Bug#1036309: xdg-utils: xdg-mime pauses for around 2 seconds running xprop to detect XFCE

Package: xdg-utils Version: 1.1.3-4 Severity: normal I was noticing that xdg-mime was very slow on one system; this turned out to be a server where I did not have a desktop environment, so xdg-mime was going through all of its DE checks every time. Commenting out the calls to “xprop” fixed it;

Bug#1036308: r-base: R CMD check --as-cran fails for packages with math in help files

Package: r-base Version: 4.3.0-1 Severity: normal Dirk, as recently discussed on the r-pkg-devel list[1], checking a package with using the --as-cran option fails when using R 4.3.0-1 currently sitting in unstable. Please apply the fix proposed by Ivan Kyrilov on the list, or, alternatively,

Bug#1036307: unblock: ufw/0.36.2-1

Package: release.debian.org This has additional information: https://alioth-lists.debian.net/pipermail/piuparts-devel/2023-May/009566.html On May 18, 2023 10:33:36 PM Jamie Strandboge wrote: Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags:

Bug#1036306: unblock: ufw/0.36.2-1

Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package ufw It seems that adduser 3.133 has caused problems for a lot of packages in sid, including ufw. See: https://piuparts.debian.org/sid/fail/adduser_3.133.log

Bug#1035904: dpkg currently warning about merged-usr systems (revisited)

On 19/05/2023 01:33, Luca Boccassi wrote: We heard so much in the past couple of weeks about how important it is for the project not to cause issues for derivatives and cross-compatibility use cases, even speculatively. This is not even speculative, it is certain to cause damage (as we

Bug#1036305: qtpass: Recommends transitional package: pass-extension-otp

Package: qtpass Version: 1.3.2-4 Severity: minor Dear Maintainer, Recommends: pass, pass-extension-otp, pwgen Package: pass-extension-otp Description: transitional package This is a transitional package. It can safely be removed.

Bug#1036304: guix: /etc/profile.d/guix.sh not updated for 1.4.0

Package: guix Version: 1.4.0-3 Severity: important X-Debbugs-Cc: phi...@philipmcgrath.com Dear Maintainer, The /etc/profile.d/guix.sh script was not updated for 1.4.0, or indeed seemingly since it was first added to the Debian package to address #985916. Among other changes upstream, I changed

Bug#1036277: Ship keama - The KEA Migration Assistant

I filed a salsa MR at https://salsa.debian.org/debian/isc-dhcp/-/merge_requests/10 with a patch to include keama as a new binary package here. -- Athos Ribeiro

Bug#932957: #932957 Please migrate Release Notes to reStructuredText

On Thu, 18 May 2023 22:39:11 +0200 Holger Wansing wrote: > I worked on this recently, and I have something like a prototype ready. > It can be found (as html) at > https://people.debian.org/~holgerw/release-notes_sphinx/ I hope the below doesn't come across as negative - it;s not meant to be:

Bug#1036302: free(): double free detected in tcache 2 during history search

Package: bash Version: 5.2.15-2+b2 Severity: normal X-Debbugs-Cc: bugs.debian@wongs.net Dear Maintainer, Using history-search-backward and -forward can cause bash to die with an error: free(): double free detected in tcache 2 Aborted (core dumped) This is easily replicated

Bug#1036245: “Any arguments after the -- are treated as filenames and arguments.” in the bash man page makes no sense the way stated

Thanks! First, if the arguments `-' and `--' are absolutely equivalent, there's no need for parens (which make the stuff inside the parens, well, parenthetic). Second, pay attention to the consistency of the quotation marks, whichever you choose. Therefore: A single argument `--' or `-' stops

Bug#1036301: fetch-crl: purging the package leaves files behind

Package: fetch-crl Version: 3.0.20-1 Severity: normal Hey. When purging the package one gets: Purging configuration files for fetch-crl (3.0.20-1) ... dpkg: warning: while removing fetch-crl, directory '/var/cache/fetch-crl' not empty so not removed dpkg: warning: while removing fetch-crl,

Bug#1036300: Fwd: bullseye-pu: package curl/7.74.0-1.3+deb11u8

Package: release.debian.org Control: affects -1 + src:curl X-Debbugs-Cc: c...@packages.debian.org User: release.debian@packages.debian.org Usertags: pu Tags: bullseye X-Debbugs-Cc: samuel...@debian.org Severity: normal [ Reason ] * Backport upstream patches to fix 5 CVEs: - CVE-2023-27533:

Bug#1023472: Workaround implemented for live images

Hi, Speaking as someone who happen{ed,s} to come across live-build things for unrelated reasons: Roland Clobus (2023-05-18): > I've implemented a workaround for the live images at [1]. > As a result, the xfwm4 desktop manager is now the only desktop manager. This seems to have been merged in

Bug#1036082: linphone: Unable to enable H.264 video codec required for Zoom SIP connections

[Dennis Filder] > If you're behind NAT-ing router like most people then you usually need > some kind of SIP proxy that connects to your ISP's SIP gateway to make > it work. So, if Linphone is not working with your Asterisk server you > need to fix that first somehow. This was on the local

Bug#1036299: unbound: can't bind to 127.0.0.1:53

Package: unbound Version: 1.17.1-2 Severity: important Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation? With our unbound configuration file unbound couldn't start * What exactly did you do (or not do)

Bug#1032400: virt-manager: Windows 11 VM starts to cause system lock-up after upgrading to Bookworm

Package: virt-manager Followup-For: Bug #1032400 It turns out that the issue has nothing to do with virt-manager or qemu but the BIOS of the system that could cause the system to freeze when accessing the TPM[1]. Closing and sorry for the trouble. [1]

Bug#1036293: [Pkg-pascal-devel] Bug#1036293: Bug#1036293: lazarus: LHelp needs CHM files to display online help

On 18/05/2023 22:24, Mike Swanson wrote: On Thu, 2023-05-18 at 22:28 +0200, Abou Al Montacir wrote: Yes these files were removed from the source package. This was intentional not only to remove lintian warning but also to force using doct build during the lazarus build process. You can find

Bug#1036237: Moving my packages to the perl group

hi debian-perl, after years of inactivity i got some new packages going and also had a look at old perl packages which are still "maintained" by me. Some of them have seen various nmu's already, so it makes sense to move them to the debian-perl group. Here are the RFS for those, without the

Bug#1036293: [Pkg-pascal-devel] Bug#1036293: lazarus: LHelp needs CHM files to display online help

On Thu, 2023-05-18 at 22:28 +0200, Abou Al Montacir wrote: > Yes these files were removed from the source package. This was > intentional not only to remove lintian warning but also to force > using doct build during the lazarus build process. > > > You can find them in lazarus-doc-2.2 package.

Bug#1036293: [Pkg-pascal-devel] Bug#1036293: lazarus: LHelp needs CHM files to display online help

On Thu, 2023-05-18 at 12:13 -0700, Mike Swanson wrote: > ... > In order to resolve lintian reports in the Lazarus source package, the > precompiled Windows help files (*.chm format) were removed and the package > reuploaded. Yes these files were removed from the source package. This was

Bug#932957: #932957 Please migrate Release Notes to reStructuredText

[[ debian-devel in CC, to get a wider audience regarding reStructuredText ]] Hi, I worked on this recently, and I have something like a prototype ready. It can be found (as html) at https://people.debian.org/~holgerw/release-notes_sphinx/ while the git repo containing the migration is at

Bug#1036082: linphone: Unable to enable H.264 video codec required for Zoom SIP connections

X-Debbugs-CC: Petter Reinholdtsen On Wed, May 17, 2023 at 08:05:44PM +0200, Petter Reinholdtsen wrote: > [Petter Reinholdtsen] writes: > > Nope. It do not seem to be available in Bullseye. I'll try with a > > Bookworm machine and see if there is greater success there. > > I tested on

Bug#1036298: xen: CVE-2022-42336: XSA-431: Mishandling of guest SSBD selection on AMD hardware

Source: xen Version: 4.17.0+74-g3eac216e6e-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for xen. CVE-2022-42336[0]: | Mishandling of guest SSBD selection on AMD hardware The current logic | to set

Bug#1036123: [pre-approval] unblock: libcap2/1:2.66-4

Hi Christian, On Tue, May 16, 2023 at 11:39:52AM +0200, Christian Kastner wrote: > Control: tags -1 - moreinfo > > On 2023-05-15 22:12, Sebastian Ramacher wrote: > > Please go ahead and remove the moreinfo tag once the package is > > available in unstable. > > Done (this time with the right

Bug#1036279: XSS in RSS syntax

Hi Moritz, Moritz Muehlenhoff wrote: > Severity: grave Thanks for the severity assessment by the security team. I wasn't really sure if this is RC or "just important". I've had a look at the new upstream tar balls, but the diff is unfortunately huge: $ tardiff dokuwiki-2022-07-31{a,b}.tgz -

Bug#1036297: libvirt: CVE-2023-2700

Source: libvirt Version: 9.0.0-3 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Control: fixed -1 9.3.0-1 Hi, The following vulnerability was published for libvirt. CVE-2023-2700[0]: | A vulnerability was found in libvirt. This security flaw

Bug#1036296: wordpress: CVE-2023-2745

Source: wordpress Version: 6.2+dfsg1-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Control: found -1 6.1.1+dfsg1-1 Hi, The following vulnerability was published for wordpress. CVE-2023-2745[0]: | WordPress Core is vulnerable to Directory

Bug#1036182: spyder 4.2.1+dfsg1-3+deb11u2 flagged for acceptance

package release.debian.org tags 1036182 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: spyder Version:

Bug#1035522: debian-security-support 11+2023.05.04 flagged for acceptance

package release.debian.org tags 1035522 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: debian-security-support

Bug#1036245: “Any arguments after the -- are treated as filenames and arguments.” in the bash man page makes no sense the way stated

On Thu, 18 May 2023, 00:57 Al Ma, wrote: > > In the man page for bash we see the line, > > “-- A -- signals the end of options and disables further option > processing. Any arguments after the -- are treated as filenames and > arguments. An argument of - is equivalent to --.” > I suggest the

Bug#1036295: etcd: CVE-2023-32082

Source: etcd Version: 3.4.23-4 Severity: important Tags: security upstream Forwarded: https://github.com/etcd-io/etcd/pull/15656 X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for etcd. CVE-2023-32082[0]: | etcd is a distributed key-value

Bug#1036294: sysstat: CVE-2023-33204

Source: sysstat Version: 12.6.1-1 Severity: important Tags: security upstream Forwarded: https://github.com/sysstat/sysstat/pull/360 X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for sysstat. CVE-2023-33204[0]: | sysstat through 12.7.2

Bug#1035904: dpkg currently warning about merged-usr systems (revisited)

Bastian Blank dijo [Thu, May 18, 2023 at 09:05:44PM +0200]: > But why does the state of the package (native vs non-native) can have > any effect on a CTTE decision? Or do you want to say I can block CTTE > from reaching any kind of decision just by uploading a package as > native? Sorry, but

Bug#1035904: dpkg currently warning about merged-usr systems (revisited)

Am Do., 18. Mai 2023 um 20:39 Uhr schrieb Luca Boccassi : > [...] > We heard so much in the past couple of weeks about how important it is > for the project not to cause issues for derivatives and > cross-compatibility use cases, even speculatively. This is not even > speculative, it is certain to

Bug#1036293: lazarus: LHelp needs CHM files to display online help

Source: lazarus Version: 2.2.6+dfsg2-1 Severity: normal X-Debbugs-Cc: mikeonthecompu...@gmail.com In order to resolve lintian reports in the Lazarus source package, the precompiled Windows help files (*.chm format) were removed and the package reuploaded. However, these files are actually

Bug#1035904: dpkg currently warning about merged-usr systems (revisited)

Hi Gunar On Thu, May 18, 2023 at 12:14:42PM -0600, Gunnar Wolf wrote: > dpkg has many bits that make it special. It has been discussed whethe > dpkg should be a native package or it should become non-native; if it > were non-native, having a patch that contradicts the upstream author's > wishes

Bug#1035654: non-essential adduser poses problems to purging packages

Hi, Quoting Nicolas Dandrimont (2023-05-18 20:51:04) > On Thu, May 18, 2023, at 10:03, Marc Haber wrote: > > adduser probably needs an additional hint because the new upload makes > > piuparts fail now, as discussed yesterday. > To work around this issue on the piuparts side, it sounds like we

Bug#1035654: non-essential adduser poses problems to purging packages

On Thu, May 18, 2023, at 10:03, Marc Haber wrote: > On Thu, May 18, 2023 at 12:24:39AM +0200, Johannes Schauer Marin > Rodrigues wrote: >> Marc, the same offer to you for your recent adduser upload to unstable. > > Yes, please. Thanks for your work. > > adduser probably needs an additional hint

Bug#1035904: dpkg currently warning about merged-usr systems (revisited)

On Thu, 18 May 2023 at 19:27, Ansgar wrote: > > On Thu, 2023-05-18 at 12:14 -0600, Gunnar Wolf wrote: > > Ansgar dijo [Thu, May 18, 2023 at 07:55:03PM +0200]: > > > Why not? > > > > > > Do you think the implications of removing the warning are unclear? > > > > > > Do you think we need to explore

Bug#1036255: python3-onelogin-saml2: FTBFS in testing: AssertionError: "Invalid issuer in the Logout Request" does not match "Could not validate timestamp: expired. Check system clock.)"

On Thu, May 18, 2023 at 09:01:16AM +0200, Lucas Nussbaum wrote: > > == > > FAIL: testIsInvalidIssuer > > (tests.src.OneLogin.saml2_tests.logout_request_test.OneLogin_Saml2_Logout_Request_Test.testIsInvalidIssuer) > > Tests the

Bug#1036021: cadabra2,python3-notebook: undeclared file conflict on /usr/lib/python3/dist-packages/notebook/static/components/codemirror

On Sat, May 13, 2023 at 11:14:38AM +0200, Helmut Grohne wrote: > I noticed a suprising undeclared file conflict. While Andreas' tooling > finds most of these, it missed this one. It's about > /usr/lib/python3/dist-packages/notebook/static/components/codemirror. In > cadabra2, this is a directory.

Bug#1035904: dpkg currently warning about merged-usr systems (revisited)

On Thu, 2023-05-18 at 12:14 -0600, Gunnar Wolf wrote: > Ansgar dijo [Thu, May 18, 2023 at 07:55:03PM +0200]: > > Why not? > > > > Do you think the implications of removing the warning are unclear? > > > > Do you think we need to explore alternative solutions? > > (I am no longer part of the

Bug#1036292: python-sunlight: ROM; deprecated, API is discontinued

Package: ftp.debian.org Severity: normal User: ftp.debian@packages.debian.org Usertags: remove The Sunlight Foundation (very sadly) dissolved a few years back, and the API is now offline. This package is no longer useful and should be removed. -- :wq

Bug#1036291: RM: pyocd -- RoQA; orphaned; outdated; low popcon; RC-buggy

Package: ftp.debian.org Severity: normal User: ftp.debian@packages.debian.org Usertags: remove X-Debbugs-Cc: py...@packages.debian.org Control: affects -1 + src:pyocd Upstream version released in 2018. Orphaned since 2020: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976075 Doesn't work

Bug#1035904: dpkg currently warning about merged-usr systems (revisited)

Ansgar dijo [Thu, May 18, 2023 at 07:55:03PM +0200]: > Why not? > > Do you think the implications of removing the warning are unclear? > > Do you think we need to explore alternative solutions? (I am no longer part of the Committee, answering just as another developer) dpkg has many bits that

Bug#1035904: dpkg currently warning about merged-usr systems (revisited)

Hi, On Thu, 2023-05-18 at 10:48 -0700, Sean Whitton wrote: > On Thu 18 May 2023 at 07:21PM +02, Ansgar wrote: > > > The full freeze is approaching and there has been no progress on > > this > > issue. Does the ctte think a decision before the release is still > > possible? > > Not speaking for

Bug#1035904: dpkg currently warning about merged-usr systems (revisited)

Hello, On Thu 18 May 2023 at 07:21PM +02, Ansgar wrote: > The full freeze is approaching and there has been no progress on this > issue. Does the ctte think a decision before the release is still > possible? Not speaking for the whole ctte, but I don't think that is possible. -- Sean Whitton

Bug#876626: [Xastir] Bug#876626: Xastir loose TCP/IP data afer 12 hours of use

On Thu, May 18, 2023 at 12:30:57AM +0200, MLHPUB wrote: > I come back after too long time, sorry. > After submitting the bug, I could discuss with Tom Russo and Curt Mills > (Xastir developers). > The problem was my configuration picking all reports Worldwide from APRS-IS > up, overloading the

Bug#1036290: Support ~/.config; set ZDOTDIR in zshenv

Package: zsh Version: 5.9-4+b2 Severity: wishlist Hi, what's your opinion about the following patch for /etc/zsh/zshenv? It sets ZDOTDIR to ~/.config/zsh if a Zsh config file exists in this directory. This gives Zsh support for the XDG directory standard.

Bug#1036101: swtpm: FTBFS: Test timeout on mipsel

Control: severity -1 serious I am uploading a NMU to fix this.

Bug#1035904: dpkg currently warning about merged-usr systems (revisited) (was: Re: DEP 17: Improve support for directory aliasing in dpkg)

Hi, On Thu, 2023-05-11 at 00:32 +0200, Ansgar wrote: > On Wed, 2023-05-10 at 23:47 +0200, Ansgar wrote: > > Cool, then let's ask tech-ctte. > > > > Dear ctte, please consider overruling the dpkg maintainer to > > include > > the patch from #994388[1]. > > > > Thanks, > > Ansgar > > > >   [1]:

Bug#1036289: dicomscope: Please do not depend on default jre

Package: dicomscope Version: 3.6.0-25 Severity: normal X-Debbugs-Cc: olivier.caill...@gmail.com Dear Maintainer, dicomscope should be satisfied with any sufficiently recent JRE, not just with default-jre. As an example, I have JRE 17 installed but dicomscope wants me to install JRE 11 (the

Bug#1030320: tango: New version 9.4.1 available

Control: retitle -1 Upstream version 9.4.2-rc2 available On Thu, 02 Feb 2023 21:29:12 +0100 Thomas Braun wrote: > Package: tango > Severity: normal > > We would really like to have 9.4.1 [0] in upcoming debian bookworm > instead of the old 9.3.x. > > I've already tested if our tests pass on

Bug#1023472: Workaround implemented for live images

Hello Holger, LXQt-list, I've implemented a workaround for the live images at [1]. As a result, the xfwm4 desktop manager is now the only desktop manager. The results can be seen in openQA for the live image [2] and netinst daily [3] and RC3 [4]. The daily and the RC3 netinst installer shows

Bug#994395: cups: uses sides=one-sided by default

I can confirm this bug on 2.4.2-3. I am not able to print double sided even if double sided is selected. On Mon, 4 Oct 2021 16:17:07 +0200 Vincent Lefevre wrote: Additional information: On both Debian 10 and Debian unstable, I get $ ipptool -tv ipp://localhost/printers/print-1

Bug#1034951: ktexteditor: diff for NMU version 5.103.0-1.1

Control: tags 1034951 + patch Control: tags 1034951 + pending Dear maintainer, I've prepared an NMU for ktexteditor (versioned as 5.103.0-1.1) and uploaded it to DELAYED/10. Please feel free to tell me if I should delay it longer. kind regards Andreas -- `What a good friend you are to him,

Bug#1036288: blender: cycles renderer does not work

Package: blender Version: 3.4.1+dfsg-2+b1 Severity: important X-Debbugs-Cc: alua...@udc.es Dear Maintainer, while trying to bake some textures I realized that the cycles renderer does not work at all. Steps to reproduce: new file → set renderer to cycles → render → nothing is shown in the

Bug#959187: ITP: ooni-probe-cli -- OONI Probe Command Line Interface)

Hi tous! You have expressed an intent to package (ITP) the ooni-probe-cli package, how far have you gotten there? Do you still plan on working on this? I'll note that upstream seems to have Debian packages for this: https://ooni.org/install/cli/ubuntu-debian It doesn't seem to provide a source

Bug#902928: Cannot bring the grub menu up with Shift key along with GRUB_TIMEOUT_STYLE=hidden with GRUB_TIMEOUT=0

Works fine on my UEFI system. I was needed to do some preparations described here: https://wiki.archlinux.org/title/GRUB/Tips_and_tricks#Hide_GRUB_unless_the_Shift_key_is_held_down

Bug#1025956: u-boot-menu: Allow automatic sync of DTBs when /boot is a separate partition

On 2023-05-18, Christopher Obbard wrote: > On Mon, 12 Dec 2022 15:16:45 +0100 Arnaud Ferraris > wrote: >> It is common practice for /boot to be on a separate partition, requiring DTBs >> to be synced to this partition for u-boot to be able to access them. >> >> This used to be done manually, or

Bug#1021514: Please address in Debian packaging

Hi, as far as I understand this issue is caused by GCC (and LLVM, ...) default behaviour. It seems to me as if creating so called "reproducible builds" is quite involved and comprises setting environment variables as well as additional compiler flags (and

Bug#1036213: apache2: frequent SIGSEGV in mod_http2.so (purge_consumed_buckets)

Could you get me a full backtrace of all threads? > Am 18.05.2023 um 15:04 schrieb Bastien Durel : > > Le 18/05/2023 à 14:41, Stefan Eissing a écrit : >> Did you have an warning message like "AH03516: unexpected NN streams in >> hold" at that time in out error log? > > No (grepping AH03516 in

Bug#1021516: Upstream ssocr version 2.23.1 addresses the man page date issue

Hi, I have just released the upsteam ssocr version 2.23.1 to address the issue of the build date in the man page (by using the latest release date as the man page date). [This ssocr release also adds a bit of information to the man page (i.e., has some documentation improvements). All other

Bug#1036287: O: plait -- command-line jukebox

Package: wnpp plait is obviously not maintained anymore. Therefore, I hereby orphan it. Please only consider adopting if you have the skills and time to maintain it.

Bug#1036286: i2p: [INTL:tr] turkish translation of debconf messages

Package: i2p Version: N/A Severity: wishlist Tags: l10n patch Hello, Find attached the updated Turkish translation of the i2p debconf messages. It has been submitted for review to the debian-l10n-turkish mailing list. Regards, Atila KOÇ --- YASAL UYARI --- # Turkish debconf translation of

Bug#1036285: RM: haskell-doc -- RoQA; orphaned; empty; low popcon

Package: ftp.debian.org User: ftp.debian@packages.debian.org Usertags: remove Severity: normal Please remove the empty package haskell-doc. It is orphaned and has not migrated to bookworm. The package has no reverse dependencies.

Bug#1035522: bullseye-pu: package debian-security-support/1:11+2023.05.04

On Thu, 2023-05-18 at 09:22 +, Holger Levsen wrote: > On Thu, May 18, 2023 at 06:44:18AM +0100, Adam D. Barratt wrote: > > On Thu, 2023-05-18 at 00:44 +, Holger Levsen wrote: > > > debian-security-support (1:11+2023.05.04) bullseye-updates; > > > urgency=medium > > Hmmm. I didn't expect

Bug#1035844: matrix-sydent fails to purge without adduser

On Wed, 17 May 2023 20:22:37 +0200, Johannes Schauer Marin Rodrigues said: > Hi Hubert, Quoting Hubert Chathi (2023-05-17 00:43:00) >> On Tue, 16 May 2023 23:31:16 +0200, Johannes Schauer Marin Rodrigues >> said: > since time is running short, I am going to >> NMU matrix-sydent on Thursday >

Bug#678881: poco-doc: please remove Krzysztof Burghardt as (co-)maintainer

Control: retitle -1 O: poco-doc -- Documentation for POCO - The C++ Portable Components Control: reassign -1 wnpp Nothing happend since this request, so I am orphaning the package now.

Bug#1036284: civicrm: CVE-2023-28115

Source: civicrm X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for snappy, which is bundled by civicrm: CVE-2023-28115[0]: | Snappy is a PHP library allowing thumbnail, snapshot or PDF generation | from a url or a html

Bug#1036283: jruby: CVE-2023-28755 CVE-2023-28756

Source: jruby X-Debbugs-CC: t...@security.debian.org Severity: normal Tags: security Hi, The following vulnerabilities were published for jruby. CVE-2023-28755[0]: | A ReDoS issue was discovered in the URI component through 0.12.0 in | Ruby through 3.2.1. The URI parser mishandles invalid URLs

Bug#1036282: tiff: CVE-2023-2731

Source: tiff X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for tiff. CVE-2023-2731[0]: | A NULL pointer dereference flaw was found in Libtiff's LZWDecode() | function in the libtiff/tif_lzw.c file. This flaw allows a

Bug#1036281: libraw: CVE-2023-1729

Source: libraw X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for libraw. CVE-2023-1729[0]: | A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() | caused by a maliciously crafted file may lead to an

Bug#1036280: openjdk-11: CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968

Source: openjdk-11 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for openjdk-11. CVE-2023-21930[0]: | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition | product of Oracle Java SE (component: JSSE).

Bug#1036279: XSS in RSS syntax

Source: dokuwiki Version: 0.0.20220731.a-1 Severity: grave Tags: security X-Debbugs-Cc: Debian Security Team No CVE yet: https://huntr.dev/bounties/c6119106-1a5c-464c-94dd-ee7c5d0bece0/ https://github.com/dokuwiki/dokuwiki/pull/3967

Bug#1036278: libpodofo: CVE-2023-31566 CVE-2023-31567

Source: libpodofo X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerabilities were published for libpodofo. CVE-2023-31566[0]: | Podofo v0.10.0 was discovered to contain a heap-use-after-free via the | component

Bug#957366: intercal: ftbfs with GCC-10

I am uploading a NMU to fix this.diff -Nru intercal-0.30/buildaux/Makefile.in intercal-0.30/buildaux/Makefile.in --- intercal-0.30/buildaux/Makefile.in 2023-05-18 15:11:21.0 +0200 +++ intercal-0.30/buildaux/Makefile.in 2015-04-02 18:30:18.582992990 +0200 @@ -1699,7 +1699,7 @@

Bug#1036213: apache2: frequent SIGSEGV in mod_http2.so (purge_consumed_buckets)

Le 18/05/2023 à 14:41, Stefan Eissing a écrit : Did you have an warning message like "AH03516: unexpected NN streams in hold" at that time in out error log? No (grepping AH03516 in *.log returns nothing (nor does "streams in hold")) -- Bastien Durel

Bug#1036275: O: bit-babbler -- BitBabbler hardware TRNG and kernel entropy source support

Package: wnpp bit-babbler is obviously not maintained anymore. Therefore, I hereby orphan it. Please only consider adopting if you have the skills and time to maintain it.

Bug#1028631: media-types: rss is associated with application/x-rss+xml instead of application/rss+xml

Hi Charles, Maybe it should be redirected to the members of the RSS Advisory Board, right? I think that I'm not a relevant contact to apply for such a media type. I will not be able to exchange and provide additional information. Also, if the content of etc/mime.types is based on the IANA one[1],

Bug#1036277: isc-dhcp: Ship keama - The KEA Migration Assistant

Package: isc-dhcp Severity: normal Dear Maintainer, Please, consider shipping the keama binary as a standalone package from isc-dhcp. The KEA Migration Assistant (aka keama) is an experimental tool which helps to translate ISC DHCP configurations to Kea [1]. It is maintained within the

Bug#1036276: gthumb: gThumb deletes xattr

Package: gthumb Version: 3:3.12.2-3+b1 Severity: normal Dear Maintainer, gThumb removes already during the tagging of images all extended file attributes attached to the image, so called xattr. You can check this by writing tags with "setfattr" and reading them with "getfattr". Or you can use

Bug#1036274: aplus-fsf: please consider upgrading to 3.0 source format

Source: aplus-fsf Severity: wishlist Version: 4.22.1-10.2 This package is among the few that still use source format 1.0 in bookworm. Please upgrade it to source format 3.0, as this contributes to standardization of packaging practices.

Bug#1036213: apache2: frequent SIGSEGV in mod_http2.so (purge_consumed_buckets)

Did you have an warning message like "AH03516: unexpected NN streams in hold" at that time in out error log? > Am 18.05.2023 um 11:04 schrieb Bastien Durel : > > Hello, > > I ran with /usr/lib/apache2/modules/mod_http2_2.0.15.so & > /usr/lib/apache2/modules/mod_proxy_http2_2.0.15.so since

Bug#1025956: u-boot-menu: Allow automatic sync of DTBs when /boot is a separate partition

Hi Arnaud, [ +cc Vagrant who seems to care about u-boot-menu. ] On Mon, 12 Dec 2022 15:16:45 +0100 Arnaud Ferraris wrote: > Source: u-boot-menu > Version: 4.2.0 > Severity: wishlist > Tags: patch > X-Debbugs-Cc: aferra...@debian.org > > Dear Maintainer, > > It is common practice for /boot to

Bug#1034921: colord-gtk: diff for NMU version 0.3.0-3.1

Control: tags 1034921 + patch Control: tags 1034921 + pending Dear maintainer, I've prepared an NMU for colord-gtk (versioned as 0.3.0-3.1) and uploaded it to DELAYED/10. Please feel free to tell me if I should delay it longer. kind regards Andreas -- `What a good friend you are to him, Dr.

Bug#1036273: unblock: javamail/1.6.5-2

Package: release.debian.org Control: affects -1 + src:javamail X-Debbugs-Cc: javam...@packages.debian.org User: release.debian@packages.debian.org Usertags: unblock Severity: normal Please unblock package javamail. [ Reason ] RC bug #1036206 (FTBFS). [ Impact ] auto-removal of the package.

Bug#1034915: vdr-plugin-xineliboutput: diff for NMU version 2.2.0+git20211212-2.2

Control: tags 1034915 + patch Control: tags 1034915 + pending Dear maintainer, I've prepared an NMU for vdr-plugin-xineliboutput (versioned as 2.2.0+git20211212-2.2) and uploaded it to DELAYED/10. Please feel free to tell me if I should delay it longer. Kind regards Andreas -- `What a good

Bug#1028631: media-types: rss is associated with application/x-rss+xml instead of application/rss+xml

Hi Patrice, maybe you or someone else can register the media type to the IANA based on the expired IETF draft and see if it goes? In any case, we have time as Debian is currently frozen... Have a nice day, -- Charles Plessy Nagahama, Yomitan, Okinawa, Japan Debian Med

Bug#1035795: [Debian-astro-maintainers] Bug#1035795: libricohcamerasdk: does not ship SONAME link /usr/lib//libRicohCameraSDKCpp.so -> libRicohCameraSDKCpp.so.1.1.0

Hi Andreas, On 09.05.23 12:17, Andreas Beckmann wrote: during a test with piuparts I noticed your package does not ship the SONAME link for its library (Policy 8.1). I am a bit at a loss here. If you look at the binary packages, libricocamerasdk contains: -rw-r--r-- root/root   1255128

Bug#1000518: logcheck: separate filtering for apt term.log and or unattended-upgrades-dpkg.log etc?

On Thu, 18 May 2023, 04:45 Paul Wise, wrote: > Thanks for the info and thoughts. > > The idea would do something like your second suggestion; run logcheck > on apt logs separately, but within Debian instead of just on my system. > Perhaps we could also distribute the ignore regexes across

Bug#1035971: linux-image-6.3.0-0-amd64: IRQ warnings from amdgpu Navi 33 / Radeon RX 7700S ...

On Thursday, 18 May 2023 13:19:52 CEST Diederik de Haas wrote: > I _think_ I got the right commit for the 6.3 branch attached. It seems a '>' snuck in the attachment/patch as the very first char, so you may want to remove that. signature.asc Description: This is a digitally signed message part.

Bug#1028631: media-types: rss is associated with application/x-rss+xml instead of application/rss+xml

Hi, I would also like to argue along the same lines on this point. Please, consider: https://www.rssboard.org/rss-mime-type-application.txt https://codesearch.debian.net/search?q=rss%2Bxml=1 https://www.w3.org/wiki/WebIntents/MIME_Types https://en.wikipedia.org/wiki/RSS Thanks, Patrice

Bug#1035971: linux-image-6.3.0-0-amd64: IRQ warnings from amdgpu Navi 33 / Radeon RX 7700S ...

On Thursday, 18 May 2023 12:52:24 CEST David Reviejo wrote: > Seems to be an amdgpu bug introduced two or three kernel releases ago, as > you can see googling around; for example here: > > https://bugzilla.redhat.com/show_bug.cgi?id=2191739 > > or here: > >

Bug#1034931: flex: diff for NMU version 2.6.4-8.2

Control: tags 1034931 + patch Control: tags 1034931 + pending Dear maintainer, I've prepared an NMU for flex (versioned as 2.6.4-8.2) and uploaded it to DELAYED/10. Please feel free to tell me if I should delay it longer. kind regards Andreas -- `What a good friend you are to him, Dr.

Bug#1036272: youtube-dl - Should this be released with Bookworm?

Source: youtube-dl Version: 2021.12.17-2 Severity: serious We have a maintained and uptodate fork of this package in the archive and the release: yt-dlp. Do we really need to release this package in a not so usable state? Hint: transitional packages are supposed to be at the target of a

Bug#1023585: I really hope to use various software packages provided by Debian on the Loongarch architecture

Dear Maintainer: Thank you for reading. Have a nice day！ I'm a developer of loongarch，Loongarch already has an ISO release based on Debian, which is very user-friendly and smooth. I hope to use various software packages provided by Debian on the Loongarch architecture to let more people know

Bug#1035971: linux-image-6.3.0-0-amd64: IRQ warnings from amdgpu Navi 33 / Radeon RX 7700S ...

Hi, Nathan I have similar warnings with the last longterm 6.1.27 image from bookworm, in my case when suspending to RAM. Seems to be an amdgpu bug introduced two or three kernel releases ago, as you can see googling around; for example here: https://bugzilla.redhat.com/show_bug.cgi?id=2191739

Bug#1036271: towitoko: New upstream version

Source: towitoko Version: 2.0.7-9 Severity: wishlist New upstream version available at: https://github.com/cprados/towitoko-linux

  1   2   >