date:20220219

Bug#1005861: bullseye-pu: package pdb2pqr/2.1.1+dfsg-7+deb11u1

2022-02-19 Thread Andrius Merkys

On 2022-02-19 19:52, Adam D. Barratt wrote:
> Please go ahead.

Thanks, uploaded.

Best wishes,
Andrius

Bug#1004452: bullseye-pu: package gnupg2/2.2.27-2+deb11u1

2022-02-19 Thread Daniel Kahn Gillmor

On Sat 2022-02-19 17:09:21 +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed d-i
>
> On Thu, 2022-01-27 at 17:02 -0500, Daniel Kahn Gillmor wrote:
>> Please consider an update to GnuPG in debian bullseye, from version
>> 2.2.27-2 to 2.2.27-2+deb11u1.
>> 
>
> The version mentioned above is correct, but the proposed changelog is
> not:
>
> +gnupg2 (2.2.27-2+deb11+1) bullseye; urgency=medium
>
> (it should be "deb11u1", not "deb11+1").

thanks for catching that, i've corrected it and pushed the corrected
version to the debian/bullseye branch in salsa.

> That looks fine to me, but will need a d-i ack as the package builds a
> udeb; tagging and CCing accordingly.

Understood -- i'll wait for a d-i ack before uploading.

   --dkg


signature.asc
Description: PGP signature

Bug#1006154: nmu: evolution-rss_0.3.96-4

2022-02-19 Thread Jeremy Bicha

Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: binnmu
Severity: normal

Please schedule this rebuild to finish the auto-upperlimit evolution
3.43 mini-transition:

nmu evolution-rss_0.3.96-4 . ANY . unstable . -m "Rebuild against
evolution 3.43"

Thanks,
Jeremy Bicha

Bug#1004265: buster-pu: package rsyslog/8.1901.0-1+deb10u1

2022-02-19 Thread Michael Biebl



On Sun, 23 Jan 2022 22:59:21 +0200 Adrian Bunk  wrote:

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: Michael Biebl , t...@security.debian.org

  * CVE-2019-17041: Heap overflow in the AIX message parser.
(Closes: #942067)
  * CVE-2019-17042: Heap overflow in the Cisco log message parser.
(Closes: #942065)


Adrian,

can you please push your changes (once uploaded), to a
debian/buster branch (including a proper tag).

Thanks for the update.

Regards,
Michael


OpenPGP_signature
Description: OpenPGP digital signature

Processed: Re: Bug#1001454: buster-pu: package privoxy/3.0.28-2+deb10u1

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #1001454 [release.debian.org] buster-pu: package privoxy/3.0.28-2+deb10u1
Added tag(s) confirmed.

-- 
1001454: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001454
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1001454: buster-pu: package privoxy/3.0.28-2+deb10u1

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Fri, 2021-12-10 at 13:00 +0100, Roland Rosenfeld wrote:
> This fixes CVE-2021-44540 and CVE-2021-44543.
> Since all are tagged "minor issue" in the security-tracer, I tend to
> send this into the next point release of buster.
> 

Please go ahead. Sorry for the delay.

Regards,

Adam

Processed: Re: Bug#1003826: buster-pu: package libjackson-json-java/1.9.13-2~deb10u1

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #1003826 [release.debian.org] buster-pu: package 
libjackson-json-java/1.9.13-2~deb10u1
Added tag(s) confirmed.

-- 
1003826: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003826
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#1003825: buster-pu: package libetpan/1.9.3-2+deb10u1

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #1003825 [release.debian.org] buster-pu: package libetpan/1.9.3-2+deb10u1
Added tag(s) confirmed.

-- 
1003825: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003825
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1004575: bullseye-pu: package mutter/3.38.6-2~deb11u2

2022-02-19 Thread Simon McVittie

On Sat, 19 Feb 2022 at 17:32:40 +, Adam D. Barratt wrote:
> On Sun, 2022-01-30 at 17:45 +, Simon McVittie wrote:
> > Bug fix updates from upstream gnome-3-38 branch, prompted by user
> > request in #1002651.
> 
> Please go ahead; thanks.

Uploaded.

smcv

Bug#1003825: buster-pu: package libetpan/1.9.3-2+deb10u1

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Sun, 2022-01-16 at 13:59 +0200, Adrian Bunk wrote:
>   * CVE-2020-15953: STARTTLS response injection that
> affects IMAP, SMTP, and POP3. (Closes: #966647)

Please go ahead.

Regards,

Adam

Bug#1003826: buster-pu: package libjackson-json-java/1.9.13-2~deb10u1

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Sun, 2022-01-16 at 14:17 +0200, Adrian Bunk wrote:
>   * Add upstream fixes.
> - Serializing types for deeply nested Maps.
> - Set Secure Processing flag on DocumentBuilderFactory.
> - Set setExpandEntityReferences(false). (Fixes: CVE-2019-10172)
> - WriteRawValue surrogate pair fix.
> - Fix deserialization.
> - All known security fixes. (Fixes: CVE-2017-15095 and CVE-2017-
> 7525)
>   * Update Standards-Version to 4.5.0
> 
> Except for Standards-Version and the dh compat bump reverted
> in this backport, the bullseye package was the buster package
> with several bugfixes applied (including fixes for 3 CVEs).

Please go ahead.

Regards,

Adam

Processed: Re: Bug#1003795: buster-pu: package evolution-data-server/3.30.5-1+deb10u2

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #1003795 [release.debian.org] buster-pu: package 
evolution-data-server/3.30.5-1+deb10u2
Added tag(s) confirmed.

-- 
1003795: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003795
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1003795: buster-pu: package evolution-data-server/3.30.5-1+deb10u2

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Sun, 2022-01-16 at 00:27 +0200, Adrian Bunk wrote:
>   * CVE-2020-16117: Crash on malformed server response with
> minimal capabilities.

Please go ahead.

Regards,

Adam

Bug#1005694: bullseye-pu: package gtk+3.0/3.24.24-4+deb11u1

2022-02-19 Thread Simon McVittie

On Sat, 19 Feb 2022 at 17:49:13 +, Adam D. Barratt wrote:
> That looks OK to me, but will need a d-i ack as gtk+3.0 builds
> a udeb

Since kibi confirmed that d-i doesn't actually use GTK 3, I've uploaded.

smcv

Processed: Re: Bug#1003841: buster-pu: package cimg/2.4.5+dfsg-1+deb10u1

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> clone -1 -2
Bug #1003841 [release.debian.org] buster-pu: package cimg/2.4.5+dfsg-1+deb10u1
Bug 1003841 cloned as bug 1006142
> retitle -2 nmu: beads/1.1.18+dfsg-3
Bug #1006142 [release.debian.org] buster-pu: package cimg/2.4.5+dfsg-1+deb10u1
Changed Bug title to 'nmu: beads/1.1.18+dfsg-3' from 'buster-pu: package 
cimg/2.4.5+dfsg-1+deb10u1'.
> tags -1 + confirmed
Bug #1003841 [release.debian.org] buster-pu: package cimg/2.4.5+dfsg-1+deb10u1
Added tag(s) confirmed.

-- 
1003841: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003841
1006142: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006142
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1003841: buster-pu: package cimg/2.4.5+dfsg-1+deb10u1

2022-02-19 Thread Adam D. Barratt

Control: clone -1 -2
Control: retitle -2 nmu: beads/1.1.18+dfsg-3
Control: tags -1 + confirmed

On Sun, 2022-01-16 at 20:51 +0200, Adrian Bunk wrote:
>   * CVE-2020-25693: Fix multiple heap buffer overflows.
> (Closes: #973770)
> 

Please go ahead.

> This is a headers-only library, the only user in buster needs
> to be rebuilt:
>   nmu beads_1.1.18+dfsg-3 . ANY . buster . 'Rebuild with cimg-dev
> 2.4.5+dfsg-1+deb10u1'
>   dw beads_1.1.18+dfsg-3 . ANY . buster . -m 'cimg-dev (>=
> 2.4.5+dfsg-1+deb10u1)'

That wants handling via a separate bug so we can track the fixes more
accurately; cloning.

Regards,

Adam

Processed: Re: Bug#1003827: buster-pu: package wireshark/2.6.20-0+deb10u3

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #1003827 [release.debian.org] buster-pu: package wireshark/2.6.20-0+deb10u3
Added tag(s) confirmed.

-- 
1003827: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003827
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1003827: buster-pu: package wireshark/2.6.20-0+deb10u3

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Sun, 2022-01-16 at 15:08 +0200, Adrian Bunk wrote:
>   * CVE-2021-22207: Excessive memory consumption in the MS-WSP
> dissector.
> (Closes: #987853)
>   * CVE-2021-22235: Crash in the DNP dissector.
>   * CVE-2021-39921: NULL pointer exception in the Modbus dissector.
>   * CVE-2021-39922: Buffer overflow in the C12.22 dissector.
>   * CVE-2021-39923: Large loop in the PNRP dissector.
>   * CVE-2021-39924: Large loop in the Bluetooth DHT dissector.
>   * CVE-2021-39928: NULL pointer exception in the IEEE 802.11
> dissector.
>   * CVE-2021-39929: Uncontrolled Recursion in the Bluetooth DHT
> dissector.

Please go ahead.

Regards,

Adam

Processed: Re: Bug#1004055: buster-pu: package raptor2/2.0.14-1.1~deb10u2

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #1004055 [release.debian.org] buster-pu: package raptor2/2.0.14-1.1~deb10u2
Added tag(s) confirmed.

-- 
1004055: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004055
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1004055: buster-pu: package raptor2/2.0.14-1.1~deb10u2

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Wed, 2022-01-19 at 22:30 +, Thorsten Alteholz wrote:
> The attached debdiff for raptor2 fixes CVE-2020-25713 in Buster. This
> CVE 
> is marked as no-dsa by the security team.
> 

Please go ahead.

Regards,

Adam

Bug#1004050: bullseye-pu: package zziplib/0.13.62-3.3+deb11u1.debdiff

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Wed, 2022-01-19 at 22:19 +, Thorsten Alteholz wrote:
> The attached debdiff for zziplib fixes CVE-2020-18442 in Bullseye.
> This 
> CVE is marked as no-dsa by the security team.
> 

Please go ahead.

Regards,

Adam

Processed: Re: Bug#1004050: bullseye-pu: package zziplib/0.13.62-3.3+deb11u1.debdiff

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #1004050 [release.debian.org] bullseye-pu: package 
zziplib/0.13.62-3.3+deb11u1.debdiff
Added tag(s) confirmed.

-- 
1004050: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004050
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#1003842: buster-pu: package flac/1.3.2-3+deb10u1

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #1003842 [release.debian.org] buster-pu: package flac/1.3.2-3+deb10u1
Added tag(s) confirmed.

-- 
1003842: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003842
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1003842: buster-pu: package flac/1.3.2-3+deb10u1

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Sun, 2022-01-16 at 21:03 +0200, Adrian Bunk wrote:
>   * CVE-2020-0499: Out of bounds read due to a heap buffer overflow.
> (Closes: #977764)

Please go ahead.

Regards,

Adam

Processed: Re: Bug#1004249: buster-pu: package weechat/2.3-1+deb10u1

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #1004249 [release.debian.org] buster-pu: package weechat/2.3-1+deb10u1
Added tag(s) confirmed.

-- 
1004249: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004249
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1004249: buster-pu: package weechat/2.3-1+deb10u1

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Sun, 2022-01-23 at 17:27 +0200, Adrian Bunk wrote:
>   * CVE-2020-8955: A crafted irc message 324 (channel mode) could
> result in a crash. (Closes: #951289)
>   * CVE-2020-9759: A crafted irc message 352 (who) could result
> in a crash.
>   * CVE-2020-9760: A crafted irc message 005 (setting a new mode
> for a nick) could result in a crash.
>   * CVE-2021-40516: A crafted WebSocket frame could result in a crash
> in the Relay plugin. (Closes: #993803)

Please go ahead.

Regards,

Adam

Processed: Re: Bug#1004265: buster-pu: package rsyslog/8.1901.0-1+deb10u1

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #1004265 [release.debian.org] buster-pu: package rsyslog/8.1901.0-1+deb10u1
Added tag(s) confirmed.

-- 
1004265: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004265
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1004267: buster-pu: package libpcap/1.8.1-6+deb10u1

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Sun, 2022-01-23 at 23:07 +0200, Adrian Bunk wrote:
>   * CVE-2019-15165: Improper PHB header length validation.
> (Closes: #941697)

Please go ahead.

Regards,

Adam

Bug#1004265: buster-pu: package rsyslog/8.1901.0-1+deb10u1

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Sun, 2022-01-23 at 22:59 +0200, Adrian Bunk wrote:
>   * CVE-2019-17041: Heap overflow in the AIX message parser.
> (Closes: #942067)
>   * CVE-2019-17042: Heap overflow in the Cisco log message parser.
> (Closes: #942065)

Please go ahead.

Regards,

Adam

Processed: Re: Bug#1004267: buster-pu: package libpcap/1.8.1-6+deb10u1

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #1004267 [release.debian.org] buster-pu: package libpcap/1.8.1-6+deb10u1
Added tag(s) confirmed.

-- 
1004267: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004267
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#1004261: buster-pu: package opensc/0.19.0-1+deb10u1

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #1004261 [release.debian.org] buster-pu: package opensc/0.19.0-1+deb10u1
Added tag(s) confirmed.

-- 
1004261: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004261
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1004261: buster-pu: package opensc/0.19.0-1+deb10u1

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Sun, 2022-01-23 at 20:21 +0200, Adrian Bunk wrote:
>   * CVE-2019-15945: Out-of-bounds access of an ASN.1 Bitstring.
> (Closes: #939668)
>   * CVE-2019-15946: Out-of-bounds access of an ASN.1 Octet string.
> (Closes: #939669)
>   * CVE-2019-19479: Incorrect read operation in the Setec driver.
> (Closes: #947383)
>   * CVE-2019-20792: Double free in the Coolkey driver.
>   * CVE-2020-26570: Heap-based buffer overflow in the Oberthur
> driver.
> (Closes: #972037)
>   * CVE-2020-26571: Stack-based buffer overflow in the GPK driver.
> (Closes: #972036)
>   * CVE-2020-26572: Stack-based buffer overflow in the TCOS driver.
> (Closes: #972035)

Please go ahead.

Regards,

Adam

Processed: Re: Bug#1004268: buster-pu: package libextractor/1:1.8-2+deb10u1

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #1004268 [release.debian.org] buster-pu: package 
libextractor/1:1.8-2+deb10u1
Added tag(s) confirmed.

-- 
1004268: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004268
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1004268: buster-pu: package libextractor/1:1.8-2+deb10u1

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Sun, 2022-01-23 at 23:15 +0200, Adrian Bunk wrote:
>   * CVE-2019-15531: Invalid read for malformed DVI files.
> (Closes: #935553)

The reformatting in the patch makes things rather noisier than they
need be, given that so far as I can tell the actual changes for the
issue are two new lines, rather than:

src/plugins/dvi_extractor.c | 88 +++--
 1 file changed, 45 insertions(+), 43 deletions(-)

Please go ahead.

Regards,

Adam

Bug#1005218: buster-pu: package spip/3.2.4-1+deb10u6

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Wed, 2022-02-09 at 03:31 -0400, David Prévot wrote:
> Two security issues (XSS) have been fixed in the latest upstream
> version. As agreed with the security team, those are not worth a DSA.
> 
> [ Impact ]
> Without these fixes, websites are vulnerable to already public XSS
> issues.
> 

Please go ahead.

Regards,

Adam

Processed: Re: Bug#1002051: bullseye-pu: package heartbeat/1:3.0.6-11+deb11u1

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #1002051 [release.debian.org] bullseye-pu: package 
heartbeat/1:3.0.6-11+deb11u1
Added tag(s) confirmed.

-- 
1002051: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002051
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1002051: bullseye-pu: package heartbeat/1:3.0.6-11+deb11u1

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Tue, 2021-12-21 at 00:27 +0100, Valentin Vidic wrote:
> heartbeat deamon starts correctly after installation, but not
> after reboot because of missing /run/heartbeat directories.
> The change reintroduces a tempfiles configuration for creating
> the required directories on boot.
> 
[...]
> [ Other info ]
> The bug only affects systemd installations since the init script
> recreates the required directories on every start.
> 

Please go ahead.

Regards,

Adam

Processed: Re: Bug#1005218: buster-pu: package spip/3.2.4-1+deb10u6

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #1005218 [release.debian.org] buster-pu: package spip/3.2.4-1+deb10u6
Added tag(s) confirmed.

-- 
1005218: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005218
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#1001740: bullseye-pu: package fcitx5-chinese-addons/5.0.4-1+deb11u1

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #1001740 [release.debian.org] bullseye-pu: package 
fcitx5-chinese-addons/5.0.4-1+deb11u1
Added tag(s) confirmed.

-- 
1001740: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001740
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1001740: bullseye-pu: package fcitx5-chinese-addons/5.0.4-1+deb11u1

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Tue, 2021-12-14 at 20:39 -0500, Boyuan Yang wrote:
> Currently the table input methods provided by fcitx5-table (in
> src:fcitx5-
> chinese-addons) will not work due to missing dependencies on fcitx5-
> module-
> pinyinhelper and fcitx5-module-punctuation. This is reported as
> https://bugs.debian.org/1001739 . The bug is present from the very
> beginning.
> While the latest fcitx5-chinese-addons/5.0.9-2 upload has fixed the
> bug in
> Debian Sid, This bullseye-pu will fix this bug in Debian 11 (stable).
> 
> [ Impact ]
> If this update is not present, users that only have fcitx5-table
> installed
> (i.e. did not explicitly install fcitx5-module-pinyinhelper and
> fcitx5-module-
> punctuation) will not be able to use any table input method in fcitx5
> framework.
> 

Please go ahead.

Regards,

Adam

Processed: tagging 1004050

2022-02-19 Thread Debian Bug Tracking System

Processing commands for cont...@bugs.debian.org:

> tags 1004050 - buster + bullseye
Bug #1004050 [release.debian.org] bullseye-pu: package 
zziplib/0.13.62-3.3+deb11u1.debdiff
Removed tag(s) buster.
Bug #1004050 [release.debian.org] bullseye-pu: package 
zziplib/0.13.62-3.3+deb11u1.debdiff
Added tag(s) bullseye.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1004050: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004050
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1004459: bullseye-pu: package lxc/1:4.0.6-2+deb11u1

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Thu, 2022-01-27 at 21:32 -0300, Antonio Terceiro wrote:
> This update fixes the download of container images using the
> "download"
> template. pool.sks-keyservers.net is not active anymore, so the patch
> (already included in the upstream release present in sid/bookworm)
> changes that to keyserver.ubuntu.com.
> 

+  * lxc-download: Switch GPG server.
+The default server used to download gpg keys from has ben deprecated,

s/ben/been/

Please go ahead.

Regards,

Adam

Processed: Re: Bug#1004459: bullseye-pu: package lxc/1:4.0.6-2+deb11u1

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #1004459 [release.debian.org] bullseye-pu: package lxc/1:4.0.6-2+deb11u1
Added tag(s) confirmed.

-- 
1004459: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004459
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#1003765: bullseye-pu: package node-markdown-it/10.0.0+dfsg-2+deb11u1

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #1003765 [release.debian.org] bullseye-pu: package 
node-markdown-it/10.0.0+dfsg-2+deb11u1
Added tag(s) confirmed.

-- 
1003765: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003765
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#1004247: bullseye-pu: package weechat/3.0-1+deb11u1

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #1004247 [release.debian.org] bullseye-pu: package weechat/3.0-1+deb11u1
Added tag(s) confirmed.

-- 
1004247: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004247
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1004247: bullseye-pu: package weechat/3.0-1+deb11u1

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Sun, 2022-01-23 at 17:18 +0200, Adrian Bunk wrote:
>   * CVE-2021-40516: A crafted WebSocket frame could result in a crash
> in the Relay plugin. (Closes: #993803)

Please go ahead.

Regards,

Adam

Bug#1003765: bullseye-pu: package node-markdown-it/10.0.0+dfsg-2+deb11u1

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Sat, 2022-01-15 at 12:52 +0100, Yadd wrote:
> [ Reason ]
> node-markdown-it is vulnerable to regex denial of service
> (CVE-2022-21670)
> 

Please go ahead.

Regards,

Adam

Bug#1005694: bullseye-pu: package gtk+3.0/3.24.24-4+deb11u1

2022-02-19 Thread Cyril Brulebois

Hi,

Adam D. Barratt  (2022-02-19):
> Thanks. That looks OK to me, but will need a d-i ack as gtk+3.0 builds
> a udeb; tagging and CCing accordingly.

d-i in bullseye is still on gtk2 (sorry), so gtk3 should be a no-brainer. :)


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

Processed: ruby3.0

2022-02-19 Thread Debian Bug Tracking System

Processing commands for cont...@bugs.debian.org:

> block 1004915 by 1005947
Bug #1004915 [release.debian.org] transition: ruby2.7-rm
1004915 was blocked by: 1001217
1004915 was blocking: 1006119
Added blocking bug(s) of 1004915: 1005947
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1004915: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004915
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: ruby3.0

2022-02-19 Thread Debian Bug Tracking System

Processing commands for cont...@bugs.debian.org:

> block 1004915 by 1001217
Bug #1004915 [release.debian.org] transition: ruby2.7-rm
1004915 was not blocked by any bugs.
1004915 was blocking: 1006119
Added blocking bug(s) of 1004915: 1001217
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1004915: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004915
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1003548: transition: libwebp

2022-02-19 Thread Sebastian Ramacher

On 2022-02-18 10:26:26 +0100, Sebastian Ramacher wrote:
> On 2022-02-16 20:49:44, Jeff Breidenbach wrote:
> > libwebp 1.2.1-7 has been successfully uploaded to unstable.
> > 
> > Anthony and Iustin, help is very strongly appreciated for the NMUs.
> 
> Almost all reverse dependencies have successfully been rebuilt against
> libwebp7. Packages failing to build are weston (#998603) and openimageio
> (#1003470).

The builds of graphicsmagick (#1006110) and qtimageformats-opensource
(#1006009) failed due to tests related to libwebp. Could this be a bug
in libwebp?

Cheers
-- 
Sebastian Ramacher


signature.asc
Description: PGP signature

Bug#1003188: bullseye-pu: package mmdebstrap/0.7.5-2.2

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + moreinfo

On Wed, 2022-01-05 at 20:28 +0100, Johannes Schauer Marin Rodrigues
wrote:
> Currently, when a user happens to have an ASCII armored key in
> /etc/apt/trusted.gpg.d, running mmdebstrap without any special
> options
> will not work. See #1003175 for details.
> 
> The problem is fixed in unstable and testing, starting with 0.8.0-1.
> 

0001-Do-not-use-gpg-trust-model-always isn't mentioned in the
changelog. Is it part of the fix for the issue mentioned above, or a
separate change?

Regards,

Adam

Processed: Re: Bug#1003188: bullseye-pu: package mmdebstrap/0.7.5-2.2

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + moreinfo
Bug #1003188 [release.debian.org] bullseye-pu: package mmdebstrap/0.7.5-2.2
Added tag(s) moreinfo.

-- 
1003188: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003188
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#1006000: transition: draco

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 confirmed
Bug #1006000 [release.debian.org] transition: draco
Added tag(s) confirmed.
> forwarded -1 https://release.debian.org/transitions/html/auto-draco.html
Bug #1006000 [release.debian.org] transition: draco
Set Bug forwarded-to-address to 
'https://release.debian.org/transitions/html/auto-draco.html'.

-- 
1006000: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006000
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1006000: transition: draco

2022-02-19 Thread Sebastian Ramacher

Control: tags -1 confirmed
Control: forwarded -1 
https://release.debian.org/transitions/html/auto-draco.html

On 2022-02-18 20:06:20 +0100, Timo Röhling wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: transition
> 
> Dear release team,
> 
> I would like to transition draco for its new SONAME.
> The Ben tracker at
> https://release.debian.org/transitions/html/auto-draco.html looks fine.
> I rebuilt all reverse dependencies on amd64 successfully.

Please go ahead

Cheers
-- 
Sebastian Ramacher


signature.asc
Description: PGP signature

Processed: Re: Bug#1003058: bullseye-pu: package openvswitch/2.15.0+ds1-2

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #1003058 [release.debian.org] bullseye-pu: package openvswitch/2.15.0+ds1-2
Added tag(s) confirmed.

-- 
1003058: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003058
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1003058: bullseye-pu: package openvswitch/2.15.0+ds1-2

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Mon, 2022-01-03 at 14:25 +0100, Thomas Goirand wrote:
> [ Reason ]
> Indeed, the updated version I would like to push contains a fix for
> CVE-2021-36980 (Debian bug #991308), and a fix for having libofproto
> properly installed if activating dpdk (which fixes #992406 and
> #989585). This update-alternatives fix has been in Unstable for a
> long
> time already.
> 
> [ Impact ]
> - CVE-2021-36980.
> - Non-working DPDK setup when using LLDP.
> 
> [ Tests ]
> The OVS package has a test suite that's run at build time.
> We also set it in real production and it worked for us.
> 

Please go ahead, thanks.

Regards,

Adam

Processed: Re: Bug#1003018: bullseye-pu: package php-laravel-framework/6.20.14+dfsg-2+deb11u1

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #1003018 [release.debian.org] bullseye-pu: package 
php-laravel-framework/6.20.14+dfsg-2+deb11u1
Added tag(s) confirmed.

-- 
1003018: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003018
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1002703: bullseye-pu: package libarchive/3.4.3-2+deb11u1

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Mon, 2021-12-27 at 22:10 +0200, Peter Pentchev wrote:
> This is a future unblock request before I upload
> libarchive-3.4.3-2+deb11u1 to fix a couple of bugs that were
> fixed in later upstream versions and in unstable. They are all
> related to setting permissions and ACLs when extracting
> archive members that represent symbolic and hard links.
> 
> [ Impact ]
> Extracting some (rarely seen) archives may result in files
> having the wrong access permissions.
> 

Please go ahead, thanks.

Regards,

Adam

Bug#1003018: bullseye-pu: package php-laravel-framework/6.20.14+dfsg-2+deb11u1

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Sun, 2022-01-02 at 21:10 +0100, Robin Gustafsson wrote:
> [ Reason ]
> Security issues affecting the version in bullseye.
> * Bug #1001333 (CVE-2021-43808)
> * Bug #1002728 (CVE-2021-43617)
> 
> [ Impact ]
> * Users of web applications using certain templating features from
>   the framework may by vulnerable to XSS attacks.
> * Users who host web applications relying on the framework's file
> upload
>   validation features may be vulnerable to remote code execution
> attacks.
> 

Please go ahead, thanks.

Regards,

Adam

Processed: Re: Bug#1002703: bullseye-pu: package libarchive/3.4.3-2+deb11u1

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #1002703 [release.debian.org] bullseye-pu: package 
libarchive/3.4.3-2+deb11u1
Added tag(s) confirmed.

-- 
1002703: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002703
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1003484: bullseye-pu: package openssl/1.1.1m-0+deb11u1

2022-02-19 Thread Adam D. Barratt

On Sat, 2022-02-19 at 18:52 +0100, Sebastian Andrzej Siewior wrote:
> On 2022-02-19 17:04:16 [+], Adam D. Barratt wrote:
> > Control: tags -1 + confirmed d-i
> …
> > Thanks. Assuming the above is still accurate, then this looks good
> > to
> > me.
> > 
> > As the package builds a udeb, it will need a d-i ack; tagging and
> > CCing
> > accordingly.
> 
> I'm confused. May I upload or do I wait for the d-i ack?
> 

Sorry for the confusion.

Feel free to upload; we'll wait for the d-i ack before accepting the
package into p-u.

Regards,

Adam

Bug#1002685: bullseye-pu: package prips/1.1.1-3+deb11u1

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Mon, 2021-12-27 at 13:21 +0200, Peter Pentchev wrote:
> This is a future unblock request before I upload prips-1.1.1-
> 3+deb11u1
> to fix two upstream bugs that affect the base functionality of the
> program:
> an infinite loop if it is asked to print the addresses in a block
> that
> ends at the last IPv4 address (255.255.255.255), and incorrect output
> if
> asked to combine two very different IP addresses (e.g. 1.1.1.1 and
> 230.120.1.1) into a single CIDR block.
> 

Please go ahead; sorry for the delay.

Regards,

Adam

Processed: Re: Bug#1002685: bullseye-pu: package prips/1.1.1-3+deb11u1

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #1002685 [release.debian.org] bullseye-pu: package prips/1.1.1-3+deb11u1
Added tag(s) confirmed.

-- 
1002685: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002685
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#1002652: bullseye-pu: package schleuder/3.6.0-3+deb10u1

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #1002652 [release.debian.org] bullseye-pu: package schleuder/3.6.0-3+deb11u1
Added tag(s) confirmed.

-- 
1002652: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002652
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1002652: bullseye-pu: package schleuder/3.6.0-3+deb10u1

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Sun, 2021-12-26 at 17:49 +, Georg Faerber wrote:
> [ Reason ]
> Since ActiveRecord >= 6.0, the SQLite3 connection adapter relies on
> boolean
> serialization to use 1 and 0, but does not natively recognize 't' and
> 'f' as
> booleans were previously serialized. This change makes existing
> mailing lists
> fail, after an upgrade of buster to bullseye, due to the involved
> ActiveRecord
> version bump, as Schleuder isn't able anymore to fetch correct values
> from the
> database.
> 
> Unfortunately, we missed this breaking change when bumping
> ActiveRecord to >=
> 6.0 recently. This caused quite some work upstream, but also in
> downstream
> environments and, last but not least, at the side of users.
> 
> This was reported in Debian via #1002622, and fixed in unstable via
> 3.6.0-4.
> 

Please go ahead; sorry for the delay.

Regards,

Adam

Processed: Re: Bug#1005861: bullseye-pu: package pdb2pqr/2.1.1+dfsg-7+deb11u1

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #1005861 [release.debian.org] bullseye-pu: package 
pdb2pqr/2.1.1+dfsg-7+deb11u1
Added tag(s) confirmed.

-- 
1005861: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005861
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1005861: bullseye-pu: package pdb2pqr/2.1.1+dfsg-7+deb11u1

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Wed, 2022-02-16 at 10:19 +0200, Andrius Merkys wrote:
> Executable propka from pdb2pqr is unusable with python3 (>= 3.8) due
> to
> the change in relative imports handling. The package has been
> migrated
> from python2 to python3 via patch, so the change just undoes some
> changes in the patch. The bug went undetected probably because the
> lack
> of (autopkg)tests for the package. I have added autopkgtest in an
> upload
> to unstable (not present in this upload to keep the diff minimal).
> 
> [ Impact ]
> Renders one of the tools from pdb2pqr package unusable.
> 

Please go ahead.

Regards,

Adam

Bug#1003484: bullseye-pu: package openssl/1.1.1m-0+deb11u1

2022-02-19 Thread Sebastian Andrzej Siewior

On 2022-02-19 17:04:16 [+], Adam D. Barratt wrote:
> Control: tags -1 + confirmed d-i
…
> Thanks. Assuming the above is still accurate, then this looks good to
> me.
> 
> As the package builds a udeb, it will need a d-i ack; tagging and CCing
> accordingly.

I'm confused. May I upload or do I wait for the d-i ack?

> Regards,
> 
> Adam

Sebastian

Bug#1005694: bullseye-pu: package gtk+3.0/3.24.24-4+deb11u1

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + confirmed d-i

On Sun, 2022-02-13 at 13:44 +, Simon McVittie wrote:
> Typeahead search in the file chooser (File -> Save As... dialog)
> doesn't
> work on networked filesystems (NFS/CIFS) under some circumstances.
> (Having Tracker installed might accidentally avoid the bug, it's
> unclear.)
> 

Thanks. That looks OK to me, but will need a d-i ack as gtk+3.0 builds
a udeb; tagging and CCing accordingly.

> We have also had requests to resolve #982925 in bullseye, but there
> are
> two options for how to resolve that bug, and it's awkward to test; so
> I
> wanted to get this request in separately, to stop it from blocking
> #976334.
> I will do a separate +deb11u2 request for #982925 when I have a
> better idea
> of which solution is better, if that's OK for the release team?

That sounds like a good plan, indeed.

Regards,

Adam

Processed: Re: Bug#1005694: bullseye-pu: package gtk+3.0/3.24.24-4+deb11u1

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed d-i
Bug #1005694 [release.debian.org] bullseye-pu: package gtk+3.0/3.24.24-4+deb11u1
Added tag(s) d-i and confirmed.

-- 
1005694: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005694
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#1005340: bullseye-pu: package golang-1.15/1.15.15-1~deb11u3

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #1005340 [release.debian.org] bullseye-pu: package 
golang-1.15/1.15.15-1~deb11u3
Added tag(s) confirmed.

-- 
1005340: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005340
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1005340: bullseye-pu: package golang-1.15/1.15.15-1~deb11u3

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Sat, 2022-02-12 at 00:52 +0800, Shengjing Zhu wrote:
> [ Reason ]
> Backport patches for CVE-2022-23806 CVE-2022-23772 CVE-2022-23773
> 
> [ Impact ]
> 
> + CVE-2022-23806: crypto/elliptic: fix IsOnCurve for big.Int values
>   that are not valid coordinates
> + CVE-2022-23772: math/big: prevent large memory consumption in
>   Rat.SetString
> + CVE-2022-23773: cmd/go: prevent branches from materializing into
> versions
> 
> All are minor security issues, so I'd like to go with stable-pu.
[...]
> CVE-2022-23806 and CVE-2022-23772 are for Go std library, which is
> statically
> linked in all Go programs. But these issues look like too minor to
> rebuild all
> Go programs.

Please go ahead.

Regards,

Adam

Bug#1005288: bullseye-pu: package sphinx-bootstrap-theme/0.7.1-1+deb11u1

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Tue, 2022-02-15 at 21:33 -0300, Antonio Terceiro wrote:
> Control: reopen -1
> 
> > On Thu, Feb 10, 2022 at 11:44:24AM -0300, Antonio Terceiro wrote:
> > > [ Reason ]
> > > Version 0.8.0-1 contains a bug caused by extra whitespace in
> > > src=""
> > > attributes of

Bug#1004452: bullseye-pu: package gnupg2/2.2.27-2+deb11u1

2022-02-19 Thread Alex fxmbsw7 Ratchev

but yes its a 5 tree debian, oldstable stable testing unstable experimental

On Sat, Feb 19, 2022, 18:10 Adam D. Barratt 
wrote:

> Control: tags -1 + confirmed d-i
>
> On Thu, 2022-01-27 at 17:02 -0500, Daniel Kahn Gillmor wrote:
> > Please consider an update to GnuPG in debian bullseye, from version
> > 2.2.27-2 to 2.2.27-2+deb11u1.
> >
>
> The version mentioned above is correct, but the proposed changelog is
> not:
>
> +gnupg2 (2.2.27-2+deb11+1) bullseye; urgency=medium
>
> (it should be "deb11u1", not "deb11+1").
>

it is unstable / experimental

>
> > The fixes, by Christoph Biedel and Raphaël Hertzog, are narrowly
> > targeted and fix real, significant issues that a subset of users
> > have.
> > They have been in debian unstable and testing for a while now without
> > issue:
> >
> > --
> >   [ Raphaël Hertzog ]
> >   * Avoid network interaction in generator. Closes: #993578
> >
> >   [ Christoph Biedl ]
> >   * Backport "Scd: Fix CCID driver for SCM SPR332/SPR532". Closes:
> > #982546
> > --
> >
> > The debdiff from the version in bullseye (2.2.27-2) is attached.
>
> Thanks.
>
> That looks fine to me, but will need a d-i ack as the package builds a
> udeb; tagging and CCing accordingly.
>

these doesnt tell me anythjng, im no debian dev

>
> Regards,
>
> Adam
>
>

Processed: Re: Bug#1005288: bullseye-pu: package sphinx-bootstrap-theme/0.7.1-1+deb11u1

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #1005288 [release.debian.org] bullseye-pu: package 
sphinx-bootstrap-theme/0.7.1-1+deb11u1
Added tag(s) confirmed.

-- 
1005288: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005288
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#1005217: bullseye-pu: package spip/3.2.11-3+deb11u2

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #1005217 [release.debian.org] bullseye-pu: package spip/3.2.11-3+deb11u2
Added tag(s) confirmed.

-- 
1005217: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005217
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1005217: bullseye-pu: package spip/3.2.11-3+deb11u2

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Wed, 2022-02-09 at 03:30 -0400, David Prévot wrote:
> Le 09/02/2022 à 03:04, David Prévot a écrit :
> 
> >[x] attach debdiff against the package in (old)stable
> 
> For real now…

Please go ahead; thanks.

Regards,

Adam

Processed: Re: Bug#1005013: bullseye-pu: package cinnamon/4.8.6-2+deb11u1

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #1005013 [release.debian.org] bullseye-pu: package cinnamon/4.8.6-2+deb11u1
Added tag(s) confirmed.

-- 
1005013: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005013
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#1005010: bullseye-pu: package node-nth-check/2.0.0-1+deb11u1

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #1005010 [release.debian.org] bullseye-pu: package 
node-nth-check/2.0.0-1+deb11u1
Added tag(s) confirmed.

-- 
1005010: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005010
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1005013: bullseye-pu: package cinnamon/4.8.6-2+deb11u1

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Sat, 2022-02-05 at 13:57 +0100, Fabio Fantoni wrote:
> [ Reason ]
> When an user attempts to add an online account that requires logging
> in 
> through
> a web component, such as, Google, Facebook, Microsoft and/or
> Foursquare,
> cinnamon-settings crashes and quits without any further prompt or
> message.
> 

Please go ahead.

Regards,

Adam

Bug#1005010: bullseye-pu: package node-nth-check/2.0.0-1+deb11u1

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Sat, 2022-02-05 at 12:46 +0100, Yadd wrote:
> [ Reason ]
> Regex Denial of Service (CVE-2021-3803)
> 

Please go ahead.

Regards,

Adam

Processed: Re: Bug#1005007: bullseye-pu: package node-trim-newlines/3.0.0-1+deb11u1

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #1005007 [release.debian.org] bullseye-pu: package 
node-trim-newlines/3.0.0-1+deb11u1
Added tag(s) confirmed.

-- 
1005007: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005007
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1005007: bullseye-pu: package node-trim-newlines/3.0.0-1+deb11u1

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Sat, 2022-02-05 at 12:26 +0100, Yadd wrote:
> Regex Denial of Service (CVE-2021-33623)
> 

Please go ahead.

Regards,

Adam

Processed: Re: Bug#1004575: bullseye-pu: package mutter/3.38.6-2~deb11u2

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #1004575 [release.debian.org] bullseye-pu: package mutter/3.38.6-2~deb11u2
Added tag(s) confirmed.

-- 
1004575: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004575
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1004575: bullseye-pu: package mutter/3.38.6-2~deb11u2

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Sun, 2022-01-30 at 17:45 +, Simon McVittie wrote:
> Bug fix updates from upstream gnome-3-38 branch, prompted by user
> request
> in #1002651.
> 

Please go ahead; thanks.

Regards,

Adam

Processed: Re: Bug#1004192: bullseye-pu: package django-allauth/0.44.0+ds-1

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #1004192 [release.debian.org] bullseye-pu: package 
django-allauth/0.44.0+ds-1
Added tag(s) confirmed.

-- 
1004192: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004192
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1004192: bullseye-pu: package django-allauth/0.44.0+ds-1

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Sat, 2022-01-22 at 14:25 +0100, Pierre-Elliott Bécue wrote:
> Due to some changes in Python that upstream failed to take into
> account,
> django-allauth 0.44.0+ds-1 fails to work with the OpenID auth method.
> The fix in itself is a simple patch replacing the call to a now
> nonexistent function of the base64 module by a call to another which
> replaces it.
> 

Please go ahead.

Regards,

Adam

Processed: Re: Bug#1004033: bullseye-pu: package node-fetch/2.6.1-5+deb11u1

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #1004033 [release.debian.org] bullseye-pu: package 
node-fetch/2.6.1-5+deb11u1
Added tag(s) confirmed.

-- 
1004033: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004033
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1004033: bullseye-pu: package node-fetch/2.6.1-5+deb11u1

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Wed, 2022-01-19 at 16:49 +0100, Yadd wrote:
> node-fetch is vulnerable to privacy breach (CVE-2022-0235)
> 

+node-fetch (2.6.1-5+deb11u1) bullseye; urgency=medium
+
+  * Team upload
+  * Don't forward secure headers to 3th party (Closes: CVE-2022-0235)

s/3th/3rd/

Please go ahead.

Regards,

Adam

Processed: Re: Bug#1004533: bullseye-pu: package golang-github-opencontainers-specs/1.0.2.41.g7413a7f-1

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #1004533 [release.debian.org] bullseye-pu: package 
golang-github-opencontainers-specs/1.0.2.41.g7413a7f-1
Added tag(s) confirmed.
> clone -1 -2 -3
Bug #1004533 [release.debian.org] bullseye-pu: package 
golang-github-opencontainers-specs/1.0.2.41.g7413a7f-1
Bug 1004533 cloned as bugs 1006137-1006138
> retitle -2 bullseye-pu: package 
> golang-github-containers-common/0.33.4+ds1-1+deb11u1
Bug #1006137 [release.debian.org] bullseye-pu: package 
golang-github-opencontainers-specs/1.0.2.41.g7413a7f-1
Changed Bug title to 'bullseye-pu: package 
golang-github-containers-common/0.33.4+ds1-1+deb11u1' from 'bullseye-pu: 
package golang-github-opencontainers-specs/1.0.2.41.g7413a7f-1'.
> retitle -3 bullseye-pu: package libpod/3.0.1+dfsg1-3+deb11u1
Bug #1006138 [release.debian.org] bullseye-pu: package 
golang-github-opencontainers-specs/1.0.2.41.g7413a7f-1
Changed Bug title to 'bullseye-pu: package libpod/3.0.1+dfsg1-3+deb11u1' from 
'bullseye-pu: package golang-github-opencontainers-specs/1.0.2.41.g7413a7f-1'.

-- 
1004533: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004533
1006137: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006137
1006138: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006138
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1004533: bullseye-pu: package golang-github-opencontainers-specs/1.0.2.41.g7413a7f-1

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + confirmed
Control: clone -1 -2 -3
Control: retitle -2 bullseye-pu: package 
golang-github-containers-common/0.33.4+ds1-1+deb11u1
Control: retitle -3 bullseye-pu: package libpod/3.0.1+dfsg1-3+deb11u1

On Sat, 2022-01-29 at 21:00 -0500, Reinhard Tartler wrote:
> podman (produced by src:libpod) allows users to run docker-compatible
> container images. Because of recent changes in syscall wrappers, the
> version of podman in bullseye will not be able to run container
> images that ship glibc 2.34, which is currently in experimental and
> present in recent versions of ubuntu and fedora.
> 
[...]
> There are three packages that need updating in order:
> 

In that case, they should really be three separate requests, as each
package's status will need tracking individually; cloning now.

All three packages can be uploaded together - the versioned build-
dependencies should prevent them being built too early, and in any case
we can simply hold off accepting the later packages until the earlier
ones are available.

A couple of notes:

> +golang-github-containers-common (0.33.4+ds1-1+deb11u1) bullseye;
> urgency=medium
[...]
> diff --git a/debian/control b/debian/control
> index 8277c714..bfaffc6f 100644
> --- a/debian/control
> +++ b/debian/control
> @@ -15,6 +15,7 @@ Build-Depends: debhelper-compat (= 12),
> golang-github-onsi-ginkgo-dev,
> golang-github-opencontainers-runc-dev (>>
> 1.0.0~rc92),
> golang-github-opencontainers-selinux-dev (>> 1.8.0),
> +   golang-github-opencontainers-specs-dev (>=
> 1.0.2.41.g7413a7f-1+deb11u1),
> golang-github-pkg-errors-dev,
> golang-github-stretchr-testify-dev,
> golang-gocapability-dev,
> @@ -47,6 +48,7 @@ Depends: golang-github-containers-image-dev (>>
> 5.10~~),
>   golang-github-onsi-ginkgo-dev,
>   golang-github-opencontainers-runc-dev (>> 1.0.0~rc92),
>   golang-github-opencontainers-selinux-dev (>> 1.8.0),
> + golang-github-opencontainers-specs-dev (>=
> 1.0.2.41.g7413a7f-1deb11u1),
> 

There's a "+" missing in the new runtime dependency - it should be "-
1+deb11u1", as with the build-dependency.

[...]
> diff -Nru libpod-3.0.1+dfsg1/debian/control libpod-
> 3.0.1+dfsg1/debian/control
> --- libpod-3.0.1+dfsg1/debian/control 2021-06-13 18:28:49.0
> -0400
> +++ libpod-3.0.1+dfsg1/debian/control 2021-09-27 11:26:34.0
> -0400
> @@ -18,7 +18,7 @@
>  ,golang-github-containerd-cgroups-dev
>  ,golang-github-containernetworking-plugins-dev (>= 0.8.7)
>  ,golang-github-containers-buildah-dev (>= 1.19.6)
> -,golang-github-containers-common-dev (>= 0.33.4)
> +,golang-github-containers-common-dev (>= 0.33.4+ds1-1+deb11u1)
>  ,golang-github-containers-image-dev (>= 5.10.2)
>  ,golang-github-containers-ocicrypt-dev
>  ,golang-github-containers-psgo-dev
> @@ -93,7 +93,7 @@
>  Depends: ${misc:Depends}, ${shlibs:Depends}
>  ,conmon (>= 2.0.18~)
>  ,containernetworking-plugins (>= 0.8.7)
> -,golang-github-containers-common
> +,golang-github-containers-common (>= 0.33.4+ds1-1+debu11u1)
> 

The new runtime dependency has one too many "u"s - it should be "-
1+deb11u1", not "-1+debu11u1".

Regards,

Adam

Processed: Re: Bug#1004384: bullseye-pu: package node-cached-path-relative/1.0.2-1+deb11u1

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #1004384 [release.debian.org] bullseye-pu: package 
node-cached-path-relative/1.0.2-1+deb11u1
Added tag(s) confirmed.

-- 
1004384: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004384
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1004384: bullseye-pu: package node-cached-path-relative/1.0.2-1+deb11u1

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Wed, 2022-01-26 at 15:02 +0100, Yadd wrote:
> node-cached-path-relative is vulnerable to prototype pollution
> (CVE-2021-23518)
> 

Please go ahead.

Regards,

Adam

NEW changes in oldstable-new

2022-02-19 Thread Debian FTP Masters

Processing changes file: redis_5.0.14-1+deb10u2_amd64.changes
  ACCEPT
Processing changes file: redis_5.0.14-1+deb10u2_arm64-buildd.changes
  ACCEPT
Processing changes file: redis_5.0.14-1+deb10u2_armel-buildd.changes
  ACCEPT
Processing changes file: redis_5.0.14-1+deb10u2_armhf-buildd.changes
  ACCEPT
Processing changes file: redis_5.0.14-1+deb10u2_i386-buildd.changes
  ACCEPT
Processing changes file: redis_5.0.14-1+deb10u2_mips-buildd.changes
  ACCEPT
Processing changes file: redis_5.0.14-1+deb10u2_mips64el-buildd.changes
  ACCEPT
Processing changes file: redis_5.0.14-1+deb10u2_mipsel-buildd.changes
  ACCEPT
Processing changes file: redis_5.0.14-1+deb10u2_ppc64el-buildd.changes
  ACCEPT
Processing changes file: redis_5.0.14-1+deb10u2_s390x-buildd.changes
  ACCEPT

NEW changes in stable-new

2022-02-19 Thread Debian FTP Masters

Processing changes file: chromium_98.0.4758.102-1~deb11u1_source.changes
  ACCEPT
Processing changes file: chromium_98.0.4758.102-1~deb11u1_all-buildd.changes
  ACCEPT
Processing changes file: chromium_98.0.4758.102-1~deb11u1_amd64-buildd.changes
  ACCEPT
Processing changes file: chromium_98.0.4758.102-1~deb11u1_arm64-buildd.changes
  ACCEPT
Processing changes file: chromium_98.0.4758.102-1~deb11u1_armhf-buildd.changes
  ACCEPT
Processing changes file: chromium_98.0.4758.102-1~deb11u1_i386-buildd.changes
  ACCEPT
Processing changes file: redis_6.0.16-1+deb11u2_amd64.changes
  ACCEPT
Processing changes file: redis_6.0.16-1+deb11u2_arm64-buildd.changes
  ACCEPT
Processing changes file: redis_6.0.16-1+deb11u2_armel-buildd.changes
  ACCEPT
Processing changes file: redis_6.0.16-1+deb11u2_armhf-buildd.changes
  ACCEPT
Processing changes file: redis_6.0.16-1+deb11u2_i386-buildd.changes
  ACCEPT
Processing changes file: redis_6.0.16-1+deb11u2_mips64el-buildd.changes
  ACCEPT
Processing changes file: redis_6.0.16-1+deb11u2_mipsel-buildd.changes
  ACCEPT
Processing changes file: redis_6.0.16-1+deb11u2_ppc64el-buildd.changes
  ACCEPT
Processing changes file: redis_6.0.16-1+deb11u2_s390x-buildd.changes
  ACCEPT
Processing changes file: snapd_2.49-1+deb11u1_source.changes
  ACCEPT
Processing changes file: snapd_2.49-1+deb11u1_all-buildd.changes
  ACCEPT
Processing changes file: snapd_2.49-1+deb11u1_amd64-buildd.changes
  ACCEPT
Processing changes file: snapd_2.49-1+deb11u1_arm64-buildd.changes
  ACCEPT
Processing changes file: snapd_2.49-1+deb11u1_armel-buildd.changes
  ACCEPT
Processing changes file: snapd_2.49-1+deb11u1_armhf-buildd.changes
  ACCEPT
Processing changes file: snapd_2.49-1+deb11u1_i386-buildd.changes
  ACCEPT
Processing changes file: snapd_2.49-1+deb11u1_ppc64el-buildd.changes
  ACCEPT
Processing changes file: snapd_2.49-1+deb11u1_s390x-buildd.changes
  ACCEPT

Processed: Re: Bug#1004452: bullseye-pu: package gnupg2/2.2.27-2+deb11u1

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed d-i
Bug #1004452 [release.debian.org] bullseye-pu: package gnupg2/2.2.27-2+deb11u1
Added tag(s) d-i and confirmed.

-- 
1004452: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004452
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1004452: bullseye-pu: package gnupg2/2.2.27-2+deb11u1

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + confirmed d-i

On Thu, 2022-01-27 at 17:02 -0500, Daniel Kahn Gillmor wrote:
> Please consider an update to GnuPG in debian bullseye, from version
> 2.2.27-2 to 2.2.27-2+deb11u1.
> 

The version mentioned above is correct, but the proposed changelog is
not:

+gnupg2 (2.2.27-2+deb11+1) bullseye; urgency=medium

(it should be "deb11u1", not "deb11+1").

> The fixes, by Christoph Biedel and Raphaël Hertzog, are narrowly
> targeted and fix real, significant issues that a subset of users
> have.
> They have been in debian unstable and testing for a while now without
> issue:
> 
> --
>   [ Raphaël Hertzog ]
>   * Avoid network interaction in generator. Closes: #993578
> 
>   [ Christoph Biedl ]
>   * Backport "Scd: Fix CCID driver for SCM SPR332/SPR532". Closes:
> #982546
> --
> 
> The debdiff from the version in bullseye (2.2.27-2) is attached.

Thanks.

That looks fine to me, but will need a d-i ack as the package builds a
udeb; tagging and CCing accordingly.

Regards,

Adam

Bug#1003484: bullseye-pu: package openssl/1.1.1m-0+deb11u1

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + confirmed d-i

On Tue, 2022-01-11 at 00:00 +0100, Sebastian Andrzej Siewior wrote:
> This is an update to the latest stable update of the openssl package
> provided by upstream. It contains fixes for bugs which were not
> identified as security critical but still worth fixing.
> 
> The m release is in unstable the 24th December with no regression
> reports so far. I haven't seen any fixes for regression in the stable
> branch as of now. The testsuite passed for Bullseye during package
> build and I deployed on a VM for testing (with nginx and openvpn
> instance).

Thanks. Assuming the above is still accurate, then this looks good to
me.

As the package builds a udeb, it will need a d-i ack; tagging and CCing
accordingly.

Regards,

Adam

Processed: Re: Bug#1003484: bullseye-pu: package openssl/1.1.1m-0+deb11u1

2022-02-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed d-i
Bug #1003484 [release.debian.org] bullseye-pu: package openssl/1.1.1m-0+deb11u1
Added tag(s) confirmed and d-i.

-- 
1003484: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003484
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

1 2 >

1 - 100 of 102 matches

Mail list logo