Processed: bookworm-pu: package qemu/1:7.2+dfsg-7+deb12u4
Processing control commands: > affects -1 + src:qemu Bug #1062044 [release.debian.org] bookworm-pu: package qemu/1:7.2+dfsg-7+deb12u4 Added indication that 1062044 affects src:qemu -- 1062044: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062044 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1062006: bullseye-pu: package glibc/2.31-13+deb11u8
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: gl...@packages.debian.org Control: affects -1 + src:glibc [ Reason ] A memory corruption was discovered in the glibc's qsort() function, due to missing bounds check and when called by a program with a non-transitive comparison function and a large number of attacker-controlled elements. As the use of qsort() with a non-transitive comparison function is undefined according to POSIX and ISO C standards, this is not considered a vulnerability in the glibc itself (hence no CVE number has been assigned). However as misbehaving callers seems to be relatively common, it is still a security issue and the qsort() function needs to be hardened against them. [ Impact ] Installations will be left vulnerable to the qsort() security issue. [ Tests ] There is no specific test added for that change, however there are a few upstream tests checking qsort(). [ Risks ] The code change is very simple, and has been reviewed as part of DSA-561-11. In addition a similar change went upstream a few weeks ago: https://sourceware.org/git/?p=glibc.git;a=commit;h=e4d8117b82065dc72e8df80097360e7c05a349b9 https://sourceware.org/git/?p=glibc.git;a=commit;h=b9390ba93676c4b1e87e218af5e7e4bb596312ac [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] The change basically just add a bounds check to a test. This is what got uploaded in 2.36-9+deb12u4 for bookworm-security and 2.37-15 for unstable. [ Other info ] Given the limited changes, I have already uploaded the package to the archive. Thanks for considering. diff -Nru glibc-2.31/debian/changelog glibc-2.31/debian/changelog --- glibc-2.31/debian/changelog 2023-10-02 22:22:57.0 +0200 +++ glibc-2.31/debian/changelog 2024-01-28 23:58:14.0 +0100 @@ -1,3 +1,10 @@ +glibc (2.31-13+deb11u8) bullseye; urgency=medium + + * debian/patches/any/local-qsort-memory-corruption.patch: Fix a memory +corruption in qsort() when using nontransitive comparison functions. + + -- Aurelien Jarno Sun, 28 Jan 2024 23:58:14 +0100 + glibc (2.31-13+deb11u7) bullseye-security; urgency=medium * debian/patches/any/local-CVE-2023-4911.patch: Fix a buffer overflow in the diff -Nru glibc-2.31/debian/patches/any/local-qsort-memory-corruption.patch glibc-2.31/debian/patches/any/local-qsort-memory-corruption.patch --- glibc-2.31/debian/patches/any/local-qsort-memory-corruption.patch 1970-01-01 01:00:00.0 +0100 +++ glibc-2.31/debian/patches/any/local-qsort-memory-corruption.patch 2024-01-28 23:58:14.0 +0100 @@ -0,0 +1,13 @@ +diff -rup a/stdlib/qsort.c b/stdlib/qsort.c +--- a/stdlib/qsort.c 2023-07-31 10:54:16.0 -0700 b/stdlib/qsort.c 2024-01-15 09:08:25.596167959 -0800 +@@ -224,7 +224,8 @@ _quicksort (void *const pbase, size_t to + while ((run_ptr += size) <= end_ptr) + { + tmp_ptr = run_ptr - size; +- while ((*cmp) ((void *) run_ptr, (void *) tmp_ptr, arg) < 0) ++ while (tmp_ptr != base_ptr ++ && (*cmp) ((void *) run_ptr, (void *) tmp_ptr, arg) < 0) + tmp_ptr -= size; + + tmp_ptr += size; diff -Nru glibc-2.31/debian/patches/series glibc-2.31/debian/patches/series --- glibc-2.31/debian/patches/series2023-10-02 22:18:17.0 +0200 +++ glibc-2.31/debian/patches/series2024-01-28 23:58:14.0 +0100 @@ -170,3 +170,4 @@ any/git-ld.so-cache-endianness-markup.diff any/local-CVE-2021-33574-mq_notify-use-after-free.diff any/local-CVE-2023-4911.patch +any/local-qsort-memory-corruption.patch
Processed: bullseye-pu: package glibc/2.31-13+deb11u8
Processing control commands: > affects -1 + src:glibc Bug #1062006 [release.debian.org] bullseye-pu: package glibc/2.31-13+deb11u8 Added indication that 1062006 affects src:glibc -- 1062006: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062006 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: bullseye-pu: package usb.ids/2024.01.20-0+deb11u1
Processing control commands: > affects -1 + src:usb.ids Bug #1062005 [release.debian.org] bullseye-pu: package usb.ids/2024.01.20-0+deb11u1 Added indication that 1062005 affects src:usb.ids -- 1062005: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062005 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: bookworm-pu: package usb.ids/2024.01.20-0+deb12u1
Processing control commands: > affects -1 + src:usb.ids Bug #1062004 [release.debian.org] bookworm-pu: package usb.ids/2024.01.20-0+deb12u1 Added indication that 1062004 affects src:usb.ids -- 1062004: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062004 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1062005: bullseye-pu: package usb.ids/2024.01.20-0+deb11u1
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: usb@packages.debian.org Control: affects -1 + src:usb.ids [ Reason ] This new upstream version of the USB ID database adds a few USB devices. [ Impact ] New USB devices will not be displayed with a human readable name for packages using this database. [ Tests ] There is no test associated with this database. This package only contains data, no code. [ Risks ] Risks are very low, such update are routinely done in stable. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] I would like to do an update of the usb.ids package to add/update around ~200 USB devices to the usb.ids database. Those changes are already in testing/sid for a few days. Note that contrary to the last (old-)stable update, there have been incompatible changes for introduced in testing/sid to support boot with an empty /etc and /var, so this is not a rebuild of the testing/sid package. [ Other info ] I have already uploaded the package to the archive. Thanks for considering. diff -Nru usb.ids-2023.01.16/debian/changelog usb.ids-2024.01.20/debian/changelog --- usb.ids-2023.01.16/debian/changelog 2023-04-11 14:14:30.0 +0200 +++ usb.ids-2024.01.20/debian/changelog 2024-01-30 07:07:08.0 +0100 @@ -1,3 +1,9 @@ +usb.ids (2024.01.20-0+deb11u1) bullseye; urgency=medium + + * New upstream version. + + -- Aurelien Jarno Tue, 30 Jan 2024 07:07:08 +0100 + usb.ids (2023.01.16-0+deb11u1) bullseye; urgency=medium * Upload to bullseye. diff -Nru usb.ids-2023.01.16/usb.ids usb.ids-2024.01.20/usb.ids --- usb.ids-2023.01.16/usb.ids 2023-01-16 21:34:10.0 +0100 +++ usb.ids-2024.01.20/usb.ids 2024-01-20 21:34:02.0 +0100 @@ -9,8 +9,8 @@ # The latest version can be obtained from # http://www.linux-usb.org/usb.ids # -# Version: 2023.01.16 -# Date:2023-01-16 20:34:10 +# Version: 2024.01.20 +# Date:2024-01-20 20:34:02 # # Vendors, devices and interfaces. Please keep sorted. @@ -259,7 +259,7 @@ 0507 DVD+RW 050c 5219 Wireless Keyboard 0511 OfficeJet K60 - 0512 DeckJet 450 + 0512 DeskJet 450 0517 LaserJet 1000 051d Bluetooth Interface 052a LaserJet M1212nf MFP @@ -271,6 +271,7 @@ 0612 business inkjet 3000 0624 Bluetooth Dongle 0641 X1200 Optical Mouse + 0653 DeskJet 3700 series 0701 ScanJet 5300c/5370c 0704 DeskJet 825c 0705 ScanJet 4400c @@ -752,9 +753,9 @@ 008c AVC-2310 Device 0094 eHome Infrared Receiver 009b AVC-1410 GameBridge TV NTSC - 2000 USBXchange + 2000 USBXchange Firmware Loader 2001 USBXchange Adapter - 2002 USB2-Xchange + 2002 USB2-Xchange Firmware Loader 2003 USB2-Xchange Adapter 4000 4-port hub adcc Composite Device Support @@ -820,6 +821,9 @@ 601f FT601 32-bit FIFO IC 6ee0 EZO Carrier Board 6f70 HB-RF-USB + 7150 FT2232x wired for MPSSE+UART + 7151 FT2232x wired for MPSSE+UART + 7152 FreeCalypso dual UART with boot control 7be8 FT232R 8028 Dev board JTAG (FT232H based) 8040 4 Port Hub @@ -964,6 +968,7 @@ fc0b Crystalfontz CFA-633 USB LCD fc0c Crystalfontz CFA-631 USB LCD fc0d Crystalfontz CFA-635 USB LCD + fc0e Crystalfontz CFA-533 fc82 SEMC DSS-20/DSS-25 SyncStation fd48 ShipModul MiniPlex-4xUSB NMEA Multiplexer fd49 ShipModul MiniPlex-4xUSB-AIS NMEA Multiplexer @@ -1714,6 +1719,7 @@ 3fcc RME MADIface 4041 Hub and media card controller 4060 Ultra Fast Media Reader + 4063 xD/SD/MS/MMC Reader 4064 Ultra Fast Media Reader 4712 USB4712 high-speed hub 4713 USB4715 high-speed hub (2 ports disabled) @@ -1970,6 +1976,9 @@ 9800 Remote Control Receiver_iMON 9803 eHome Infrared Receiver 9804 DMB Receiver Control + 9a10 34UC88-B + 9a11 34UC88-B + 9a39 27UP850 - WK.AEUDCSN - External Monitor 4K 9c01 LGE Sync 043f RadiSys Corp. 0440 Eizo Nanao Corp. @@ -2372,7 +2381,6 @@ 029d Xbox360 HD-DVD Drive 029e Xbox360 HD-DVD Memory Unit 02a0 Xbox360 Big Button IR - 02a1 Xbox 360 Wireless Receiver for Windows 02a8 Xbox360 Wireless N Networking Adapter [Atheros AR7010+AR9280] 02ad Xbox NUI Audio 02ae Xbox NUI Camera @@ -2387,11 +2395,10 @@ 02dd Xbox One Controller (Firmware 2015) 02e0 Xbox One Wireless Controller 02e3 Xbox One Elite Controller - 02e6 Wireless XBox Controller Dongle - 02ea Xbox One S Controller +
Bug#1062004: bookworm-pu: package usb.ids/2024.01.20-0+deb12u1
Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: usb@packages.debian.org Control: affects -1 + src:usb.ids [ Reason ] This new upstream version of the USB ID database adds a few USB devices. [ Impact ] New USB devices will not be displayed with a human readable name for packages using this database. [ Tests ] There is no test associated with this database. This package only contains data, no code. [ Risks ] Risks are very low, such update are routinely done in stable. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] I would like to do an update of the usb.ids package to add/update around ~60 USB devices to the usb.ids database. Those changes are already in testing/sid for a few days. Note that contrary to the last (old-)stable update, there have been incompatible changes for introduced in testing/sid to support boot with an empty /etc and /var, so this is not a rebuild of the testing/sid package. [ Other info ] I have already uploaded the package to the archive. Thanks for considering. diff -Nru usb.ids-2023.05.17/debian/changelog usb.ids-2024.01.20/debian/changelog --- usb.ids-2023.05.17/debian/changelog 2023-07-14 18:30:52.0 +0200 +++ usb.ids-2024.01.20/debian/changelog 2024-01-30 07:07:50.0 +0100 @@ -1,3 +1,9 @@ +usb.ids (2024.01.20-0+deb12u1) bookworm; urgency=medium + + * New upstream version. + + -- Aurelien Jarno Tue, 30 Jan 2024 07:07:50 +0100 + usb.ids (2023.05.17-0+deb12u1) bookworm; urgency=medium * Upload to bookworm. diff -Nru usb.ids-2023.05.17/usb.ids usb.ids-2024.01.20/usb.ids --- usb.ids-2023.05.17/usb.ids 2023-05-17 21:34:13.0 +0200 +++ usb.ids-2024.01.20/usb.ids 2024-01-20 21:34:02.0 +0100 @@ -9,8 +9,8 @@ # The latest version can be obtained from # http://www.linux-usb.org/usb.ids # -# Version: 2023.05.17 -# Date:2023-05-17 20:34:13 +# Version: 2024.01.20 +# Date:2024-01-20 20:34:02 # # Vendors, devices and interfaces. Please keep sorted. @@ -753,9 +753,9 @@ 008c AVC-2310 Device 0094 eHome Infrared Receiver 009b AVC-1410 GameBridge TV NTSC - 2000 USBXchange + 2000 USBXchange Firmware Loader 2001 USBXchange Adapter - 2002 USB2-Xchange + 2002 USB2-Xchange Firmware Loader 2003 USB2-Xchange Adapter 4000 4-port hub adcc Composite Device Support @@ -821,6 +821,9 @@ 601f FT601 32-bit FIFO IC 6ee0 EZO Carrier Board 6f70 HB-RF-USB + 7150 FT2232x wired for MPSSE+UART + 7151 FT2232x wired for MPSSE+UART + 7152 FreeCalypso dual UART with boot control 7be8 FT232R 8028 Dev board JTAG (FT232H based) 8040 4 Port Hub @@ -1716,6 +1719,7 @@ 3fcc RME MADIface 4041 Hub and media card controller 4060 Ultra Fast Media Reader + 4063 xD/SD/MS/MMC Reader 4064 Ultra Fast Media Reader 4712 USB4712 high-speed hub 4713 USB4715 high-speed hub (2 ports disabled) @@ -1972,6 +1976,8 @@ 9800 Remote Control Receiver_iMON 9803 eHome Infrared Receiver 9804 DMB Receiver Control + 9a10 34UC88-B + 9a11 34UC88-B 9a39 27UP850 - WK.AEUDCSN - External Monitor 4K 9c01 LGE Sync 043f RadiSys Corp. @@ -2392,6 +2398,7 @@ 02e6 Xbox Wireless Adapter for Windows 02ea Xbox One Controller 02fd Xbox One S Controller [Bluetooth] + 02fe Xbox Wireless Adapter for Windows 0400 Windows Powered Pocket PC 2002 0401 Windows Powered Pocket PC 2002 0402 Windows Powered Pocket PC 2002 @@ -2568,6 +2575,7 @@ 0800 Wireless keyboard (All-in-One-Media) 0810 LifeCam HD-3000 0823 Classic IntelliMouse + 082a Pro Intellimouse 0900 Surface Dock Hub 0901 Surface Dock Hub 0902 Surface Dock Hub @@ -2734,6 +2742,7 @@ 0301 USB 1.0 Hub 0500 Serial & Parallel Ports ff10 Virtual Keyboard and Mouse + ff20 Virtual CDROM 046c Toshiba Corp., Digital Media Equipment 046d Logitech, Inc. 0082 Acer Aspire 5672 Webcam @@ -3131,10 +3140,10 @@ c52b Unifying Receiver c52d R700 Remote Presenter receiver c52e MK260 Wireless Combo Receiver - c52f Unifying Receiver + c52f Nano Receiver c531 C-U0007 [Unifying Receiver] c532 Unifying Receiver - c534 Unifying Receiver + c534 Nano Receiver c537 Cordless Mouse Receiver c539 Lightspeed Receiver c53a PowerPlay Wireless Charging System @@ -3525,6 +3534,7 @@ 5720 Mass Storage Device 5721 Interrupt Demo 5722 Bulk Demo +
Bug#1061983: bullseye-pu: package debian-security-support/1:11+2024.01.30
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: debian-security-supp...@packages.debian.org Control: affects -1 + src:debian-security-support [ Reason ] * Add chromium to security-support-ended.deb11, thanks to Andres Salomon. Closes: #1061268 * Add tiles and libspring-java to security-support-limited. Closes: #1057343 [ Impact ] Users might not learn that security support for some packages has ended. [ Risks ] trivial change, data-only update [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable The diff is against the version already approved for+in bullseye-p-u: debian/.gitlab-ci.yml| 13 - debian/changelog |9 + security-support-ended.deb11 |4 +++- security-support-limited |2 ++ 4 files changed, 14 insertions(+), 14 deletions(-) The .gitlab-ci.yml is desired and harmless. The full diff is attached. -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ Es war mir eine Lehre, dich kennenzulernen. diff -Nru debian-security-support-11+2023.12.11/debian/changelog debian-security-support-11+2024.01.30/debian/changelog --- debian-security-support-11+2023.12.11/debian/changelog 2023-12-22 16:48:41.0 +0100 +++ debian-security-support-11+2024.01.30/debian/changelog 2024-01-30 17:55:19.0 +0100 @@ -1,3 +1,12 @@ +debian-security-support (1:11+2024.01.30) bullseye; urgency=medium + + * Add chromium to security-support-ended.deb11, thanks to Andres Salomon. +Closes: #1061268 + * Add tiles and libspring-java to security-support-limited. Closes: #1057343 + * Drop debian/.gitlab-ci.yml. + + -- Holger Levsen Tue, 30 Jan 2024 17:55:19 +0100 + debian-security-support (1:11+2023.12.11) bullseye; urgency=medium [ Santiago Ruano Rincón ] diff -Nru debian-security-support-11+2023.12.11/debian/.gitlab-ci.yml debian-security-support-11+2024.01.30/debian/.gitlab-ci.yml --- debian-security-support-11+2023.12.11/debian/.gitlab-ci.yml 2023-12-22 16:46:13.0 +0100 +++ debian-security-support-11+2024.01.30/debian/.gitlab-ci.yml 1970-01-01 01:00:00.0 +0100 @@ -1,13 +0,0 @@ -image: debian:unstable - -build: - stage: build - - before_script: -- apt-get update && apt-get -y install devscripts git-buildpackage -- mk-build-deps --tool "apt -y -o Debug::pkgProblemResolver=yes --no-install-recommends" --install -r debian/control - - script: -- git checkout master -- git pull -- gbp buildpackage -uc -us diff -Nru debian-security-support-11+2023.12.11/security-support-ended.deb11 debian-security-support-11+2024.01.30/security-support-ended.deb11 --- debian-security-support-11+2023.12.11/security-support-ended.deb11 2023-12-22 16:47:38.0 +0100 +++ debian-security-support-11+2024.01.30/security-support-ended.deb11 2024-01-30 17:51:03.0 +0100 @@ -10,6 +10,8 @@ # 4. Descriptive text or URL with more details (optional) #In the program's output, this is prefixed with "Details:" -tor 0.4.5.16-1 2023-11-22 https://lists.debian.org/debian-security-announce/2023/msg00258.html +chromium 120.0.6099.224-1~deb11u12024-01-23 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061268 consul 1.8.7+dfsg1-2 2023-12-04 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057418 xen 4.14.5+94-ge49571868d-1 2023-09-30 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053246 +tor 0.4.5.16-1 2023-11-22 https://lists.debian.org/debian-security-announce/2023/msg00258.html + diff -Nru debian-security-support-11+2023.12.11/security-support-limited debian-security-support-11+2024.01.30/security-support-limited --- debian-security-support-11+2023.12.11/security-support-limited 2023-12-22 16:47:38.0 +0100 +++ debian-security-support-11+2024.01.30/security-support-limited 2024-01-30 17:55:19.0 +0100 @@ -15,6 +15,7 @@ gnupg1 See #982258 and https://www.debian.org/releases/stretch/amd64/release-notes/ch-whats-new.en.html#modern-gnupg kde4libskhtml has no security support upstream, only for use on trusted content khtml khtml has no security support upstream, only for use on trusted content, see #1004293 +libspring-java should be only used for building other Debian packages or in a secured local environment with trusted devices. mozjs68 Not covered by security support, only suitable for trusted content, see #959804 mozjs78 Not covered by security support, only suitable for trusted content, see #959804 ocsinventory-server Only
Processed: bullseye-pu: package debian-security-support/1:11+2024.01.30
Processing control commands: > affects -1 + src:debian-security-support Bug #1061983 [release.debian.org] bullseye-pu: package debian-security-support/1:11+2024.01.30 Added indication that 1061983 affects src:debian-security-support -- 1061983: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061983 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1061472: bullseye-pu: package tinyxml/2.6.2-4+deb11u2
On Thu, 25 Jan 2024 at 04:44:12 +0100, Guilhem Moulin wrote: > [ Changes ] > > Fix CVE-2023-34194: Reachable assertion (and application exit) via a > crafted XML document with a '\0' located after whitespace. Per https://bugs.debian.org/1061473#12 I guess you'd like CVE-2023-40462 to be removed from d/changelog for bullseye-pu as well. New debdiff attached. -- Guilhem. diffstat for tinyxml-2.6.2 tinyxml-2.6.2 changelog|9 + patches/CVE-2023-34194.patch | 27 +++ patches/series |1 + 3 files changed, 37 insertions(+) diff -Nru tinyxml-2.6.2/debian/changelog tinyxml-2.6.2/debian/changelog --- tinyxml-2.6.2/debian/changelog 2022-10-20 16:32:51.0 +0200 +++ tinyxml-2.6.2/debian/changelog 2024-01-25 04:12:05.0 +0100 @@ -1,3 +1,12 @@ +tinyxml (2.6.2-4+deb11u2) bullseye; urgency=medium + + * Non-maintainer upload. + * Fix CVE-2023-34194: Reachable assertion (and application exit) via a +crafted XML document with a '\0' located after whitespace. +(Closes: #1059315) + + -- Guilhem Moulin Thu, 25 Jan 2024 04:12:05 +0100 + tinyxml (2.6.2-4+deb11u1) bullseye; urgency=medium * Import fix for CVE-2021-42260. diff -Nru tinyxml-2.6.2/debian/patches/CVE-2023-34194.patch tinyxml-2.6.2/debian/patches/CVE-2023-34194.patch --- tinyxml-2.6.2/debian/patches/CVE-2023-34194.patch 1970-01-01 01:00:00.0 +0100 +++ tinyxml-2.6.2/debian/patches/CVE-2023-34194.patch 2024-01-25 04:12:05.0 +0100 @@ -0,0 +1,27 @@ +From: Guilhem Moulin +Date: Sat, 30 Dec 2023 14:15:54 +0100 +Subject: Avoid reachable assertion via crafted XML document with a '\0' + located after whitespace + +Bug: https://www.forescout.com/resources/sierra21-vulnerabilities +Bug-Debian: https://bugs.debian.org/1059315 +Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2023-34194 +--- + tinyxmlparser.cpp | 4 + 1 file changed, 4 insertions(+) + +diff --git a/tinyxmlparser.cpp b/tinyxmlparser.cpp +index 8aa0dfa..1601962 100644 +--- a/tinyxmlparser.cpp b/tinyxmlparser.cpp +@@ -1606,6 +1606,10 @@ const char* TiXmlDeclaration::Parse( const char* p, TiXmlParsingData* data, TiXm + } + + p = SkipWhiteSpace( p, _encoding ); ++ if ( !p || !*p ) ++ { ++ break; ++ } + if ( StringEqual( p, "version", true, _encoding ) ) + { + TiXmlAttribute attrib; diff -Nru tinyxml-2.6.2/debian/patches/series tinyxml-2.6.2/debian/patches/series --- tinyxml-2.6.2/debian/patches/series 2022-10-20 16:32:49.0 +0200 +++ tinyxml-2.6.2/debian/patches/series 2024-01-25 04:12:05.0 +0100 @@ -1,3 +1,4 @@ enforce-use-stl.patch entity-encoding.patch CVE-2021-42260.patch +CVE-2023-34194.patch signature.asc Description: PGP signature
Bug#1058615: bookworm-pu: package node-yarnpkg/1.22.19+~cs24.27.18-2+deb12u1
On Mon, 29 Jan 2024 22:06:33 + "Adam D. Barratt" wrote: Please go ahead. Uploaded, thanks! OpenPGP_0x8F53E0193B294B75.asc Description: OpenPGP public key OpenPGP_signature.asc Description: OpenPGP digital signature
Bug#1060668: bookworm-pu: package calibre/6.13.0+repack-2+deb12u3
> + * HTML Input: Dont add resources that exist outside the folder hierarchy > s/Dont/Don't/ > > Please go ahead. Thank you. I was uploaded new package with your fix. -- YOKOTA Hiroshi
Bug#1061476: Updated ben script
Hi, someone uploaded a new mathcomp-analysis not knowing about this planned transition, so it should be taken into account. Cheers, J.Puydt PS: updated ben script dw coq-elpi_2.0.0-1 . ANY . -m 'elpi >= 1.18.1-1' dw coq-hierarchy-builder_1.7.0-1 . ANY . -m 'coq-elpi >= 2.0.0-1' dw ssreflect_2.2.0-1 . ANY . -m 'coq-hierarchy-builder >= 1.7.0-1' dw coq-relation-algebra_1.7.10-1 . ANY . -m 'ssreflect >= 2.2.0-1' dw mathcomp-finmap_2.1.0-1 . ANY . -m 'ssreflect >= 2.2.0-1' nmu coq-deriving_0.2.0-1+b1 . ANY . -m 'Rebuild because of upload of ssreflect=2.2.0-1' dw coq-deriving_0.2.0-1+b1 . ANY . -m 'ssreflect >= 2.2.0-1' nmu coq-reglang_1.2.1-1+b1 . ANY . -m 'Rebuild because of upload of ssreflect=2.2.0-1' dw coq-reglang_1.2.1-1+b1 . ANY . -m 'ssreflect >= 2.2.0-1' nmu coquelicot_3.4.1-1+b1 . ANY . -m 'Rebuild because of upload of ssreflect=2.2.0-1' dw coquelicot_3.4.1-1+b1 . ANY . -m 'ssreflect >= 2.2.0-1' nmu mathcomp-bigenough_1.0.1-12+b1 . ANY . -m 'Rebuild because of upload of ssreflect=2.2.0-1' dw mathcomp-bigenough_1.0.1-12+b1 . ANY . -m 'ssreflect >= 2.2.0-1' nmu mathcomp-zify_1.5.0+2.0+8.16-1+b1 . ANY . -m 'Rebuild because of upload of ssreflect=2.2.0-1' dw mathcomp-zify_1.5.0+2.0+8.16-1+b1 . ANY . -m 'ssreflect >= 2.2.0-1' nmu coq-quickchick_2.0.2-1+b1 . ANY . -m 'Rebuild because of upload of ssreflect=2.2.0-1' dw coq-quickchick_2.0.2-1+b1 . ANY . -m 'ssreflect >= 2.2.0-1' nmu coq-extructures_0.4.0-1+b1 . ANY . -m 'Rebuild because of upload of ssreflect=2.2.0-1 coq-deriving=0.2.0-1+b1' dw coq-extructures_0.4.0-1+b1 . ANY . -m 'ssreflect >= 2.2.0-1' dw coq-extructures_0.4.0-1+b1 . ANY . -m 'coq-deriving >= 0.2.0-1+b1' nmu coq-interval_4.9.0-1+b2 . ANY . -m 'Rebuild because of upload of ssreflect=2.2.0-1 coquelicot=3.4.1-1+b1' dw coq-interval_4.9.0-1+b2 . ANY . -m 'ssreflect >= 2.2.0-1' dw coq-interval_4.9.0-1+b2 . ANY . -m 'coquelicot >= 3.4.1-1+b1' nmu mathcomp-algebra-tactics_1.2.3-1+b1 . ANY . -m 'Rebuild because of upload of mathcomp-zify=1.5.0+2.0+8.16-1+b1 ssreflect=2.2.0-1 coq- elpi=2.0.0-1' dw mathcomp-algebra-tactics_1.2.3-1+b1 . ANY . -m 'mathcomp-zify >= 1.5.0+2.0+8.16-1+b1' dw mathcomp-algebra-tactics_1.2.3-1+b1 . ANY . -m 'ssreflect >= 2.2.0- 1' dw mathcomp-algebra-tactics_1.2.3-1+b1 . ANY . -m 'coq-elpi >= 2.0.0- 1' nmu mathcomp-analysis_1.0.0-1+b1 . ANY . -m 'Rebuild because of upload of coq-hierarchy-builder=1.7.0-1 coq-elpi=2.0.0-1 mathcomp- bigenough=1.0.1-12+b1 mathcomp-finmap=2.1.0-1 ssreflect=2.2.0-1' dw mathcomp-analysis_1.0.0-1+b1 . ANY . -m 'coq-hierarchy-builder >= 1.7.0-1' dw mathcomp-analysis_1.0.0-1+b1 . ANY . -m 'coq-elpi >= 2.0.0-1' dw mathcomp-analysis_1.0.0-1+b1 . ANY . -m 'mathcomp-bigenough >= 1.0.1-12+b1' dw mathcomp-analysis_1.0.0-1+b1 . ANY . -m 'mathcomp-finmap >= 2.1.0- 1' dw mathcomp-analysis_1.0.0-1+b1 . ANY . -m 'ssreflect >= 2.2.0-1' nmu mathcomp-multinomials_2.2.0-1+b1 . ANY . -m 'Rebuild because of upload of mathcomp-bigenough=1.0.1-12+b1 mathcomp-finmap=2.1.0-1 ssreflect=2.2.0-1' dw mathcomp-multinomials_2.2.0-1+b1 . ANY . -m 'mathcomp-bigenough >= 1.0.1-12+b1' dw mathcomp-multinomials_2.2.0-1+b1 . ANY . -m 'mathcomp-finmap >= 2.1.0-1' dw mathcomp-multinomials_2.2.0-1+b1 . ANY . -m 'ssreflect >= 2.2.0-1' nmu mathcomp-real-closed_2.0.0-1+b1 . ANY . -m 'Rebuild because of upload of mathcomp-bigenough=1.0.1-12+b1 ssreflect=2.2.0-1' dw mathcomp-real-closed_2.0.0-1+b1 . ANY . -m 'mathcomp-bigenough >= 1.0.1-12+b1' dw mathcomp-real-closed_2.0.0-1+b1 . ANY . -m 'ssreflect >= 2.2.0-1' nmu coqeal_2.0.1-1+b1 . ANY . -m 'Rebuild because of upload of mathcomp-real-closed=2.0.0-1+b1 ssreflect=2.2.0-1' dw coqeal_2.0.1-1+b1 . ANY . -m 'mathcomp-real-closed >= 2.0.0-1+b1' dw coqeal_2.0.1-1+b1 . ANY . -m 'ssreflect >= 2.2.0-1'