Bug#986814: marked as done (Latest vagrant Buster libvirt image not found)

[Debian Bug Tracking System]

Your message dated Tue, 13 Apr 2021 08:30:34 +0200
with message-id 
and subject line Re: Bug#986814: Latest vagrant Buster libvirt image not found
has caused the Debian Bug report #986814,
regarding Latest vagrant Buster libvirt image not found
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
986814: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986814
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: cloud.debian.org
Severity: serious

The latest Buster libvirt image for vagrant gives me a 404, `vagrant box
update` fails.

λ > curl
https://app.vagrantup.com/debian/boxes/buster64/versions/10.20210409.1/providers/libvirt.box
{"errors":["Not found"],"success":false}

Best

Christopher



-- System Information:
Debian Release: 9.13
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-15-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:de (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
Hi,

On 12/04/21 at 13:14 +0200, Christopher Huhn wrote:
> Package: cloud.debian.org
> Severity: serious
> 
> The latest Buster libvirt image for vagrant gives me a 404, `vagrant box
> update` fails.
> 
> λ > curl
> https://app.vagrantup.com/debian/boxes/buster64/versions/10.20210409.1/providers/libvirt.box
> {"errors":["Not found"],"success":false}

Strange. The version was properly created, but the file was lost. I
reuploaded the box and it works now.

I looked at other boxes, and the same issue affected testing64/libvirt
(also reuploaded).

Thanks for the report!

Lucas--- End Message ---

Processed: severity of 950079 is important

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> severity 950079 important
Bug #950079 [grub-cloud-amd64] grub-cloud-amd64: not co-installable with 
grub-pc due to incompatible /etc/default/grub handling
Severity set to 'important' from 'serious'
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
950079: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950079
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#986865: yubikey-manager should depend on python3-pkg-resources

[Palmer Dabbelt]

Package: yubikey-manager
Version: 2.1.0-1
Severity: grave
Justification: renders package unusable

Dear Maintainer,

When I install yubikey-manager I get a missing package error, which makes the
package unusable:

$ ykman
Traceback (most recent call last):
  File "/usr/bin/ykman", line 6, in 
from pkg_resources import load_entry_point
ModuleNotFoundError: No module named 'pkg_resources'

This can be resolved by installing python3-pkg-resources.  I'm pretty new to
Debian and don't do anything Python work, but as far as I can tell it's just a
missing dependency.  python3-pkg-resources is used by reportbug, so trying to
reproduce this is a bit tricky on my end: I can remove python3-pkg-resources,
but that removes reportbug as well.

This is my first time trying to submit a Debian bug report, so I'm not sure
what else to include here.

-- System Information:
Debian Release: 10.7
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.4.88-12233-g8e0826df26a0 (SMP w/8 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages yubikey-manager depends on:
ii  pcscd1.8.24-1
ii  python3  3.7.3-1
ii  python3-click7.0-1
ii  python3-yubikey-manager  2.1.0-1

yubikey-manager recommends no packages.

yubikey-manager suggests no packages.

-- no debconf information

Bug#985085: plan to lower Severity

[Federico Grau]

Fully recognizing we all must balance multiple priorities, I'm still waiting
to hear back from active Salt maintainer(s) to progress closing this bug.

Until the bug can properly be closed and given these CVE bugs do not apply to
Debian, with the goal of preventing Salt from being autoremoved from the next
Debian release Bullseye circa 2021-April-27, I intent do lower the Severity of
this bug (#985085) later this week (e.g. current Grave to Minor).

respectfully,
donfede


# BTS closing policy
https://www.debian.org/Bugs/Developer#closing

# BTS severity descriptions
https://www.debian.org/Bugs/Developer#severities

# Salt Team ML and archive
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-salt-team




signature.asc
Description: PGP signature

Bug#986808: CVE-2021-29939

[peter green]

On 12/04/2021 23:54, peter green wrote:

Hi.

The stackvector crate does not appear to be maintained upstream. The upstream 
bug underlying this
issue was reported back in February and has received no response from the 
upstream maintainer.


Update: the upstream maintainer has now responded to the bug with a tentative 
fix and plans to
release it soon. Unless there are objections, If/when he does so I will apply 
it to the Debian
package and upload. Afterwards (but not before the current version of 
rust-sniffglue has migrated
to testing) I will request a binnmu of rust-sniffglue (which appears to be the 
only application
built against rust-stackvector) to pick up the fix.

Bug#986808: CVE-2021-29939

[peter green]

Hi.

The stackvector crate does not appear to be maintained upstream. The upstream 
bug underlying this
issue was reported back in February and has received no response from the 
upstream maintainer.

It seems the only user of the stackvector crate in Debian is the lexical_core 
crate.
The lexical_core crate upstream (which appears to be the same person as the 
stackvector maintainer)
switched from stackvector to arrayvec some time ago. The relavent commit on the 
0.4 branch being
https://github.com/Alexhuszagh/rust-lexical/commit/6f9f3f5b9232107791008098012ef5fa069a

Regarding the actual bug, I think it can be fixed by simply changing "while count < 
lower_bound {"
to "while count < upper_bound {" but I'm no expert on the code and I'm 
reluctant to apply it
without some feedback from someone more familiar with the code.

That patch patches to use arrayvec 0.4 which is lower than the version 0.5 in 
Debian, but looking
at the master branch I suspect that it will be a simple case of just bumping 
the dependency.

So it seems there are a few possible ways forward here.

1. Try and fix stackvector ourselves, this is the smaller change but as I said 
i'm reluctant
   to do it without more eyes on the code.
2. Apply the upstream commit to switch lexical_core to arrayvec and then bump 
the arrayvec
   dependency to 0.5. We would also likely have to either use feature_collapse 
or manually
   alter debian/control to avoid getting stuck in new. This is a more intrusive 
change but
   leaves us closer to upstream. stackvector can then be removed.

Thoughts?

Processed: Re: materia-gtk-theme: unhandled symlink to directory conversion: /usr/share/themes/Materia-compact/gtk-3.0/assets -> ../gtk-assets

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + pending
Bug #985292 [materia-gtk-theme] materia-gtk-theme: unhandled symlink to 
directory conversion: /usr/share/themes/Materia-compact/gtk-3.0/assets -> 
../gtk-assets
Added tag(s) pending.
> tags -1 + confirmed
Bug #985292 [materia-gtk-theme] materia-gtk-theme: unhandled symlink to 
directory conversion: /usr/share/themes/Materia-compact/gtk-3.0/assets -> 
../gtk-assets
Added tag(s) confirmed.
> tags -1 + fixed
Bug #985292 [materia-gtk-theme] materia-gtk-theme: unhandled symlink to 
directory conversion: /usr/share/themes/Materia-compact/gtk-3.0/assets -> 
../gtk-assets
Added tag(s) fixed.
> tags -1 + bullseye
Bug #985292 [materia-gtk-theme] materia-gtk-theme: unhandled symlink to 
directory conversion: /usr/share/themes/Materia-compact/gtk-3.0/assets -> 
../gtk-assets
Added tag(s) bullseye.
> tags -1 + sid
Bug #985292 [materia-gtk-theme] materia-gtk-theme: unhandled symlink to 
directory conversion: /usr/share/themes/Materia-compact/gtk-3.0/assets -> 
../gtk-assets
Added tag(s) sid.

-- 
985292: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985292
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#986788: marked as done (openbgpd: /usr/sbin/bgpd is already shipped by quagga-bgpd)

[Debian Bug Tracking System]

Your message dated Mon, 12 Apr 2021 22:03:26 +
with message-id 
and subject line Bug#986788: fixed in openbgpd 6.8p1-2
has caused the Debian Bug report #986788,
regarding openbgpd: /usr/sbin/bgpd is already shipped by quagga-bgpd
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
986788: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986788
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: openbgpd
Version: 6.8p1-1
Severity: serious
User: trei...@debian.org
Usertags: edos-file-overwrite

Hi,

automatic installation tests of packages that share a file and at the
same time do not conflict by their package dependency relationships has
detected the following problem:

  Preparing to unpack .../openbgpd_6.8p1-1_amd64.deb ...
  Unpacking openbgpd (6.8p1-1) ...
  dpkg: error processing archive 
/var/cache/apt/archives/openbgpd_6.8p1-1_amd64.deb (--unpack):
   trying to overwrite '/usr/sbin/bgpd', which is also in package quagga-bgpd 
1.2.4-4
  dpkg-deb: error: paste subprocess was killed by signal (Broken pipe)
  Errors were encountered while processing:
   /var/cache/apt/archives/openbgpd_6.8p1-1_amd64.deb

This is a serious bug as it makes installation fail, and violates
sections 7.6.1 and 10.1 of the policy. An optimal solution would
consist in only one of the packages installing that file, and renaming
or removing the file in the other package. Depending on the
circumstances you might also consider Replace relations or file
diversions. If the conflicting situation cannot be resolved then, as a
last resort, the two packages have to declare a mutual
Conflict. Please take into account that Replaces, Conflicts and
diversions should only be used when packages provide different
implementations for the same functionality.

Here is a list of files that are known to be shared by both packages
(according to the Contents file for sid/amd64, which may be
slightly out of sync):

usr/sbin/bgpd
usr/share/man/man8/bgpd.8.gz


Cheers,

Andreas

PS: for more information about the detection of file overwrite errors
of this kind see https://qa.debian.org/dose/file-overwrites.html


quagga-bgpd=1.2.4-4_openbgpd=6.8p1-1.log.gz
Description: application/gzip
--- End Message ---
--- Begin Message ---
Source: openbgpd
Source-Version: 6.8p1-2
Done: Job Snijders 

We believe that the bug you reported is fixed in the latest version of
openbgpd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 986...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Job Snijders  (supplier of updated openbgpd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 12 Apr 2021 23:38:45 +0200
Source: openbgpd
Binary: openbgpd openbgpd-dbgsym
Architecture: source amd64
Version: 6.8p1-2
Distribution: unstable
Urgency: low
Maintainer: Job Snijders 
Changed-By: Job Snijders 
Description:
 openbgpd   - OpenBSD BGP daemon
Closes: 986788
Changes:
 openbgpd (6.8p1-2) unstable; urgency=low
 .
   * Mark conflict with quagga-bgpd (Closes: #986788)
Checksums-Sha1:
 00f452e7e6c660d5fe27f8647d747802389bfeac 1852 openbgpd_6.8p1-2.dsc
 09cecbf81c6d7d146bf8273b7beba5289b6b66c4 3364 openbgpd_6.8p1-2.debian.tar.xz
 802b458535100d3c3bad878be90870246b36fad3 539348 
openbgpd-dbgsym_6.8p1-2_amd64.deb
 767f1f30c624f9d028fa54efd04035b84f473c01 5813 openbgpd_6.8p1-2_amd64.buildinfo
 02e5686a5c37da7e7dd76f410a89654d7dfa9069 203272 openbgpd_6.8p1-2_amd64.deb
Checksums-Sha256:
 8b421b288bfe55d82f20fe48f1b75182433761c24bfb9b41ef2a2f9fc3d3c77c 1852 
openbgpd_6.8p1-2.dsc
 646926def1815d49f6bec0adb929afa58c4d57460ef9550fa73da205d4bdd103 3364 
openbgpd_6.8p1-2.debian.tar.xz
 0e1da365bbfb6f746d10d67684e31884c9197fedcb0bce3a7b3c4077dccbe566 539348 
openbgpd-dbgsym_6.8p1-2_amd64.deb
 e83567eb75376f1fbcce340697d244cca53b35ebcbd22648a4fdd0fa224940ef 5813 
openbgpd_6.8p1-2_amd64.buildinfo
 a990fb868a736d5a4ac7105efe15133f85706dd1f8339ec80f9e97f04ecdd028 203272 
openbgpd_6.8p1-2_amd64.deb
Files:
 334b56253eb996f5cc931fb542fc6823 1852 net optional openbgpd_6.8p1-2.dsc
 fcfde5cddc94a2dfc618324b9d41a65c 3364 net optional 
openbgpd_6.8p1-2.debian.tar.xz
 9c8a08f607a191948bc5304dd023

Bug#986839: mpv: New upstream version 0.33.1 fixes CVE-2021-30145

[Wessel Dankers]

Package: mpv
Version: 0.32.0-2+b1
Severity: grave
Tags: security
Justification: user security hole
X-Debbugs-Cc: Debian Security Team 

Dear Maintainer,

Version 0.33.1 was released on Mon, 5 Apr 2021. Apparently this fixes a
security problem (CVE-2021-30145) that affects every version since 2002.

A description of the problem can be found at:


https://github.com/mpv-player/mpv/commit/cb3fa04bcb2ba9e0d25788480359157208c13e0b

The release can be found at:

https://github.com/mpv-player/mpv/releases

Thanks,

Wessel Dankers

-- System Information:
Debian Release: bullseye/sid
 APT prefers testing
 APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-5-amd64 (SMP w/4 CPU threads)
Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8), LANGUAGE
not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages mpv depends on:
ii  libarchive13  3.4.3-2+b1
ii  libasound21.2.4-1.1
ii  libass9   1:0.15.0-1
ii  libavcodec58  7:4.3.2-0+deb11u1
ii  libavdevice58 7:4.3.2-0+deb11u1
ii  libavfilter7  7:4.3.2-0+deb11u1
ii  libavformat58 7:4.3.2-0+deb11u1
ii  libavutil56   7:4.3.2-0+deb11u1
ii  libbluray21:1.2.1-4
ii  libc6 2.31-11
ii  libcaca0  0.99.beta19-2.2
ii  libcdio-cdda2 10.2+2.0.0-1+b2
ii  libcdio-paranoia2 10.2+2.0.0-1+b2
ii  libcdio19 2.1.0-2
ii  libdrm2   2.4.104-1
ii  libdvdnav46.1.0-1+b1
ii  libegl1   1.3.2-1
ii  libgbm1   20.3.4-1
ii  libgl11.3.2-1
ii  libjack-jackd2-0 [libjack-0.125]  1.9.17~dfsg-1
ii  libjpeg62-turbo   1:2.0.6-4
ii  liblcms2-22.12~rc1-2
ii  liblua5.2-0   5.2.4-1.1+b3
ii  libpulse0 14.2-2
ii  librubberband21.9.0-1
ii  libsdl2-2.0-0 2.0.14+dfsg2-3
ii  libsmbclient  2:4.13.5+dfsg-1
ii  libsndio7.0   1.5.0-3
ii  libswresample37:4.3.2-0+deb11u1
ii  libswscale5   7:4.3.2-0+deb11u1
ii  libuchardet0  0.0.7-1
ii  libva-drm22.10.0-1
ii  libva-wayland22.10.0-1
ii  libva-x11-2   2.10.0-1
ii  libva22.10.0-1
ii  libvdpau1 1.4-3
ii  libwayland-client01.18.0-2~exp1.1
ii  libwayland-cursor01.18.0-2~exp1.1
ii  libwayland-egl1   1.18.0-2~exp1.1
ii  libx11-6  2:1.7.0-2
ii  libxext6  2:1.3.3-1.1
ii  libxinerama1  2:1.1.4-2
ii  libxkbcommon0 1.0.3-2
ii  libxrandr22:1.5.1-1
ii  libxss1   1:1.2.3-1
ii  libxv12:1.0.11-1
ii  zlib1g1:1.2.11.dfsg-2

Versions of packages mpv recommends:
pn  xdg-utils   
pn  youtube-dl  

mpv suggests no packages.

-- no debconf information


signature.asc
Description: PGP signature

Bug#986854: elpa-helm: does not ship helm-global-bindings.el

[Todor Tsankov]

Package: elpa-helm
Version: 3.7.0-1
Severity: grave
Justification: renders package unusable

Dear Maintainer,

The elpa-helm package does not ship the file helm-global-bindings.el,
which is essential for its function: it contains all global
keybindings for helm. These keybindings were previously in
helm-config.el. As a result, upon upgrading to bullseye, helm stops
working.

Please include the file helm-global-bindings.el (which is present in
the source) in either elpa-helm or elpa-helm-core binary package.

Best wishes,
Todor




-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-5-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE
not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages elpa-helm depends on:
ii  dh-elpa-helper  2.0.8
ii  elpa-async  1.9.4-2
ii  elpa-helm-core  3.7.0-1
ii  elpa-popup  0.5.8-1
ii  emacsen-common  3.0.4

Versions of packages elpa-helm recommends:
ii  emacs  1:27.1+1-3.1
ii  emacs-gtk [emacs]  1:27.1+1-3.1

Versions of packages elpa-helm suggests:
pn  elpa-helm-org  

Bug#986622: marked as done (ClamAV 0.103.2 security patch release)

[Debian Bug Tracking System]

Your message dated Mon, 12 Apr 2021 19:48:27 +
with message-id 
and subject line Bug#986622: fixed in clamav 0.103.2+dfsg-1
has caused the Debian Bug report #986622,
regarding ClamAV 0.103.2 security patch release
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
986622: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986622
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: clamav
Version: 0.103.0+dfsg-3.1

ClamAV 0.103.2 is a security patch release with the following fixes:

CVE-2021-1252 : 
Fix for Excel XLM parser infinite loop. Affects 0.103.0 and 0.103.1 only.

CVE-2021-1404 : 
Fix for PDF parser buffer over-read; possible crash. Affects 0.103.0 and 
0.103.1 only.

CVE-2021-1405 : 
Fix for mail parser NULL-dereference crash. Affects 0.103.1 and prior.

CVE-2021-1386 :
Fix for UnRAR DLL load privilege escalation. Affects 0.103.1 and prior on 
Windows only.
--- End Message ---
--- Begin Message ---
Source: clamav
Source-Version: 0.103.2+dfsg-1
Done: Sebastian Andrzej Siewior 

We believe that the bug you reported is fixed in the latest version of
clamav, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 986...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Andrzej Siewior  (supplier of updated clamav 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 12 Apr 2021 21:31:08 +0200
Source: clamav
Architecture: source
Version: 0.103.2+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: ClamAV Team 
Changed-By: Sebastian Andrzej Siewior 
Closes: 986622
Changes:
 clamav (0.103.2+dfsg-1) unstable; urgency=medium
 .
   * Import 0.103.2
 - CVE-2021-1252 (Fix for Excel XLM parser infinite loop.)
 - CVE-2021-1404 (Fix for PDF parser buffer over-read; possible crash.)
 - CVE-2021-1405 (Fix for mail parser NULL-dereference crash.)
 - Update symbol file.
(Closes: #986622).
Checksums-Sha1:
 ec6abbe689364881025ef8980c3b37015eb996d2 2777 clamav_0.103.2+dfsg-1.dsc
 461ec3a7b45851e31a1cd9a4458473f9b4dc2677 5123788 
clamav_0.103.2+dfsg.orig.tar.xz
 2f6896bb20cb32b31edd03dae496e821ac239d06 220248 
clamav_0.103.2+dfsg-1.debian.tar.xz
Checksums-Sha256:
 8754a64602d698ba82d80b673933fb3141ad42e5966ad688b12a3f269a78 2777 
clamav_0.103.2+dfsg-1.dsc
 1f5d08342552f4b011521f44dd25e732dc79531ed2b54db385f8520496026371 5123788 
clamav_0.103.2+dfsg.orig.tar.xz
 9a6827ee763c6734da59277d97514a5a018d307c4976ea5ab44ded6a4479046b 220248 
clamav_0.103.2+dfsg-1.debian.tar.xz
Files:
 6348840ef9cf8b0069d26cb0adf61d93 2777 utils optional clamav_0.103.2+dfsg-1.dsc
 246d43d86d170e5aad57d512f4b0f6f8 5123788 utils optional 
clamav_0.103.2+dfsg.orig.tar.xz
 c1548d055b0400ed1ae6ad769620a568 220248 utils optional 
clamav_0.103.2+dfsg-1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQGzBAEBCgAdFiEEV4kucFIzBRM39v3RBWQfF1cS+lsFAmB0oh0ACgkQBWQfF1cS
+lttKQv+OrFkvYOTM0NzFTs7GstLJQNDgcDIIpoCzp7J+EzYqwVL0hiygyjCnEdZ
fJGZkZGDFFpS8QEkJTgAOh9Y4dMSEIxpCHCUiz6YmXVdDA6Yp5flBJ5pxXveZP6O
67QMN6Y7V6Q7EERjZ8G+ZImWG/9beZNfCWHV0qHodf3QstpBC5r78539F/rLgA3B
TJj06Epq7bTwRQ1i63F/HsVUI2I997JrbSqxX1WPqIKqLjh4akFMhZfMPILDfD/i
TkhMCgbbltm5VdpyYIMyPBV9G+rhhamOwcNKkZjNNbLP4WLx4uriwwK/vHelOu8x
L4Jvfvv9Vh16+3JpRKyadJuuJ9wV8EfNXQzKv0Vra9/mdBmBFdUXYWiQFaeqNgvX
NYvOqxKlQnBcwBP14DqMMpVOtewdjBxmHOeXTHM7I4kUfAo+RURMoN7/j/ryw9GC
cuhRsbXxLQwf/zyyFKFqyKr1701l3VXQALWleSqXDsarK8bktHZSzqwYZOlUlDtD
RsyyNYc/
=6Ng6
-END PGP SIGNATURE End Message ---

Bug#986790: marked as done (CVE-2021-1405 CVE-2021-1404 CVE-2021-1252)

[Debian Bug Tracking System]

Your message dated Mon, 12 Apr 2021 19:48:27 +
with message-id 
and subject line Bug#986622: fixed in clamav 0.103.2+dfsg-1
has caused the Debian Bug report #986622,
regarding CVE-2021-1405 CVE-2021-1404 CVE-2021-1252
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
986622: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986622
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: clamav
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team 

Please see 
https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html

Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: clamav
Source-Version: 0.103.2+dfsg-1
Done: Sebastian Andrzej Siewior 

We believe that the bug you reported is fixed in the latest version of
clamav, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 986...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Andrzej Siewior  (supplier of updated clamav 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 12 Apr 2021 21:31:08 +0200
Source: clamav
Architecture: source
Version: 0.103.2+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: ClamAV Team 
Changed-By: Sebastian Andrzej Siewior 
Closes: 986622
Changes:
 clamav (0.103.2+dfsg-1) unstable; urgency=medium
 .
   * Import 0.103.2
 - CVE-2021-1252 (Fix for Excel XLM parser infinite loop.)
 - CVE-2021-1404 (Fix for PDF parser buffer over-read; possible crash.)
 - CVE-2021-1405 (Fix for mail parser NULL-dereference crash.)
 - Update symbol file.
(Closes: #986622).
Checksums-Sha1:
 ec6abbe689364881025ef8980c3b37015eb996d2 2777 clamav_0.103.2+dfsg-1.dsc
 461ec3a7b45851e31a1cd9a4458473f9b4dc2677 5123788 
clamav_0.103.2+dfsg.orig.tar.xz
 2f6896bb20cb32b31edd03dae496e821ac239d06 220248 
clamav_0.103.2+dfsg-1.debian.tar.xz
Checksums-Sha256:
 8754a64602d698ba82d80b673933fb3141ad42e5966ad688b12a3f269a78 2777 
clamav_0.103.2+dfsg-1.dsc
 1f5d08342552f4b011521f44dd25e732dc79531ed2b54db385f8520496026371 5123788 
clamav_0.103.2+dfsg.orig.tar.xz
 9a6827ee763c6734da59277d97514a5a018d307c4976ea5ab44ded6a4479046b 220248 
clamav_0.103.2+dfsg-1.debian.tar.xz
Files:
 6348840ef9cf8b0069d26cb0adf61d93 2777 utils optional clamav_0.103.2+dfsg-1.dsc
 246d43d86d170e5aad57d512f4b0f6f8 5123788 utils optional 
clamav_0.103.2+dfsg.orig.tar.xz
 c1548d055b0400ed1ae6ad769620a568 220248 utils optional 
clamav_0.103.2+dfsg-1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQGzBAEBCgAdFiEEV4kucFIzBRM39v3RBWQfF1cS+lsFAmB0oh0ACgkQBWQfF1cS
+lttKQv+OrFkvYOTM0NzFTs7GstLJQNDgcDIIpoCzp7J+EzYqwVL0hiygyjCnEdZ
fJGZkZGDFFpS8QEkJTgAOh9Y4dMSEIxpCHCUiz6YmXVdDA6Yp5flBJ5pxXveZP6O
67QMN6Y7V6Q7EERjZ8G+ZImWG/9beZNfCWHV0qHodf3QstpBC5r78539F/rLgA3B
TJj06Epq7bTwRQ1i63F/HsVUI2I997JrbSqxX1WPqIKqLjh4akFMhZfMPILDfD/i
TkhMCgbbltm5VdpyYIMyPBV9G+rhhamOwcNKkZjNNbLP4WLx4uriwwK/vHelOu8x
L4Jvfvv9Vh16+3JpRKyadJuuJ9wV8EfNXQzKv0Vra9/mdBmBFdUXYWiQFaeqNgvX
NYvOqxKlQnBcwBP14DqMMpVOtewdjBxmHOeXTHM7I4kUfAo+RURMoN7/j/ryw9GC
cuhRsbXxLQwf/zyyFKFqyKr1701l3VXQALWleSqXDsarK8bktHZSzqwYZOlUlDtD
RsyyNYc/
=6Ng6
-END PGP SIGNATURE End Message ---

Bug#983140: closed by Debian FTP Masters (reply to Lee Garrett ) (Bug#983140: fixed in ansible-base 2.10.5+dfsg-2)

[Baptiste Beauplat]

Hi Lee,

On 2021/03/23 08:51 PM, Debian Bug Tracking System wrote:
> This is an automatic notification regarding your Bug report
> which was filed against the ansible package:
> 
> #983140: ansible: Does not detect correct python interpreter on bullseye 
> target
> 
> It has been closed by Debian FTP Masters  
> (reply to Lee Garrett ).

This bug is still affecting bullseye and it will be autoremoved if no
further action is taken.

I saw that your unblock request [1] was rejected. As an alternative, you
could do an upload with a minimal changeset to testing-proposed-updates as
described in the devref [2].

That would allow ansible to remain in bullseye (and all other packages
depending on it).

Best,

[1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984557
[2]: 
https://www.debian.org/doc/manuals/developers-reference/pkgs.en.html#direct-updates-to-testing
-- 
Baptiste Beauplat - lyknode


signature.asc
Description: PGP signature

Processed: Re: python-azure: flaky autopkgtest: You need to call 'result' or 'wait' on all LROPoller you have created

[Debian Bug Tracking System]

Processing control commands:

> severity -1 serious
Bug #984894 [src:python-azure] python-azure: flaky autopkgtest: You need to 
call 'result' or 'wait' on all LROPoller you have created
Severity set to 'serious' from 'important'

-- 
984894: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984894
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Processed: merge

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> severity 986622 grave
Bug #986622 [clamav] ClamAV 0.103.2 security patch release
Bug #986790 [clamav] CVE-2021-1405 CVE-2021-1404 CVE-2021-1252
Severity set to 'grave' from 'normal'
Severity set to 'grave' from 'normal'
>
End of message, stopping processing here.

Please contact me if you need assistance.
-- 
986622: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986622
986790: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986790
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: merge

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> forcemerge 986622 986790
Bug #986622 [clamav] ClamAV 0.103.2 security patch release
Bug #986622 [clamav] ClamAV 0.103.2 security patch release
Added tag(s) upstream.
Bug #986790 [clamav] CVE-2021-1405 CVE-2021-1404 CVE-2021-1252
Severity set to 'normal' from 'grave'
Marked as found in versions clamav/0.103.0+dfsg-3.1.
Added tag(s) fixed-upstream.
Merged 986622 986790
>
End of message, stopping processing here.

Please contact me if you need assistance.
-- 
986622: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986622
986790: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986790
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#986818: arctica-greeter-guest-session: Guest sessions fail to start

[Mike Gabriel]

Package: arctica-greeter-guest-session
Severity: grave
Version: 0.99.1.5-1

Arctica Greeter supports LightDM's feature of running guest sessions.

However, since Debian switch to libexec directory, arctica-greeter references a wrong path to  
LightDM's lightdm-guest-session executable (which still gets installed  
to /usr/lib//lightdm/.


This should be fixed for arctica-greeter in Debian 11. (Patch is on its way).

Mike
--

DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de



pgpO0nBrd0bAb.pgp
Description: Digitale PGP-Signatur

Bug#986240: marked as done (make-guile: broken symlink: /usr/bin/gmake -> /make)

[Debian Bug Tracking System]

Your message dated Mon, 12 Apr 2021 14:48:41 +
with message-id 
and subject line Bug#986240: fixed in make-dfsg 4.3-4.1
has caused the Debian Bug report #986240,
regarding make-guile: broken symlink: /usr/bin/gmake -> /make
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
986240: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986240
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: make-guile
Version: 4.3-4
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package ships (or creates)
a broken symlink.

>From the attached log (scroll to the bottom...):

0m14.7s ERROR: FAIL: Broken symlinks:
  /usr/share/man/man1/gmake.1.gz -> /make.1.gz (make-guile)
  /usr/bin/gmake -> /make (make-guile)


cheers,

Andreas


make-guile_4.3-4.log.gz
Description: application/gzip
--- End Message ---
--- Begin Message ---
Source: make-dfsg
Source-Version: 4.3-4.1
Done: Sébastien Villemot 

We believe that the bug you reported is fixed in the latest version of
make-dfsg, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 986...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sébastien Villemot  (supplier of updated make-dfsg 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 10 Apr 2021 15:55:15 +0200
Source: make-dfsg
Architecture: source
Version: 4.3-4.1
Distribution: unstable
Urgency: medium
Maintainer: Manoj Srivastava 
Changed-By: Sébastien Villemot 
Closes: 986240
Changes:
 make-dfsg (4.3-4.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * make-guile: fix broken symlinks /usr/bin/gmake and
 /usr/share/man/man1/gmake.1.gz. (Closes: #986240)
Checksums-Sha1:
 63a03ff8e7c3c3a64961e6a409d3b72b2de87437 2019 make-dfsg_4.3-4.1.dsc
 45f4cef5d0f9dcc17b3a77a67330e6a11fb337d6 50940 make-dfsg_4.3-4.1.diff.gz
 78a6dedba11416ce5afc55208208c7c89b5a0a51 7089 make-dfsg_4.3-4.1_amd64.buildinfo
Checksums-Sha256:
 d2523d94f4d4198df6801f238d36cf0dea2ab5521f1d19ee76b2e8ee1f1918bb 2019 
make-dfsg_4.3-4.1.dsc
 753c254ecaba425ebe2e0a0fb4d299847701e1c3eeb43df563e39975cae56b4c 50940 
make-dfsg_4.3-4.1.diff.gz
 a2d3759137e4d4c8155b90467e2bb41892332414966f2821ae78f9447f59504c 7089 
make-dfsg_4.3-4.1_amd64.buildinfo
Files:
 85b2486304cafc3f211b70a411a38eb1 2019 devel optional make-dfsg_4.3-4.1.dsc
 ce6f728376c656a2e03c4a88fb83098b 50940 devel optional make-dfsg_4.3-4.1.diff.gz
 ab5bd0e4cfda28f5591b2e93ed074709 7089 devel optional 
make-dfsg_4.3-4.1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEU5UdlScuDFuCvoxKLOzpNQ7OvkoFAmBxsBUACgkQLOzpNQ7O
vkpifBAApJr72htQuajIwzrMx7gwUsBxPrpNg7yp1ck+QzWO0OAphtfsuWSc+H4b
9X1X3J+pdCceRG54sMhLTFb+XarG9p62JlKzwm1qCu3M0pp/GbI1IwbkjrL5qJQb
P/t4tXELVk2s1CNfuGNVcwMapSbDYJikF9ibnNRdNmH2IWL+zWhksNSDp8gU/AUd
acmvuHDUtsHoohj6ZKbrVMwNvW0bDC6Zy8MUp9uHMjmRhoZMIy8hdw5zC2MncYOG
RQffcRhTYGZoP6ZVcPrG/8/eoUgNIH51GQWlDKQB6Z51xYaYszR23bA6BYCpLK4F
kV+0q/RaCv3MiKBxwFTapudZ2xqcM2quq/KKn1/jyc34qkg93EbZ9MTfq1Crz5BR
s55j60H+5lIOegdMLWeYGpFPHFQTuQ/gu8uxYE7mFBOTt2QIIZIXxugokJLAL1na
FqDXtQOzM1HgzNbRIYTF4IjeqVukvQcaP2dHLyr2JcMjG1i8cCT78t4Q7YkLv18W
KBsz7eOoAOT4F2C/PLRkp7BwUfJFg3xL2H0wdV72+3nNoN6qX6QTh6X3tMhGyIwn
luWBwPEVuRo3BfTEXMcZaDZlhMmGaWAcPXcgo+Q6F1hQ+OmZkrag9FCcJ1gUF8Y6
0oJ60OVrOJ0hwRaE6tFBbVO+Qk79wycnYm1VxYNYGW7l+fl5dYo=
=YcNv
-END PGP SIGNATURE End Message ---

Processed: Re: Bug#986821: freecad: Garbled menu makes freecad unusable

[Debian Bug Tracking System]

Processing control commands:

> tags -1 moreinfo
Bug #986821 [freecad] freecad: Garbled menu makes freecad unusable
Ignoring request to alter tags of bug #986821 to the same tags previously set

-- 
986821: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986821
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#986821: freecad: Garbled menu makes freecad unusable

[Tobias Frost]

Control: tags -1 moreinfo

On Mon, Apr 12, 2021 at 02:04:56PM +0200, Michael Jarosch wrote:
> is garbled, both wayland and X11. A picture could tell more than a thousand
> words. I'll try to send one, later.

Yeah, That would possibly help, maybe it looks familiar:
FFIW, i have garbled windows _after resuming from ram_ but a resize of the 
windows fixes that always.
Does a resize fixes that too for you?

(However, that is not a freecad problem but for all applications that use the 
GPU, in my case I tend to
blame the nvidia non-free stuff, but it is hard to pin-point exactly…)

That said, it only happens for me after S2R and otherwise the apps are fine 
(especially freecad)
Do you have a change to test on another machine, preferable with some other GPU 
type? What GPU do you use?
(what driver package? and version?)

(At least, on my machines, freecad works fine…)

Tagging moreinfo for now...

Processed: Re: Bug#986821: freecad: Garbled menu makes freecad unusable

[Debian Bug Tracking System]

Processing control commands:

> tags -1 moreinfo
Bug #986821 [freecad] freecad: Garbled menu makes freecad unusable
Added tag(s) moreinfo.

-- 
986821: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986821
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#986637: marked as done (speedtest-cli: ValueError: invalid literal for int() with base 10)

[Debian Bug Tracking System]

Your message dated Mon, 12 Apr 2021 13:08:04 +
with message-id 
and subject line Bug#986637: fixed in speedtest-cli 2.1.3-1
has caused the Debian Bug report #986637,
regarding speedtest-cli: ValueError: invalid literal for int() with base 10
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
986637: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986637
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: speedtest-cli
Version: 2.1.2-2
Severity: grave
Tags: upstream
Justification: renders package unusable

There seems to have been a change on the speednet server side that results in a
ValueError exception:

  $> /usr/bin/speedtest-cli --simple
  Traceback (most recent call last):
File "/usr/bin/speedtest-cli", line 11, in 
  load_entry_point('speedtest-cli==2.1.2', 'console_scripts', 
'speedtest-cli')()
File "/usr/lib/python3/dist-packages/speedtest.py", line 1986, in main
  shell()
File "/usr/lib/python3/dist-packages/speedtest.py", line 1872, in shell
  speedtest = Speedtest(
File "/usr/lib/python3/dist-packages/speedtest.py", line 1091, in __init__
  self.get_config()
File "/usr/lib/python3/dist-packages/speedtest.py", line 1173, in get_config
  ignore_servers = list(
  ValueError: invalid literal for int() with base 10: ''

There is a PR to resolve the issue in the upstream project:
https://github.com/sivel/speedtest-cli/pull/769

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-5-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages speedtest-cli depends on:
ii  ca-certificates20210119
ii  python33.9.2-2
ii  python3-pkg-resources  52.0.0-3

speedtest-cli recommends no packages.

speedtest-cli suggests no packages.

-- no debconf information


signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: speedtest-cli
Source-Version: 2.1.3-1
Done: Jonathan Carter 

We believe that the bug you reported is fixed in the latest version of
speedtest-cli, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 986...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jonathan Carter  (supplier of updated speedtest-cli package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 12 Apr 2021 14:35:09 +0200
Source: speedtest-cli
Architecture: source
Version: 2.1.3-1
Distribution: unstable
Urgency: medium
Maintainer: Jonathan Carter 
Changed-By: Jonathan Carter 
Closes: 986637
Changes:
 speedtest-cli (2.1.3-1) unstable; urgency=medium
 .
   [ Ondřej Nový ]
   * d/control: Update Vcs-* fields with new Debian Python Team Salsa
 layout.
 .
   [ Jonathan Carter ]
   * New upstream release (Closes: #986637)
   * Update standards version to 4.5.1
   * Upgrade to debhelper-compat (=13)
Checksums-Sha1:
 b6894eeecd6acfd733e57a7c7c2b5c527f0acb7f 1971 speedtest-cli_2.1.3-1.dsc
 0408c3d6466a08dcad442b93cc3b7c340c602f28 24771 speedtest-cli_2.1.3.orig.tar.gz
 5afd68d2237c4c3f876b7a7dd2f2e3266240246e 3472 
speedtest-cli_2.1.3-1.debian.tar.xz
 40221af7817e216b8843789d4fb932f072c5b0db 6114 
speedtest-cli_2.1.3-1_source.buildinfo
Checksums-Sha256:
 d0956fb51149da68523d95eb00d6a02028397d83b4692a297010822cdd90c37a 1971 
speedtest-cli_2.1.3-1.dsc
 45e3ca21c3ce3c339646100de18db8a26a27d240c29f1c9e07b6c13995a969be 24771 
speedtest-cli_2.1.3.orig.tar.gz
 afdef890fd718e976c367650d8e5ba63d2665445403e5221ad385f6d7bd5297d 3472 
speedtest-cli_2.1.3-1.debian.tar.xz
 eda494d6ba2943fa69e8fdbb68906cb6606c30a525a35c207cb1ab35816f1a5e 6114 
speedtest-cli_2.1.3-1_source.buildinfo
Files:
 2df4b96fc150460f4f6483f002821359 1971 utils optional speedtest-cli_2.1.3-1.dsc
 08c431f2f398880745c4f0564962b9e2 24771 utils optional 
speedtest-cli_2.1.3.orig.t

Bug#951988: marked as done (spirv-tools: spirv.pc is missing required libraries in Libs)

[Debian Bug Tracking System]

Your message dated Mon, 12 Apr 2021 13:03:41 +
with message-id 
and subject line Bug#951988: fixed in glslang 11.1.0-4
has caused the Debian Bug report #951988,
regarding spirv-tools: spirv.pc is missing required libraries in Libs
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
951988: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951988
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libplacebo
Version: 1.7.0-2
Severity: serious
Justification: FTBFS on amd64
Tags: buster sid
Usertags: ftbfs-20200222 ftbfs-buster

Hi,

During a rebuild of all packages in sid, your package failed to build
on amd64.

Relevant part (hopefully):
> /usr/bin/ld: 
> /usr/lib/gcc/x86_64-linux-gnu/9/../../../x86_64-linux-gnu/libSPIRV.a(SpvTools.cpp.o):
>  in function `glslang::SpirvToolsValidate(glslang::TIntermediate const&, 
> std::vector >&, 
> spv::SpvBuildLogger*, bool)':
> (.text+0x8ee): undefined reference to `spvContextCreate'
> /usr/bin/ld: (.text+0x918): undefined reference to `spvValidatorOptionsCreate'
> /usr/bin/ld: (.text+0x92b): undefined reference to 
> `spvValidatorOptionsSetRelaxBlockLayout'
> /usr/bin/ld: (.text+0x936): undefined reference to 
> `spvValidatorOptionsSetBeforeHlslLegalization'
> /usr/bin/ld: (.text+0x94b): undefined reference to `spvValidateWithOptions'
> /usr/bin/ld: (.text+0xafc): undefined reference to 
> `spvValidatorOptionsDestroy'
> /usr/bin/ld: (.text+0xb06): undefined reference to `spvDiagnosticDestroy'
> /usr/bin/ld: (.text+0xb0e): undefined reference to `spvContextDestroy'
> collect2: error: ld returned 1 exit status

The full build log is available from:
   http://qa-logs.debian.net/2020/02/22/libplacebo_1.7.0-2_unstable.log

A list of current common problems and possible solutions is available at
http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!

About the archive rebuild: The rebuild was done on EC2 VM instances from
Amazon Web Services, using a clean, minimal and up-to-date chroot. Every
failed build was retried once to eliminate random failures.
--- End Message ---
--- Begin Message ---
Source: glslang
Source-Version: 11.1.0-4
Done: Timo Aaltonen 

We believe that the bug you reported is fixed in the latest version of
glslang, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 951...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Timo Aaltonen  (supplier of updated glslang package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 12 Apr 2021 15:33:13 +0300
Source: glslang
Built-For-Profiles: noudeb
Architecture: source
Version: 11.1.0-4
Distribution: unstable
Urgency: medium
Maintainer: Debian X Strike Force 
Changed-By: Timo Aaltonen 
Closes: 951988
Changes:
 glslang (11.1.0-4) unstable; urgency=medium
 .
   [ Simon McVittie ]
   * Add missing dependencies to spirv.pc (Closes: #951988)
   * d/tests/glslang-dev: Add a test for spirv.pc
Checksums-Sha1:
 c857830ddd8cbccc306da7225df17f7957b0cecf 2104 glslang_11.1.0-4.dsc
 81668ecc2c10ffdfdf1e2886a7f9875796510671 13927 glslang_11.1.0-4.diff.gz
 6af4ee66c26f069d39085b24785cfce13576a02a 7807 glslang_11.1.0-4_source.buildinfo
Checksums-Sha256:
 04b880d177d8e3ead3381b90a387e98e6fa12248772e44fd9ac3f36fac9d1428 2104 
glslang_11.1.0-4.dsc
 a5606322dc5f0fc15039d8bdcced3700dfbe3b4db8e14d23ffa9585aab7083b0 13927 
glslang_11.1.0-4.diff.gz
 8c0aa551955481001c46b71a37c62a76a22b0657e73c11459d537c2af14c35c4 7807 
glslang_11.1.0-4_source.buildinfo
Files:
 850ac0d9cdb92eaebd9f520130f5e72f 2104 libdevel optional glslang_11.1.0-4.dsc
 f5760bedd9b008383d71be5a4f808616 13927 libdevel optional 
glslang_11.1.0-4.diff.gz
 803a3c6d94ab0e518c08c1d62c6ab606 7807 libdevel optional 
glslang_11.1.0-4_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEdS3ifE3rFwGbS2Yjy3AxZaiJhNwFAmB0PvgACgkQy3AxZaiJ
hNyS0A//XRsN/38jd8jaxELZlzqu4iq3mk7OKE7BmNnXGNHwh5gqsjP83048e1+k
1Dq+8MfB5my0zxVbxsa5Kbjf66wNc6nBQUgjBTZ706PMs1SfxJVWDifbttYK4CrO
ox9L7D08A7Mn+CePjSnqmwcNMW2iL1k9irtQalE0OA55AaeXgo0Bfx+IaaNI8GVR
ier5HcNm+60MmhOZpopwwT8Dz012b1wvHfXpwofGXPe48vqwW2kvlrZjhQOvzkXA
junX7YsDmCkg2Rk0P+dwA2fhdgHpcAh4UreBM4BEGGd+hN5TFrqmx

Bug#986821: freecad: Garbled menu makes freecad unusable

[Michael Jarosch]

Package: freecad
Version: 0.19.1+dfsg1-2
Severity: grave
Justification: renders package unusable

Dear Maintainer,

lately, freecad was updated by apt and since then I cannot use it 
anymore. Menu

is garbled, both wayland and X11. A picture could tell more than a thousand
words. I'll try to send one, later.
I wonder why noone has reported this issue, yet. Maybe it has something 
to do

with my IronLake Intel GPU, which sometimes behaves "special".


-- System Information:
Debian Release: bullseye/sid
APT prefers testing-security
APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-5-amd64 (SMP w/4 CPU threads)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not
set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages freecad depends on:
ii freecad-python3 0.19.1+dfsg1-2

Versions of packages freecad recommends:
ii calculix-ccx 2.17-3
ii graphviz 2.42.2-4+b2

Versions of packages freecad suggests:
ii povray 1:3.7.0.8-5

Processed: tagging 986798, bug 986798 is forwarded to https://bugreports.qt.io/browse/QTBUG-91507 ...

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 986798 + upstream
Bug #986798 [src:qtsvg-opensource-src] CVE-2021-3481
Added tag(s) upstream.
> forwarded 986798 https://bugreports.qt.io/browse/QTBUG-91507
Bug #986798 [src:qtsvg-opensource-src] CVE-2021-3481
Set Bug forwarded-to-address to 'https://bugreports.qt.io/browse/QTBUG-91507'.
> tags 986799 + upstream
Bug #986799 [src:libtpms] CVE-2021-3446
Added tag(s) upstream.
> found 986799 0.8.0~dev1-1.2
Bug #986799 [src:libtpms] CVE-2021-3446
Marked as found in versions libtpms/0.8.0~dev1-1.2.
> tags 986800 + upstream
Bug #986800 [redmine] CVE-2021-30163 CVE-2021-30164
Added tag(s) upstream.
> found 986800 4.0.7-1
Bug #986800 [redmine] CVE-2021-30163 CVE-2021-30164
Marked as found in versions redmine/4.0.7-1.
> tags 986802 + upstream
Bug #986802 [src:libdnf] CVE-2021-3445
Added tag(s) upstream.
> tags 986801 + upstream
Bug #986801 [gnuchess] CVE-2021-30184
Added tag(s) upstream.
> forwarded 986801 
> https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg0.html
Bug #986801 [gnuchess] CVE-2021-30184
Set Bug forwarded-to-address to 
'https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg0.html'.
> tags 986803 + upstream
Bug #986803 [rustc] CVE-2021-28875 CVE-2021-28876 CVE-2021-28877 CVE-2021-28878 
CVE-2021-28879 CVE-2020-36317 CVE-2020-36318
Added tag(s) upstream.
> tags 986805 + upstream
Bug #986805 [src:tika] CVE-2021-28657
Added tag(s) upstream.
> tags 986804 + upstream
Bug #986804 [squid] CVE-2021-28116
Added tag(s) upstream.
> tags 986807 + upstream
Bug #986807 [ruby2.7] CVE-2021-28965
Added tag(s) upstream.
> tags 986806 + upstream
Bug #986806 [ruby-rexml] CVE-2021-28965
Added tag(s) upstream.
> tags 986808 + upstream
Bug #986808 [src:rust-stackvector] CVE-2021-29939
Added tag(s) upstream.
> tags 986809 + upstream
Bug #986809 [network-manager] CVE-2021-20297
Added tag(s) upstream.
> tags 986815 + upstream
Bug #986815 [src:ring] CVE-2021-21375 CVE-2020-15260
Added tag(s) upstream.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
986798: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986798
986799: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986799
986800: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986800
986801: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986801
986802: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986802
986803: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803
986804: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986804
986805: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986805
986806: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986806
986807: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986807
986808: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986808
986809: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986809
986815: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986815
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: CVE-2021-21375

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> retitle 986815 CVE-2021-21375 CVE-2020-15260
Bug #986815 [src:ring] CVE-2021-21375
Changed Bug title to 'CVE-2021-21375 CVE-2020-15260' from 'CVE-2021-21375'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
986815: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986815
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#986815: CVE-2021-21375

[Moritz Mühlenhoff]

retitle 986815 CVE-2021-21375 CVE-2020-15260
thanks

Am Mon, Apr 12, 2021 at 01:21:04PM +0200 schrieb Moritz Muehlenhoff:
> Source: ring
> Severity: grave
> Tags: security
> X-Debbugs-Cc: Debian Security Team 
> 
> ring bundles pjproject, so it's probably also affected by CVE-2021-21375?
> 
> Advisory for pjproject is
> https://github.com/pjsip/pjproject/security/advisories/GHSA-hvq6-f89p-frvp
> 
> Patch:
> https://github.com/pjsip/pjproject/commit/97b3d7addbaa720b7ddb0af9bf6f3e443e664365

And also CVE-2020-15260:
https://github.com/pjsip/pjproject/security/advisories/GHSA-8hcp-hm38-mfph

https://github.com/pjsip/pjproject/pull/2663
https://github.com/pjsip/pjproject/commit/67e46c1ac45ad784db5b9080f5ed8b133c122872
 
Cheers,
Moritz

Bug#986759: marked as done (libpam-otpw: pam_otpw.so is installed in /lib/security/, but should be in /lib/x86_64-linux-gnu/security/)

[Debian Bug Tracking System]

Your message dated Mon, 12 Apr 2021 13:20:04 +0200
with message-id <20210412112004.u7di2wo5orktpvao@flashgordon>
and subject line rebooting helps
has caused the Debian Bug report #986759,
regarding libpam-otpw: pam_otpw.so is installed in /lib/security/, but should 
be in /lib/x86_64-linux-gnu/security/
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
986759: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986759
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libpam-otpw
Version: 1.5-2
Severity: grave
Justification: renders package unusable
X-Debbugs-Cc: a...@debian.org

Dear Maintainer,

after trying to set up libpam-otpw on bullseye, it did not work 
and the line:

  PAM unable to dlopen(pam_otpw.so): 
/lib/x86_64-linux-gnu/security/pam_otpw.so: 
cannot open shared object file: No such file or directory

showed up in the journal.

Copying pam_otpw.so from /lib/security/pam_otpw.so to 
/lib/x86_64-linux-gnu/security/
fixed the problem.  It looks like pam_otpw.so is installed in an
outdated location.

Thanks and best regards,

  Andi
--- End Message ---
--- Begin Message ---
Hi,

after a bit more investigation, I found that the issue I saw is probably
related to multiarch.  After a reboot, /lib/security/pam_otpw.so is
found and everything works fine.

Therefore I close the bug.
Sorry for the noise and best regards,

Andi--- End Message ---

Bug#986815: CVE-2021-21375

[Moritz Muehlenhoff]

Source: ring
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team 

ring bundles pjproject, so it's probably also affected by CVE-2021-21375?

Advisory for pjproject is
https://github.com/pjsip/pjproject/security/advisories/GHSA-hvq6-f89p-frvp

Patch:
https://github.com/pjsip/pjproject/commit/97b3d7addbaa720b7ddb0af9bf6f3e443e664365

Cheers,
Moritz

Bug#986814: Latest vagrant Buster libvirt image not found

[Christopher Huhn]

Package: cloud.debian.org
Severity: serious

The latest Buster libvirt image for vagrant gives me a 404, `vagrant box
update` fails.

λ > curl
https://app.vagrantup.com/debian/boxes/buster64/versions/10.20210409.1/providers/libvirt.box
{"errors":["Not found"],"success":false}

Best

Christopher



-- System Information:
Debian Release: 9.13
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-15-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:de (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#986803: [Pkg-rust-maintainers] Bug#986803: CVE-2021-28875 CVE-2021-28876 CVE-2021-28877 CVE-2021-28878 CVE-2021-28879 CVE-2020-36317 CVE-2020-36318

[Ximin Luo]

It looks like these CVEs affect all versions up to 1.52 (which is not yet 
released).

Do you have links to patches fixing these bugs that can be backported to 1.48? 
We've had 1.48 for a while due to the migration freeze, and I've been informed 
that some rust packages in Debian break with newer versions of rustc and will 
need themselves to be updated - so I'd rather not force that during the freeze, 
I'd rather backport security fixes to 1.48.

Best,
Ximin

Moritz Muehlenhoff:
> Package: rustc
> Severity: grave
> Tags: security
> X-Debbugs-Cc: Debian Security Team 
> 
> ___
> Pkg-rust-maintainers mailing list
> pkg-rust-maintain...@alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-rust-maintainers
> 


-- 
GPG: ed25519/56034877E1F87C35
https://github.com/infinity0/pubkeys.git

Bug#986808: CVE-2021-29939

[Moritz Muehlenhoff]

Source: rust-stackvector
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team 

https://rustsec.org/advisories/RUSTSEC-2021-0048.html

Cheers,
Moritz

Bug#986806: CVE-2021-28965

[Moritz Muehlenhoff]

Package: ruby-rexml
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team 

https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/

Why is there a separate package duplicating rexml from src:ruby2.7 in bullseye?

Cheers,
Moritz

Bug#986803: CVE-2021-28875 CVE-2021-28876 CVE-2021-28877 CVE-2021-28878 CVE-2021-28879 CVE-2020-36317 CVE-2020-36318

[Moritz Muehlenhoff]

Package: rustc
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team 

Bug#986799: CVE-2021-3446

[Moritz Muehlenhoff]

Source: libtpms
Severity: grave
Tags: patch security
X-Debbugs-Cc: Debian Security Team 

This was assigned CVE-2021-3446:
https://github.com/stefanberger/libtpms/commit/32c159ab53db703749a8f90430cdc7b20b00975e

Cheers,
Moritz

Processed: tagging 986790

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 986790 + upstream
Bug #986790 [clamav] CVE-2021-1405 CVE-2021-1404 CVE-2021-1252
Added tag(s) upstream.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
986790: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986790
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#986790: CVE-2021-1405 CVE-2021-1404 CVE-2021-1252

[Moritz Muehlenhoff]

Package: clamav
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team 

Please see 
https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html

Cheers,
Moritz

Processed: Re: Bug#919084: davs2: FTBFS everywhere

[Debian Bug Tracking System]

Processing control commands:

> severity -1 important
Bug #919084 [src:davs2] davs2: FTBFS everywhere
Severity set to 'important' from 'serious'
> retitle -1 davs2: FTBFS on !amd64
Bug #919084 [src:davs2] davs2: FTBFS everywhere
Changed Bug title to 'davs2: FTBFS on !amd64' from 'davs2: FTBFS everywhere'.

-- 
919084: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919084
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#919084: davs2: FTBFS everywhere

[Sebastian Ramacher]

Control: severity -1 important
Control: retitle -1 davs2: FTBFS on !amd64

On 2019-01-12 16:14:57 +0100, Andreas Beckmann wrote:
> Source: davs2
> Version: 1.6-1~exp2
> Severity: serious
> Justification: fails to build from source
> 
> Hi,
> 
> davs2 did FTBFS on all buildds (except kfreebsd-amd64):
> 
> https://buildd.debian.org/status/package.php?p=davs2&suite=experimental

It now at least builds on amd64.

Cheers
-- 
Sebastian Ramacher


signature.asc
Description: PGP signature

Bug#986788: openbgpd: /usr/sbin/bgpd is already shipped by quagga-bgpd

[Andreas Beckmann]

Package: openbgpd
Version: 6.8p1-1
Severity: serious
User: trei...@debian.org
Usertags: edos-file-overwrite

Hi,

automatic installation tests of packages that share a file and at the
same time do not conflict by their package dependency relationships has
detected the following problem:

  Preparing to unpack .../openbgpd_6.8p1-1_amd64.deb ...
  Unpacking openbgpd (6.8p1-1) ...
  dpkg: error processing archive 
/var/cache/apt/archives/openbgpd_6.8p1-1_amd64.deb (--unpack):
   trying to overwrite '/usr/sbin/bgpd', which is also in package quagga-bgpd 
1.2.4-4
  dpkg-deb: error: paste subprocess was killed by signal (Broken pipe)
  Errors were encountered while processing:
   /var/cache/apt/archives/openbgpd_6.8p1-1_amd64.deb

This is a serious bug as it makes installation fail, and violates
sections 7.6.1 and 10.1 of the policy. An optimal solution would
consist in only one of the packages installing that file, and renaming
or removing the file in the other package. Depending on the
circumstances you might also consider Replace relations or file
diversions. If the conflicting situation cannot be resolved then, as a
last resort, the two packages have to declare a mutual
Conflict. Please take into account that Replaces, Conflicts and
diversions should only be used when packages provide different
implementations for the same functionality.

Here is a list of files that are known to be shared by both packages
(according to the Contents file for sid/amd64, which may be
slightly out of sync):

usr/sbin/bgpd
usr/share/man/man8/bgpd.8.gz


Cheers,

Andreas

PS: for more information about the detection of file overwrite errors
of this kind see https://qa.debian.org/dose/file-overwrites.html


quagga-bgpd=1.2.4-4_openbgpd=6.8p1-1.log.gz
Description: application/gzip

Processed: tagging 983815

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 983815 + pending
Bug #983815 [src:python-crc32c] python-crc32c: Baseline violation on 
amd64/arm64/i386 and FTBFS on armhf if built on 64bit hardware
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
983815: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983815
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems