Bug#836447: transition: proj
On 03/09/16 21:41, Sebastiaan Couwenberg wrote: > proj (4.9.3-1) has been uploaded to unstable, and has been built on all > release architectures. The ports need a little more time. binnmus scheduled. Emilio
Bug#836370: transition: shibboleth
On 03/09/16 15:58, Ferenc Wágner wrote: > I'm finished with the uploads. Xmltooling, opensaml2 and shibboleth-sp2 > all built on the testing architectures. Please trigger rebuilds of > shibboleth-resolver and moonshot-gss-eap Scheduled. > (possibly also opensaml2 on powerpcspe, if you handle ports). That failed to build. A binnmu makes no sense. Perhaps you meant a give back? Why do you think that would help? Cheers, Emilio
Bug#836530: nmu: lazarus_1.6+dfsg-4
nmu lazarus_1.6+dfsg-4 . powerpc . unstable . -m "rebuild with fpc 3.0.0+dfsg-7 to fix glibc> 2.23 related issues" Minor nitpick, the working powerpc fix didn't land until -8 nmu pasdoc_0.14.0-1 . powerpc . unstable . -m "rebuild with fpc 3.0.0+dfsg-7 to fix glibc> 2.23 related issues" nmu gearhead2_0.628-1 . powerpc . unstable . -m "rebuild with fpc 3.0.0+dfsg-7 to fix glibc> 2.23 related issues" nmu ztex-bmp_20120314-2 . powerpc . unstable . -m "rebuild with fpc 3.0.0+dfsg-7 to fix glibc> 2.23 related issues" I don't think these are needed. I see no evidence of dependencies on c libraries. nmu imapcopy_1.04-2 . powerpc . unstable . -m "rebuild with fpc 3.0.0+dfsg-7 to fix glibc> 2.23 related issues" nmu mricron_0.20140804.1~dfsg.1-1 . powerpc . unstable . -m "rebuild with fpc 3.0.0+dfsg-7 to fix glibc> 2.23 related issues" These have unrelated FTBFS bugs, so scheduling a binnmu is pointless. Instead the FTBFS bugs need to be fixed. In addition to the binnmus we will want some give-backs once lazarus is rebuilt gb ddrescueview_0.4~alpha3-1 . powerpc . unstable gb doublecmd_0.7.3-1 . powerpc . unstable
Bug#836592: jessie-pu: package gdcm/2.4.4-3
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu
Dear release team,
The version of gdcm in jessie suffers from two security problems:
CVE-2015-8396 [1]
CVE-2015-8397 [2]
However, the security team notified my that the issue does not warrant a DSA
and I should instead just fix it via a jessie point release.
The proposed patch against the package is enclosed, it adds the according fixes
from the upstream repository.
best regards,
Gert
[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8396
[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8397
-- System Information:
Debian Release: stretch/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), (1,
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.6.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
diff -ruN gdcm-2.4.4/debian/changelog gdcm-2.4.4.new/debian/changelog
--- gdcm-2.4.4/debian/changelog 2014-10-06 08:08:33.0 +0100
+++ gdcm-2.4.4.new/debian/changelog 2016-08-23 18:45:09.415835673 +0100
@@ -1,3 +1,11 @@
+gdcm (2.4.4-3+deb8u1) jessie-proposed-updates; urgency=medium
+
+ * add patches:
+- d/p/CVE-2015-8396.patch: fix according security vunerability
+- d/p/CVE-2015-8397.patch: fix according security vunerability
+
+ -- Gert Wollny Sat, 20 Aug 2016 22:25:15 +0100
+
gdcm (2.4.4-3) unstable; urgency=medium
* Fix issue introduced by multiarch switch. Closes: #764029
diff -ruN gdcm-2.4.4/debian/patches/CVE-2015-8396.patch gdcm-2.4.4.new/debian/patches/CVE-2015-8396.patch
--- gdcm-2.4.4/debian/patches/CVE-2015-8396.patch 1970-01-01 01:00:00.0 +0100
+++ gdcm-2.4.4.new/debian/patches/CVE-2015-8396.patch 2016-08-20 23:23:27.990220328 +0100
@@ -0,0 +1,103 @@
+Author: Mathieu Malaterre
+Date: Fri Dec 18 12:18:02 2015 +0100
+Description: Patches fixing CVE-2015-8396
+ Patches were backported from upstream commits
+ 92cd6d7 Always prefer boxRegion computation for area
+ 9cbca25 Fix a case when Region was never initialized
+ e0dd111 Add an extra layer of check
+ 0f6f820 Actually handle the case of error in ComputeBufferLength
+
+Index: gdcm-2.4.4/Source/MediaStorageAndFileFormat/gdcmImageRegionReader.cxx
+===
+--- gdcm-2.4.4.orig/Source/MediaStorageAndFileFormat/gdcmImageRegionReader.cxx
gdcm-2.4.4/Source/MediaStorageAndFileFormat/gdcmImageRegionReader.cxx
+@@ -85,6 +85,7 @@ Region const &ImageRegionReader::GetRegi
+ size_t ImageRegionReader::ComputeBufferLength() const
+ {
+ // Is this a legal extent:
++ size_t npixels = 0;
+ if( Internals->GetRegion() )
+ {
+ if( !Internals->GetRegion()->IsValid() )
+@@ -92,10 +93,26 @@ size_t ImageRegionReader::ComputeBufferL
+ gdcmDebugMacro( "Sorry not a valid extent. Giving up" );
+ return 0;
+ }
++npixels = this->Internals->GetRegion()->Area();
+ }
+- PixelFormat pixelInfo = ImageHelper::GetPixelFormatValue(GetFile());
+- size_t bytesPerPixel = pixelInfo.GetPixelSize();
+- return this->Internals->GetRegion()->Area()*bytesPerPixel;
++ else
++ {
++std::vector dims = ImageHelper::GetDimensionsValue(GetFile());
++BoxRegion full;
++// Use BoxRegion to do robust computation
++full.SetDomain(0, dims[0] - 1,
++ 0, dims[1] - 1,
++ 0, dims[2] - 1 );
++if( full.IsValid() )
++{
++ gdcmDebugMacro( "Sorry not a valid extent. Giving up" );
++ return 0;
++ }
++npixels = full.Area();
++ }
++ const PixelFormat pixelInfo = ImageHelper::GetPixelFormatValue(GetFile());
++ const size_t bytesPerPixel = pixelInfo.GetPixelSize();
++ return npixels*bytesPerPixel;
+ }
+
+ bool ImageRegionReader::ReadInformation()
+@@ -371,7 +388,17 @@ bool ImageRegionReader::ReadJPEGIntoBuff
+ theCodec.SetPixelFormat( ImageHelper::GetPixelFormatValue(GetFile()) );
+
+ std::istream* theStream = GetStreamPtr();
+- const BoxRegion &boundingbox = this->Internals->GetRegion()->ComputeBoundingBox();
++ BoxRegion boundingbox;
++ if( Internals->GetRegion() )
++boundingbox = this->Internals->GetRegion()->ComputeBoundingBox();
++ else
++ {
++std::vector dims = ImageHelper::GetDimensionsValue(GetFile());
++boundingbox.SetDomain(
++ 0, dims[0] - 1,
++ 0, dims[1] - 1,
++ 0, dims[2] - 1 );
++ }
+ unsigned int xmin = boundingbox.GetXMin();
+ unsigned int xmax = boundingbox.GetXMax();
+ unsigned int ymin = boundingbox.GetYMin();
+@@ -445,7 +472,13 @@ bool ImageRegionReader::ReadJPEGLSIntoBu
+ bool ImageRegionReader::ReadIntoBuffer(char *buffer, size_t buflen)
+ {
+ size_t thelen = ComputeBufferLength();
+- if( buflen < thelen )
++ if( thelen == 0 )
++{
++// does not sound right, something seems odd.
++gdcmDebugMacro( "Cannot load an image of 0 bytes" );
++
Bug#836593: transition: libonig
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Affected source packages: hhvm- FTBFS [1] jq - build ok libevhtp- build ok libsylph- build ok lua-rexlib - build ok with patch[2] php5- build ok slang2 - build ok sylpheed- build ok All packages with build ok needs only a binNMU. hhvm has a FTBFS by reason of cpp6. At lua-rexlib only one file at debian must patched. If you need more informations please ask me. CU Jörg [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812023 [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824909 Ben file: title = "libonig"; is_affected = .depends ~ "libonig2" | .depends ~ "libonig4"; is_good = .depends ~ "libonig4"; is_bad = .depends ~ "libonig2"; - -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (900, 'testing'), (800, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.6.0-1-amd64 (SMP w/6 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCgAGBQJXzANKAAoJEAn4nzyModJd4xEP+gOe0Y7AMPTtod4HvEXTR6KS mTwkkZ3oB+jtoHTDllbHckYZkd8UQj+sGyA99MIGjFX1QM8jQ94NErG+PwZg8aZe 8R9ri/bv0wuukU+iQ2Ajnl0uxMxJeORJDPpb5X7qnJNLzC4qgTjeSH5vtWMARqlu 9xddD/WgIvDvEPzmH56z2lEHLevuIOFNk9lSThW2CZNUe+IDhCx8+3wWhns5CktN IGk8apA5PFTxxh4TEUjbBezB58TDbTtx/frJKOgIH1emEK12prIuPl3iLaNv+s0j 0L2JQpZLTwPZ2CJVBxai3S1qgLh8ixwyklUPazzGQ7PYp+iFz8cEnWCS8e38BBJ3 ohDZNqRv2tKhu1XbbS8IrTIL17cKT03n1PZ114kZihrA5YjV4SLgkT2BrdBxzygW I3il78ej+iNOgtTYW6iW0a0CGwNBbQSCWp3y0VXfSJYtCltWzp90yOIci+hqLxso YigozppO/rX1SmIQMsUbSJYxBVqhtHOzG1jJRHWoV6KEPoLIa/RlHPlwSRci0WTu XO7vUUVsUjCWFslICNOenfEKCCp2D5HzSezc5PZ8bNpCU0paZk5z5wVuFl1FkSlE vUw7fZMHQ4Mi6cQ3qNVEL0sll0feV4ZsBPkuE4/nw2uImbaPnHrdENLCYd0UoeDv l546XKGKDiJ7Izp1YpYe =rqH6 -END PGP SIGNATURE-
Processed: Re: Bug#836593: transition: libonig
Processing control commands: > tags -1 confirmed Bug #836593 [release.debian.org] transition: libonig Added tag(s) confirmed. -- 836593: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836593 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#836593: transition: libonig
Control: tags -1 confirmed On 04/09/16 13:19, Jörg Frings-Fürst wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: transition > > Affected source packages: > > hhvm- FTBFS [1] > jq - build ok > libevhtp- build ok > libsylph- build ok > lua-rexlib - build ok with patch[2] > php5- build ok > slang2 - build ok > sylpheed- build ok > > All packages with build ok needs only a binNMU. > > hhvm has a FTBFS by reason of cpp6. > > At lua-rexlib only one file at debian must patched. > > If you need more informations please ask me. Go ahead. Cheers, Emilio
Processed (with 2 errors): Need help
Processing commands for cont...@bugs.debian.org: > tag help 820535 Unknown command or malformed arguments to command. > block 832098 by 832098 Bug #832098 [release.debian.org] transition: llvm-defaults Failed to set blocking bugs of 832098: It is nonsensical for a bug to block itself (or a merged partner): 832098. > thanks Stopping processing here. Please contact me if you need assistance. -- Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#836370: transition: shibboleth
Emilio Pozuelo Monfort writes: > On 03/09/16 15:58, Ferenc Wágner wrote: > >> I'm finished with the uploads. Xmltooling, opensaml2 and shibboleth-sp2 >> all built on the testing architectures. Please trigger rebuilds of >> shibboleth-resolver and moonshot-gss-eap > > Scheduled. Thanks. They looks mostly good on the transition trackers. The build logs don't explain the "bad" shibboleth-resolver states on amd64 and i386 (to me), I hope it's just some transient. >> (possibly also opensaml2 on powerpcspe, if you handle ports). > > That failed to build. A binnmu makes no sense. Perhaps you meant a > give back? Why do you think that would help? Yes, the powerpcspe and sh4 builds should be tried again. They failed because they somehow overtook the new xmltooling builds and thus met a pre-C++11 libxmltooling. Do you think there's anything else to do (but wait for testing migration) with this transition? I don't understand why opensaml2 and shibboleth-sp2 are "partial" on all arches except the hurd, could you please give me a hint? It's the first time I look at such tables... -- Thanks, Feri
Bug#827054: jessie-pu: package openssl/1.0.1t-1+deb8u3
On Tue, Aug 23, 2016 at 09:47:22PM +0200, Kurt Roeckx wrote: > The current debdiff we'd like to upload is: > diff -Nru openssl-1.0.1t/debian/changelog openssl-1.0.1t/debian/changelog > --- openssl-1.0.1t/debian/changelog 2016-05-15 21:16:55.0 +0200 > +++ openssl-1.0.1t/debian/changelog 2016-06-11 19:18:11.0 +0200 > @@ -1,3 +1,14 @@ > +openssl (1.0.1t-1+deb8u3) jessie; urgency=medium > + > + [ Kurt Roeckx ] > + * Fix length check for CRLs. (Closes: #826552) > + > + [ Sebastian Andrzej Siewior ] > + * Enable asm optimisation for s390x. Patch by Dimitri John Ledkov. > +(Closes: #833156). > + > + -- Kurt Roeckx Sat, 11 Jun 2016 19:18:11 +0200 > + > openssl (1.0.1t-1+deb8u2) jessie; urgency=medium Ping? Kurt
Bug#836447: transition: proj
On 09/04/2016 12:02 PM, Emilio Pozuelo Monfort wrote: > On 03/09/16 21:41, Sebastiaan Couwenberg wrote: >> proj (4.9.3-1) has been uploaded to unstable, and has been built on all >> release architectures. The ports need a little more time. > > binnmus scheduled. Many thanks for those. In general the rebuild look good so far. The binNMUs did reveal a few packages with issues on some of the architectures. postgis FTBFS due to test failures caused by the fakeroot fix for #830912 not being used yet. Those builds should succeed when they use fakeroot (1.21-2). Can dep-waits be set for those? mapserver FTBFS on mipsel due to a fatal error in the Java Runtime Environment. I think retrying the build on a different buildd should let that succeed too, mipsel-manda-01 had issues with mapserver before. qlandkartegt FTBFS on some architectures where char is probably unsigned by default. I've added a patch which should fix the issue, but still needs verification on the porterboxes. I'll upload a new revision if the builds on the porterboxes confirm the fix. Kind Regards, Bas -- GPG Key ID: 4096R/6750F10AE88D4AF1 Fingerprint: 8182 DE41 7056 408D 6146 50D1 6750 F10A E88D 4AF1
Re: Porter roll call for Debian Stretch
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, 17 Aug 2016 22:05:06 +0200 ni...@thykier.net wrote: > Like last release, we are doing a roll call for porters of all release > architectures. If you are an active porter behind one of the [release > architectures] for the entire lifetime of Debian Stretch (est. end of > 2020), please respond with a signed email containing the following > before Friday, the 9th of September: > Hi, I am an active porter for the following architectures and I intend to continue this for the lifetime of the Stretch release (est. end of 2020): For armel, I - submit device-tree patch to upstream (linux kernel), and backport to debian kernel to get more devices supported - support new device for d-i and flash-kernel package - test most packages on this architecture - run Debian stable / testing / unstable system on port that I use regularly - triage arch-specific bugs - fix arch-related bugs - triage d-i bugs - test d-i regularly - fix d-i bugs/issues I am a DM. Altough I enabled -fPIE/-pie for most of my maintaining packages, I'm not sure / I don't have enough knowledge whether it's able to be applied to all packages. Since all other ARM porters seem agree on this, I believe it definitely deserves a try to enable this hardening on stretch. Cheers, - -- Roger Shimizu, GMT +9 Tokyo PGP/GPG: 4096R/6C6ACD6417B3ACB1 -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXzEFiAAoJEKR4aw2nAzSoAekP/j4eNf0jKvmArPlPbhA7XkBk /5u9Un4qOHBNcSMAU5YVLHkpnT1CX/C08W+/ctGbB9AnnRwyn8X0uailjedZ13jK oZYW/kUSwWiPmOkRTeNgFepzuKL+TNsAGgjHOY4ZbzYKC+h9C0UNWwyA77L3GUep 3HA9eTrtxMAAvJPNN4AhOjMeCI3qXIZ+wLKjhT+u/OUETWly8MolBw8PUjjwW6yy Va7ciRMQf8KL149+Pa/tYFaENoAOV6//3M2QkJyaGbfxJp3xiFFcrlw+kw6J4RyH vNIewz78nZwN88Y7JWa2EdBVcJr0897REXpDPXK/OpzlWw0R0xqB86jtmHfc+rQJ IiNGt5Uc4Y3mD04O6AEDDJFJnEQ/QLi8OR8/TuxHiBJ6JTv0m67KsJVgdFqeRnlz wJqcIQAzTF1iixVXjreVqW6P/+pGNHDbh9APfUz+UV97sZ4tD2BV1K1Rgk7cPDCn zcpVhkQRy5PzLmK315vb8h9juFDDS/18yzmXwGMnmIhv4+8GBJIQLm5gvk9NuEbw V/hBC42+fqX6RzGCoV3M8V+A6aLSpG/BcIAQOx8ewVfzMHIFSJmYParCHKXdiX+z WB8UBt2xCHuzg98jxU80UwR492X9WvKeb6xA8dKqOW22XzsLxaQTe+SLSaGQ7er2 cpuhCpYFDKj/TL6UE2f9 =Vckg -END PGP SIGNATURE-
Processed: Re: Bug#827054: jessie-pu: package openssl/1.0.1t-1+deb8u3
Processing control commands: > tags -1 + confirmed Bug #827054 [release.debian.org] jessie-pu: package openssl/1.0.1t-1+deb8u3 Added tag(s) confirmed. -- 827054: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827054 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#827054: jessie-pu: package openssl/1.0.1t-1+deb8u3
Control: tags -1 + confirmed On Tue, 2016-08-23 at 21:47 +0200, Kurt Roeckx wrote: > The current debdiff we'd like to upload is: > diff -Nru openssl-1.0.1t/debian/changelog openssl-1.0.1t/debian/changelog > --- openssl-1.0.1t/debian/changelog 2016-05-15 21:16:55.0 +0200 > +++ openssl-1.0.1t/debian/changelog 2016-06-11 19:18:11.0 +0200 > @@ -1,3 +1,14 @@ > +openssl (1.0.1t-1+deb8u3) jessie; urgency=medium > + > + [ Kurt Roeckx ] > + * Fix length check for CRLs. (Closes: #826552) > + > + [ Sebastian Andrzej Siewior ] > + * Enable asm optimisation for s390x. Patch by Dimitri John Ledkov. > +(Closes: #833156). Please go ahead. Regards, Adam
Bug#836592: jessie-pu: package gdcm/2.4.4-3
Control: tags -1 + confirmed On Sun, 2016-09-04 at 13:14 +0200, Gert Wollny wrote: > The version of gdcm in jessie suffers from two security problems: > > CVE-2015-8396 [1] > CVE-2015-8397 [2] > > However, the security team notified my that the issue does not warrant a DSA > and I should instead just fix it via a jessie point release. > > The proposed patch against the package is enclosed, it adds the according > fixes > from the upstream repository. +gdcm (2.4.4-3+deb8u1) jessie-proposed-updates; urgency=medium Simply "jessie" is preferred. Please go ahead. Regards, Adam
Processed: Re: Bug#836592: jessie-pu: package gdcm/2.4.4-3
Processing control commands: > tags -1 + confirmed Bug #836592 [release.debian.org] jessie-pu: package gdcm/2.4.4-3 Added tag(s) confirmed. -- 836592: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836592 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#836571: jessie-pu: package rabbitvcs/0.16-1
Control: tags -1 +confirmed -patch +jessie
Control: severity -1 normal
On Sun, 2016-09-04 at 07:32 +0100, Christopher Hoskin wrote:
> Package: release.debian.org
> Severity: critical
*No*. The bug you're fixing may be critical, the request to fix it in
stable is at most normal.
> Tags: patch
> User: release.debian@packages.debian.org
> Usertags: pu
>
> The attached patch fixes bug #817231 in the rabbitvcs package. This is
> classified as a critical bug on the grounds that it can cause serious
> data loss (e.g. loss of entire home folder). There are several reports
> of this actually happening to users of the software on Debian and
> other systems:
>
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=817231
> https://github.com/rabbitvcs/rabbitvcs/issues/127
> http://askubuntu.com/questions/473433/rabbitsvn-deleted-all-my-folders
> https://github.com/rabbitvcs/rabbitvcs/issues/70
>
> Bug #817231 has now been closed in unstable. Given the nature of the
> bug, I thought perhaps it should also be fixed in jessie-updates?
Given the fact that the package has no reverse-dependencies and before
your NMU in unstable had not been updated for two years, I wonder
whether removal might have been a better option.
> The attached patch acheives this. (I understand that the distribution
> needs to be set to jessie in debian/changelog, rather than {jessie|
> stable}-updates[0].)
One can't upload to stable-updates, indeed, rather by definition. (It's
an SRM-selected subset of packages in proposed-updates, not a standalone
target.)
I assume your rationale for suggesting a release via stable-updates,
rather than simply waiting for the next point release (which will be in
just under two weeks time) is the potential for data loss. Whilst this
is indeed unfortunate, I think we've only previously used -updates for
fixing RC bugs when they were regressions caused by other packages
published via -updates or in a point release.
+rabbitvcs (0.16-1.1) jessie; urgency=medium
That version number is wrong, for multiple reasons - most importantly,
that it's already been used for your NMU to unstable. Please use either
0.16-1+deb8u1 or 0.16-1.1~deb8u1, depending on whether the patch in the
jessie upload is applied to a fresh copy of 0.16-1 or the unstable
package is "backported".
With that fixed, please feel free to get the package uploaded.
Regards,
Adam
Processed: Re: Bug#836571: jessie-pu: package rabbitvcs/0.16-1
Processing control commands: > tags -1 +confirmed -patch +jessie Bug #836571 [release.debian.org] jessie-pu: package rabbitvcs/0.16-1 Added tag(s) confirmed. Bug #836571 [release.debian.org] jessie-pu: package rabbitvcs/0.16-1 Removed tag(s) patch. Bug #836571 [release.debian.org] jessie-pu: package rabbitvcs/0.16-1 Added tag(s) jessie. > severity -1 normal Bug #836571 [release.debian.org] jessie-pu: package rabbitvcs/0.16-1 Severity set to 'normal' from 'critical' -- 836571: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836571 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#832171: jessie-pu: package dietlibc/0.33~cvs20120325-6
Processing control commands: > tags -1 + confirmed Bug #832171 [release.debian.org] jessie-pu: package dietlibc/0.33~cvs20120325-6 Added tag(s) confirmed. -- 832171: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832171 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#832171: jessie-pu: package dietlibc/0.33~cvs20120325-6
Control: tags -1 + confirmed On Sun, 2016-07-24 at 22:18 +0200, Christian Seiler wrote: > On 07/23/2016 11:12 AM, Christian Seiler wrote: > > Since dietlibc is a static library, after the upload, there will need > > to be binNMUs in stable for the following three packages: > > > > nmu minit_0.10-5 . ALL . jessie . -m "Security: rebuild against fixed > > dietlibc" > > nmu mksh_50d-5 . ALL . jessie . -m "Security: rebuild against fixed > > dietlibc" > > nmu util-vserver_0.30.216-pre3054-1 . ALL . jessie . -m "Security: rebuild > > against fixed dietlibc" > > Ok, that list got a bit shorter: Thorsten Glaser told me that while > mksh Build-Depends on dietlibc-dev, it only uses it in sid onwards, > so for Jessie there's no need to schedule a binNMU after the update > to dietlibc for it. Apologies for the delay in getting back to you. Please go ahead. > So that would leave only util-vserver I'll schedule those after dietlibc has built everywhere. > and potentially minit, > depending on whether you want to remove it or not. As previously mentioned, that's either a source upload or a removal, not a binNMU. Regards, Adam
Processed: unarchiving 825512
Processing commands for cont...@bugs.debian.org:
> unarchive 825512
Bug #825512 {Done: "Adam D. Barratt" }
[release.debian.org] jessie-pu: package policykit-1/0.105-15~deb8u1
Unarchived Bug 825512
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
825512: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825512
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#825512: jessie-pu: package policykit-1/0.105-15~deb8u1
Processing control commands:
> reopen -1
Bug #825512 {Done: "Adam D. Barratt" }
[release.debian.org] jessie-pu: package policykit-1/0.105-15~deb8u1
'reopen' may be inappropriate when a bug has been closed with a version;
all fixed versions will be cleared, and you may need to re-add them.
Bug reopened
No longer marked as fixed in versions 8.5.
--
825512: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825512
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Bug#825512: jessie-pu: package policykit-1/0.105-15~deb8u1
Control: reopen -1 [re-sending having un-archived the bug] On Sat, 2016-05-28 at 11:37 +0100, Adam D. Barratt wrote: > Control: tags -1 + pending > > On Fri, 2016-05-27 at 20:50 +0100, Adam D. Barratt wrote: > > Control: tags -1 + confirmed > > > > On Fri, 2016-05-27 at 13:06 +0200, Michael Biebl wrote: > > > we'd like to make a stable upload for policykit-1 in the upcoming jessie > > > point release. > > > > > > The policykit-1 package didn't have a new upstream release in sid, but > > > we backported a lot of fixes from newer upstream versions, including > > > quite a few CVEs and important memory leak fixes [1]. > > > The policykit-1 package in sid is in a much better shape then what we > > > have in jessie. > > > > > > We therefor think it's best to simply upload the current package from > > > sid, which has been cooking for a very long time, as is to stable. > > > > > > I know the debdiff is large but I think the vast majority of the changes > > > are stable material and it's simply unfeasible to create and test yet > > > another stack of patches. I would therefor urge you to consider to > > > accept the attached debdiff. > > > > Assuming that the resulting package has been tested on jessie, under the > > circumstances I'm prepared to trust your judgement. Please go ahead. > > Uploaded and flagged for acceptance. Contrary to my over-hasty closing back in June (which no-one corrected in the meantime), this actually wasn't included in the 8.5 point release, due to last minute regressions raised in #825956. Michael, am I reading the bug log correctly that the issues turned out not to be due to the policykit-1 update? If so, should the package now been included in 8.6? Regards, Adam
Bug#832171: jessie-pu: package dietlibc/0.33~cvs20120325-6
On 09/04/2016 07:30 PM, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Sun, 2016-07-24 at 22:18 +0200, Christian Seiler wrote: >> On 07/23/2016 11:12 AM, Christian Seiler wrote: >>> Since dietlibc is a static library, after the upload, there will need >>> to be binNMUs in stable for the following three packages: >>> >>> nmu minit_0.10-5 . ALL . jessie . -m "Security: rebuild against fixed >>> dietlibc" >>> nmu mksh_50d-5 . ALL . jessie . -m "Security: rebuild against fixed >>> dietlibc" >>> nmu util-vserver_0.30.216-pre3054-1 . ALL . jessie . -m "Security: rebuild >>> against fixed dietlibc" >> >> Ok, that list got a bit shorter: Thorsten Glaser told me that while >> mksh Build-Depends on dietlibc-dev, it only uses it in sid onwards, >> so for Jessie there's no need to schedule a binNMU after the update >> to dietlibc for it. > > Apologies for the delay in getting back to you. No worries, it's still in time for the point release. :) > Please go ahead. Uploaded. >> So that would leave only util-vserver > > I'll schedule those after dietlibc has built everywhere. Thanks! >> and potentially minit, >> depending on whether you want to remove it or not. > > As previously mentioned, that's either a source upload or a removal, not > a binNMU. Yeah, sorry about not grokking that completely at the time. Regards, Christian signature.asc Description: OpenPGP digital signature
Bug#836571: jessie-pu: package rabbitvcs/0.16-1
Package: release.debian.org
Tags: jessie
Followup-For: Bug #836571
User: release.debian@packages.debian.org
Usertags: pu
> *No*. The bug you're fixing may be critical, the request to fix it in
> stable is at most normal.
Appologies - my misunderstanding.
> Given the fact that the package has no reverse-dependencies and before
> your NMU in unstable had not been updated for two years, I wonder
> whether removal might have been a better option.
That's a fair point - but presumably a matter for the PAPT rather than me?
> I assume your rationale for suggesting a release via stable-updates,
> rather than simply waiting for the next point release (which will be in
> just under two weeks time) is the potential for data loss.
This may be me misunderstanding the roles of stable-updates and point releases.
The next point release sounds fine, particularly given that #817231 had already
been open for some time.
I've rebuilt the diff with version 0.16-1+deb8u1 as I started from the Jessie
source package. Hopefully I have got it right this time?
Thanks for your help.
Christopher Hoskin
diff -Nru rabbitvcs-0.16/debian/changelog rabbitvcs-0.16/debian/changelog
--- rabbitvcs-0.16/debian/changelog 2014-10-05 10:21:39.0 +0100
+++ rabbitvcs-0.16/debian/changelog 2016-09-04 18:52:26.0 +0100
@@ -1,3 +1,10 @@
+rabbitvcs (0.16-1+deb8u1) jessie; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix "All files in home folder removed" Applied upstream fix as patch (Closes: #817231)
+
+ -- Christopher Hoskin Sun, 04 Sep 2016 18:52:18 +0100
+
rabbitvcs (0.16-1) unstable; urgency=medium
* Team upload.
diff -Nru rabbitvcs-0.16/debian/patches/fix-817231.patch rabbitvcs-0.16/debian/patches/fix-817231.patch
--- rabbitvcs-0.16/debian/patches/fix-817231.patch 1970-01-01 01:00:00.0 +0100
+++ rabbitvcs-0.16/debian/patches/fix-817231.patch 2016-09-04 07:05:41.0 +0100
@@ -0,0 +1,38 @@
+Subject: Repository Browser export empties target folder
+ A critical bug, where when the user attempts to export files from within the
+ RabbitVCS Repository Browser to a local target folder, the contents of the
+ target folder are deleted without warning, and the export fails.
+Origin: upstream, https://github.com/rabbitvcs/rabbitvcs/pull/89/commits/b3dc98601d57d2e58e491a66b562a399ce1a
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=817231
+Bug: https://github.com/rabbitvcs/rabbitvcs/issues/70
+Bug: https://github.com/rabbitvcs/rabbitvcs/issues/127
+Bug: https://github.com/rabbitvcs/rabbitvcs/issues/161
+From: abaheti
+Acked-by: Christopher Hoskin
+Last-Update: 2016-08-28
+Applied-Upstream: commit:b3dc986, https://github.com/rabbitvcs/rabbitvcs/pull/89/commits/b3dc98601d57d2e58e491a66b562a399ce1a
+
+---
+ rabbitvcs/vcs/svn/__init__.py | 6 +-
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+diff --git a/rabbitvcs/vcs/svn/__init__.py b/rabbitvcs/vcs/svn/__init__.py
+index 96d821d..dee5e7f 100644
+--- a/rabbitvcs/vcs/svn/__init__.py
b/rabbitvcs/vcs/svn/__init__.py
+@@ -1237,11 +1237,7 @@ class SVN:
+ @param recurse: Whether or not to run a recursive checkout.
+
+ """
+-if os.path.exists(dest_path):
+-if os.path.isdir(dest_path):
+-shutil.rmtree(dest_path)
+-else:
+-os.remove(dest_path)
++revision=Revision("head")
+
+
+
+--
+2.9.3
+
diff -Nru rabbitvcs-0.16/debian/patches/series rabbitvcs-0.16/debian/patches/series
--- rabbitvcs-0.16/debian/patches/series 2014-10-05 10:12:07.0 +0100
+++ rabbitvcs-0.16/debian/patches/series 2016-09-04 07:05:41.0 +0100
@@ -1 +1,2 @@
99_setup.py.patch
+fix-817231.patch
Bug#836571: jessie-pu: package rabbitvcs/0.16-1
On Sun, 2016-09-04 at 19:19 +0100, Christopher Hoskin wrote: [...] > > Given the fact that the package has no reverse-dependencies and before > > your NMU in unstable had not been updated for two years, I wonder > > whether removal might have been a better option. > > That's a fair point - but presumably a matter for the PAPT rather than me? If you're not the maintainer, yeah. It was a pondering. > > I assume your rationale for suggesting a release via stable-updates, > > rather than simply waiting for the next point release (which will be in > > just under two weeks time) is the potential for data loss. > > This may be me misunderstanding the roles of stable-updates and point > releases. > The next point release sounds fine, particularly given that #817231 had > already > been open for some time. All updates for stable are uploaded to proposed-updates, which is then merged into stable at a point release. The Stable Release Managers may optionally decide to also release some of those updates via stable-updates before the point release, in order to make them available to users more quickly. There's some more explanation at https://lists.debian.org/debian-devel-announce/2011/03/msg00010.html , which should probably be cleaned up and published somewhere. (Other than in the footer of each mail to debian-stable-announce.) > I've rebuilt the diff with version 0.16-1+deb8u1 as I started from the Jessie > source package. Hopefully I have got it right this time? That looks fine, thanks. Regards, Adam
Bug#836700: jessie-pu: package cacti/0.8.8b+dfsg-8+deb8u6
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
The fix for CVE-2016-2313 in 0.8.8b+dfsg-8+deb8u5 was reported¹ to contain a
regression. The attached debdiff contains the reporters patch that was accepted
upstream to fix the issue.
Can I upload to jessie-proposed-updates?
¹ https://lists.debian.org/debian-lts/2016/07/msg00164.html
http://bugs.cacti.net/view.php?id=2697
- -- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (500, 'testing'), (60, 'unstable'), (50, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.6.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQEcBAEBCAAGBQJXzIMJAAoJEJxcmesFvXUKbwwH/itoIFNHgzxJPhcRhPmfhqbc
dYR6ZP5KSppLFRO4JLLVRzfsgESXA/WwVIyuN1xQQD+j74LabDVFE8F4fRoojwG3
+iTd3KNOcOm3PCtFSlpI+lGlTV+aKb6rfIH7bBdo8wZSVOEAsarCxg0iIoRQdc4H
UdSikfNRtOQMTlMnVQfVtKIEMD0DwsbtfRZGfSqpq31uUkbR8/rIAdtqZRBiUcuE
Mgz4VdzC2SnRl6GazxWMWGPZ0VBcOCaq5d2AvfUxevGP+m3kPwLkd/LqmJLCBaGf
jQq+hsRBJ3x+SV2tyO0VD0P73r+1YOv5ztxlBRb8xZKi3w4kpQIH23NhrnHAxpY=
=Fm8h
-END PGP SIGNATURE-
diff -Nru cacti-0.8.8b+dfsg/debian/changelog cacti-0.8.8b+dfsg/debian/changelog
--- cacti-0.8.8b+dfsg/debian/changelog 2016-07-09 20:26:32.0 +0200
+++ cacti-0.8.8b+dfsg/debian/changelog 2016-09-04 21:38:05.0 +0200
@@ -1,3 +1,12 @@
+cacti (0.8.8b+dfsg-8+deb8u6) jessie-proposed-updates; urgency=medium
+
+ [ Emilio Pozuelo Monfort ]
+ * CVE-2016-2313-guest-auth.patch:
++ Fix regression in the fix for CVE-2016-2313 that broke guest user
+ logins. Thanks to Matus Uhlar for the report.
+
+ -- Paul Gevers Sun, 04 Sep 2016 21:37:36 +0200
+
cacti (0.8.8b+dfsg-8+deb8u5) jessie-proposed-updates; urgency=medium
[ Emilio Pozuelo Monfort ]
diff -Nru cacti-0.8.8b+dfsg/debian/patches/CVE-2016-2313-guest-auth.patch cacti-0.8.8b+dfsg/debian/patches/CVE-2016-2313-guest-auth.patch
--- cacti-0.8.8b+dfsg/debian/patches/CVE-2016-2313-guest-auth.patch 1970-01-01 01:00:00.0 +0100
+++ cacti-0.8.8b+dfsg/debian/patches/CVE-2016-2313-guest-auth.patch 2016-09-04 21:31:56.0 +0200
@@ -0,0 +1,27 @@
+From 69983495cd41bf0903fe02baeef84b1fa85f2846 Mon Sep 17 00:00:00 2001
+From: cigamit
+Date: Sun, 14 Aug 2016 14:21:11 -0500
+Subject: [PATCH] fixing bug #2697
+
+web basic for guest accounts
+---
+ auth_login.php | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/auth_login.php
b/auth_login.php
+@@ -86,10 +86,11 @@
+ /* Locate user in database */
+ $user = db_fetch_row("SELECT * FROM user_auth WHERE username = " . $cnn_id->qstr($username) . " AND realm = 2");
+
+- if (!$user && read_config_option('user_template') == '0') {
+- cacti_log("ERROR: User '" . $username . "' authenticated by Web Server, but a Template User is not defined in Cacti. Exiting.", false, 'AUTH');
++ if (!$user && read_config_option('user_template') == '0' && read_config_option('guest_user') == '0') {
++ cacti_log("ERROR: User '" . $username . "' authenticated by Web Server, but both Template and Guest Users are not defined in Cacti. Exiting.", false, 'AUTH');
++
+ $username = htmlspecialchars($username);
+- auth_display_custom_error_message("$username authenticated by Web Server, but a Template User is not defined in Cacti.");
++ auth_display_custom_error_message("$username authenticated by Web Server, but a Template User and a Guest User are not defined in Cacti.");
+ exit;
+ }
+
diff -Nru cacti-0.8.8b+dfsg/debian/patches/series cacti-0.8.8b+dfsg/debian/patches/series
--- cacti-0.8.8b+dfsg/debian/patches/series 2016-07-09 20:04:07.0 +0200
+++ cacti-0.8.8b+dfsg/debian/patches/series 2016-09-04 21:31:56.0 +0200
@@ -31,3 +31,4 @@
CVE-2016-3172-sql-injection.patch
CVE-2016-3659-sql-injection.patch
CVE-2016-2313-authentication-bypass.patch
+CVE-2016-2313-guest-auth.patch
Processed: Re: Bug#836700: jessie-pu: package cacti/0.8.8b+dfsg-8+deb8u6
Processing control commands: > tags -1 + moreinfo Bug #836700 [release.debian.org] jessie-pu: package cacti/0.8.8b+dfsg-8+deb8u6 Added tag(s) moreinfo. -- 836700: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836700 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#836700: jessie-pu: package cacti/0.8.8b+dfsg-8+deb8u6
Control: tags -1 + moreinfo On Sun, 2016-09-04 at 22:24 +0200, Paul Gevers wrote: > The fix for CVE-2016-2313 in 0.8.8b+dfsg-8+deb8u5 was reported¹ to contain a > regression. The attached debdiff contains the reporters patch that was > accepted > upstream to fix the issue. What's the plan for getting the updated fix into unstable? Regards, Adam
Bug#834419: jessie-pu: package glibc/2.19-18+deb8u6
Control: tags -1 + pending On Sun, 2016-09-04 at 01:27 +0200, Aurelien Jarno wrote: > On 2016-09-03 19:18, Adam D. Barratt wrote: > > Control: tags -1 + confirmed > > > > On Thu, 2016-09-01 at 09:26 +0200, Aurelien Jarno wrote: > > > On 2016-08-28 16:54, Aurelien Jarno wrote: > > > > On 2016-08-28 14:59, Adam D. Barratt wrote: > > > > > On Fri, 2016-08-19 at 11:23 +0200, Aurelien Jarno wrote: > > > > > > On 2016-08-15 15:29, Aurelien Jarno wrote: > > > > > [...] > > > > > > > I would like to upload a new glibc package for the next jessie > > > > > > > release. > > > > > > > > > > > > In the meantime a new security issue (CVE-2016-6323) has been found > > > > > > and > > > > > > backported to the upstream 2.19 stable branch. I would like to also > > > > > > include this change into the jessie upload. You will find updated > > > > > > diff > > > > > > and debdiff attached. > > > > > > > > > > The Security Tracker suggests that the issue applies to glibc in > > > > > unstable and is not yet fixed there; is that correct? > > > > > > > > This is indeed correct. This fix is in our git tree ready for the 2.24-1 > > > > upload, but it hasn't happened yet as we are waiting for a transition > > > > slot (see #834855). > > > > > > The transition has started, so this issue is now fixed in unstable. > > > > Thanks; please go ahead. > > > > Thanks, I have just uploaded it. Flagged for acceptance; thanks. Regards, Adam
Bug#832171: jessie-pu: package dietlibc/0.33~cvs20120325-6
Control: tags -1 + pending On Sun, 2016-09-04 at 19:55 +0200, Christian Seiler wrote: > On 09/04/2016 07:30 PM, Adam D. Barratt wrote: > > Control: tags -1 + confirmed > > > > On Sun, 2016-07-24 at 22:18 +0200, Christian Seiler wrote: > >> On 07/23/2016 11:12 AM, Christian Seiler wrote: > >>> Since dietlibc is a static library, after the upload, there will need > >>> to be binNMUs in stable for the following three packages: > >>> > >>> nmu minit_0.10-5 . ALL . jessie . -m "Security: rebuild against fixed > >>> dietlibc" > >>> nmu mksh_50d-5 . ALL . jessie . -m "Security: rebuild against fixed > >>> dietlibc" > >>> nmu util-vserver_0.30.216-pre3054-1 . ALL . jessie . -m "Security: > >>> rebuild against fixed dietlibc" > >> > >> Ok, that list got a bit shorter: Thorsten Glaser told me that while > >> mksh Build-Depends on dietlibc-dev, it only uses it in sid onwards, > >> so for Jessie there's no need to schedule a binNMU after the update > >> to dietlibc for it. > > > > Apologies for the delay in getting back to you. > > No worries, it's still in time for the point release. :) > > > Please go ahead. > > Uploaded. Flagged for acceptance. Regards, Adam
Processed: Re: Bug#832171: jessie-pu: package dietlibc/0.33~cvs20120325-6
Processing control commands: > tags -1 + pending Bug #832171 [release.debian.org] jessie-pu: package dietlibc/0.33~cvs20120325-6 Added tag(s) pending. -- 832171: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832171 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#834419: jessie-pu: package glibc/2.19-18+deb8u6
Processing control commands: > tags -1 + pending Bug #834419 [release.debian.org] jessie-pu: package glibc/2.19-18+deb8u6 Added tag(s) pending. -- 834419: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834419 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: libonig transition
Processing commands for cont...@bugs.debian.org: > severity 824909 serious Bug #824909 [src:lua-rexlib] changes for the libonig transition Severity set to 'serious' from 'normal' > block 836593 by 824909 Bug #836593 [release.debian.org] transition: libonig 836593 was not blocked by any bugs. 836593 was not blocking any bugs. Added blocking bug(s) of 836593: 824909 > thanks Stopping processing here. Please contact me if you need assistance. -- 824909: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824909 836593: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836593 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
NEW changes in stable-new
Processing changes file: dietlibc_0.33~cvs20120325-6+deb8u1_amd64.changes ACCEPT Processing changes file: flex_2.5.39-8+deb8u2_allonly.changes ACCEPT Processing changes file: flex_2.5.39-8+deb8u2_amd64.changes ACCEPT Processing changes file: flex_2.5.39-8+deb8u2_arm64.changes ACCEPT Processing changes file: flex_2.5.39-8+deb8u2_armel.changes ACCEPT Processing changes file: flex_2.5.39-8+deb8u2_armhf.changes ACCEPT Processing changes file: flex_2.5.39-8+deb8u2_i386.changes ACCEPT Processing changes file: flex_2.5.39-8+deb8u2_mips.changes ACCEPT Processing changes file: flex_2.5.39-8+deb8u2_mipsel.changes ACCEPT Processing changes file: flex_2.5.39-8+deb8u2_powerpc.changes ACCEPT Processing changes file: flex_2.5.39-8+deb8u2_ppc64el.changes ACCEPT Processing changes file: flex_2.5.39-8+deb8u2_s390x.changes ACCEPT Processing changes file: glibc_2.19-18+deb8u6_all.changes ACCEPT Processing changes file: linux_3.16.36-1+deb8u1_multi.changes ACCEPT Processing changes file: linux_3.16.36-1+deb8u1_amd64.changes ACCEPT Processing changes file: linux_3.16.36-1+deb8u1_arm64.changes ACCEPT Processing changes file: linux_3.16.36-1+deb8u1_armel.changes ACCEPT Processing changes file: linux_3.16.36-1+deb8u1_armhf.changes ACCEPT Processing changes file: linux_3.16.36-1+deb8u1_i386.changes ACCEPT Processing changes file: linux_3.16.36-1+deb8u1_mips.changes ACCEPT Processing changes file: linux_3.16.36-1+deb8u1_mipsel.changes ACCEPT Processing changes file: linux_3.16.36-1+deb8u1_powerpc.changes ACCEPT Processing changes file: linux_3.16.36-1+deb8u1_ppc64el.changes ACCEPT Processing changes file: linux_3.16.36-1+deb8u1_s390x.changes ACCEPT
Processed: Re: Bug#835397: transition: superlu soname 4 -> 5
Processing commands for cont...@bugs.debian.org: > block 835397 by 836677 Bug #835397 [release.debian.org] transition: superlu 835397 was blocked by: 835557 835556 835397 was not blocking any bugs. Added blocking bug(s) of 835397: 836677 > thanks Stopping processing here. Please contact me if you need assistance. -- 835397: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835397 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#836700: jessie-pu: package cacti/0.8.8b+dfsg-8+deb8u6
Processing control commands: > tags -1 -moreinfo Bug #836700 [release.debian.org] jessie-pu: package cacti/0.8.8b+dfsg-8+deb8u6 Removed tag(s) moreinfo. -- 836700: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836700 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#836700: jessie-pu: package cacti/0.8.8b+dfsg-8+deb8u6
Control: tags -1 -moreinfo On 04-09-16 23:27, Adam D. Barratt wrote: > On Sun, 2016-09-04 at 22:24 +0200, Paul Gevers wrote: >> The fix for CVE-2016-2313 in 0.8.8b+dfsg-8+deb8u5 was reported¹ to contain a >> regression. The attached debdiff contains the reporters patch that was >> accepted >> upstream to fix the issue. > > What's the plan for getting the updated fix into unstable? Will do that tonight (UTC+2). Due to the upload window for jpu, I focused on that one first and than it was bed time. Paul signature.asc Description: OpenPGP digital signature
NEW changes in stable-new
Processing changes file: dietlibc_0.33~cvs20120325-6+deb8u1_i386.changes ACCEPT Processing changes file: dietlibc_0.33~cvs20120325-6+deb8u1_mipsel.changes ACCEPT Processing changes file: dietlibc_0.33~cvs20120325-6+deb8u1_powerpc.changes ACCEPT
