[Pkg-kde-extras] lensfun 0.3.2-4 MIGRATED to testing
FYI: The status of the lensfun source package in Debian's testing distribution has changed. Previous version: 0.3.2-3 Current version: 0.3.2-4 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See https://release.debian.org/testing-watch/ for more information. ___ pkg-kde-extras mailing list pkg-kde-extras@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-kde-extras
[Pkg-kde-extras] kdiagram 2.6.1-1 MIGRATED to testing
FYI: The status of the kdiagram source package in Debian's testing distribution has changed. Previous version: 2.6.0-3 Current version: 2.6.1-1 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See https://release.debian.org/testing-watch/ for more information. ___ pkg-kde-extras mailing list pkg-kde-extras@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-kde-extras
[Pkg-kde-extras] Bug#896914: quassel: Implement custom deserializer to add our own sanity checks
Hi Felix! On Wed, Apr 25, 2018 at 11:28:53PM +0200, Felix Geyer wrote: > Hi, > > On Wed, 25 Apr 2018 20:58:52 +0200 Salvatore Bonaccorso > wrote: > > Source: quassel > > Version: 1:0.12.4-1 > > Severity: normal > > Tags: patch security upstream > > Control: fixed -1 1:0.12.5-1 > > > > Hi Felix, > > > > Filling this as bug to have an identifier, since no CVE has been > > assigned. > > > > https://www.quassel-irc.org/node/130 > > > > Commit "Implement custom deserializer to add our own sanity checks": > > > > https://github.com/quassel/quassel/commit/18389a713a6810f57ab237b945e8ee03df857b8b > > I'm working on updates for jessie and stretch. > > Backporting to stretch is easy. > jessie requires a bit more work as the patch uses quite some C++11 features > which > isn't enabled in 0.10. Thank you, please just notify team@s.d.o when you have something ready. Thanks for working on it. Regards, Salvatore ___ pkg-kde-extras mailing list pkg-kde-extras@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-kde-extras
[Pkg-kde-extras] Processed: tagging 823726
Processing commands for cont...@bugs.debian.org: > tags 823726 + help Bug #823726 [tora] tora: New TOra release v3 is available. Added tag(s) help. > thanks Stopping processing here. Please contact me if you need assistance. -- 823726: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823726 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ pkg-kde-extras mailing list pkg-kde-extras@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-kde-extras
[Pkg-kde-extras] Bug#896914: Bug#896914: quassel: Implement custom deserializer to add our own sanity checks
Issue descriptions from Gentoo (input for DSA text). I'm not sure issue 2 is really a security issue. Vuln 1: Title: quasselcore, corruption of heap metadata caused by qdatastream leading to preauth remote code execution. Severity: high, by default the server port is publicly open and the address can be requested using the /WHOIS command of IRC protocol. Description: In Qdatastream protocol each object are prepended with 4 bytes for the object size, this can be used to trigger allocation errors. Vuln 2: Title: quasselcore DDOS Severity: low, impact only a quasselcore not configured. Description: A login attempt causes a NULL pointer dereference because when the database is not initialized. Scott K ___ pkg-kde-extras mailing list pkg-kde-extras@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-kde-extras
[Pkg-kde-extras] quassel_0.12.5-2_source.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 25 Apr 2018 22:58:59 +0200 Source: quassel Binary: quassel-core quassel-client quassel quassel-data Architecture: source Version: 1:0.12.5-2 Distribution: unstable Urgency: high Maintainer: Debian KDE Extras Team Changed-By: Felix Geyer Description: quassel- distributed IRC client - monolithic core+client quassel-client - distributed IRC client - client component quassel-core - distributed IRC client - core component quassel-data - distributed IRC client - shared data Changes: quassel (1:0.12.5-2) unstable; urgency=high . * Build-depend on qtwebengine5-dev only for archs where it's available. Checksums-Sha1: f732da52cb14d885d54d251d0cfe9a1ce655fd63 2541 quassel_0.12.5-2.dsc d939a83f0bd3598f7cfe930da54555f02ff15bdc 17932 quassel_0.12.5-2.debian.tar.xz Checksums-Sha256: 735f1bf64080fd0c5bb75d465dc2de1fc354b1181fe6c7441e3678d4f6f117fc 2541 quassel_0.12.5-2.dsc 838899b76d878e149de4e69f9aada4d4f10bbb95c89b8a7429b516bfbc5f8a0c 17932 quassel_0.12.5-2.debian.tar.xz Files: 9ecde436425e2ec18f6f6ad5135932d1 2541 net optional quassel_0.12.5-2.dsc 7b463be07bcbb9d21314c628097b0f9c 17932 net optional quassel_0.12.5-2.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEFkxwUS95KUdnZKtW/iLG/YMTXUUFAlrg7T0ACgkQ/iLG/YMT XUVTAxAAq2pC1ZlgQSrG9zk7kdEBp+NgLiG1PhOaY66bEnSBlArbUtj5+RQm4Kbo 0/54CQTo6vS+K2L6b1ZqPftrxlkryae4EU3Vqs5F3kt6gPpFR4E10UCaNk57OjiA +hXWb6ax/OX71p60kORsQyjRESzrGatI3TY8+wSaHXO0F0kY7PjB1NiLQ4rpQSXB xh4/fEJWMQfJbk+LNdj/nx4sLr/dDO+6wQrPfZ9Xg14Ol/bQMlHhec68WM9onvNx xHvvbQjLleLn7S10WA9XNoQr3WwvRuiRSahROd691G8oxOvBtGLSBtWCtaiusgcg Z1Fvn81z4pBulsor4ks5OuvvqwrZOKGs4TtEToxhqCaskMAi+L7vOIjhK8FUfSZH cSLT69GODo4MhL3K+Bqv+OQGOrgf/htTHOlK3qyEHEp+X0uK4mnfIEeldxfGhIPi iE9p+jgGPHWIfDEy57p91K2eFImyj94rWcN7B2Ou2YzaORYehTLDf1Qp154ntT7P OZbrl5Xh25Dz/JwOJlV34W8JHy0a1ij7o6s04N/r2nv+eIofTxeBpiheOn8TNBN0 Xr2Fu7vIGjjgS5nZMxetPQfte+3cBKYdWwINc9mKd+8WWsdtKEwOHwmsI9Up/x9v 9d5cB9Hb5yKOOmvB35xS6Qpq4an+m5uTg7E0NBxKGx0eucdSgfQ= =ynpE -END PGP SIGNATURE- Thank you for your contribution to Debian. ___ pkg-kde-extras mailing list pkg-kde-extras@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-kde-extras
[Pkg-kde-extras] Bug#896914: quassel: Implement custom deserializer to add our own sanity checks
Hi, On Wed, 25 Apr 2018 20:58:52 +0200 Salvatore Bonaccorso wrote: > Source: quassel > Version: 1:0.12.4-1 > Severity: normal > Tags: patch security upstream > Control: fixed -1 1:0.12.5-1 > > Hi Felix, > > Filling this as bug to have an identifier, since no CVE has been > assigned. > > https://www.quassel-irc.org/node/130 > > Commit "Implement custom deserializer to add our own sanity checks": > > https://github.com/quassel/quassel/commit/18389a713a6810f57ab237b945e8ee03df857b8b I'm working on updates for jessie and stretch. Backporting to stretch is easy. jessie requires a bit more work as the patch uses quite some C++11 features which isn't enabled in 0.10. Felix ___ pkg-kde-extras mailing list pkg-kde-extras@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-kde-extras
[Pkg-kde-extras] Processing of quassel_0.12.5-2_source.changes
quassel_0.12.5-2_source.changes uploaded successfully to localhost along with the files: quassel_0.12.5-2.dsc quassel_0.12.5-2.debian.tar.xz Greetings, Your Debian queue daemon (running on host usper.debian.org) ___ pkg-kde-extras mailing list pkg-kde-extras@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-kde-extras
[Pkg-kde-extras] Processed: severity of 896914 is grave, severity of 896915 is important
Processing commands for cont...@bugs.debian.org: > severity 896914 grave Bug #896914 [src:quassel] quassel: Implement custom deserializer to add our own sanity checks Severity set to 'grave' from 'normal' > severity 896915 important Bug #896915 [src:quassel] quassel: Reject clients that attempt to login before the core is configured Ignoring request to change severity of Bug 896915 to the same value. > thanks Stopping processing here. Please contact me if you need assistance. -- 896914: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896914 896915: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896915 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ pkg-kde-extras mailing list pkg-kde-extras@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-kde-extras
[Pkg-kde-extras] Processed: quassel: Implement custom deserializer to add our own sanity checks
Processing control commands: > fixed -1 1:0.12.5-1 Bug #896914 [src:quassel] quassel: Implement custom deserializer to add our own sanity checks The source 'quassel' and version '1:0.12.5-1' do not appear to match any binary packages Marked as fixed in versions quassel/1:0.12.5-1. -- 896914: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896914 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ pkg-kde-extras mailing list pkg-kde-extras@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-kde-extras
[Pkg-kde-extras] Bug#896914: quassel: Implement custom deserializer to add our own sanity checks
Source: quassel Version: 1:0.12.4-1 Severity: normal Tags: patch security upstream Control: fixed -1 1:0.12.5-1 Hi Felix, Filling this as bug to have an identifier, since no CVE has been assigned. https://www.quassel-irc.org/node/130 Commit "Implement custom deserializer to add our own sanity checks": https://github.com/quassel/quassel/commit/18389a713a6810f57ab237b945e8ee03df857b8b Regards, Salvatore ___ pkg-kde-extras mailing list pkg-kde-extras@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-kde-extras
[Pkg-kde-extras] Processed: quassel: Reject clients that attempt to login before the core is configured
Processing control commands: > fixed -1 1:0.12.5-1 Bug #896915 [src:quassel] quassel: Reject clients that attempt to login before the core is configured The source 'quassel' and version '1:0.12.5-1' do not appear to match any binary packages Marked as fixed in versions quassel/1:0.12.5-1. -- 896915: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896915 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ pkg-kde-extras mailing list pkg-kde-extras@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-kde-extras
[Pkg-kde-extras] Bug#896915: quassel: Reject clients that attempt to login before the core is configured
Source: quassel Version: 1:0.12.4-1 Severity: important Tags: patch security upstream Control: fixed -1 1:0.12.5-1 Hi Felix, Filling this as bug to have an identifier, since no CVE has been assigned. https://www.quassel-irc.org/node/130 Commit: "Reject clients that attempt to login before the core is configured": https://github.com/quassel/quassel/commit/08bace4e9ecf08273f094c0c6aa8b3363d38ac3e Regards, Salvatore ___ pkg-kde-extras mailing list pkg-kde-extras@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-kde-extras
[Pkg-kde-extras] quassel_0.12.5-1_source.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 25 Apr 2018 19:58:02 +0200 Source: quassel Binary: quassel-core quassel-client quassel quassel-data Architecture: source Version: 1:0.12.5-1 Distribution: unstable Urgency: high Maintainer: Debian KDE Extras Team Changed-By: Felix Geyer Description: quassel- distributed IRC client - monolithic core+client quassel-client - distributed IRC client - client component quassel-core - distributed IRC client - core component quassel-data - distributed IRC client - shared data Changes: quassel (1:0.12.5-1) unstable; urgency=high . * New upstream release. - Fixes a deserialization security vulnerability. - Fixes a DoS while quassel is starting up. * Drop Fix_the_ssl_check_with_Qt_5.6_and_gcc_5.patch, applied upstream. * Build against Qt WebEngine instead of QtWebKit, following upstream. * Move git repo to salsa.debian.org Checksums-Sha1: 36f6e3d695de542818eb5d4646872ffd00238202 2516 quassel_0.12.5-1.dsc ad30d49ab670ba8927e0e0caa8ac36b29f08bd0d 3747392 quassel_0.12.5.orig.tar.bz2 04eb65a8909d082e1314ca81cf8693d8457e4967 17948 quassel_0.12.5-1.debian.tar.xz Checksums-Sha256: 180d5d106be9ea545f0e46b767647d6fb8d96e936a8f9b7de91e61da3f23c777 2516 quassel_0.12.5-1.dsc 1894574dfd79654152a5b7427e7df592b055ae908230504f98a4cb48961e74e2 3747392 quassel_0.12.5.orig.tar.bz2 0eab79714ed68fc707851fa800765ab5da4ee938cf1002b3322f862393a35304 17948 quassel_0.12.5-1.debian.tar.xz Files: a66a4887750dd67254355d26923fe500 2516 net optional quassel_0.12.5-1.dsc 7388395a9578cac9ff93acffbb239878 3747392 net optional quassel_0.12.5.orig.tar.bz2 fd8bf3417e3fd2e718bacc0420569969 17948 net optional quassel_0.12.5-1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEFkxwUS95KUdnZKtW/iLG/YMTXUUFAlrgxLAACgkQ/iLG/YMT XUXCUQ//ahKzkcRpIERoQjFXKC00GX1mOPu3jZTdRJA8aB6mBIRjVR++DyR5ykRV VWwqFu1ABv4fzq8adiSc8BkPvUkBLVNCM7u4EB0bhHJfGywdqKE23svdlCu0qz0+ nmlc3Z1lKm1/CV3Bm1b5a0ZkHmNe0KY2R5TqMqUTciGarQrmIKPJVDiApLTPSk/G B83XVpxisPXZBO1UDUj6cd/TxKHpth6hy4go9UfTIm5iqC0jVLiYMXwr2MFhnCPW ipe1Gzx9zPoGOzLTGoh7tThFxKT/oJIxvGdNSO+1Q9B8L6xcWHYWKCZV5WsamF9D fFMtLwrnbw6uMg40VsCHyb2We0pMg+3XBwQMmlxVC8cFW+/fkee8SrXpZcblRJpx Hogvps+c3Y+1l2PVtgYvuvll1advxRmpS/CjByc4/wz1IGAFgwJh0R7nKHH0WswC j+WJAqGM1m+SupIK1vJgYPtxDB1oOK7ivuftty0BsKokc+GzfivKqbcY2jd4Ym82 TEUvlTygCnA1FSHbn6FBhoAHnOqYMcX8/07UGSnxL77tIn9NcRzwfmvhL32hnoeI 1Uez+Cd0iOnY80UhbfK4iiVL5AeLFjekiDYRXa8kw1FEPJ526dpbv0foyhP2vZgs RZtqwz7h2ha6G/vvBTaC2JueRdkGc0YVJBv1zcWhtCcxL791iVg= =ZHMD -END PGP SIGNATURE- Thank you for your contribution to Debian. ___ pkg-kde-extras mailing list pkg-kde-extras@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-kde-extras
[Pkg-kde-extras] Processing of quassel_0.12.5-1_source.changes
quassel_0.12.5-1_source.changes uploaded successfully to localhost along with the files: quassel_0.12.5-1.dsc quassel_0.12.5.orig.tar.bz2 quassel_0.12.5-1.debian.tar.xz Greetings, Your Debian queue daemon (running on host usper.debian.org) ___ pkg-kde-extras mailing list pkg-kde-extras@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-kde-extras
[Pkg-kde-extras] Processed: add ffmpeg 4.0 transition blocking bugs
Processing commands for cont...@bugs.debian.org: > block 896893 by 888329 888333 888335 888330 888331 888337 888338 888340 > 888343 888345 888346 888349 888350 888352 888353 888356 888357 888358 888359 > 888360 888362 888364 888365 888367 888370 888372 888373 888374 888375 888376 > 888377 888378 888380 888381 888382 888383 888384 888385 888386 888388 888389 > 896823 896824 896825 888325 888326 888328 888332 888336 888344 888347 888363 > 888366 888371 Bug #896893 [release.debian.org] transition: ffmpeg 896893 was not blocked by any bugs. 896893 was not blocking any bugs. Added blocking bug(s) of 896893: 888365, 888373, 888350, 888343, 888360, 888388, 888330, 888363, 888377, 888376, 888375, 888371, 888389, 888336, 888366, 896824, 888362, 888332, 888338, 888333, 888374, 888344, 888335, 888340, 888352, 888385, 888357, 888345, 888328, 888380, 888370, 888359, 888349, 896823, 888367, 888329, 888384, 888386, 888346, 888331, 888372, 896825, 888325, 888381, 888378, 888364, 888337, 888356, 888358, 888382, 888383, 888326, 888353, and 888347 > thanks Stopping processing here. Please contact me if you need assistance. -- 896893: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896893 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ pkg-kde-extras mailing list pkg-kde-extras@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-kde-extras
