Bug#1008792: Should vmtk be removed?
Source: vmtk Version: 1.3+dfsg-2.3 Severity: serious Your package came up as a candidate for removal from Debian: - Depends on Python 2 and thus removed from testing since 2019 (current upstream 1.4 is fixed, though) - Last maintainer upload in 2016 If you disagree and want to continue to maintain this package, please just close this bug (and fix the open issues). If you agree with the removal, please reassign to ftp.debian.org by sending the following commands to cont...@bugs.debian.org: -- severity $BUGNUM normal reassign $BUGNUM ftp.debian.org retitle $BUGNUM RM: -- RoM; thx -- Otherwise I'll move forward and request it's removal in a month. Cheers, Moritz -- debian-science-maintainers mailing list debian-science-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
Bug#1008704: Sould astk be removed?
Source: astk Version: 1.13.1-2.1 Severity: serious Your package came up as a candidate for removal from Debian: - Still depends on Python 2 and thus removed from testing since 2019 - Last maintainer upload in 2014 If you disagree and want to continue to maintain this package, please just close this bug (and fix the open issues). If you agree with the removal, please reassign to ftp.debian.org by sending the following commands to cont...@bugs.debian.org: -- severity $BUGNUM normal reassign $BUGNUM ftp.debian.org retitle $BUGNUM RM: -- RoM; thx -- Otherwise I'll move forward and request it's removal in a month. Cheers, Moritz -- debian-science-maintainers mailing list debian-science-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
Bug#990204: Failing autopkgtest with pillow 8.1.2+dfsg-0.2/ pillow 8.2
Source: skimage Severity: serious pillow 8.1.2+dfsg-0.2 backported a few security fixes from pillow 8.2. One of the changes breaks the autopkgtest/testsuite of skimage: https://ci.debian.net/data/autopkgtest/testing/amd64/s/skimage/13102974/log.gz I dug around in skimage git and this appears to be fixed already in https://github.com/scikit-image/scikit-image/commit/4be0f1b0a578e5239f2352af1aec2c80011ed4da so it would be great if you could cherrypick this patch for unstable. Cheers, Moritz -- debian-science-maintainers mailing list debian-science-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
Bug#989364: scilab: Multiple security issues in ezxml
Package: scilab Severity: important Tags: security X-Debbugs-Cc: Debian Security Team Multiple security issues were found in ezxml, which scilab bundles: CVE-2021-31598: https://sourceforge.net/p/ezxml/bugs/28/ CVE-2021-31348 / CVE-2021-31347: https://sourceforge.net/p/ezxml/bugs/27/ CVE-2021-31229: https://sourceforge.net/p/ezxml/bugs/26/ CVE-2021-30485: https://sourceforge.net/p/ezxml/bugs/25/ CVE-2021-26222: https://sourceforge.net/p/ezxml/bugs/22/ CVE-2021-26221: https://sourceforge.net/p/ezxml/bugs/21/ CVE-2021-26220: https://sourceforge.net/p/ezxml/bugs/23/ CVE-2019-20202: https://sourceforge.net/p/ezxml/bugs/17 CVE-2019-20201 https://sourceforge.net/p/ezxml/bugs/16 CVE-2019-20200: https://sourceforge.net/p/ezxml/bugs/19 CVE-2019-20199: https://sourceforge.net/p/ezxml/bugs/18 CVE-2019-20198: https://sourceforge.net/p/ezxml/bugs/20 CVE-2019-20007: https://sourceforge.net/p/ezxml/bugs/13 CVE-2019-20006: https://sourceforge.net/p/ezxml/bugs/15 CVE-2019-20005: https://sourceforge.net/p/ezxml/bugs/14 -- debian-science-maintainers mailing list debian-science-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
Bug#968830: CVE-2020-10289
Source: ros-actionlib Severity: normal Tags: security X-Debbugs-Cc: Debian Security Team This was assigned CVE-2020-10289: https://github.com/ros/actionlib/pull/171 Cheers, Moritz -- debian-science-maintainers mailing list debian-science-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
Bug#953062: FTBFS on arm64, armel, armhf, ppc64el, s390x
Package: meshlab Severity: serious The new meshlab FTBFSes on arm64, armel, armhf, ppc64el, s390x. This also means that on those archs meshlab still uses Qt4. Cheers, Moritz -- debian-science-maintainers mailing list debian-science-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
Bug#950251: Consider linking against archive version of libstb
Source: sumo Severity: normal src/foreign/fontstash/stb_truetype.h is shipped in sumo The STB files are also available in src:libstb, so please consider switching to the in-archive copy. Cheers, Moritz -- debian-science-maintainers mailing list debian-science-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
Bug#885505: bumping severity of pygtk bugs
On Wed, Dec 11, 2019 at 09:52:15AM +0100, Thibaut Paumard wrote: > Le 10/12/2019 à 19:59, Moritz Mühlenhoff a écrit : > > On Mon, Oct 07, 2019 at 04:51:09PM +0200, Thibaut Paumard wrote: > >> Dear Jeremy, > >> > >> Thanks, I have warned upstream that spydr will be removed if not updated > >> to Python 3 and Gtk 3. > > > > Was there any reaction? Otherwise let's go ahead with the removal from > > the archive. > > > > Cheers, > > Moritz > > Yes, upstream did say they would fix this. As this is a leaf package, I > would propose to wait until after the vacation and remove it on, say, > Jan. 15th. In the meantime I ill ping them and maybe they manage by then. > > Else, I can always reintroduce it later. Sounds good! Cheers, Moritz -- debian-science-maintainers mailing list debian-science-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
Bug#875150: Should we file a removal bug?
On Wed, Sep 25, 2019 at 07:57:47AM +0200, Andreas Tille wrote: > Hi, > > On Tue, Sep 24, 2019 at 10:48:24PM +0200, Moritz Mühlenhoff wrote: > > On Tue, Sep 17, 2019 at 12:05:17PM -0300, Lisandro Damián Nicanor Pérez > > Meyer wrote: > > > Hi! It seems there is no activity on this bug, should we file a removal > > > bug? > > > > Adding the last two uploaders to CC. > > ... as well as Uploaders in d/control in CC. > > > Is anyone of you planning to upload a Qt5 compatible release candidate of > > qtiplot? > > Otherwise we'll file a removal bug as we're closing in on the Qt5 > > removalnow. > > > > (Upload also happen to experimental to avoid a later roundtrip through NEW > > when a final > > 1.0 comes out) > > While the website[1] is announcing > > 2019/09/18 - QtiPlot 1.0.0-rc10 release available. New features and > improvements: > > (without mentioning a Qt 5 port explicitly :-() the download area[2] > does not contain any source download of this. It seems upstream changed > to a closed source model since you can only download binaries with > restricted functionality or you need to buy a license. Ah yes, the Sourceforge page states: Posted 2019-02-12 QtiPlot is no longer open source, therefore your comment is out of scope. We have tried to keep it open source as long as possible. Unfortunately this was made impossible by people insisting to distribute prebuilt binaries for Windows, without taking into account the fact that this was our only source of revenu allowing to finance our work. So seems best to remove it, then. Cheers, Moritz -- debian-science-maintainers mailing list debian-science-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
Bug#929597: CVE-2019-12211 CVE-2019-12212 CVE-2019-12213 CVE-2019-12214
On Tue, Jun 04, 2019 at 08:20:33PM +0200, Anton Gladky wrote: > severity 929597 important > thanks > > The fix from upstream is still not available. I am not feeling > confident enough to provide a fix for this complex peace > of code without breaking it. > > Also reducing the severity. If the security team decides to > keep it "grave" - feel free to revert it. Fine, but we still need to fix it once properly fixed upstream. Cheers, Moritz -- debian-science-maintainers mailing list debian-science-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
Bug#929597: CVE-2019-12211 CVE-2019-12212 CVE-2019-12213 CVE-2019-12214
Source: freeimage Severity: grave Tags: security Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12211 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12212 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12213 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12214 Cheers, Moritz -- debian-science-maintainers mailing list debian-science-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
Bug#924884: CVE-2017-18009
Source: opencv Severity: important Tags: security This got fixed in experimental, but given that this won't reach buster, it would be great if you could cherrypick the isolated patch: https://github.com/opencv/opencv/issues/10479 Patch: https://github.com/opencv/opencv/commit/4ca89db22dea962690f31c1781bce5937ee91837 Cheers, Moritz -- debian-science-maintainers mailing list debian-science-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers