On Mon, Jun 11, 2018 at 10:04:29PM +0100, Adam D. Barratt wrote:
> Unfortunately not quite yet, as none of the builds made it to
> oldstable-new. It looks like this is due to:
>
> Version check failed:
> Your upload included the binary package openjdk-7-jre-zero, version
> 7u181-2.6.14-1~deb8u1, f
On Sun, Jun 10, 2018 at 02:59:49PM -0400, Hugo Lefeuvre wrote:
>
> lame 3.99.5+repack1-7+deb8u1 is affected by several vulnerabilities in
> the code used to read the input file. These issues are not present in
> any Debian release after Jessie because the package switched to
> libsndfile to read a
Hi Adam,
Following up on some issues:
On Sun, Jun 10, 2018 at 07:35:16PM +0100, Adam D. Barratt wrote:
> Is it worth retrying any of these?
>
> * graphicsmagick 1.3.20-3+deb8u2 (powerpc)
Tried a giveback, but it's a persistent test suite which breaks
the build. Not sure.
> * mariadb-10.0 10.0.
Jonathan Wiltshire schrieb:
> Hi,
>
> You uploaded goldencheetah 4.0.0~DEV1607-2+deb9u1 to proposed-updates but
> with a target suite of stretch-security. Was that meant to go to the
> security archive?
This was released via the security update, it was part of the compat
changes listed in DSA-420
On Mon, May 14, 2018 at 06:26:08PM +0100, Jonathan Wiltshire wrote:
> Hi,
>
> According to my records main security support for Jessie can end any time
> after 17th June.
>
> So to the security team: do you have a date in mind?
The 17th :-)
Cheers,
Moritz
On Tue, Feb 20, 2018 at 01:56:12PM -0600, Benjamin Kaduk wrote:
> On Tue, Feb 20, 2018 at 08:51:16PM +0100, Salvatore Bonaccorso wrote:
> > Hi Thorsten,
> >
> > On Tue, Feb 20, 2018 at 02:45:48PM +0100, Thorsten Alteholz wrote:
> > > Hi everybody,
> > >
> > > the latest security update of the ker
On Mon, Dec 25, 2017 at 09:26:58PM +0100, Ludovico Cavedon wrote:
> - #866721 and #866719, which are securirity-related issues. Do you want
> me to reach out to the security team about these first?
Those are marked no-dsa for quite a while, so not needed.
Cheers,
Moritz
Emilio Pozuelo Monfort schrieb:
> DSA shut down the kfreebsd buildds.
Is that a temporary measure or permanently due to the state of
the port?
(Just wondering since there's unofficial security builds
for kfreebsd-* despite not being a release arch; if that also affects
those efforts, we should m
On Sun, Nov 26, 2017 at 01:52:04PM +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Fri, 2017-11-24 at 23:18 +0100, Moritz Muehlenhoff wrote:
> > I'd like to add a fix for a minor security issue in Python 2.7 to the
> > as a followup update to what's already in spu. debdiff is b
Sebastian Andrzej Siewior schrieb:
> I did a grep and it seems that all affected users are blocked by
> #858398 except for hhvm.
I have patches to switch HHVM to openssl 1.1, only need to find some time
to prepare an upload.
Cheers,
Moritz
On Thu, Aug 24, 2017 at 05:23:53PM +0200, Bastien ROUCARIÈS wrote:
> Package: release.debian.org
> Severity: wishlist
>
> Hi,
>
> I plan to release imagemagick 7 before next stable version. And I want to
> coexist imagemagick6 and imagemagick7.
Why? That means twice the security updates (which
On Sun, Jul 23, 2017 at 12:20:25PM +0200, Mateusz Łukasik wrote:
> Package: release.debian.org
> Severity: normal
> Tags: stretch
> User: release.debian@packages.debian.org
> Usertags: pu
>
> Dear SRMs,
>
> I would like to update smplayer in Stretch to fix #869411, it was already
> fixed in u
On Fri, Jul 21, 2017 at 09:51:45AM -0400, Antoine Beaupré wrote:
> On 2017-07-20 18:15:00, Philipp Kern wrote:
> > On 07/17/2017 09:41 PM, Antoine Beaupré wrote:
> >> Let's not jump the gun here. We're not shipping NSS in ca-certificates,
> >> just a tiny part of it: one text file, more or less.
>
Salvatore Bonaccorso wrote:
> > Unfortunately, I've had to flag the upload for rejection - it's somehow
> > picked up a new dependency on "libschroedinger-1.0-0 (>= 1.0.0)", but
> > that binary package is not in stretch.
>
> Hmm, could it be the building chroot was unclean (contained jessie
> pack
On Sat, Jul 15, 2017 at 09:19:08PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Sat, 2017-07-15 at 19:12 +0200, Moritz Muehlenhoff wrote:
> > some minor security fixes for libquicktime, identical to what's
> > already in unstable and also tested with reverse deps on stretch.
Adam wrote:
> I'm not entirely sure how you think p-u is better placed to do so, given
> the amount of visible testing packages from it get before a point
> release.
It's not necessarily for the additional testing done on p-u (although
I personally use it like that and probably others well), bu
On Sat, Jan 28, 2017 at 07:37:09PM +0100, Julien Cristau wrote:
> On Sat, Jun 11, 2016 at 20:59:53 +0200, Kurt Roeckx wrote:
>
> > OpenSSL will soon release a new upstream version with a new
> > soname. This new version will break various packages, see:
> > https://lists.debian.org/debian-devel/2
Niels Thykier schrieb:
>> 852603 virglrenderer can-defer virglrenderer:
>> CVE-2016-10163
>> 852604 virglrenderer can-defer virglrenderer:
>> CVE-2017-5580
This hasn't been in a stable release yet and it already orphaned. If noone
picks it up or fixes
On Thu, Jan 05, 2017 at 09:39:16PM +0100, Sebastian Andrzej Siewior wrote:
> On 2016-12-31 17:35:47 [+0100], Julien Cristau wrote:
> > Is this really something we need to be shipping? If yes, I'd personally
> > really like this to get an explicit exemption from normal policy by the
> > security te
On Sun, Aug 28, 2016 at 03:55:24PM +0100, Adam D. Barratt wrote:
> Control: tags -1 +confirmed -moreinfo
>
> [re-ordered]
>
> > Am 2016-07-29 um 14:20 schrieb Julien Cristau:
> > > Control: tag -1 moreinfo
> > >
> > > On Mon, Jul 4, 2016 at 18:22:46 +0200, Simon Kainz wrote:
> [...]
> > >> Paul
>
> The latest security upload of mysql-5.5 breaks akonadi-backend-mysql in
> stable,
> this is due to a change in the compiled-in configuration values that are
> incompatible with the ones shipped in the akonadi backend *.
>
> In the bug #843520 [1] the mysql maintainers requested this to be fi
Niels Thykier schrieb:
> If I am to support powerpc as a realease architecture for Stretch, I
> need to know that there are *active* porters behind it committed to
> keeping it in the working. People who would definitely catch such
> issues long before the release. People who file bugs / submit
Hi Didier,
> Have we removed protocols' support in {old,}stable before?.
We have done that on a case-by-case basis via point updates in the past,
seems also fine here.
Cheers,
Moritz
John Paul Adrian Glaubitz schrieb:
> This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
> --a6PKWkjgHofM7jQeP6IIWOK9h7Ax8iC64
> Content-Type: multipart/mixed; boundary="bwOPGPFUk1EHlmixEJpS4SCMBBipFWjH9";
> protected-headers="v1"
> From: John Paul Adrian Glaubitz
> To: Niels Thykier , de
Matthias Klose wrote:
> Afaiu the security team also doesn't care
> about these ports when they fail to build for security updates.
Indeed. The openjdk updates are already really time-consuming, we can't
afford additional update rounds for exotic archs without official upstream
support.
Cheers,
rfbuzz (0.9.35-2+deb8u1) jessie; urgency=medium
> > +
> > + * Backport upstream commit 613e630617074eb9b62b794cc37c9b42a7fb079b to
> > address
> > +CVE-2016-2052
> > +
> > + -- Moritz Mühlenhoff Mon, 30 May 2016 23:49:46 +0200
> > +
> > harfbu
Aurelien Jarno schrieb:
> On 2016-08-14 16:00, Salvatore Bonaccorso wrote:
>> Package: release.debian.org
>> Severity: normal
>> Tags: jessie
>> User: release.debian@packages.debian.org
>> Usertags: pu
>>
>> Dear SRM
>>
>> I would like to propose the following hardening to src:gnupg2 which w
On Tue, Jul 12, 2016 at 09:55:23PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Thu, 2016-06-30 at 22:17 +0200, Moritz Muehlenhoff wrote:
> > +python2.7 (2.7.9-2+deb8u1) jessie; urgency=medium
> > +
> > + * Backport upstream commit b3ce713fb9beebfff9848cefa0acbd59acc68fe9
>
On Tue, Jul 12, 2016 at 09:56:12PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Thu, 2016-06-30 at 22:19 +0200, Moritz Muehlenhoff wrote:
> > +harfbuzz (0.9.35-2+deb8u1) jessie; urgency=medium
> > +
> > + * Backport upstream commit 613e630617074eb9b62b794cc37c9b42a7fb079b t
On Sat, May 28, 2016 at 08:32:04PM +0200, Salvatore Bonaccorso wrote:
> Hi all,
>
> On Sat, Nov 01, 2014 at 08:50:05PM +0100, Moritz Mühlenhoff wrote:
> > On Sat, Nov 01, 2014 at 02:30:02PM -0400, Michael Gilbert wrote:
> > > On Sat, Nov 1, 2014 at 11:46 AM, Sa
On Tue, May 24, 2016 at 09:34:49PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Thu, 2016-03-17 at 23:06 +0100, Moritz Muehlenhoff wrote:
> > I'd like to update icedtea-web in jessie to 1.5.3 in the next
> > jessie point release. This fixes two security issues (CVE-2015-5234
On Mon, May 23, 2016 at 09:48:30PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + moreinfo jessie
>
> On Mon, 2016-05-23 at 22:33 +0200, Moritz Muehlenhoff wrote:
> > please remove mediawiki in the upcoming jessie point release. Security
> > support for it was limited for a year as mentioned i
On Thu, Mar 17, 2016 at 11:06:05PM +0100, Moritz Muehlenhoff wrote:
> Package: release.debian.org
> Severity: normal
> Tags: jessie
> User: release.debian@packages.debian.org
> Usertags: pu
>
> Hi,
> I'd like to update icedtea-web in jessie to 1.5.3 in the next
> jessie point release. This fix
On Mon, Apr 25, 2016 at 07:16:02PM +0200, Pino Toscano wrote:
> Package: release.debian.org
> Severity: normal
> Tags: jessie
> User: release.debian@packages.debian.org
> Usertags: pu
>
> Hi,
>
> simple jessie-pu for poppler, just fixed in unstable, which fixes
> CVE-2015-8868; attached debdi
On Tue, Mar 29, 2016 at 11:23:30PM +0200, Markus Koschany wrote:
> Am 29.03.2016 um 23:01 schrieb Moritz Mühlenhoff:
> > On Tue, Mar 29, 2016 at 10:03:56PM +0200, Markus Koschany wrote:
> >> The Security Team decided to mark the issues in Jessie as no-dsa because
> >> w
On Tue, Mar 29, 2016 at 10:03:56PM +0200, Markus Koschany wrote:
> The Security Team decided to mark the issues in Jessie as no-dsa because
> we only ship the servlet API and documentation in this release which
> can't be affected by security vulnerabilities at all. I wouldn't mind
> uploading the
On Thu, Mar 24, 2016 at 06:35:55AM +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Wed, 2016-03-23 at 23:12 +0100, Moritz Mühlenhoff wrote:
> [...]
> > > > > On Fri, 2016-03-18 at 19:33 +0100, Moritz Muehlenhoff wrote:
> > > > > > I
On Wed, Mar 23, 2016 at 10:11:32PM +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Wed, 2016-03-23 at 22:56 +0100, Moritz Muehlenhoff wrote:
> > Another update for no-dsa security issues, this time in libsndfile.
> > The patches have been used in unstable for over four months,
tags 818615 -moreinfo
thanks
On Tue, Mar 22, 2016 at 07:56:40PM +, Adam D. Barratt wrote:
> On Fri, 2016-03-18 at 20:58 +0100, Salvatore Bonaccorso wrote:
> > HI Adam,
> >
> > Not Moritz here but can answer the question as well:
> >
> > On Fri, Mar 18, 2016 at 07:22:34PM +, Adam D. Barra
On Sun, Mar 20, 2016 at 06:43:48PM +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Sun, 2016-03-20 at 19:33 +0100, Moritz Muehlenhoff wrote:
> > +cairo (1.14.0-2.1+deb8u1) jessie; urgency=medium
> > +
> > + * Fix CVE-2016-3190
>
> I'd prefer a slightly more detailed changelog
On Mon, Mar 14, 2016 at 11:00:12AM +0100, Ondřej Surý wrote:
> Package: release.debian.org
> Severity: normal
> Tags: jessie
> User: release.debian@packages.debian.org
> Usertags: pu
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Hi,
>
> security team still seems to be heavily ove
On Sun, Feb 28, 2016 at 07:42:46PM +0100, Salvatore Bonaccorso wrote:
> Hi Markus,
>
> Just one note:
>
> On Sun, Feb 28, 2016 at 06:22:08PM +0100, Markus Frosch wrote:
> > +php-dompdf (0.6.1+dfsg-2+deb8u1) UNRELEASED; urgency=medium
> > +
> > + * Non-maintainer upload.
> > + * [22610bd] Add 0.
On Wed, Mar 02, 2016 at 09:01:34PM +0100, Yves-Alexis Perez wrote:
> On mer., 2016-03-02 at 20:06 +0100, Moritz Muehlenhoff wrote:
> > Before considering that, did anyone approch grsecurity whether we can get
> > access to the grsecurity stable patches? We would most definitely have
> > Debian
> >
Hi,
see 812630/816228 (also discussed with Roland): Security team would to drop
jasper from stretch
(and eventually from the archive). Some high-profile users like gdk-pixbuf
already had it
dropped some time ago.
Ok with the release team? Could you please setup a removal/transition tracker
for
On Mon, Feb 22, 2016 at 06:42:20PM +0100, Guido Günther wrote:
> Hi Adam,
> On Sat, Feb 20, 2016 at 02:27:27PM +, Adam D. Barratt wrote:
> > [apologies to anyone who's ended up with three copies of this; the
> > original got eaten due to a misconfiguration on my side - please only
> > reply to
On Thu, Jan 28, 2016 at 08:15:30PM +, Ben Hutchings wrote:
> On Thu, 2016-01-28 at 20:01 +0100, Moritz Mühlenhoff wrote:
> > Ben Hutchings wrote:
> > > For stretch, I would very much like to choose a kernel version for
> > > stretch that gets longterm maintenance
On Fri, Jan 15, 2016 at 04:09:58PM +0100, Norvald H. Ryeng wrote:
> so I'll need the complete list of
> requirements first. The Debian MySQL team has asked for a list, in
> writing, several times now, but that list has not been produced.
Here's what it essentially boils down to:
- Public, non-dis
On Mon, Jan 11, 2016 at 08:14:06PM +, Robie Basak wrote:
> On Mon, Jan 11, 2016 at 07:27:30PM +0100, Moritz Mühlenhoff wrote:
> > *Sigh*. And that is exactly the problem (and we've already pointed this
> > out at DebConf half a year ago)
> >
> > We should reall
On Mon, Jan 11, 2016 at 02:13:40PM +0100, Norvald H. Ryeng wrote:
> On Mon, 11 Jan 2016 13:59:07 +0100, Otto Kekäläinen wrote:
>
> >2016-01-11 13:54 GMT+02:00 Norvald H. Ryeng :
> >>On Mon, 28 Dec 2015 13:28:18 +0100, Otto Kekäläinen
> >>wrote:
> >>
> >>>Hello!
> >>>
> >>>2015-12-23 16:39 GMT+02
Hi,
Personally I'm in favour of following the openssl point updates and I'd
like to add an additional data point to the discussion:
CVE-2015-3196 was already fixed as a plain bugfix in an earlier point
release, but the security impact was only noticed later on, so following
the point updates would
On Thu, Oct 29, 2015 at 08:48:27AM +, Julien Cristau wrote:
> On Wed, Oct 28, 2015 at 23:06:07 +0100, Moritz Muehlenhoff wrote:
>
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian@packages.debian.org
> > Usertags: rm
> >
> > Hi,
> > please remove mopidy as part
On Thu, Oct 29, 2015 at 07:52:23PM +, luca wrote:
> Package: release.debian.org
> Severity: normal
> Tags: jessie
> User: release.debian@packages.debian.org
> Usertags: pu
>
> Dear release team,
>
> We would like to update libvdpau in jessie to address a segmentation fault in
> a
> parti
On Tue, Sep 15, 2015 at 09:16:48PM +0100, Adam D. Barratt wrote:
> Control: tags -1 -moreinfo +confirmed
>
> On Fri, 2015-09-11 at 20:24 +0200, Moritz Mühlenhoff wrote:
> > On Fri, Aug 21, 2015 at 03:59:15PM +0100, Adam D. Barratt wrote:
> > > Control: tags -1 + moreinfo
&
On Fri, Aug 21, 2015 at 03:59:15PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + moreinfo
>
> On Fri, 2015-08-21 at 01:35 +0200, Moritz Muehlenhoff wrote:
> > This update fixes four minor security issues which don't warrant
> > a DSA. These have been tested in a production setup and were
> >
On Sat, Aug 29, 2015 at 04:15:55PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Mon, 2015-05-25 at 23:13 +0200, Moritz Muehlenhoff wrote:
> > it has been requested multiple times to also provide
> > debian-security-support for wheezy.
> >
> > All the data relevant for wheez
On Fri, Aug 21, 2015 at 03:59:15PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + moreinfo
>
> On Fri, 2015-08-21 at 01:35 +0200, Moritz Muehlenhoff wrote:
> > This update fixes four minor security issues which don't warrant
> > a DSA. These have been tested in a production setup and were
> >
Clint Byrum schrieb:
> I'd be interested to hear the security team's impressions on how shipping
> micro releases of MySQL has gone for them.
We're planning to discuss that at DebConf (and will also include the
release team).
> Sure they have a _ridiculous_ policy about not telling us what
> the
On Wed, Apr 29, 2015 at 08:33:07PM +0200, Andreas Cadhalpun wrote:
> > Having both for a year along each other will only waste people's time. Now
> > at the beginning of the release cycle is the time to make a decision,
> > not by dragging things into a year as of today. Picking one of the two
> >
Andreas Cadhalpun wrote:
> But having mysql-5.5 and mariadb-10.0 in jessie is apparently no
> problem, despite previous claims. What's the difference?
To properly migrate over a daemon they need to co-exist for a stable
release, while a lib does not. Stretch will only have one of them.
> How do
On Sun, Apr 26, 2015 at 11:57:43AM +0100, Jonathan Wiltshire wrote:
> On Fri, Apr 17, 2015 at 05:21:05PM +0200, Moritz Muehlenhoff wrote:
> > Please unblock package chromium-browser. It fixes multiple
> > security issues (and would also need some aging at this
> > point)
>
> Should this be progres
tOn Thu, Apr 23, 2015 at 10:03:02PM +0100, Jonathan Wiltshire wrote:
> Control: tag -1 moreinfo
>
> On Fri, Apr 17, 2015 at 05:23:39PM +0200, Moritz Muehlenhoff wrote:
> > Please unblock package openjdk-7. It fixes multiple security
> > issues. ATM the build failed on mips (that was sorted
> > out
On Thu, Apr 16, 2015 at 04:02:23PM +0200, Raphael Hertzog wrote:
> Yes there are packages which are unsupported in Squeeze but very much
> like there are unsupported packages in Wheezy right now:
Also, all other distros with long support have some level of reduced
support over time, see for exampl
On Wed, Mar 04, 2015 at 09:46:20AM +0100, Ivo De Decker wrote:
> Hi,
>
> On Fri, Feb 13, 2015 at 05:52:36PM +0100, Moritz Muehlenhoff wrote:
> > please remove oss4 from jessie. There's been no maintainer
> > followup since a month (plus no action back then we Ben
> > initially reported it to the m
On Fri, Jan 23, 2015 at 02:26:06PM +0100, Raphael Hertzog wrote:
> On Wed, 21 Jan 2015, Raphael Hertzog wrote:
> > Some notes:
> > - the final upload will include the bug closure of #775375
> > - there's a small tweak of a Suggests dependency, it was not intended for
> > jessie but I don't see ho
On Tue, Dec 30, 2014 at 12:29:35PM +0100, Matthias Klose wrote:
> forgot to mention that there are no regression in the binutils testsuite on
> all
> release architectures, and that there are no regression in the gcc-4.8 and
> gcc-4.9 testsuites on all release architectures.
Did someone from the
On Wed, Dec 31, 2014 at 04:41:29PM +0100, Kurt Roeckx wrote:
> On Wed, Dec 31, 2014 at 02:00:23PM +, Adam D. Barratt wrote:
> > Control: tags -1 + moreinfo
> >
> > On Wed, 2014-12-31 at 13:52 +0100, Kurt Roeckx wrote:
> > > I would like to disable SSLv3 by default in wheezy.
>
> > Do we know h
On Fri, Nov 21, 2014 at 08:30:37PM +0100, Niels Thykier wrote:
> On 2014-11-21 14:56, Salvatore Bonaccorso wrote:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian@packages.debian.org
> > Usertags: unblock
> >
> > Hi Release Team,
> >
> > Please unblock package dhc
On Sat, Nov 08, 2014 at 03:27:26PM +, Julien Cristau wrote:
> On Sat, Nov 8, 2014 at 10:29:17 +0100, Moritz Mühlenhoff wrote:
>
> > On Sun, Nov 02, 2014 at 11:53:44PM +0100, Moritz Muehlenhoff wrote:
> > > On Sun, Nov 02, 2014 at 06:19:51PM +0100, Julien Cristau wrote:
&
On Sun, Nov 02, 2014 at 11:53:44PM +0100, Moritz Muehlenhoff wrote:
> On Sun, Nov 02, 2014 at 06:19:51PM +0100, Julien Cristau wrote:
> > On Tue, Sep 23, 2014 at 22:36:43 +0200, Moritz Mühlenhoff wrote:
> >
> > Sorry I didn't get to these quickly. Do you have an updat
On Sat, Nov 01, 2014 at 02:30:02PM -0400, Michael Gilbert wrote:
> On Sat, Nov 1, 2014 at 11:46 AM, Salvatore Bonaccorso wrote:
> > Given Dominique's reply on #767411, from my POV I think the best
> > solution would be to remove torque completely for jessie (i.e. first
> > drop support from openmpi
Adam D. Barratt schrieb:
> On 2014-10-01 13:25, Moritz Mühlenhoff wrote:
>> Adam D. Barratt schrieb:
>>>> The alternative is to drop chromium security support for wheezy way
>>>> too soon.
>>>
>>> They're not the only alternatives. Grante
On Wed, Oct 01, 2014 at 04:32:24PM +0200, Andreas Cadhalpun wrote:
> >However, I can understand why one embedded
> >code copy is better than one embedded code copy plus a library in
> >addition to it.
>
> This would be understandable, yes.
>
> There are now two options:
> a) Let FFmpeg migrate to
Adam D. Barratt schrieb:
>> The alternative is to drop chromium security support for wheezy way too soon.
>
> They're not the only alternatives. Granted, they may be the only ones
> which you're willing to support.
What other alternatives do you have in mind?
Cheers,
Moritz
--
To UNSU
On Sun, Sep 28, 2014 at 11:27:03AM +0200, Andreas Cadhalpun wrote:
> So would you please explain why you see a problem?
It has all been written before, I'm not going to repeat
it all over again. We can pick libav _or_ ffmpeg for jessie+1.
EOD for me.
Chromium using a local copy of the lib doesn't
Alessio Treglia schrieb:
> On Fri, Sep 26, 2014 at 10:28 PM, Andreas Barth wrote:
>> That sounds like we should drop libav and release with ffmpeg. Is this
>> also the opinion of the libav maintainers? Or is there a strong reason
>> why this is not possible?
>
> Although no consensus has been rea
On Sat, Sep 20, 2014 at 04:04:11PM +0300, Otto Kekäläinen wrote:
> Hello!
>
> 2014-09-17 22:57 GMT+03:00 Moritz Mühlenhoff :
> > Has there been any progress? The freeze is coming closer.
>
> Both MySQL 5.6 and MariaDB 10.0 are still only in experimental. The
> 5.5 ver
On Sat, Sep 20, 2014 at 02:18:34PM +0200, Julien Cristau wrote:
> On Sat, Sep 20, 2014 at 12:53:54 +0200, Moritz Muehlenhoff wrote:
>
> > On Sat, Sep 20, 2014 at 10:45:00AM +0200, Julien Cristau wrote:
> > > On Wed, Sep 17, 2014 at 22:29:10 +0200, Moritz Muehlenhoff wrote:
> > >
> > > > Hi releas
On Wed, Aug 27, 2014 at 12:55:15PM +0200, Bjoern Boschman wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> moin,
>
> to sum things up:
>
> * mariadb-5.5 within testing
> * mariadb-10.0 within experimental
> * mysql-5.5 within testing
> * mysql-5.6 within experimental
> * percona-xtra
On Wed, Aug 20, 2014 at 12:07:03PM +0200, Ondřej Surý wrote:
> On Wed, Aug 20, 2014, at 11:53, Moritz Mühlenhoff wrote:
> > On Thu, Aug 07, 2014 at 11:37:30AM +0200, Ondřej Surý wrote:
> > > Package: release.debian.org
> > > Severity: normal
> > > Tag
On Thu, Aug 07, 2014 at 11:37:30AM +0200, Ondřej Surý wrote:
> Package: release.debian.org
> Severity: normal
> Tags: wheezy
> User: release.debian@packages.debian.org
> Usertags: pu
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Dear release team,
>
> as discussed on #debian-rele
Niels Thykier schrieb:
This in fact requires a bit more time, see below:
> Checking reverse dependencies...
> # Broken Depends:
> devil: libdevil1c2
I've reopened the bug, a resolution is pending.
> foo2zjs: printer-driver-foo2zjs
This is #757384
> gimp: gimp
I've reopened the bug and bumpe
> Hi all,
>
> I've just noticed the last message on #724181, and I am sorry about
> the late reply.
>
> On Wed, Jun 18, 2014 at 1:25 PM, Moritz Mühlenhoff
>
> wrote:
> > Hi,
> > attached debdiff fixes a FTBFS of cmus in stable.
>
> Should I wait
-06-26 10:39:31.0 +0200
+++ xmms2-0.8+dfsg/debian/changelog 2014-06-18 14:38:41.0 +0200
@@ -1,3 +1,9 @@
+xmms2 (0.8+dfsg-4+deb7u1) stable; urgency=low
+
+ * Fix FTBFS related to the libmodplug upgrade in DSA 2751 (Closes: #7244871)
+
+ -- Moritz Mühlenhoff Wed, 18 Jun 2014 14:37:57
6-02 20:08:09.0 +0200
+++ cmus-2.4.3/debian/changelog 2014-06-18 14:18:17.0 +0200
@@ -1,3 +1,10 @@
+cmus (2.4.3-2+deb7u1) wheezy; urgency=low
+
+ * Fix FTBFS related to the libmodplug upgrade in DSA 2751, patch as used in
+2.5.0-4 (Closes: #724181)
+
+ -- Moritz Mühlenhoff Wed, 18 J
Peter Palfrader schrieb:
> Hi!
>
> On Wed, 11 Jun 2014, Adam D. Barratt wrote:
>
>> The next point release for "wheezy" (7.6) is scheduled for Saturday,
>> July 12th. Stable NEW will be frozen during the preceding weekend.
>
> I propose to update Tor in stable to the version that is now in jessie
> Control: tags -1 + confirmed
>
> On Tue, 2014-04-15 at 14:51 +0200, Moritz Mühlenhoff wrote:
> > Attached debdiff fixes a FTBFS of gst-plugins-bad0.10 in stable (caused
> > by the libmodplug update in DSA 2751)
>
> Please go ahead.
Uploaded.
Cheers,
Moritz
--
Mo
7.1+deb7u1) stable; urgency=low
+
+ * Fix FTBFS related to the libmodplug upgrade in DSA 2751 (Closes: #726871)
+
+ -- Moritz Mühlenhoff Mon, 07 Apr 2014 15:56:32 +0200
+
gst-plugins-bad0.10 (0.10.23-7.1) unstable; urgency=low
* Non-maintainer upload.
diff -Nru gst-plugins-bad0.10-0.10
Moritz Mühlenhoff schrieb:
>> Thus we either have to assume that most users have already upgraded to
>> 24 from security and that the extension packages are most likely not
>> used on the missing architectures (ia64 and mips*),
>
> If there's no reaction soon I
On Thu, Mar 27, 2014 at 10:05:09PM +0100, Mehdi Dogguy wrote:
> Le 2014-03-27 20:08, Niels Thykier a écrit :
> >
> >I noticed that the fix for gtkmathview is sadly incomplete (see
> >#638761). AFAICT lablgtkmathview does not have an (open) RC bug for
> >this problem. I hace CC'ed the OCAML mainta
Adam D. Barratt schrieb:
> Control: tags -1 + moreinfo
>
> Apologies for the delays in getting back to this.
>
> On Sat, 2014-02-15 at 17:53 +0100, Sébastien Villemot wrote:
>> The version of sage-extension currently in wheezy does not work against
>> iceweasel 24 (in stable-security), see #738678
> Control: tags -1 + confirmed
>
> On Wed, 2014-03-26 at 15:05 +0100, Moritz Mühlenhoff wrote:
> > gorm.app FTBFSes in stable. The attached debdiff fixes the build using
> > the same patch already used in the NMU for unstable.
>
> Please go ahead; thanks.
Uploaded.
gorm.app-1.2.16/debian/changelog
--- gorm.app-1.2.16/debian/changelog
+++ gorm.app-1.2.16/debian/changelog
@@ -1,3 +1,10 @@
+gorm.app (1.2.16-1+deb7u1) stable; urgency=low
+
+ * Fix FTBFS using the same patch already used in the 1.2.16-1.1 NMU by
+Gregor Herrmann (Closes: #707393)
+
+ -- Moritz
gency=low
+
+ * Fix FTBFS issue due to json's switch from boolean to json_bool (Closes: #689225)
+
+ -- Moritz Mühlenhoff Thu, 27 Feb 2014 14:42:50 +0100
+
newsbeuter (2.5-2) unstable; urgency=low
* Fix build errors with gcc-4.7 (Closes: #667296).
diff -Nru newsbeuter-2.5/debi
On Sat, Feb 15, 2014 at 08:57:47PM +0100, Julien Cristau wrote:
> On Sat, Feb 15, 2014 at 19:37:54 +0100, Sebastian Ramacher wrote:
>
> > Hi Reinhard
> >
> > On 2014-02-15 17:42:41, Reinhard Tartler wrote:
> > > Unfortunately, this new release does break a number of packages in the
> > > debian a
On Tue, Feb 18, 2014 at 08:16:05PM +0100, Sebastian Ramacher wrote:
> (Putting the bug back into the loop.)
>
> On 2014-02-16 21:47:25, Moritz Mühlenhoff wrote:
> > On Sun, Feb 16, 2014 at 03:44:01PM -0500, Reinhard Tartler wrote:
> > > On Sun, Feb 16, 2014 at 11:
On Sun, Feb 16, 2014 at 03:44:01PM -0500, Reinhard Tartler wrote:
> On Sun, Feb 16, 2014 at 11:22 AM, Moritz Mühlenhoff wrote:
> > Reinhard Tartler schrieb:
> >> Package: release.debian.org
> >> Severity: normal
> >> User: release.debian@packages.
Reinhard Tartler schrieb:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: transition
>
> Hi,
>
> We have a new libav transition pending. Libav 10 is prepared in
> debian/experimental, and I've started to build packges against this new
> v
> Here's the new changelog, with the remarks of J.Cristau taken into account:
>
> [ Thomas Goirand ]
> * CVE-2013-4261: [OSSA 2013-026] Fix problem with long messages in Qpid.
> * CVE-2013-2096: [OSSA 2013-012] Check QCOW2 image size during root disk
> creation (Closes: #710157).
The security tr
> I have prepared an update for Glance over here:
> http://archive.gplhost.com/pub/security/glance/
The security tracker lists this issue as potentially open in
Wheezy: https://security-tracker.debian.org/tracker/CVE-2013-4354
Does this affect stable and is there a fix which can be included
alo
On Thu, Oct 03, 2013 at 07:05:46PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Fri, 2013-07-26 at 16:59 +0200, Moritz Muehlenhoff wrote:
> > On Thu, Jul 25, 2013 at 05:18:02PM +0100, Adam D. Barratt wrote:
> > >> diff -Nru devscripts-2.12.6/scripts/build-rdeps.pl
> > > [...
101 - 200 of 269 matches
Mail list logo