Source: ogmrip
Version: 1.0.1-4
Severity: serious
gpac is unsupportable and thus orphaned and not in stable.
It should be removed, but ogmrip depends on it. From a
quick glance ogmrip also supports mencoder, so possibly
that dependency could simply get removed?
Cheers,
Moritz
Source: ccextractor
Version: 0.94+ds1-3
Severity: serious
gpac is unsupportable, thus orphaned and not in Bookworm. It should
be removed, but ccextractor build depends on it. From a quick glance
is also has some build flags for ffmpeg, so maybe that's an alternative?
Cheers,
Moritz
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: watchc...@packages.debian.org
Control: affects -1 + src:watchcatd
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove watchcatd. It's dead upstream and generally obsolete,
such process supervision is built into systemd
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: sle...@packages.debian.org
Control: affects -1 + src:sleepd
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove sleepd. Upstream development has stopped a long time ago,
and it's orphaned for a decade without an adopter.
On Mon, Jun 17, 2024 at 06:18:40PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Fri, 2024-06-14 at 23:25 +0200, Moritz Muehlenhoff wrote:
> > Attached debdiff fixes three minor security issues. The update
> > has been tested on a Bookworm system. debdi
On Fri, Jun 14, 2024 at 07:30:46AM +0200, Florian Ernst wrote:
> On Thu, Jun 13, 2024 at 08:17:41PM +0200, Moritz Muehlenhoff wrote:
> > Thanks, these look good! Please upload to security-master, I'll take care
> > of the DSA over the weekend.
>
> Thanks for verifyin
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: ram...@packages.debian.org
Control: affects -1 + src:ramond
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove ramond. It's dead upstream, the last maintainer upload
was in 2012 without a new adopter and it's basically
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: bl...@packages.debian.org, iwama...@debian.org
Control: affects -1 + src:bluez
User: release.debian@packages.debian.org
Usertags: pu
Attached debdiff fixes three minor security issues. The update
has been tested on a
Hi Florian,
> Please give those packages an additional check, and feel free to just
> upload them when they indeed meet your requirements, or briefly ping me
> back for me to upload them / possibly apply further changes, whatever
> suits you best.
Thanks, these look good! Please upload to
Package: security-tracker
Severity: wishlist
These days the scopes of CNAs are usually narrow and scoped to a specific
vendor.
We should leverage this for pre-processing incoming data and to reduce toil.
We can do this by extending the "automatic update" job to automatically
annotate CVEs
Hi Florian,
On Mon, Jun 10, 2024 at 08:41:27AM +0200, Florian Ernst wrote:
> Dear Security Team,
>
> On Sat, Jun 01, 2024 at 04:57:53PM +0200, Salvatore Bonaccorso wrote:
> > [...]
> > [0] https://security-tracker.debian.org/tracker/CVE-2024-5564
> >
On Sun, Jun 09, 2024 at 06:23:00PM +0100, Simon McVittie wrote:
> On Sun, 09 Jun 2024 at 17:23:27 +0200, gru...@laposte.net wrote:
> > Please note that ^e gives ê correctly but `A doesn't
>
> Security team:
>
> Based on this information, I don't think this is a regression caused by
> the GLib
Source: debian-security-support
Version: 1:13+2024.05.15
Severity: wishlist
X-Debbugs-Cc: d...@fifthhorseman.net
Security support for libreswan in Bullseye is EOLed, the recent
security fixes for CVE-2023-38710 are too intrusive/risky to
backport (also see
On Tue, May 28, 2024 at 05:33:32PM -0400, Jeremy Bícha wrote:
> Control: forwarded -1 https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688
>
> On Tue, May 28, 2024 at 5:24 PM Moritz Mühlenhoff wrote:
> > CVE-2024-36472[0]:
> > | In GNOME Shell through 45.7, a portal helper can be launched
>
On Tue, May 28, 2024 at 09:06:51AM +0200, Thomas Goirand wrote:
> On 5/22/24 17:08, Moritz Mühlenhoff wrote:
> > The following vulnerability was published for python-pymysql.
> >
> > We should also fix this in a DSA, could you prepare debdiffs for
> > bookworm-security and bullseye-security?
> >
On Fri, May 24, 2024 at 11:42:38AM -0400, Louis-Philippe Véronneau wrote:
> On Fri, 24 May 2024 16:53:28 +0200 =?UTF-8?Q?Moritz_M=C3=BChlenhoff?=
> wrote:
> > Source: clojure
> > X-Debbugs-CC: t...@security.debian.org
> > Severity: important
> > Tags: security
> >
> > Hi,
> >
> > The following
On Wed, May 22, 2024 at 02:42:58PM -0300, Leandro Cunha wrote:
> Hi everyone,
>
> On Wed, May 22, 2024 at 12:39 PM Moritz Mühlenhoff wrote:
> >
> > Am Wed, Mar 06, 2024 at 06:39:01AM -0300 schrieb Leandro Cunha:
> > > Hi Christoph Berg,
> > >
> > > On Wed, Mar 6, 2024 at 5:42 AM Christoph Berg
Source: debian-security-support
Version: 1:13+2024.01.30
Severity: wishlist
X-Debbugs-Cc: gennaro.ol...@gmail.com
Security support for slurm-wlm in Bullseye is EOLed, the recent
changes were too intrusive too meaningfully backport.
On Wed, May 01, 2024 at 06:29:29PM +0100, Adam D. Barratt wrote:
> On Wed, 2024-05-01 at 13:02 +0200, Moritz Muehlenhoff wrote:
> > Please remove salt in the next Bullseye point release.
> > It was already removed frm unstable for being unsupportable
> > and unmaintained (htt
Source: debian-security-support
Version: 1:13+2024.01.30
Severity: wishlist
X-Debbugs-Cc: z...@debian.org
Please mark pdns-recursor as EOL/no longer covered by security support
in Bullseye. These packages can still be used for select use cases
(internal resolver within a company network), but 4.4
Package: release.debian.org
Severity: normal
X-Debbugs-Cc: s...@packages.debian.org
Control: affects -1 + src:salt
User: release.debian@packages.debian.org
Usertags: rm
Please remove salt in the next Bullseye point release.
It was already removed frm unstable for being unsupportable
and
On Thu, Apr 25, 2024 at 08:37:14AM +0200, Chris Hofstaedtler wrote:
> Hi Moritz,
>
> could we once again use the upstream release for stable?
> debdiff 4.8.7-1 -> 4.8.8-1 is attached.
Ack. Following the 4.8 releases has served us well. debdiff looks fine,
please build with -sa and upload to
On Sun, Apr 21, 2024 at 07:35:43PM +, Victor Seva wrote:
> Hi,
>
>
> I've just uploaded sngrep 1.8.1-1 to sid and prepared 1.6.0-1+deb12u1 for
> bookworms-security [0].
>
> Attached debdiff file.
>
> Waiting for you reply,
> Victor
>
> [0]
>
On Thu, Apr 18, 2024 at 02:40:41PM +0200, Moritz Schlarb wrote:
> Dear Salvatore,
>
> I've prepared, built, tested and uploaded fixed versions for bullseye
> (2.4.9.4-0+deb11u4), bookworm (2.4.12.3-2+deb12u1) and trixie (2.4.15.7-1).
>
> Would you like to issue a DSA for them or is it enough
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: libtomm...@packages.debian.org
Control: affects -1 + src:libtommath
Addresses CVE-2023-36328, debdiff below. Acked by Dominique before.
Cheers,
Moritz
diff
On Fri, Apr 05, 2024 at 08:16:43AM +0400, Yadd wrote:
> On 4/4/24 22:51, Moritz Mühlenhoff wrote:
> > Source: apache2
> > X-Debbugs-CC: t...@security.debian.org
> > Severity: grave
> > Tags: security
> >
> > Hi,
> >
> > The following vulnerabilities were published for apache2.
> >
> >
On Thu, Apr 04, 2024 at 05:54:51AM +0200, Salvatore Bonaccorso wrote:
> Hi Marco,
>
> [CC'ing security team]
>
> On Mon, Apr 01, 2024 at 04:25:05PM +0200, Marco d'Itri wrote:
> > Control: found -1 5.0.0-1
> > Control: fixed -1 7.4.2
> >
> > On Nov 17, Salvatore Bonaccorso wrote:
> >
> > >
Hi Adrian,
> >...
> > > debdiffs contain only changes to debian/
> >
> > The bookworm/bullseye debdiffs looks good, please upload to
> > security-master, thanks!
>
> both are now uploaded.
DSA has been released, thanks!
> > Note that both need -sa, but dak needs some special attention when
>
On Thu, Mar 21, 2024 at 09:33:51PM +0100, Andreas Rönnquist wrote:
> On Fri, 10 Mar 2023 18:04:23 +0100 =?UTF-8?Q?Moritz_M=C3=BChlenhoff?=
> wrote:
> > Source: allegro4.4
> > X-Debbugs-CC: t...@security.debian.org
> > Severity: important
> > Tags: security
> >
> > Hi,
> >
> > The following
On Fri, Feb 23, 2024 at 10:13:53PM +0100, Hilmar Preuße wrote:
> On 23.02.24 16:31, Moritz Mühlenhoff wrote:
>
> Hello Moritz,
>
> > The following vulnerability was published for texlive-bin.
> >
> > CVE-2024-25262[0]:
> > | texlive-bin commit c515e was discovered to contain heap buffer
> > |
On Wed, Feb 21, 2024 at 04:15:17PM +0100, Matthias Klumpp wrote:
> I'd read the "unaffected at 1.2.7" as version 1.2.7 and higher not
> having the bug... But then again, on another page it said that the
> respective patch only lowered the impact...
> I remember merging that patch, and it was a
On Tue, Feb 20, 2024 at 10:11:35PM +0100, Matthias Klumpp wrote:
> The CVE page lists that commit as "patch" now, and given that emitting
> a finished transaction as finished multiple times could indeed cause
> issues (and use-after-free issues potentially as well), I am inclined
> to think that
On Mon, Feb 12, 2024 at 06:16:48PM +, Jonathan Wiltshire wrote:
> On Mon, Feb 12, 2024 at 09:24:47AM +, Holger Levsen wrote:
> > hi,
> >
> > On Sun, Feb 11, 2024 at 09:44:18PM +, Jonathan Wiltshire wrote:
> > > Requested by security team. Not in stable or testing.
> >
> > once this
On Fri, Feb 09, 2024 at 04:40:31PM +0100, Thorsten Alteholz wrote:
> Hi Moritz,
>
> thanks for the bug. Upstream knows about the issue and already fixed it [1]
> + [2].
Thanks. I think the real worl impact is pretty negligible, it's enough to land
a fix for the next release, but not for released
On Fri, Jan 26, 2024 at 08:48:47PM +0100, Santiago Vila wrote:
> severity 1061543 important
> found 1061543 2.2.12-1
> found 1061543 2.2.12-4+deb12u2
> thanks
>
> El 26/1/24 a las 8:52, Moritz Mühlenhoff escribió:
> > Source: indent
> > X-Debbugs-CC: t...@security.debian.org
> > Severity: normal
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: un...@packages.debian.org
Control: affects -1 + src:unadf
Addresses two no-dsa security issues, same fix already rolled out
for Bookworm. Debdiff below.
Cheers,
On Mon, Jan 15, 2024 at 09:10:57PM +0100, Salvatore Bonaccorso wrote:
> Hi Moritz,
>
> On Mon, Jan 15, 2024 at 08:49:04PM +0100, Moritz Muehlenhoff wrote:
> > Source: rust-tracing
> > Version: 0.1.37-1
> > Severity: important
> > Tags: security
>
Source: rust-tracing
Version: 0.1.37-1
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team
https://rustsec.org/advisories/RUSTSEC-2023-0078.html
https://github.com/tokio-rs/tracing/pull/2765
Fixed by:
Source: gtkwave
Version: 3.3.116-1
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team
A very thorough security audit of gtkwave unveiled a total of 82 security
issues in gtkwave, all fixed in 3.3.118:
CVE-2023-32650 CVE-2023-34087 CVE-2023-34436 CVE-2023-35004
CVE-2023-35057
On Mon, Dec 25, 2023 at 10:32:41AM +0100, Tobias Frost wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: hapr...@packages.debian.org
> X-Debbugs-Cc: t...@security.debian.org
> Control: affects -1 +
al:
> >> > Le jeu. 21 déc. 2023 à 10:54, Moritz Muehlenhoff a
> >> écrit :
> >> >
> >> > > On Thu, Dec 21, 2023 at 06:43:35AM +0100, Salvatore Bonaccorso wrote:
> >> > > > Hi,
> >> > > >
> >> > > > [CC'
On Fri, Dec 22, 2023 at 10:28:42AM +0100, Samuel Thibault wrote:
> Control: severity -1 wishlist
>
> Hello,
>
> Moritz Mühlenhoff, le ven. 22 déc. 2023 10:03:28 +0100, a ecrit:
> > CVE-2023-49287[0]:
> > | TinyDir is a lightweight C directory and file reader. Buffer
> > | overflows in the
On Thu, Dec 21, 2023 at 06:43:35AM +0100, Salvatore Bonaccorso wrote:
> Hi,
>
> [CC'ing node-undici uploader]
> > >> Ack, let's do that. Could you prepare bookworm-security updates
> > >> based on 18.17.0 (after it has landed in unstable)?
> > >
> > nodejs 18.19.0 has landed in testing.
> > It
On Wed, Dec 20, 2023 at 11:43:11AM +0900, Mike Hommey wrote:
> Version: 2:3.95-1
>
> On Tue, Dec 19, 2023 at 10:21:27PM +0100, Moritz Mühlenhoff wrote:
> > Source: nss
> > X-Debbugs-CC: t...@security.debian.org
> > Severity: grave
> > Tags: security
> >
> > Hi,
> >
> > The following
On Fri, Dec 15, 2023 at 10:39:04AM +0200, Adrian Bunk wrote:
> > That is a good point. However, I consider full coverage of security support
> > for stable to be an improvement over the current situation. Explicitly
> > stating that security support is not shipped for oldstable does not do any
> >
Hi Simon,
> Unless the security team have reasons to want this to be treated as
> urgent, I would suggest that instead of rushing to apply Ubuntu's
> solution, we should see what happens upstream, and then follow that in
> Debian when the dust has settled.
Agreed, this isn't an issue we need to
Source: debian-security-support
Version: 1:13+2023.09.27
Severity: wishlist
Hashicorp changed the license of Consul and MPLed patches are onky
provided until Dec 31. As such, it has been removed from unstable
and needs to be EOLed for bullseye (removal from bullseye isn't
simple, it would require
On Mon, Dec 04, 2023 at 09:13:41AM +, Holger Levsen wrote:
> Hi Salvatore,
>
> thanks for your continous work on Debian security!
>
> On Sun, Dec 03, 2023 at 08:03:05PM +, Debian Bug Tracking System wrote:
> > > clone -1 -2 -3
> > Bug #1057315 [src:tiles] tiles: CVE-2023-49735
> > Bug
Salvatore Bonaccorso wrote:
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> The project is dead-upstream TTBOMK, so not sure if/what we can do at
> all for this issue. Removal seems not possible as per:
On Thu, Nov 30, 2023 at 11:26:00PM +1100, Dmitry Smirnov wrote:
> On Monday, 30 October 2023 10:16:07 PM AEDT Moritz Muehlenhoff wrote:
> > Please remove consul. Hashicorp changed the license for Consul
> > to the BSL and they will only provide security fixes for the
> > MP
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: un...@packages.debian.org
Control: affects -1 + src:unadf
Fixes two minor security issues. These have actually been in
past releases (wheezy/jessie), but the patch
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: golang-github-go-macaron-bind...@packages.debian.org
Control: affects -1 + src:golang-github-go-macaron-bindata
Please remove golang-github-go-macaron-bindata. The version in the
On Tue, Oct 31, 2023 at 10:29:55AM +0100, Bernd Zeimetz wrote:
>
> Both uploaded!
DSA has been released, thanks!
Cheers,
Moritz
On Mon, Oct 30, 2023 at 07:09:53PM +0100, Bernd Zeimetz wrote:
> Hi Moritz,
>
> as usual, stable/oldstable updates prepared, diffs are attached to this
> mail as salsa seems to have some issues right now.
>
> https://salsa.debian.org/vmware-packaging-team/pkg-open-vm-tools/ -
> bookworm/bullseye
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: con...@packages.debian.org
Control: affects -1 + src:consul
Please remove consul. Hashicorp changed the license for Consul
to the BSL and they will only provide security fixes for the
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: rest...@packages.debian.org
Control: affects -1 + src:restbed
Please remove restbed. The last maintainer upload was in 2017,
it FTBFS since 3.5 years and there are no reverse
On Wed, Sep 20, 2023 at 09:16:28AM +, Holger Levsen wrote:
> control: tags + pending
> thanks
>
> On Tue, Sep 19, 2023 at 11:17:55PM +0200, Moritz Muehlenhoff wrote:
> > Hashicorp changed the license for Consul to the BSL and they will only
> > provide security fix
Source: debian-security-support
Severity: normal
Hashicorp changed the license for Consul to the BSL and they will only
provide security fixes for the MPLed version until end of the year, as
such Consul should be marked as EOLed for Bullseye in Debian.
Ideally we'd just remove it in the Bullseye
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: q...@packages.debian.org, m...@tls.msk.ru
Control: affects -1 + src:qemu
Various low severity security issues in qemu, debdiff below.
I've tested this on a Bullseye
On Mon, Sep 18, 2023 at 07:27:24AM +0200, Salvatore Bonaccorso wrote:
> Moritz is taking care of releasing the DSA.
Indeed, all builds are in, I'll release tonight.
Cheers,
Moritz
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: consu...@packages.debian.org
Control: affects -1 + src:consulfs
Please remove consulfs. It hasn't seen update for 2.5 years, missed Bookworm
and depends on Consul, which is about to be
Source: kino
Version: 1.3.4+dfsg0-1.1
Severity: serious
Your package came up as a candidate for removal from Debian:
- Dead upstream for a decade
- FTBFS with ffmpeg 5 since 1.5 years (Debian is at ffmpeg 6 by now)
- Depends on various legacy libs (GTK2, Glade)
If you disagree and want to
On Sun, Sep 10, 2023 at 07:13:37AM +, Bastien Roucariès wrote:
> Le dimanche 10 septembre 2023, 05:44:02 UTC Rene Engelhard a écrit :
> > severity 1051474 important
> >
> > thanks
> >
> > Hi,
> >
> > Am 08.09.23 um 19:19 schrieb Bastien Roucariès:
> > > Source: libreoffice
> > > Severity:
On Thu, Sep 07, 2023 at 11:43:27AM +0200, Bernd Zeimetz wrote:
> Hi Moritz,
>
> > Ack, that's perfectly fine!
> >
>
> Thanks!
>
> Here are the current diffs:
>
> bullseye:
>
On Wed, Sep 06, 2023 at 08:11:17PM +0200, Bernd Zeimetz wrote:
> Hi security team,
>
> I'm preparing security uploads for bookworm-security and buster-security
> for
>
> > CVE-2023-20900[0]:
> > | VMware Tools contains a SAML token signature bypass vulnerability. A
> > | malicious actor with
On Tue, Sep 05, 2023 at 04:04:27AM +0900, YOKOTA Hiroshi wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: 7...@packages.debian.org, yokota.h...@gmail.com,
> b...@debian.org,
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
Needs to be removed alongside with nomad.
Cheers,
Moritz
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
Hashicorp switched to the non-free BSL and security fixes will
only be made available until December 31 2023, so we should
remove it with the Bullseye 11.8 point release:
Source: pyparsing
Version: 3.1.0-1
Severity: important
pyparsing 3.1.0 introduced a regression which breaks src:cumin (#1042262),
this has been reported at https://github.com/pyparsing/pyparsing/issues/502
and was fixed in 3.1.1.
Cheers,
Moritz
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove fnfx, this is an addon package for 20 year old laptops,
long dead upstream like the laptops it originally supported.
Cheers,
Moritz
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: el...@packages.debian.org
Control: affects -1 + src:elida
Please remove elida, it's obsolete, unused and without an adopter for years.
Upstream is also gone, the former maintainer was
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove digitools. It's obsolete (it's for a barebone system
released 20 years ago), dead upstream and unmaintained (last upload
in 2008).
Cheers,
Moritz
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: netkit-...@packages.debian.org
Control: affects -1 + src:netkit-rsh
Please remove netkit-rsh. It's obsolete, dead upstream and has open security
issues.
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: no...@packages.debian.org
Control: affects -1 + src:nomad
Please remove nomad. The version in sid is really outdated, FTBFSes since two
years, has plenty
of open security issues and
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: test...@packages.debian.org, d...@debian.org,
vladimir.pe...@canonical.com
Control: affects -1 + src:testng7
We need to introduce a backport of testng7 in the
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: asmto...@packages.debian.org, ebo...@apache.org
Control: affects -1 + src:asmtools
We need to introduce a backport of asmtools in the version found in bookworm
to
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: crtmpser...@packages.debian.org
Control: affects -1 + src:crtmpserver
Please remove crtmpserver. It's RC-buggy and dropped from testing for over
three years no (and missed two stable
On Tue, Jul 04, 2023 at 03:17:43PM -0400, Roberto C. Sánchez wrote:
> On Fri, Jun 16, 2023 at 10:12:22PM +0200, Moritz Muehlenhoff wrote:
> > On Fri, Jun 16, 2023 at 01:29:28PM -0400, Roberto C. Sánchez wrote:
> > > On Wed, May 17, 2023 at 10:50:34AM +0200, Moritz
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: rtppr...@packages.debian.org
Control: affects -1 + src:rtpproxy
Please remove rtpproxy. The last maintainer upload was in 2014, it's RC-buggy
(FTBFS with GCC 10) and dropped from
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: apf-firew...@packages.debian.org
Control: affects -1 + src:apf-firewall
Please remove apf-firewall. Removal was already hinted at in the original
orphan bug from 2016 and at this point
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: kis...@packages.debian.org
Control: affects -1 + src:kismet
Pleae remove kismet. It's unmaintained (last maintainer upload in 2016), is
removed from
testing for over three years and
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: gsm0710m...@packages.debian.org
Control: affects -1 + src:gsm0710muxd
Please remove gsm0710muxd. It's been orphaned since nine years and removal was
already suggested in the original
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: masqm...@packages.debian.org
Control: affects -1 + src:masqmail
Please remove masqmail. It's dead upstream, orphaned without an adopter
since 2015 and RC-buggy (dropped from testing
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: ma...@packages.debian.org
Control: affects -1 + src:mason
Please remove mason, it's orphaned without an adopter since 2018, upstream
is dead upstream (vanished off the internet) and it
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: p...@packages.debian.org
Control: affects -1 + src:pads
Please move pads. It's dead upstream, orphaned without a new maintainer since
2015
and depends on the legacy PCRE.
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: free...@packages.debian.org
Control: affects -1 + src:freelan
Please remove freelan. It's orphaned without an adopter since five years
and FTBFS since almost two years due to a lack of
Package: security-tracker
Severity: wishlist
"unimportant" issues don't have security impact, but currently they get shown
as "vulnerable" in red, both in a package overview page, e.g.
https://security-tracker.debian.org/tracker/source-package/c-ares and
CVE-specific pages, e.g.
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: mailaven...@packages.debian.org
Control: affects -1 + src:mailavenger
Please remove mailavenger. It hasn't seen an upload since four years,
is RC-buggy since years (e.g. FTBFSes since
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: dm...@packages.debian.org
Control: affects -1 + src:dmtcp
Please remove dmtcp. It's RC-buggy for a long time, there was only
a single upload by the new maitainer in 2019 and never made
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: git-notif...@packages.debian.org
Control: affects -1 + src:git-notifier
Please remove git-notifier. It hasn't seen an upload since 2015, missed
two stable releases and is one of the
On Fri, Jun 16, 2023 at 01:29:28PM -0400, Roberto C. Sánchez wrote:
> On Wed, May 17, 2023 at 10:50:34AM +0200, Moritz Muehlenhoff wrote:
> >
> > My take would be to mark it as unsupported after the trixie development
> > cycle
> > has started (this flags awareness,
On Wed, Jun 07, 2023 at 01:43:26PM +0530, Utkarsh Gupta wrote:
> Hi Chris,
>
> On Wed, Jun 7, 2023 at 12:56 PM Salvatore Bonaccorso
> wrote:
> > Can you please have a look, as this seems to be caused by the DLA
> > issued as DLA-3447-1.
>
> This has been caused by the ruby2.5 update.
It's
On Sun, Jun 04, 2023 at 12:06:01PM -0400, Andres Salomon wrote:
> Hi Security Team,
>
> Looking at https://security.debian.org/debian-security/pool/main/c/chromium/
> , I see that chromium-l10n built for bookworm (deb12u1) but not for bullseye
> (deb11u1). I'm guessing that the arch:all build was
On Wed, May 31, 2023 at 09:28:02AM +0300, Timo Aaltonen wrote:
> Moritz Muehlenhoff kirjoitti 3.5.2023 klo 20.44:
> > Source: libdmx
> > Version: 1:1.1.4-2
> > Severity: serious
> >
> > The Xorg folks mentioned at
> > https://www.openwall.com/lists/oss-se
On Fri, May 26, 2023 at 12:10:18AM +0200, Markus Koschany wrote:
> First of all trapperkeeper-webserver-jetty9-clojure should add a build-
> dependency on logback to detect such regressions in advance.
>
> #1036250 is mainly a logback problem, not a tomcat problem. I still would like
> to hear
Package: elinks
Version: 0.13.2-1+b4
Severity: minor
It seems recent uploads in experimental switched to
https://github.com/rkd77/elinks/
as upstream, so please update the Homepage: header so that can be linked in the
PTS.
Cheers,
Moritz
Source: dokuwiki
Version: 0.0.20220731.a-1
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team
No CVE yet:
https://huntr.dev/bounties/c6119106-1a5c-464c-94dd-ee7c5d0bece0/
https://github.com/dokuwiki/dokuwiki/pull/3967
On Fri, May 12, 2023 at 08:58:01AM +, Holger Levsen wrote:
> On Fri, May 12, 2023 at 10:08:52AM +0200, Raphael Hertzog wrote:
> > > ISC is not longer maintaing any of the components of isc-dhcp (client,
> > > I propose to mark it as unsupported. Or at least, limited, if we still
> > > have
On Wed, May 10, 2023 at 11:35:14AM +0200, Cyril Brulebois wrote:
> Hallo Moritz,
>
> And thanks for the report…
>
> Moritz Mühlenhoff (2023-05-10):
> > Moritz Muehlenhoff wrote:
> > > call. $MENU is set to '/usr/bin/main-menu' and in fact running
> > >
&
Package: installation-reports
Severity: normal
Boot method: network
Image version: netboot daily from 2023-05-09
Date: 2023-05-10
I've successfully tested the Bookworm installer on a few Dell PowerEdge servers
(with rc1, rc2
and dailies) and it's working fine on baremetal using the netboot
1 - 100 of 7409 matches
Mail list logo