
Upstream Author : Christoph Petrausch
* URL : https://github.com/hikhvar/mqtt2prometheus
* License : Expat
Programming Lang: Go
Description
are of this!
--
Martina Ferrari (Tina)
Python2 becomes end-of-live upstream, and Debian aims to remove
>>> Python2 from the distribution, as discussed in
>>> https://lists.debian.org/debian-python/2019/07/msg00080.html
>>
>> Hi Martina,
>> given that you're also the upstream of python-nem
Package: wnpp
Severity: wishlist
Owner: Martina Ferrari
* Package name: golang-github-thedevsaddam-gojsonq
Version : 2.5.2-1
Upstream Author : Saddam H
* URL : https://github.com/thedevsaddam/gojsonq
* License : Expat
Programming Lang: Go
Description
Package: amavisd-new
Version: 1:2.11.0-6.1
Severity: important
Hi,
As part of a new server setup, I have installed amavisd-new. Since it is
running in a different host than the MX, I have set up TLS between every part
of the system, but amavis fails to connect back to the MX, with the following
really don't know what
are the plans upstream, or whether this did more than changing the
import path, but I think it would be good to upload some fix to the
current situation.. In general, I think we should adopt a team policy
regarding API breakages, similar to SONAME handling.
--
Martina Ferrari (Tina)
log
>
> A list of current common problems and possible solutions is available at
> http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!
>
> About the archive rebuild: The rebuild was done on EC2 VM instances from
> Amazon Web Services, using a clean, minimal and up-to-date chroot. Every
> failed build was retried once to eliminate random failures.
>
--
Martina Ferrari (Tina)
Package: wnpp
Severity: wishlist
Owner: Martina Ferrari
X-Debbugs-Cc: debian-de...@lists.debian.org, team+pkg...@tracker.debian.org
* Package name: prometheus-logstash-exporter
Version : 0.6.2
Upstream Author : Alexey Remizov
* URL : https://gitlab.com/alxrem
o I tested this, with the version of Firefox I had installed (76), and
it still did not work. But after upgrading Firefox to current sid, it
works again.
--
Martina Ferrari (Tina)
Package: fusiondirectory
Version: 1.3-3
Severity: grave
Tags: security
Justification: user security hole
As reported in
https://github.com/fusiondirectory/fusiondirectory-plugins/issues/25
fusiondirectory stores the passwords for the Dovecot and Cyrus master
accounts in LDAP in cleartext, on
Package: qa.debian.org
Severity: normal
Hi,
In the past months, I have been gradually switching all my online identities to
my new name (Martina) and uid/nick (Tina). I have changed emails, GPG keys, and
finally my Debian LDAP uid.
Most Debian services picked up the change, but DDPO still shows
Hi,
I was just trying this extension after moving from firefox-esr to
firefox/sid, and noticed it did not work.
But if I install the latest version from
https://addons.mozilla.org/en-US/firefox/addon/tree-style-tab/ it works
again, so packaging a new version should fix this.
--
Martina Ferrari
label so it looks like it is an exporter running in the
same port as an apache vhost or postfix.
--
Martina Ferrari (Tina)
Package: wnpp
Severity: wishlist
Owner: Martina Ferrari
* Package name: golang-github-mdlayher-raw
Version : 0.0~git20191009.50f2db8-1
Upstream Author : Matt Layher
* URL : https://github.com/mdlayher/raw
* License : Expat
Programming Lang: Go
Description
Package: wnpp
Severity: wishlist
Owner: Martina Ferrari
* Package name: golang-github-mdlayher-ethernet
Version : 0.0~git20190606.0394541-1
Upstream Author : Matt Layher
* URL : https://github.com/mdlayher/ethernet
* License : Expat
Programming Lang: Go
Package: wnpp
Severity: wishlist
Owner: Martina Ferrari
* Package name: prometheus-homeplug-exporter
Version : 0.1.0+2
Upstream Author : Brandon Davidson
* URL : https://github.com/brandond/homeplug_exporter
* License : Expat
Programming Lang: Go
Merge request created at
https://salsa.debian.org/openstack-team/third-party/sphinxcontrib-httpdomain/-/merge_requests/1
On 18/04/2020 01:29, Martina Ferrari wrote:
> Source: sphinxcontrib-httpdomain
> Version: 1.5.0-1
> Severity: grave
> Tags: patch
> Justification: renders p
Source: sphinxcontrib-httpdomain
Version: 1.5.0-1
Severity: grave
Tags: patch
Justification: renders package unusable
I have been unable to use this package for a few months, but could not find
what I was doing wrong, and assumed that such a basic problem would be
affecting other users, but there
Package: autopostgresqlbackup
Version: 1.1-1
Severity: critical
Tags: upstream
Justification: causes serious data loss
Due to a human error, today I had to resort to backups to recover data from a
PostgreSQL database. In the worst possible moment, I realised that ALL of the
backups we had of this
Package: ftp.debian.org
Severity: normal
Upstream decided to merge the tsdb repository and go package into the main
prometheus repo, and so this package is obsolete now.
It has no reverse dependencies in sid and bullseye, although it would be needed
for buster updates or stretch-bpo if an update
Hi!
On 05/02/2020 20:44, Antoine Beaupre wrote:
> We recently introduced a new feature where the systemd unit file is
> hardened. I think it would be a great addition to the Debian package
> as well, considering that it seems to work for us. Here's the magic
> incantation that was added:
Thanks
ke, and I quickly corrected it by uploading the
missing package to stretch-backports, but it is still waiting in the NEW
queue: https://ftp-master.debian.org/backports-new.html
Hopefully, it will be accepted in a few days, and this will be solved.
--
Martina Ferrari (Tina, the artist formerly known as Tincho)
On 31/10/2019 12:54, Martina Ferrari wrote:
> Unless there is something broken, you should have gotten a notice while
> upgrading that informs you of the breaking changes. Also, did it remove
> you data or just ignored it?
Plus, you should have gotten a debconf dialog e
separate Prometheus 1.x instance on that data
directory. (This package makes no provision to allow this.)
--
Martina Ferrari (Tina, the artist formerly known as Tincho)
Popcon 11.
>
It is not my package (although I did contribute a couple of commits, and
I am interested in having this package in debian), but I don't see this
being a request of maintainer, nor it seems they have been copied. Did
you talk to them before getting the package removed?
--
Mar
Hi,
Sorry for the silence, I had missed this bug completely. I will work on
fixing this, meanwhile, I hope this email delays the AUTORM for a few
days...
--
Martina Ferrari (Tina, the artist formerly known as Tincho)
Sorry there was a mistake with the version:it must be:
Debian GNU/Linux 9.0.0 "Stretch" - Official i386 NETINST 20170617-14:23
On Wed, 21 Jun 2017 12:38:36 +0200 "wunc...@safe-mail.net"
wrote:
1. I have the same bug in a new install of stretch from 20.06.2017.
The same for me. I can search videos but when I want to open it from the
thumbnail, it fails.
Opening a video from URL works fine. I have the RTSP plugin for GStreamer
0.10.0 installed.
totem --debug
(totem:10443): GLib-GObject-CRITICAL **: Read/writable property 'object' on
class
My version of totem is 3.0.1
--
Martina
Ab fuenfhundert die Woche zu kriegen!!!
[EMAIL PROTECTED]
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Aquire Presrciptions and Medictaions right now!
http://www.approximablebarlow.toporaig.com
but alleviatebackplate
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Purchase Prescriptinos and Medicatoins while you still can!
www.adventurousairfoil.albeit%2elagtiu.com
the asceticismavocation
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Janina
Once again the strong winner hits!
Our first and very promising pick of 08
To watch Tuesday, the 11th of March 2008
Analysis of OrderPro Logistics:
Sym: OPLO
At: 0.006 (Upwards trend, a perfect time to get in)
5day Est: 0.02
In recent Headlines: OrderPro Logistics Announces Warehouse
Be leaner and slimmer by next week http://www.Kiverlatios.com
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Getting thinner can be enjoyable http://www.veriguato.com
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Jamietramadolmedicine http://www.asoriade.com
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
PhallusPlumpingSamuel http://www.nuriagot.com
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Microsoft Windows Vista Ultimate new features:
• Mobility-based operating system meets all your computing needs whether you're
working from home, working on the road, or searching for entertainment options
• Combines all the features of a business-focused operating system, all the
efficiency
{Let:HI,Hi,Hello,hEllo,heLlo,helLo,hellO,HEllo} how are you
It - the good letter to you for the first time.
I am so successful, and I am do not know how to begin it, to write about me
directly, but to allow me to try; I live in Russia, I am very fair, the care,
trust and all qualities that to
Hello jobseeker,
We are present new job.
We are glad to invite you to our company.
Good salary.
Availible Vacancy - Financial customer
Please send you resume on this email: [EMAIL PROTECTED] for more info!
Important: your Job Verification Number is: 681738560
Best regards,
Brian Burns
General
Zerix Intern.Transver
Manager: Maksim Kovalski
109153 Moskau
leningradskiy 337/2
Tel +7 984-641-1756
Arbeiten Sie endlich für sich selbst!
Sie wollen sich beruflich verändern ?
Sie kommen in ihrem job nicht wie gewünscht voran und wollen eine
neuen karriere-kurs einschlagen? Dann sollten wir
Once you start taking WonderCum, you will notice your sperm, stamina, and
pleasure increasing within the first week.
http://emagx.net
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Ich bin derzeit nicht erreichbar. Bitte wenden Sie sich an Frau Goronzi, Tel.
05341/839-3523 oder an Willi Hilken Tel. 05341/839-3242. Ihre Mail wird nicht
weitergeleitet.
Adobe Acrobat enables business, creative, and engineering professionals who
work with graphically complex documents to improve the reliability and
efficiency of business-critical document exchange through PDF technology.
Adobe Acrobat 8.0 Professional has the following features in addition to
decomposable
http://mzubykqxziuli.ghjwatch.com/b3
Martina
Looking for popular sfotware, but tight on budget?
We are selilng world bestseslers at the chaepest prcices around! Why so csheap? We don't sel'll
progrmas in a fancy box, with printed documentation, etc., meaning we do not shell out on CD manufacturing.
The sosft is only what you get -
://implausible.epicoff3rs.com/?wid=100069 to
obtain your item in the quickest possible manner.
Thank you for your time and we look forward to assisting you.
Sincerely,
Martina Kaiser
extendible kkd dogbane wmu deprave yn bondsmen bb siesta yoa mcclure ilf
circumcise gig bourgeoisie ms periscope vj
94 matches
Mail list logo