Bug#1086163: curl 7.88.1-10+deb12u8 flagged for acceptance
package release.debian.org tags 1086163 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: curl Version: 7.88.1-10+deb12u8 Explanation: fix incorrect handling of some OCSP responses [CVE-2024-8096]
Bug#1086611: node-dompurify 2.4.1+dfsg+~2.4.0-2+deb12u1 flagged for acceptance
package release.debian.org tags 1086611 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: node-dompurify Version: 2.4.1+dfsg+~2.4.0-2+deb12u1 Explanation: fix prototype pollution issues [CVE-2024-45801 CVE-2024-48910]
Bug#1083162: sqlite3 3.40.1-2+deb12u1 flagged for acceptance
package release.debian.org tags 1083162 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: sqlite3 Version: 3.40.1-2+deb12u1 Explanation: fix a buffer overread issue [CVE-2023-7104], a stack overflow issue and an integer overflow issue
Bug#1086632: apr 1.7.2-3+deb12u1 flagged for acceptance
package release.debian.org tags 1086632 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: apr Version: 1.7.2-3+deb12u1 Explanation: use 0600 perms for named shared mem consistently [CVE-2023-49582]
Bug#1086613: ipmitool 1.8.19-4+deb12u2 flagged for acceptance
package release.debian.org tags 1086613 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: ipmitool Version: 1.8.19-4+deb12u2 Explanation: fix a buffer overrun in "open" interface; fix "lan print fails on unsupported parameters"; fix reading of temperature sensors; fix using hex values when sending raw data
Bug#1086151: util-linux 2.38.1-5+deb12u2 flagged for acceptance
package release.debian.org tags 1086151 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: util-linux Version: 2.38.1-5+deb12u2 Explanation: allow lscpu to identify new Arm cores
Bug#1086601: intel-microcode 3.20240910.1~deb12u1 flagged for acceptance
package release.debian.org tags 1086601 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: intel-microcode Version: 3.20240910.1~deb12u1 Explanation: new upstream release; security fixes [CVE-2024-23984 CVE-2024-24968]
Bug#1086163: bookworm-pu: package curl/7.88.1-10+deb12u8
Control: tags -1 + confirmed On Sun, 2024-10-27 at 22:06 +, aquilamac...@riseup.net wrote: > Package: release.debian.org > Control: affects -1 + src:curl > X-Debbugs-Cc: c...@packages.debian.org, aquilamac...@riseup.net, > samuel...@debian.org > User: release.debian@packages.debian.org > Usertags: pu Note that the usertagging here didn't work, so the bug was not displayed in the SRM section of the release.d.o BTS view. My guess is that the broken linewrapped X-Debbugs-CC header lead to the "samuel...@debian.org" line being treated as the first line of the body, and thus the following lines not processed as pseudo-headers. [...] > The reason is to fix CVE-2024-8096 [1], which involves improper > handling > of OCSP stapling in curl when using GnuTLS as the TLS backend. If the > OCSP status returns an error other than "revoked" (e.g., > "unauthorized"), curl fails to mark the certificate as invalid. Please go ahead. Regards, Adam
Bug#1086613: bookworm-pu: package ipmitool/1.8.19-4+deb12u2
Control: tags -1 + confirmed On Sat, 2024-11-02 at 15:13 +0800, Shengqi Chen wrote: > There are some upstream bugs. Please see Changes section for details. Please go ahead. Regards, Adam
Bug#1086611: bookworm-pu: package node-dompurify/2.4.1+dfsg+~2.4.0-2+deb12u1
Control: tags -1 + confirmed On Sat, 2024-11-02 at 07:20 +0100, Yadd wrote: > node-dompurify is vulnerable to prototype pollutions. Please go ahead. Regards, Adam
Bug#1086601: bookworm-pu: package intel-microcode/3.20240910.1~deb12u1
Control: tags -1 + confirmed On Fri, 2024-11-01 at 21:14 -0300, Henrique de Moraes Holschuh wrote: > As requested by the security team, I would like to bring the > microcode update level for Intel processors in Bullseye and Bookworm > to match what we have in Sid and Trixie. Please go ahead. Regards, Adam
Bug#1086164: glibc 2.36-9+deb12u9 flagged for acceptance
package release.debian.org tags 1086164 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: glibc Version: 2.36-9+deb12u9 Explanation: change Croatian locale to use Euro as currency; revert upstream commit that modified the GLIBC_PRIVATE ABI, causing crashes with some static binaries on arm64; vfscanf(): fix matches longer than INT_MAX; ungetc(): fix uninitialized read when putting into unused streams, backup buffer leak on program exit; mremap(): fix support for the MREMAP_DONTUNMAP option; resolv: fix timeouts caused by short error responses or when single-request mode is enabled in resolv.conf
Bug#1080370: Acknowledgement (bookworm-pu: package mariadb 1:10.11.9-0+deb12u1)
On Mon, 2024-09-02 at 17:16 -0700, Otto Kekäläinen wrote: > /edit > > I propose that the latest minor maintenance version of MariaDB be > included in > the stable release update of Debian. This bug report is to make it > visible and > trackable to the release team that this update is available and work > is in > progress. Unfortunately the arm64 and s390x builds both fail with test failures. Regards, Adam
Bug#1086157: openssl 3.0.15-1~deb12u1 flagged for acceptance
package release.debian.org tags 1086157 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: openssl Version: 3.0.15-1~deb12u1 Explanation: new upstream stable release; fix buffer overread issue [CVE-2024-5535], out of bounds memory access [CVE-2024-9143]
Bug#1086151: bookworm-pu: package util-linux/2.38.1-5+deb12u2
Control: tags -1 + confirmed On Sun, 2024-10-27 at 16:41 +0100, Chris Hofstaedtler wrote: > ema@ asked in #1085682 to improve reporting of ARM CPU core names in > lscpu for bookworm. > > Just as background: on x86, /proc/cpuinfo provides CPU names etc, but > on ARM it doesn't; instead lscpu has lists in its source code. Please go ahead. Regards, Adam
Bug#1086164: bookworm-pu: package glibc/2.36-9+deb12u9
Control: tags -1 + confirmed d-i On Sun, 2024-10-27 at 23:48 +0100, Aurelien Jarno wrote: > The upstream stable branch got a few fixes in the last months, and > this update pulls them into the debian package. Please go ahead. Regards, Adam
Bug#1086157: bookworm-pu: package openssl/3.0.15-1~deb12u1
Control: tags -1 + d-i On Sun, 2024-10-27 at 21:01 +0100, Sebastian Andrzej Siewior wrote: > This is a new stable release by upstream of OpenSSL. I added > additionally a fix for CVE-2024-9143 which is classified as low and > not yet part of an OpenSSL release in the 3.0.x series. I also made > an upload to unstable with a fix for this CVE. > > I am not aware of a regression. CCing for d-i visibility. Regards, Adam
Bug#1086116: gtk+3.0 3.24.38-2~deb12u3 flagged for acceptance
package release.debian.org tags 1086116 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: gtk+3.0 Version: 3.24.38-2~deb12u3 Explanation: fix letting Orca announce initial focus
Bug#1084907: systemd 252.31-1~deb12u1 flagged for acceptance
package release.debian.org tags 1084907 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: systemd Version: 252.31-1~deb12u1 Explanation: new upstream stable release
Bug#1084845: dpdk 22.11.6-1~deb12u1 flagged for acceptance
package release.debian.org tags 1084845 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: dpdk Version: 22.11.6-1~deb12u1 Explanation: new usptream stable release
Bug#1081535: llvm-toolchain-15 15.0.6-4+b1 flagged for acceptance
package release.debian.org tags 1081535 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: llvm-toolchain-15 Version: 15.0.6-4+b1 Explanation: architecture-specific rebuild on mips64el to sync version with other architectures
Bug#1080363: galera-4 26.4.20-0+deb12u1 flagged for acceptance
package release.debian.org tags 1080363 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: galera-4 Version: 26.4.20-0+deb12u1 Explanation: new upstream stable release
Bug#1080370: mariadb 10.11.9-0+deb12u1 flagged for acceptance
package release.debian.org tags 1080370 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: mariadb Version: 10.11.9-0+deb12u1 Explanation: new upstream stable release; fix security issue [CVE-2024-21096]
Bug#1082118: bookworm-pu: package allow-html-temp/10.0.4-1~deb12u1
On Wed, 2024-09-18 at 16:49 +0200, Mechtilde Stehmann wrote: > Thunderbird will come with a new version (>=128.2.x) into stable. > This need an update for the Add-Ons (here: allow-html-temp) too > > [ Impact ] > If the update isn't approved the user can't anymore use it > in recent thunderbird The latest thunderbird DSA (from today) is still 115.X. Does the new allow-html-temp also work with that, or will it be a case of not being able to release the new extension to stable until Thunderbird 128.X actually reaches -security? (Similar questions apply to the other p-u requests for extensions for the same reason.) Regards, Adam
Bug#1074088: cjson 1.7.15-1+deb12u2 flagged for acceptance
package release.debian.org tags 1074088 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: cjson Version: 1.7.15-1+deb12u2 Explanation: fix segmentation violation issue [CVE-2024-31755]
Bug#1083223: clamav 1.0.7+dfsg-1~deb12u1 flagged for acceptance
package release.debian.org tags 1083223 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: clamav Version: 1.0.7+dfsg-1~deb12u1 Explanation: new upstream stable release; fix denial of service issue [CVE-2024-20505], file corruption issue [CVE-2024-20506]
Bug#1083090: ostree 2022.7-2+deb12u1 flagged for acceptance
package release.debian.org tags 1083090 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: ostree Version: 2022.7-2+deb12u1 Explanation: prevent crashing libflatpak when using curl 8.10
Bug#1082701: iputils 20221126-1+deb12u1 flagged for acceptance
package release.debian.org tags 1082701 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: iputils Version: 20221126-1+deb12u1 Explanation: fix incorrect handling of ICMP responses intended for other processes
Bug#1082024: timeshift 22.11.2-1+deb12u1 flagged for acceptance
package release.debian.org tags 1082024 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: timeshift Version: 22.11.2-1+deb12u1 Explanation: add missing dependency on pkexec
Bug#1084398: Acknowledgement (mirror listing update for mirror.tngnet.com)
Hi, There appears to have been a brief issue reaching your host from the checker at around 14:45UTC on the 8th, but other than that it looks like all the checks have been OK over the past few days. Regards, Adam On Thu, 2024-10-10 at 10:51 +, TNGNET Operations wrote: > --Please reply above this line-- > Hi, > For the installer part, got it. > > I'd generally allow around 10 days for a new mirror to appear on > > the > > website list, assuming automated checks find no issues with it > > during > > that time. > Could you see if at this very moment all automatic checks are working > out? > As when i look here http://ftp.de.debian.org/dmc/today it says X:3 > (404 Not found) under http, while when I go to the website itself it > works fine, also when I manually change the apt links to the mirror > in Debian it works as well. > Best regards from Infra & Systems Captain @ TNGNET. > this email is a service from tngnet >
Bug#1084398: Acknowledgement (mirror listing update for mirror.tngnet.com)
Hi, I'd generally allow around 10 days for a new mirror to appear on the website list, assuming automated checks find no issues with it during that time. For the installation side, the mirror list for the most common types of installer images is embedded into the image when it's created, so new mirrors won't be included until the choose-mirror package gets re- uploaded and the relevant images next get built (which for stable means at best at the next point release, possibly longer depending on whether there's a choose-mirror upload to proposed-updates in time). Regards, Adam On Wed, 2024-10-09 at 21:48 +, TNGNET Operations wrote: > --Please reply above this line-- > Hi Adam, > Could you tell us how long it takes normally for our mirror to appear > on the Mirror country list and during the Debian installations, as > now we have to pick a different mirror during installation and then > update it afterwards. > Best regards from Infra & Systems Captain @ TNGNET. > this email is a service from tngnet >
Bug#1077344: mirrors: Request of Changing DNS Record for ftp.tw.debian.org
On Mon, 2024-07-29 at 01:22 +0800, Jasper Yu wrote: > +CDImage-http: /debian-cd/ > +Ports-architecture: alpha hppa hurd-i386 ia64 m68k powerpc ppc64 sh4 > sparc64 x32 > +Ports-http: /debian-ports/ > +Ports-rsync: debian-ports/ Applied, thanks. It would have been a little cleaner if that had been separated from the ftp.tw discussion. Regards, Adam
Bug#1077344: mirrors: Request of Changing DNS Record for ftp.tw.debian.org
On Mon, 2024-07-29 at 01:22 +0800, Jasper Yu wrote: > The following is the sample patch diff we wrote to apply, we also > have CDImage and Ports as well. It is based on > commit 2909334fb40c8705163c7ace54485637c816a433. > > --- Mirrors.masterlist.in.old 2024-07-29 01:11:25 > +++ Mirrors.masterlist.in.new 2024-07-29 01:14:45 > @@ -304,7 +304,7 @@ > > Site: ftp.tw.debian.org > Country: TW Taiwan > -Includes: opensource.nchc.org.tw > +Includes: opensource.nchc.org.tw mirror.twds.com.tw > > Site: ftp.uk.debian.org > Country: GB United Kingdom > @@ -4324,9 +4324,14 @@ > Country: MX Mexico > > Site: mirror.twds.com.tw > +Candidate: 10 ftp.tw.debian.org I've applied this, but note that there are two parts here - this change makes the mirror status system track whether your mirror is currently in a suitable state to be (part of) ftp.tw.debian.org, but it doesn't affect DNS in any way. That will need to be a separate manual DNS change, which I may look at a little later depending on the outcome of this change. Regards, Adam
Bug#1082735: mirror submission for mirror.bgp.rodeo
On Wed, 2024-09-25 at 07:19 +, Nick Bouwhuis wrote: > Submission-Type: new > Site: mirror.bgp.rodeo > Archive-architecture: amd64 arm64 > Archive-http: /debian/ > Archive-rsync: debian/ > Maintainer: Nick Bouwhuis > Country: NL Netherlands > Location: Amsterdam Our automated checks noticed an issue with your setup that you may want to address: o We recommend mirrors not sync directly from service aliases such as ftp..debian.org (only HTTP is guaranteed to be available at ftp. sites). Maybe change your config to sync from the site currently backing the ftp..debian.org service you sync from? Regards, Adam
Bug#1082645: mirror submission for mirror.creoline.net
On Mon, 2024-09-23 at 22:42 +, creoline Mirror Support wrote: > Submission-Type: new > Site: mirror.creoline.net > Archive-architecture: ALL amd64 arm64 armel armhf hurd-i386 hurd- > amd64 i386 mips mips64el mipsel powerpc ppc64el riscv64 s390x > Archive-http: /debian/ > Archive-rsync: debian/ > Maintainer: creoline Mirror Support > Country: DE Germany > Location: Frankfurt > Sponsor: creoline GmbH https://www.creoline.com Our automated checks noticed an issue with your setup that you may want to address: o We recommend mirrors not sync directly from service aliases such as ftp..debian.org (only HTTP is guaranteed to be available at ftp. sites). Maybe change your config to sync from the site currently backing the ftp..debian.org service you sync from? Regards, Adam
Bug#1081610: mirror submission for mirror.us.mirhosting.net
On Fri, 2024-09-13 at 08:21 +, MIRhosting wrote: > Submission-Type: new > Site: mirror.us.mirhosting.net > Archive-architecture: ALL amd64 arm64 armel armhf hurd-i386 hurd- > amd64 i386 mips mips64el mipsel powerpc ppc64el riscv64 s390x > Archive-http: /debian/ > Archive-rsync: debian/ > Maintainer: MIRhosting > Country: US United States > Location: New York, NY > Sponsor: MIRhosting https://mirhosting.com Our automated checks noticed an issue with your setup that you may want to address: o We recommend mirrors not sync directly from service aliases such as ftp..debian.org (only HTTP is guaranteed to be available at ftp. sites). Maybe change your config to sync from the site currently backing the ftp..debian.org service you sync from? Regards, Adam
Bug#1082119: mirrors: Please add the ftp.mx.debian.org alias for lidsol.fi-b.unam.mx
On Wed, 2024-09-18 at 09:05 -0600, Gunnar Wolf wrote: > Back in July, the mirror operated by LIDSOL (Laboratorio de > Investigación y Desarrollo de Software Libre) at UNAM, the university > I work at, was added to the mirror list (lidsol.fi-b.unam.mx). > > The mirror has been stable and usable, and we continue to monitor it. How is the mirror updated? Our monitoring suggests that the mirror is running updates almost once an hour, with a daily average of 22 different update times reported in traces. You can see at https://mirror-master.debian.org/status/mirror-info/lidsol.fi-b.unam.mx.html that there are many update times that aren't near dinstall / mirror push times. Regards, Adam
Bug#924172: extra "/english" added to path of CSS and other files in /devel/website/stats
On Wed, 2020-08-19 at 13:02 +0200, Laura Arjona Reina wrote: > Hi all > > The issue with sitemaps was fixed with commit > > https://salsa.debian.org/webmaster-team/webwml/-/commit/83f7cae0178074e5e4f913168b4b42c7be90af13 > > as explained before :-) > > However, a similar issue has been discovered in the > > https://www.debian.org/devel/website/stats/ pages (all languages): > > the paths linking to CSS and other places (header and navbar) include > an extra /english/ that breaks the link (and thus, for example, CSS > is not loaded). I think this got fixed at some point - at least, https://www.debian.org/devel/website/stats/index.de.html seems to work. Regards, Adam
Bug#1082783: puredata 0.53.1+ds-2+deb12u1 flagged for acceptance
package release.debian.org tags 1082783 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: puredata Version: 0.53.1+ds-2+deb12u1 Explanation: fix privilege escalation issue [CVE-2023-47480]
Bug#1081394: node-ytdl-core 4.11.2+dfsg+~cs4.10.8-1+deb12u1 flagged for acceptance
package release.debian.org tags 1081394 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: node-ytdl-core Version: 4.11.2+dfsg+~cs4.10.8-1+deb12u1 Explanation: fix build failure
Bug#1082902: nghttp2 1.52.0-1+deb12u2 flagged for acceptance
package release.debian.org tags 1082902 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: nghttp2 Version: 1.52.0-1+deb12u2 Explanation: fix denial of service issue [CVE-2024-28182]
Bug#1082155: amanda 3.5.1-11+deb12u2 flagged for acceptance
package release.debian.org tags 1082155 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: amanda Version: 3.5.1-11+deb12u2 Explanation: update incomplete fix for CVE-2022-37704, restoring operation with xfsdump
Bug#1081418: node-mdn-browser-compat-data 5.2.20+~3.33.0-1+deb12u1 flagged for acceptance
package release.debian.org tags 1081418 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: node-mdn-browser-compat-data Version: 5.2.20+~3.33.0-1+deb12u1 Explanation: fix build failure
Bug#1081413: node-tap 16.3.2+ds1+~cs50.8.16-1+deb12u1 flagged for acceptance
package release.debian.org tags 1081413 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: node-tap Version: 16.3.2+ds1+~cs50.8.16-1+deb12u1 Explanation: fix build failure
Bug#1081410: node-rollup-plugin-node-polyfills 0.2.1+dfsg+~0.11.0-1+deb12u1 flagged for acceptance
package release.debian.org tags 1081410 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: node-rollup-plugin-node-polyfills Version: 0.2.1+dfsg+~0.11.0-1+deb12u1 Explanation: fix build failure
Bug#1081399: node-es-module-lexer 1.1.0+dfsg-2+deb12u1 flagged for acceptance
package release.debian.org tags 1081399 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: node-es-module-lexer Version: 1.1.0+dfsg-2+deb12u1 Explanation: fix build failure
Bug#1081388: node-y-websocket 1.4.5-4+deb12u1 flagged for acceptance
package release.debian.org tags 1081388 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: node-y-websocket Version: 1.4.5-4+deb12u1 Explanation: fix build failure
Bug#1081389: node-y-protocols 1.0.5-6+deb12u1 flagged for acceptance
package release.debian.org tags 1081389 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: node-y-protocols Version: 1.0.5-6+deb12u1 Explanation: fix build failure
Bug#1081343: node-globby 13.1.3+~cs16.25.40-1+deb12u1 flagged for acceptance
package release.debian.org tags 1081343 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: node-globby Version: 13.1.3+~cs16.25.40-1+deb12u1 Explanation: fix build failure
Bug#1079158: mirror submission for debian-mirror.behostings.net
Hi, https://mirror-master.debian.org/status/mirror-info/debian-mirror.behostings.net.html doesn't go back far enough to show what the problem was, but the negative "score" column indicates that there was some kind of issue with the mirror recently. The score needs to stay positive for enough days, then it will get automatically included in the published list. Regards, Adam On Fri, 2024-09-13 at 09:20 +0200, basi...@thgnet.net wrote: > Hi, > > Its been more than 13 days and our mirror has not been added to your > mirror list. > > Thank you. > > On 26-08-2024 15:32, Adam D. Barratt wrote: > > Hi, > > > > Yes, that seems like a reasonable solution. > > > > Regards, > > > > Adam > > > > On Mon, 2024-08-26 at 09:38 +0200, basi...@thgnet.net wrote: > > > Hi, currently, our "RSYNC_HOST="ftp.be.debian.org". > > > > > > so shall we change the rsync_host to "mirror.as35701.net" to fix > > > the > > > issue ? > > > > > > Awaiting your response. > > > > > > On 25-08-2024 17:35, Adam D. Barratt wrote: > > > > On Tue, 2024-08-20 at 15:32 +, basil mathews wrote: > > > > > Submission-Type: new > > > > > Site: debian-mirror.behostings.net > > > > Our automated checks noticed an issue with your setup: > > > > > > > > o We recommend mirrors not sync directly from service aliases > > > > such > > > > as > > > > ftp..debian.org (only HTTP is guaranteed to be > > > > available at > > > > ftp. sites). Maybe change your config to sync from > > > > the site currently backing the ftp..debian.org service > > > > you > > > > sync > > > > from? > > > > > > > > Regards, > > > > > > > > Adam >
Bug#1080418: override: systemd-timesyncd:admin/standard
On Tue, 2024-09-03 at 11:27 -0300, Santiago Ruano Rincón wrote: > Dear DSA, would it be possible to have the list of all the overrides > in bullseye, that would be needed to be sync'ed with bullseye- > security? Technically, yes, although I suspect that this may be something that ftp-master already have tooling / scripting around. It looks like the security.d.o dak database contains overrides for all packages in the main archive, even if they've not also been released via the security archive. That seems to imply that any override changes to testing and (old)*stable on ftp-master should also be synced to security-master. I wonder if that could be automated in some fashion. Regards, Adam
Bug#1079454: bookworm-pu: package python-django/3:3.2.19-1+deb12u2
On Thu, 2024-08-29 at 16:05 +0100, Steve McIntyre wrote: > At this point, I would say let's be safe and hang back on the django > update this - it will wait for the next point release. Thanks; added to the list for Saturday. Regards, Adam
Bug#1079514: rustc-web 1.78.0+dfsg1-2~deb12u3 flagged for acceptance
package release.debian.org tags 1079514 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: rustc-web Version: 1.78.0+dfsg1-2~deb12u3 Explanation: fix conflicts and autopkg tests
Bug#1079515: rustc-web 1.78.0+dfsg1-2~deb11u3 flagged for acceptance
package release.debian.org tags 1079515 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: rustc-web Version: 1.78.0+dfsg1-2~deb11u3 Explanation: fix conflicts and autopkg tests
Bug#1079515: bullseye-pu: package rustc-web/1.78.0+dfsg1-2~deb11u1
On Wed, 2024-08-28 at 11:16 +0200, Emilio Pozuelo Monfort wrote:
> On 25/08/2024 11:16, Adam D. Barratt wrote:
>
[...]
> > Both the bullseye and bookworm builds fail on mips64el with:
> >
> > File "/<>/src/bootstrap/bootstrap.py", line 1175, in
> >
> > main()
> > File "/<>/src/bootstrap/bootstrap.py", line 1160,
> > in main
> > bootstrap(args)
> > File "/<>/src/bootstrap/bootstrap.py", line 1127,
> > in bootstrap
> > build.build_bootstrap()
> > File "/<>/src/bootstrap/bootstrap.py", line 880, in
> > build_bootstrap
> > args = self.build_bootstrap_cmd(env)
> > ^
> > File "/<>/src/bootstrap/bootstrap.py", line 983, in
> > build_bootstrap_cmd
> > raise Exception("no cargo executable found at `{}`".format(
> > Exception: no cargo executable found at `/usr/bin/cargo`
> > make[1]: *** [debian/rules:300: debian/dh_auto_build.stamp] Error 1
> > make[1]: Leaving directory '/<>'
> > make: *** [debian/rules:203: binary-arch] Error 2
>
> Those are expected. The reason is that there's no bootstrap binaries
> for mips{64,}el because upstream dropped their tier level and no
> longer provides them. So we'll have to drop (or keep an outdated)
> firefox/chromium binary. Note that for mipsel, this doesn't matter
> much, as llvm-16 isn't available either,
> and there are no firefox-esr/chromium/thunderbird builds there.
Thanks for the background.
Technically there /are/ firefox-esr builds on mipsel in bullseye, but
they're really old:
firefox-esr | 78.15.0esr-1~deb11u1 | oldstable|
source, mipsel
chromium doesn't build for mips* in any case, and bullseye-LTS won't
support mips*el. So the practical effect AFAICT is that we lose the
ability to build firefox-esr and thunderbird on mips64el for bookworm.
I /assume/ that isn't particularly an issue.
Regards,
Adam
Bug#1079158: mirror submission for debian-mirror.behostings.net
Hi, Yes, that seems like a reasonable solution. Regards, Adam On Mon, 2024-08-26 at 09:38 +0200, basi...@thgnet.net wrote: > Hi, currently, our "RSYNC_HOST="ftp.be.debian.org". > > so shall we change the rsync_host to "mirror.as35701.net" to fix the > issue ? > > Awaiting your response. > > On 25-08-2024 17:35, Adam D. Barratt wrote: > > On Tue, 2024-08-20 at 15:32 +, basil mathews wrote: > > > Submission-Type: new > > > Site: debian-mirror.behostings.net > > Our automated checks noticed an issue with your setup: > > > > o We recommend mirrors not sync directly from service aliases such > > as > > ftp..debian.org (only HTTP is guaranteed to be available at > > ftp. sites). Maybe change your config to sync from > > the site currently backing the ftp..debian.org service you > > sync > > from? > > > > Regards, > > > > Adam >
Bug#1079635: systemd 252.30-1~deb12u2 flagged for acceptance
package release.debian.org tags 1079635 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: systemd Version: 252.30-1~deb12u2 Explanation: avoid conffile prompt from updated comment
Bug#1079635: bookworm-pu: package systemd/252.30-1~deb12u2
Control: tags -1 + confirmed On Sun, 2024-08-25 at 18:50 +0100, Luca Boccassi wrote: > This upload backports one patch to revert adding a new comment that > was added in 252.30-1~deb12u1 to a conffile as indicated in: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1079086#25 Thank you for preparing this so quickly. Please go ahead. Regards, Adam
Bug#1079086: systemd 252.30-1~deb12u1 flagged for acceptance
On Sun, 2024-08-25 at 18:44 +0200, Cyril Brulebois wrote: > Anyone having tweaked journald.conf is going to get a prompt because > of the following change: > > -#MaxRetentionSec= > +#MaxRetentionSec=0 > > That's not really something I'd expect from a point release… Apologies for missing that. Luca? Regards, Adam
Bug#1079158: mirror submission for debian-mirror.behostings.net
On Tue, 2024-08-20 at 15:32 +, basil mathews wrote: > Submission-Type: new > Site: debian-mirror.behostings.net Our automated checks noticed an issue with your setup: o We recommend mirrors not sync directly from service aliases such as ftp..debian.org (only HTTP is guaranteed to be available at ftp. sites). Maybe change your config to sync from the site currently backing the ftp..debian.org service you sync from? Regards, Adam
Bug#1079388: calibre 6.13.0+repack-2+deb12u4 flagged for acceptance
package release.debian.org tags 1079388 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: calibre Version: 6.13.0+repack-2+deb12u4 Explanation: fix remote code execution issue [CVE-2024-6782, cross site scripting issue [CVE-2024-7008], SQL injection issue [CVE-2024-7009]
Bug#1079597: calibre 5.12.0+dfsg-1+deb11u2 flagged for acceptance
package release.debian.org tags 1079597 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: calibre Version: 5.12.0+dfsg-1+deb11u2 Explanation: fix cross site scripting issue [CVE-2024-7008], SQL injection issue [CVE-2024-7009]
Bug#1079565: glogic 2.6-6+deb12u1 flagged for acceptance
package release.debian.org tags 1079565 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: glogic Version: 2.6-6+deb12u1 Explanation: require Gtk 3.0 and PangoCairo 1.0
Bug#1079579: cacti 1.2.24+ds1-1+deb12u4 flagged for acceptance
package release.debian.org tags 1079579 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: cacti Version: 1.2.24+ds1-1+deb12u4 Explanation: fix autopkgtest failure
Bug#1079460: initramfs-tools 0.142+deb12u1 flagged for acceptance
package release.debian.org tags 1079460 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: initramfs-tools Version: 0.142+deb12u1 Explanation: hook_functions: Fix copy_file with source including a directory symlink; hook-functions: copy_file: Canonicalise target filename; install hid-multitouch module for Surface Pro 4 Keyboard; add hyper-keyboard module, needed to enter LUKS password in Hyper-V; auto_add_modules: Add onboard_usb_hub, onboard_usb_dev
Bug#1079515: bullseye-pu: package rustc-web/1.78.0+dfsg1-2~deb11u1
On Sun, 2024-08-25 at 10:08 +0200, Paul Gevers wrote:
> Hi Emilio,
>
> On 24-08-2024 12:29, Emilio Pozuelo Monfort wrote:
> > Uploaded.
>
> The package fails its own autopkgtest. Did something go wrong?
>
> 63s autopkgtest [22:00:29]: test create-and-build-crate:
> [---
> 63s Created binary (application) `hello` package
> 63s error: no such subcommand: `add`
> 63s
> 63s Did you mean `doc`?
> 63s autopkgtest [22:00:29]: test create-and-build-crate:
> ---]
Both the bullseye and bookworm builds fail on mips64el with:
File "/<>/src/bootstrap/bootstrap.py", line 1175, in
main()
File "/<>/src/bootstrap/bootstrap.py", line 1160, in main
bootstrap(args)
File "/<>/src/bootstrap/bootstrap.py", line 1127, in bootstrap
build.build_bootstrap()
File "/<>/src/bootstrap/bootstrap.py", line 880, in
build_bootstrap
args = self.build_bootstrap_cmd(env)
^
File "/<>/src/bootstrap/bootstrap.py", line 983, in
build_bootstrap_cmd
raise Exception("no cargo executable found at `{}`".format(
Exception: no cargo executable found at `/usr/bin/cargo`
make[1]: *** [debian/rules:300: debian/dh_auto_build.stamp] Error 1
make[1]: Leaving directory '/<>'
make: *** [debian/rules:203: binary-arch] Error 2
Regards,
Adam
Bug#1079597: bullseye-pu: package calibre/5.12.0+dfsg-1+deb11u2
Control: tags -1 + confirmed On Sun, 2024-08-25 at 13:53 +0900, YOKOTA Hiroshi wrote: > Fix these CVEs: > * CVE-2024-7008 > * CVE-2024-7009 Please go ahead, bearing in mind that today is the last day to get fixes into the final bullseye point release. After that you will need to co-ordinate with the LTS Team. Regards, Adam
Bug#1079388: bookworm-pu: package calibre/6.13.0+repack-2+deb12u4
Control: tags -1 + confirmed On Fri, 2024-08-23 at 08:44 +0900, YOKOTA Hiroshi wrote: > Fix these CVEs: > * CVE-2024-6782 + fixup > * CVE-2024-7008 > * CVE-2024-7009 Please go ahead. Regards, Adam
Bug#1076335: libvirt 9.0.0-4+deb12u1 flagged for acceptance
package release.debian.org tags 1076335 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: libvirt Version: 9.0.0-4+deb12u1 Explanation: virsh: Make domif-setlink work more than once; qemu: domain: Fix logic when tainting domain; fix denial of service issues [CVE-2023-3750 CVE-2024-1441 CVE-2024-2494 CVE-2024-2496]
Bug#1076335: bookworm-pu: package libvirt/9.0.0-4
On Sat, 2024-08-24 at 23:12 +0200, Andrea Bolognani wrote: > After performing the upload ~4 hours ago, I have received a message > with subject > > libvirt_9.0.0-4+deb12u1_source.changes > ACCEPTED into proposed-updates->stable-new > > and (partial) contents > > Mapping bookworm to stable. > Mapping stable to proposed-updates. > > so I think I'm good? The tracker.d.o page hasn't been updated yet > though, and none of the bugs that the upload is supposed to close > have changed their state. This usually happens pretty quickly when > uploading to unstable. Your package is in the stable-new policy queue, as per the emails you received. It will stay there until SRM accept it. You don't need to do anything other than wait for that to happen, or an e-mail that says there's a problem. There's nothing for you to do in the meantime. Regards, Adam
Bug#1079579: bookworm-pu: package cacti/1.2.24+ds1-1+deb12u4
Control: tags -1 + confirmed On Sat, 2024-08-24 at 20:28 +, Bastien Roucariès wrote: > Previous upload fail debci, forget to backport test If you're going to CC people on bug submissions, _please_ use X- Debbugs-CC. Otherwise we just get a mail telling us that a bug is about to exist, with no bug number, which isn't really that useful. Paul also told you on IRC that you could upload at the same time as filing the bug. So... please go ahead. Regards, Adam
Bug#1079565: bookworm-pu: package glogic/2.6-6+deb12u1 (pre-approval)
Control: tags -1 + confirmed
On Sat, 2024-08-24 at 17:55 +0200, Andreas Rönnquist wrote:
> glogic crashes on startup in stable:
>
> > /usr/lib/python3/dist-packages/glogic/MainFrame.py:4: PyGIWarning:
> > Gtk
> > was imported without specifying a version first. Use
> > gi.require_version('Gtk', '4.0') before import to ensure that the
> > right version gets loaded.
> > from gi.repository import Gtk, Gdk, GdkPixbuf
> > Traceback (most recent call last):
> > File "/usr/bin/glogic", line 20, in
> > from glogic.MainFrame import MainFrame
> > File "/usr/lib/python3/dist-packages/glogic/MainFrame.py", line
> > 18,
> > in themed_icons = Gtk.IconTheme.get_default()
> > ^
> > AttributeError: type object 'IconTheme' has no attribute
> > 'get_default'
Please go ahead.
Regards,
Adam
Bug#1079543: amd64-microcode 3.20240820.1~deb12u1 flagged for acceptance
package release.debian.org tags 1079543 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: amd64-microcode Version: 3.20240820.1~deb12u1 Explanation: SEV firmware fixes [CVE-2023-20584 CVE-2023-31356]
Bug#1079544: amd64-microcode 3.20240820.1~deb11u1 flagged for acceptance
package release.debian.org tags 1079544 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: amd64-microcode Version: 3.20240820.1~deb11u1 Explanation: SEV firmware fixes [CVE-2023-20584 CVE-2023-31356]
Bug#1076335: bookworm-pu: package libvirt/9.0.0-4
On Sat, 2024-08-24 at 15:41 +0200, Andrea Bolognani wrote: > Just so that we're on the same page, do you want me to share the > debdiff here and get an explicit ACK from you before proceeding with > the upload, or should I go for the the upload first in the interest > of time? If the change from the previously-acked diff is just the addition of the new patch as per the MR, and a changelog entry for it, then feel free to upload without waiting for a new ack. Please do still send the new debdiff to this bug. Regards, Adam
Bug#1079515: rustc-web 1.78.0+dfsg1-2~deb11u2 flagged for acceptance
package release.debian.org tags 1079515 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: rustc-web Version: 1.78.0+dfsg1-2~deb11u2 Explanation: new upstream stable release, to support building new chromium and firefox-esr versions
Bug#1079515: rustc-web 1.78.0+dfsg1-2~deb11u1 flagged for acceptance
package release.debian.org tags 1079515 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: rustc-web Version: 1.78.0+dfsg1-2~deb11u1 Explanation: new upstream stable release, to support building new chromium and firefox-esr versions
Bug#1079450: curl 7.74.0-1.3+deb11u13 flagged for acceptance
package release.debian.org tags 1079450 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: curl Version: 7.74.0-1.3+deb11u13 Explanation: fix ASN.1 date parser overread issue [CVE-2024-7264]
Bug#1079514: rustc-web 1.78.0+dfsg1-2~deb12u1 flagged for acceptance
package release.debian.org tags 1079514 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: rustc-web Version: 1.78.0+dfsg1-2~deb12u1 Explanation: new upstream stable release, to support building new chromium and firefox-esr versions
Bug#1079514: rustc-web 1.78.0+dfsg1-2~deb12u2 flagged for acceptance
package release.debian.org tags 1079514 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: rustc-web Version: 1.78.0+dfsg1-2~deb12u2 Explanation: new upstream stable release, to support building new chromium and firefox-esr versions
Bug#1079454: python-django 3.2.19-1+deb12u2 flagged for acceptance
package release.debian.org tags 1079454 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: python-django Version: 3.2.19-1+deb12u2 Explanation: fix regular expression-based denial of service issue [CVE-2023-36053], denial of service issues [CVE-2024-38875 CVE-2024-39614 CVE-2024-41990 CVE-2024-41991], user enumeration issue [CVE-2024-39329], directory traversal issue [CVE-2024-39330], excessive memory consumption issue [CVE-2024-41989], SQL injection issue [CVE-2024-42005]
Bug#1076335: bookworm-pu: package libvirt/9.0.0-4
On Sat, 2024-08-24 at 14:58 +0200, Andrea Bolognani wrote: > thank you for looking into this and sorry for the late reply. I had > to focus all my Debian time on something else for a couple of weeks. > > In the meantime, this MR was opened asking for an additional bugfix > to be included in the next upload targeting bookworm: > > https://salsa.debian.org/libvirt-team/libvirt/-/merge_requests/227 > > What is the Release Team's preference here? Should I go ahead with > the upload that was originally agreed upon, or should I prepare a > debdiff that includes the additional changes so that you can have > another look and we can have a single upload covering everything? Well... I'd be OK with including that fix as well, but it depends how quickly you can handle things, and how urgent the other fixes are. The window for getting updates into the 12.7 point release closes this weekend, and it's already Saturday afternoon. If you can update your package to include the new fix and get it uploaded in time (with a new debdiff added to this bug log for the record) then fine. Regards, Adam
Bug#1079543: bookworm-pu: package amd64-microcode/3.20240820.1~deb12u1
Control: tags -1 + confirmed On Sat, 2024-08-24 at 09:51 -0300, Henrique de Moraes Holschuh wrote: > I would like to bring the *firmware* update level for AMD processors > in Bullseye and Bookworm to match what we have in Sid and Trixie. > This is the bug report for Bookworm, a separate one will be filled > for Bullseye. > > The update is a security update for AMD-SEV (AMD-SB-3003). It does > not change the processor microcode. Please go ahead. Regards, Adam
Bug#1079544: bullseye-pu: package amd64-microcode/3.20240820.1~deb11u1
Control: tags -1 + confirmed On Sat, 2024-08-24 at 09:52 -0300, Henrique de Moraes Holschuh wrote: > I would like to bring the *firmware* update level for AMD processors > in Bullseye and Bookworm to match what we have in Sid and Trixie. > This is the bug report for Bullseye, a separate one will be filled > for Bookworm. > > The update is a security update for AMD-SEV (AMD-SB-3003). It does > not change the processor microcode. Please go ahead. Regards, Adam
Bug#1079515: bullseye-pu: package rustc-web/1.78.0+dfsg1-2~deb11u1
Control: tags -1 + moreinfo
On Sat, 2024-08-24 at 10:27 +0200, Emilio Pozuelo Monfort wrote:
> This backports 1.78 from bookworm to bullseye. The changes are
> minimal.
> Again I haven't been able to build firefox against it yet, as I'm
> having trouble with the FF build and OOM issues. Would be good to get
> this accepted so that it can be built, and I'll keep working on that
> build and report here.
As noted on IRC, the binary package rename need to include rustfmt{,-dbgsym}:
rustfmt | 1.63.0+dfsg1-2 | stable| amd64, arm64, armel,
armhf, i386, mips64el, mipsel, ppc64el, s390x
rustfmt | 1.78.0+dfsg1-2~deb11u1 | oldstable-new | amd64
rustfmt | 1.78.0+dfsg1-2~deb12u1 | stable-new| amd64
rustfmt | 1.79.0+dfsg1-2 | testing | amd64, arm64, armel,
armhf, i386, mips64el, ppc64el, riscv64, s390x
rustfmt | 1.79.0+dfsg1-2 | unstable | amd64, arm64, armel,
armhf, i386, mips64el, ppc64el, riscv64, s390x
rustfmt | 1.80.1+dfsg1-1~exp1| experimental | amd64, arm64, armel,
armhf, i386, mips64el, ppc64el, riscv64, s390x
rustfmt-web | 1.70.0+dfsg1-7~deb11u1 | oldstable | amd64, arm64, armhf,
i386, mips64el, ppc64el, s390x
rustfmt-web | 1.70.0+dfsg1-7~deb12u2 | stable| amd64, arm64, armhf,
i386, mips64el, ppc64el, s390x
A new upload is planned, but setting moreinfo for now.
Regards,
Adam
Bug#1079514: bookworm-pu: package rustc-web/1.78.0+dfsg1-2~deb12u1
Control: tags -1 + moreinfo
On Sat, 2024-08-24 at 10:25 +0200, Emilio Pozuelo Monfort wrote:
> This is an update for rustc-web to a newer release, needed by both
> newer chromium and firefox ESR 128 (turns out the version I
> backported
> was fine for firefox 125 in sid at the time, but 128 bumped it). I've
> gone for rustc 1.78 because it can be built with LLVM 16. For the
> next
> firefox ESR release (in about a year) or perhaps earlier for chromium
> we'll probably need to update rustc and backport a newer LLVM.
As noted on IRC, the binary package rename need to include rustfmt{,-dbgsym}:
rustfmt | 1.63.0+dfsg1-2 | stable| amd64, arm64, armel,
armhf, i386, mips64el, mipsel, ppc64el, s390x
rustfmt | 1.78.0+dfsg1-2~deb11u1 | oldstable-new | amd64
rustfmt | 1.78.0+dfsg1-2~deb12u1 | stable-new| amd64
rustfmt | 1.79.0+dfsg1-2 | testing | amd64, arm64, armel,
armhf, i386, mips64el, ppc64el, riscv64, s390x
rustfmt | 1.79.0+dfsg1-2 | unstable | amd64, arm64, armel,
armhf, i386, mips64el, ppc64el, riscv64, s390x
rustfmt | 1.80.1+dfsg1-1~exp1| experimental | amd64, arm64, armel,
armhf, i386, mips64el, ppc64el, riscv64, s390x
rustfmt-web | 1.70.0+dfsg1-7~deb11u1 | oldstable | amd64, arm64, armhf,
i386, mips64el, ppc64el, s390x
rustfmt-web | 1.70.0+dfsg1-7~deb12u2 | stable| amd64, arm64, armhf,
i386, mips64el, ppc64el, s390x
A new upload is planned, but setting moreinfo for now.
Regards,
Adam
Bug#1079450: bullseye-pu: package curl/7.74.0-1.3+deb11u13
Control: tags -1 + confirmed On Fri, 2024-08-23 at 08:16 -0300, Carlos Henrique Lima Melara wrote: > [ Reason ] > The reason is to fix CVE-2024-7264 [1] by cherry-picking and > backporting the upstream fixes released in curl 8.9.1. Please go ahead, bearing in mind that the window for the final bullseye point release closes this weekend. (Although you can of course co- ordinate with the LTS Team after that if need be.) Regards, Adam
Bug#1079460: bookworm-pu: package initramfs-tools/0.142+deb12u1
Control: tags -1 + confirmed On Fri, 2024-08-23 at 15:22 +0200, Ben Hutchings wrote: > - Some important drivers are currently not included in the initramfs > by default. > - If the same file is added to the initramfs and named through > multiple directory symlinks, it is duplicated in the initramfs. [...] > The change to symlink handling has been tested together with > firmware-nvidia-graphics from unstable. I will also test > the backport with reiserfsprogs (not yet done). [...] > There is some risk of regression from changes to the handling of > symlinked directories. The initial fix for this led to breakage > for reiserfsprogs (bug #1079276), but that has been resolved. Please go ahead. Note that the window for getting fixes into 12.7 will close this weekend. Regards, Adam
Bug#1079313: mlpost 0.8.2-4+deb11u1 flagged for acceptance
package release.debian.org tags 1079313 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: mlpost Version: 0.8.2-4+deb11u1 Explanation: fix build failure with newer ImageMagick versions
Bug#1079291: healpix-java 3.60+ds-4+deb11u1 flagged for acceptance
package release.debian.org tags 1079291 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: healpix-java Version: 3.60+ds-4+deb11u1 Explanation: fix build failure
Bug#1079271: trinity 1.9+git20200331.4d2343bd18c7b-2+deb11u1 flagged for acceptance
package release.debian.org tags 1079271 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: trinity Version: 1.9+git20200331.4d2343bd18c7b-2+deb11u1 Explanation: fix build failure by dropping support for DECNET
Bug#1079144: gettext.js 0.7.0-2+deb11u1 flagged for acceptance
package release.debian.org tags 1079144 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: gettext.js Version: 0.7.0-2+deb11u1 Explanation: fix server side request forgery issue [CVE-2024-43370]
Bug#1079353: cacti 1.2.24+ds1-1+deb12u3 flagged for acceptance
package release.debian.org tags 1079353 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: cacti Version: 1.2.24+ds1-1+deb12u3 Explanation:
Bug#1079350: calamares-settings-debian 12.0.9-1+deb12u1 flagged for acceptance
package release.debian.org tags 1079350 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: calamares-settings-debian Version: 12.0.9-1+deb12u1 Explanation: fix Xfce launcher permission issue
Bug#1079317: curl 7.88.1-10+deb12u7 flagged for acceptance
package release.debian.org tags 1079317 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: curl Version: 7.88.1-10+deb12u7 Explanation: fix ASN.1 date parser overread issue [CVE-2024-7264]
Bug#1079143: gettext.js 0.7.0-3+deb12u1 flagged for acceptance
package release.debian.org tags 1079143 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: gettext.js Version: 0.7.0-3+deb12u1 Explanation: fix server side request forgery issue [CVE-2024-43370]
Bug#1079320: snapshot.debian.org: TLS cert expired today
On Thu, 2024-08-22 at 15:03 +0200, наб wrote: > My hurd VM just refused to apt update, and firefox says > > The certificate for snapshot.debian.org expired on 22/08/2024. > > I currently see 04:1A:1E:24:EF:95:2B:E1:76:A5:74:D7:B4:BD:42:06:B0:09 > returned with a notafter of 2024-08-22T12:08:31Z. > > snapshot.d.o still works over http, but this does break the > recommended and default sources.list which is https. Thanks for the report. I've taken the affected frontend out of the DNS rotation until things get sorted out. Regards, Adam
Bug#1079353: bookworm-pu: package cacti/1.2.24+ds1-1+deb12u3
Control: tags -1 -moreinfo +confirmed On Thu, 2024-08-22 at 18:45 +, Bastien Roucariès wrote: > Le jeudi 22 août 2024, 18:01:02 UTC Adam D. Barratt a écrit : > > Control: tags -1 + moreinfo > > > > On Thu, 2024-08-22 at 15:38 +, Bastien Roucariès wrote: > > > [ Reason ] > > > Security upload. Except CVE-2024-27082 that need > > > coordination with other packages. > > > > You appear to have forgotten the debdiff. > > Yes I just resend > +cacti (1.2.24+ds1-1+deb12u3) unstable; urgency=medium That should be bookworm, not unstable. With that fixed, please go ahead. Regards, Adam
Bug#1079317: bookworm-pu: package curl/7.88.1-10+deb12u7
Control: tags -1 + confirmed On Thu, 2024-08-22 at 09:37 -0300, Carlos Henrique Lima Melara wrote: > [ Reason ] > The reason is to fix CVE-2024-7264 [1] by cherry-picking and > backporting > the upstream fixes released in curl 8.9.1. Please go ahead. Regards, Adam
Bug#1079313: bullseye-pu: package mlpost/0.8.2-4+deb11u1
Control: tags -1 + confirmed On Thu, 2024-08-22 at 14:28 +0200, Santiago Vila wrote: > This upload fixes FTBFS bug #991060, which is probably the last > remaining build failure due to a new imagemagick version which > was introduced late during the development stage of bullseye. Please go ahead. Regards, Adam
