Source: ruby-sanitize
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for ruby-sanitize.
CVE-2023-23627[0]:
| Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0
| and later, prior to 6.0.1, are vulnerable
Source: snakeyaml
Version: 1.33-1
Severity: important
Google's oss-fuzz found various cases where snakeyaml triggers an exception
on malformed YAML input. These end up blindly being picked by various
security web sites (since CVE IDs) were assigned.
This is causing lots of overhead/annoyance for
On Mon, Jan 30, 2023 at 12:30:40PM -0500, Paul Tagliamonte wrote:
> doko is not MIA. I've seen recent uploads from him. He's also on IRC. I
> asked him on IRC, he replied fairly quickly:
>
> 17:27 < doko> paultag: please remove, there's no upstream development anymore
>
> Next time, it'd be grea
On Sat, Jan 28, 2023 at 08:49:04AM +0100, William Desportes wrote:
> Hi,
>
> I would say that at first doko was not reachable, now doko has probably a lot
> to do.
>
> I had mailed the MIA team to see what could be done.
doko is not MIA. I've seen recent uploads from him. He's also on IRC. I
a
On 2019-12-01 20:34 +, Chris Carr wrote:
> I've been meaning to do this for five or six years, so definitely any
> year now!
>
> Seriously, I might actually get round to it in 2020, life is getting a
> bit easier ...
Life unfortunately got not easier for most of us in 2020 ff., I hope you
hav
Control: tags -1 fixed-upstream
On 2018-02-28 17:49 +0100, Sven Joachim wrote:
> Control: severity -1 important
> Control: tags -1 upstream
>
> On 2017-01-13 09:35 +0100, Sven Joachim wrote:
>
>> Source: angband
>> Version: 1:3.5.1-2.2
>> User: ncur...@packages.debian.org
>> Usertags: ncurses5-co
On 2023-01-29 20:12 +0100, Sven Joachim wrote:
> Package: libncurses-dev
> Version: 6.4-2
> Severity: wishlist
>
> For the transition from libncurses5 to libncurses6, I made this change:
>
> ,
> | ncurses (6.1+20180210-2) unstable; urgency=medium
> |
> | * Temporarily add ncurses{w,}5-config
I can confirm this bug also affects version 1.22.0-2, which was
recently released to Debian sid.
Example:
fienix@fienix:~$ yt-dlp -g -x https://www.youtube.com/watch?v=B7xai5u_tnk
https://rr4---sn-vgqsknez.googlevideo.com/videoplayback?expire=1675118797&ei=bfTXY7j4EoColu8PgqmQsAI&ip=2600%3A6c44%3A
On Mon, Jan 30, 2023 at 03:14:09AM +0100, Chris Hofstaedtler wrote:
Hello Ryan,
Hi,
* Ryan Tandy [19 Feb 2019 08:42:24]:
On Tue, Feb 19, 2019 at 09:27:29AM +0100, Karsten Heymann wrote:
> any news on this? Having a proper systemd unit for slapd would be quite nice.
Not for buster, I'm afra
Hi vmwgfx maintainers,
An out-of-bound access in vmwgfx specific framebuffer implementation can
be easily triggered by fbterm (a framebuffer terminal emulator) when it
is going to scroll screen.
With some debugging, it seems that vmw_fb_dirty_flush() cannot handle
the vinfo.yoffset correctly
Package: linux-source
Version: 6.2.0-rc6
Severity: wishlist
X-Debbugs-Cc: vmxevils...@gmail.com
Dear Debian Kernel Maintainers,
I have tested diederik code on various 6.2-rc kernels and it works like a charm
Please merge his tree
Thank you for your time
-- System Information:
Debian Release: b
Package: git-buildpackage
Version: 0.9.30
Dear maintainers of git-buildpackage,
The patches exported by `gbp-pq` can be wildly different depending on
the value set in the git option `diff.algorithm`.
Thus packages where co-maintainers happen to use different
`diff.algorithm` values undergo a
Package: hplip-gui
Version: 3.22.10+dfsg0-1
Severity: grave
Tags: patch
Justification: renders package unusable
Dear Maintainer,
* What led up to the situation?
Trying to launch hp-toolbox software, got this output:
Traceback (most recent call last):
File "/usr/bin/hp-toolbox", line 280, in
Dear Maintainers,
I am using this crude workaround daily and it seems to work (as per
upstream advice)
cat /etc/systemd/system/realtek-bug.service
[Unit]
Description=Realtek Bugfix
After=network.target
[Service]
Type=oneshot
ExecStart=/usr/bin/bash -c '/usr/bin/echo 0 >
/sys/class/net/enp2s0/de
Package: opentracker
Version: 0.0~git20210823.110868e-2+b1
Severity: normal
X-Debbugs-Cc: a...@debian.org
Dear Agathe,
from the /usr/share/doc/opentracker/README.Debian, I thougth that it is possible
to switch from white- to blacklist or use no list at all (public tracker):
| By default, the t
Hi Julian (2023.01.27_11:10:14_-0400)
> python3-wrapt | python3 (<< 3.11), python3-wrapt | python3 (>> 3.11).
> Since python3 will satisfy exactly one of python3 (>> 3.11) and
> python3 (<< 3.11), this dependency can be simplified to just
> python3-wrapt.
FWIW, this comes from:
dependencies = [
Hi Drew (2023.01.07_07:56:43_-0400)
I think this is something worth a try in early trixie.
It'll likely be a change of default mode, and require packages to
explicitly the request the setuptools mode.
> It matters in particular for python modules which are rebuilt with
> different configurations,
Hi Simon (2023.01.13_10:02:11_-0400)
> For instance, pylint has "tomli>=1.1.0;python_version<'3.11'" in its
> pyproject.toml, which is translated as "python3-tomli (>= 1.1.0) |
> python3 (>= 3.11)".
>
> This means that if we have python == 3.11 but still have python3.10 in
> the archive, any code
Package: release-notes
Severity: minor
The familiar "single-line" format for apt sources in .list files is,
in theory, gradually being deprecated in favour of the deb822 format
in .sources files[1]. We can expect the old format to be supported
for a few releases yet - for a start as I understand
Package: release-notes
Severity: normal
We've already given users notice in previous release-notes that the
unmerged format won't be supported on bookworm; now, any users who
haven't yet installed usrmerge will get it automatically pulled in
during the dist-upgrade. The release-notes ought to men
Package: puppetserver
Version: 7.9.3-3
Severity: grave
*Something* this weekend broke my Puppetserver. I'm not sure
what. It's now failing to start (repeatedly) with:
jan 29 06:57:07 marcos systemd[1]: Starting Puppet Server...
jan 29 06:57:10 marcos java[1079416]: WARNING: update-vals already re
Control: tag -1 - unreproducible, moreinfo
Hi Ricardo (2023.01.29_04:09:09_-0400)
> Here you see the python3.11 installation, but it's because apt is pulling
> the recommends by default.
Ah, yes. My minimal chroot wasn't minimal enough.
I see that python3.X-minimal Recommends python3.x.
I don't
Hi there,
golang-github-cavaliergopher-grab has been accepted into unstable. Shall
I proceed with the aptly upload or would one of you guys prefer doing it?
Roland.
Le 04/01/2023 à 14:49, Sébastien Delafond a écrit :
On 02/01 15:04, Roland Mas wrote:
I took the liberty of packaging the cava
Hi,
All is good now, #1028374 is fixed. No change regarding this is required in
davmail.
Thanks,
Alex
Hi,
> > Thanks a lot but looks like the fix was not complete.
> >
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029908
> >
> > Can you upload a version with the fix available in the bug report?
>
> Done. This time I merged the commit from your repo on Salsa, and also
> ran the autopkg
Package: libcifpp-data
Version: 5.0.5-6
Severity: normal
Dear Maintainer,
It was trapped in the following (longtime) loop:
--2023-01-30 16:22:02--
ftp://ftp.wwpdb.org/pub/pdb/data/monomers/components.cif.gz
=> « /var/cache/libcifpp/components.cif.gz »
Résolution de ftp.wwpdb.org (ft
On Mon, 2023-01-30 at 06:46 +0100, Andreas Tille wrote:
> Am Sun, Jan 29, 2023 at 10:22:24AM -0500 schrieb M. Zhou:
>
>
> Since we do not have this module[2] (yet) we should probably exclude all
> tests that need this module, right? If you think its a nice thing to
> have I would volunteer to pa
Package: initramfs-tools
Version: 0.142
Severity: wishlist
I wanted automatic fsck for problems on the root filesystem,
and it was difficult to disconver that fsck.repair=yes
on the kernel cmdline is the way to configure that.
initramfs-tools was made to support the same configuration used by
sys
Package: wnpp
Severity: wishlist
Owner: Mike Gabriel
X-Debbugs-Cc: debian-de...@lists.debian.org
* Package name: lomiri-camera-app
Version : 4.0.0
Upstream Author : UBports Developers
* URL :
https://gitlab.com/ubports/development/apps/lomiri-camera-app
* License
Hi,
During an upgrade from Bullseye with some bpo packages to
Testing/Bookworm, I faced the following issue:
Dépaquetage de xz-utils (5.4.1-0.0) sur (5.2.5-2.1~deb11u1) ...
dpkg: erreur de traitement de l'archive
/tmp/apt-dpkg-install-IJKguW/37-xz-utils_5.4.1-0.0_amd64.deb
(--unpack) :
tentative
On Sun, Jan 29, 2023 at 07:56:09PM +, Tomas Janousek wrote:
> On Thu, Jan 05, 2023 at 01:19:58AM +0800, ChangZhuo Chen wrote:
> > We have the following error when runuing install command "pipx install
> > httpie":
> > […]
> >/home/czchen/.local/pipx/venvs/httpie/bin/python: No module named
Hi,
Thank you so much.
This is deeply interesting.
The same bug might happen in the 495 other packages that
are candidate for using dh-cruft too (the one list in "rules/" in src:cruft).
I will try to fix this at once in dh-cruft instead of requiring
Break+Replaces everywhere.
Simplest option i
Hi Simon,
Thank you!
On Sun, Jan 29, 2023 at 06:39:27PM +, Simon McVittie wrote:
> Control: forwarded -1
> https://gitlab.gnome.org/GNOME/gobject-introspection/-/issues/323
It is impressive just how far you moved this issue already. I fear there
is little to add.
In particular, I was unawa
Control: reopen -1
On Sun, Jan 29, 2023 at 09:31:02AM -0700, Bdale Garbee wrote:
> Hrm. As I DH'ified the package, I really thought that part of your
> patch would no longer be relevant. What I didn't realize is that your
> bug about not stripping in dh_auto_install wasn't implemented until
> co
Source: qt6-charts
Version: 6.4.2-1
Tags: patch
User: debian-cr...@lists.debian.org
Usertags: ftcbfs
qt6-charts fails to cross build from source, because it does not pass
QT_HOST_PATH. I'm attaching a patch for your convenience.
Helmut
diff --minimal -Nru qt6-charts-6.4.2/debian/changelog
qt6-ch
Source: libretro-nestopia
Version: 1.52.0+20221230.gitdd78611-1
Tags: patch
User: debian-cr...@lists.debian.org
Usertags: ftcbfs
libretro-nestopia fails to cross build from source, because it does not
pass cross tools to make. The easiest way of doing so - using
dh_auto_build - makes libretro-nest
Package: wnpp
Owner: Mason James
Severity: wishlist
X-Debbugs-CC: debian-de...@lists.debian.org, debian-p...@lists.debian.org
* Package name: libcatmandu-fix-cmd-perl
Version : 0.0201
Upstream Author : Nicolas Steenlant
* URL : https://metacpan.org/release/Catmandu-Fi
Package: src:llvm-toolchain-14
Version: 1:14.0.6-10
Distro: debian bookworkm
I want to cross-compile simple CMake project to mipsel in x86_64 machine. I
found than I cannot co-install LLVM versions from different architectures
by apt into one Debian machine. Even when I do not need llvm-config and
Package: wnpp
Owner: Mason James
Severity: wishlist
X-Debbugs-CC: debian-de...@lists.debian.org, debian-p...@lists.debian.org
* Package name: libcatmandu-filestore-perl
Version : 1.16
Upstream Author : Patrick Hochstenbach
* URL : https://metacpan.org/release/Catmandu
I now found the problem. The mails from cron had been sorted into spam because
they had "root (Cron Daemon)" as sender and rspamd didn't like the sender
domain to be forged to r...@domain.de. Anyway, the error message says
"/usr/bin/test: /usr/bin/test: can't execute file". I guess it didn't li
Hi,
El 26/01/23 a las 13:34, Martin-Éric Racine escribió:
> Package: ifupdown
> Version: 0.8.41
> Followup-For: Bug #1007150
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Greetings,
>
> Any progress on this?
>
None for the moment. But thanks for the ping. I acknowledge this is an
Package: gosa-plugins-systems,gosa-plugins-goto
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Control: found -1 2.8~git2027.2916ca3-2
Control: found -1 2.8~git20211027.5741b8f-2
Hi,
during a test with piuparts I noticed your package fails to upgrade from
'testing'.
It
Package: hdf5-filter-plugin-zfp-serial
Version: 1.1.0+git20221021-3
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package fails to upgrade from
'testing'.
It installed fine in 'testing', then the upgrade to 'sid' fails
because
Jonathan is submitting a patch to fix this upstream.
Package: hdf5-filter-plugin-blosc-serial
Version: 0.0~git20220616.9683f7d-4
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package fails to upgrade from
'testing'.
It installed fine in 'testing', then the upgrade to 'sid' fails
Package: gourmand
Version: 1.1.0+really1.1.0~rc3-1
Hello,
for two days I haven't been able to make it work gourmand. He had no abs
that he would not work by saying to me, "The 'recipe-scrapers'
distribution was not found and is required by gourmand". I found some
advices to install by pip reci
Package: wnpp
Severity: wishlist
Owner: Mike Gabriel
X-Debbugs-Cc: debian-de...@lists.debian.org
* Package name: lomiri-docviewer-app
Version : 3.0.1
Upstream Author : UBports Developers
* URL :
https://gitlab.com/ubports/development/apps/lomiri-docviewer-app
* Licen
Source: yt
Version: 4.1.4-1
Severity: serious
Tags: patch
Hi Maintainer
python3-yt has a hard-coded dependency on numpy-abi-9 and misses a
versioned dependency on python3-numpy.
The patch below should ensure these are automatically added correctly.
Regards
Graham
--- a/debian/control
+++ b/deb
Package: systemd-cron
Version: 1.15.19-3
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package fails to upgrade from
'stable'.
It installed fine in 'stable', then the upgrade to 'sid' fails
because it tries to overwrite other
Package: wnpp
Owner: deba...@debian.org
Severity: wishlist
* Package name: pass2csv
Version : 1.0.0
Upstream Author : Rupus Reinefjord
* URL or Web page : https://github.com/reinefjord/pass2csv
* License : MIT
Programming Lang: Python
Description : pass password s
Am 30.01.2023 um 13:10 teilte Jan Wagner mit:
Hi,
thanks for confirming.
As I don't have a bookworm system (with running kernel) at hand, I can't
go deeper into debugging this issue until I get hands on it.
I'm able to reproduce, if that helps.
hille@sid-amd64:~$ /usr/lib/nagios/plugins/che
Package: wireless-regdb
Version: 2022.04.08-2~deb11u1
I just faced the same cfg80211 error, trying to switch from CRDA to the
kernel builtin feature. It took me a while to find this bug report and
about the need to switch to the upstream version of the database. Thanks
for the pointer, and my
Hello,
Before uploading I did purge tzdata from my sbuild chroot and the build
succeeded. This makes me think that maybe there is something else involved, but
since I did not see the failure log, that is a wild uneducated guess. Please
provide some log showing the error.
I am silently following t
Hi Holger,
Am 30.01.23 um 12:33 schrieb Holger Levsen:
$ scp ./nagios-plugins-contrib-38.20230124/dsa/checks/dsa-check-running-kernel
osuosl168-amd64.debian.net:
and then there:
holger@osuosl168-amd64:~ $ bash dsa-check-running-kernel
WARNING: Running kernel does not match on-disk kernel imag
Continued testing and found that this bug:
- Not reproducible in current Linux 6.2-rcX mainline
- Reproducible in Linux 6.1.7-1 (bookworm kernel package)
The git history of drivers/gpu/drm/vmwgfx shows that the offending
function `vmw_fb_dirty_flush()` in file vmwgfx_fb.c has been removed by
c
Package: wnpp
Owner: Mason James
Severity: wishlist
X-Debbugs-CC: debian-de...@lists.debian.org, debian-p...@lists.debian.org
* Package name: libcatmandu-fedoracommons-perl
Version : 0.5
Upstream Author : Patrick Hochstenbach
* URL : https://metacpan.org/release/Catma
Package: wnpp
Owner: Mason James
Severity: wishlist
X-Debbugs-CC: debian-de...@lists.debian.org, debian-p...@lists.debian.org
* Package name: libcatmandu-bibtex-perl
Version : 0.21
Upstream Author : Nicolas Steenlant C<< >>
* URL : https://metacpan.org/release/Catmand
Hi Jan,
On Mon, Jan 30, 2023 at 11:34:31AM +0100, Jan Wagner wrote:
> can you try the version from unstable
> (https://packages.debian.org/sid/nagios-plugins-contrib) which I uploaded a
> few days ago?
$ scp ./nagios-plugins-contrib-38.20230124/dsa/checks/dsa-check-running-kernel
osuosl168-amd64
hi,
I just tested the same version from github (the AppImage version) and
everything works fine.
the property window is dock-able/un-dock-able, the right buttons (in the
un-docked /docked property window) are in place (to dock/un-dock).
Eric Streit
Package: apt
Version: 2.5.5
Severity: wishlist
Hi!
On a thread on debian-devel, Adrian Bunk brought up the potential
problem of packages with a Build-Conflicts against a
«Protected/Important: yes» package. To me it makes sense that the
tooling should be able to cover this theoretical problem auto
Package: toot
Severity: wishlist
Version: 0.32.1-1
Relative to Debian's 0.32.1, there are some useful changes to the tui in
particular: ability to work with bookmarks, showing post visibility,
fixing a reply-to bug, and properly hiding all sensitive info in posts
(not just some of it).
It would b
Package: freecad
Version: 0.20.2+dfsg1-3
Severity: normal
X-Debbugs-Cc: e...@yojik.eu
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
After launching freecad, I undocked the property winow on my second
scr
Hi Holger,
Am 26.01.23 um 17:41 schrieb Holger Levsen:
on a system running bookworm and the latest amd64 kernel
/usr/lib/nagios/plugins/check_running_kernel warns me that the running kernel
doesnt
match the on-disk kernel, while it*is* running the latest kernel.
(line breaks added for better r
Dear Maintainer,
this can be reproduced in current Bookworm/testing too.
The backtrace below shows PyBytes_FromString received for
parameter str a NULL, which documentation states must not be NULL [1].
Unfortunately could not find an issue or update in upstream page [2].
Kind regards,
Bernhard
On Sun, Jan 29, 2023 at 10:19:14PM +0100, Diederik de Haas wrote:
> On 29 January 2023 18:35:14 CET, Julian Gilbey wrote:
> >> A (major) libc6 upgrade is not something that will happen on Stable, so
> >> this
> >> issue may only occur with people running Testing or Unstable.
> >
> >But it will h
Package: wnpp
Severity: wishlist
Owner: Mike Gabriel
X-Debbugs-Cc: debian-de...@lists.debian.org
* Package name: lomiri-filemanager-app
Version : 1.0.0
Upstream Author : UBports Developers
* URL :
https://gitlab.com/ubports/development/apps/lomiri-filemanager-app
* L
Package: elpa-powerline
Version: 2.4-4
Severity: minor
X-Debbugs-Cc: pi...@debian.org
Dear Maintainer,
When I start emacs, I have all these warning
Warning (comp): powerline.el:115:1: Warning: custom-declare-variable
`powerline-gui-use-vcs-glyph' docstring wider than 80 characters Disable
sho
Package: sponsorship-requests
Followup-For: Bug #1029409
Control: retitle -1 RFS: quadrilateralcowboy/1~20230127-1 [ITP] -- first-person
cyberpunk adventure game
Dear mentors,
The latest upload for quadrilateralcowboy to the mentors-ftp site has updated
the version number and upstream contact de
Am 30.01.23 um 07:59 schrieb Otto Kekäläinen:
The only problem there is that on purge deb-systemd-helper and
update-rc.d will disable the service, but that is not based on package
ownership.
The maintainer scripts will act on files which effectively no longer
belong to this package. That's t
Package: pitivi
Version: 2022.06-1+b1
Severity: normal
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
installation of Pitivi
pitivi/unstable,testing,now 2022.06-1+b1 amd64 [installé]
I had to add gsound manually
On Mon, Jan 30, 2023 at 10:37:00AM +0100, Hilmar Preuße wrote:
>Am 30.01.2023 um 06:51 teilte Brendan O'Dea mit:
>> This is still present in the unstable version of the package. You
>> should probably keep this open until 7.0 gets to unstable.
>>
>IIRC the Debian BTS is based on versions, unless
Thank you all. The kernel update to 6.1.7-1 resolved the issue in Debian Testing
Thank you all. The kernel update to 6.1.7-1 resolved the issue in Debian Testing
Source: linux
Version: 6.2~rc6
Severity: important
X-Debbugs-Cc: vmxevils...@gmail.com
Dear Maintainer,
The new rc kernel version 6.2~rc6 is out, still not displayed on
https://tracker.debian.org/pkg/linux
Can I dput the packages ?
Thanks for your time
-- System Information:
Debian Release: bo
Am 30.01.2023 um 06:51 teilte Brendan O'Dea mit:
Hi Brendan,
On Mon, Nov 28, 2022 at 11:46:49PM +0100, Hilmar Preuße wrote:
Version: 7.0-1
Am 28.11.2022 um 23:28 teilte Barak A. Pearlmutter mit:
Yes! That fixes it.
Closing then.
This is still present in the unstable version of the packa
Hello,
Le sam. 28 janv. 2023 à 12:00, Wouter Verhelst a écrit :
>
>
> I did not install pipewire manually; it was installed through dependencies.
>
It would be great to understand how pipewire pkgs have been pulled on your
system since I don't know which packages are installed by awesome. But th
Source: astropy
Version: 5.2.1-1
Severity: normal
Control: forwarded -1 https://github.com/astropy/astropy/issues/13986
astropy fails test_models_fitting[LevMarLSQFitter-model31] on i386.
The problem appears to be triggered by scipy 1.10, and the problem is
discussed upstream at https://github.com
Package: debhelper
Version: 13.11.4
Severity: normal
Hi,
meson supports a command line flag called --auto-features which can be
set to "enabled" to force building everything instead of just building
the things for which the required dependencies are installed. Without
this flag, it can happen tha
Hallo Roland,
Am 29.01.23 um 18:19 schrieb Roland Rosenfeld
Anbei ein Bugreport gegen das aktuelle devel-Wörterbuch.
Ich fürchte, Axel hat recht, dass "none tumor" ein typo ist und es im
britischen und amerikanischen Englisch "bone tumor" heißen muss.
Auch ich habe "none tumor" nirgends, außer i
Otto, et al,
> I don't see anything new in upstream
> https://jira.mariadb.org/browse/MDEV-28751 about this.
> However we do have MariaDB 10.11.1 in Debian now. Maybe you Daniel can
> for the sake of it check if the behaviour is still same on 10.11?
Unfortunately, still the same.
I created a li
101 - 180 of 180 matches
Mail list logo