Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: codeh...@debian.org
As outlined in the orphaning bug (994986), the centreon-* packages
are no longer being maintained. centreon-clib was left in unstable
because it (initially) built OK without needing extra work. Other
centreon-* packages hav
Source: cimg
Version: 3.0.2+dfsg-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for cimg.
CVE-2022-1325[0]:
| A flaw was found in Clmg, where with the help of a maliciously crafted
| pandore or
Source: jpegqs
Version: 1.20210408-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for jpegqs.
CVE-2022-35434[0]:
| jpeg-quantsmooth before commit 8879454 contained a floating point
| exception
Source: ring
Version: 20210112.2.b757bac~ds1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for ring STUN support.
CVE-2022-31031[0]:
| PJSIP is a free and open source multimedia communication
Source: asterisk
Version: 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for asterisk STUN support.
CVE-2022-31031[0]:
| PJSIP is a free and open source mul
pendencies to see if isotpsend support can be provided inside
autopkgtest. If that fails, the upstream tests will need to be confined
to Salsa and autopkgtests limited only to autopkgtest-pkg-python.
https://salsa.debian.org/pkg-security-team/scapy/-/commit/59a4c0e2ed8c24cf5a3d4412cecdd5086a5b0395
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: codeh...@debian.org
xprobe is an old package with no upstream development - the old SF page
links to a Wiki, other links in d.copyright go to 404.
The current RC bug can be fixed but the package no longer works in a
useful manner. xprobe is u
On Fri, 5 Aug 2022 11:22:30 +0200
=?UTF-8?Q?IOhannes_m_zm=c3=b6lnig_=28Debian_GNU=7cLinux=29?=
wrote:
> On Fri, 05 Aug 2022 09:41:46 +0100 Neil Williams
> wrote:
> > The following vulnerability was published for v4l2loopback (and is
> > not included in the recent v0.12.7 git
On Mon, 1 Aug 2022 18:25:04 +0200 Sylvestre Ledru wrote:
> Hello,
>
> Le 05/07/2022 à 11:19, Neil Williams a écrit :
> > Source: scilab
> > Version: 6.1.1+dfsg2-3
> > Severity: important
> > Tags: security
> > X-Debbugs-Cc: codeh...@debian.org,
Source: v4l2loopback
Version: 0.12.7-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for v4l2loopback (and is not
included in the recent v0.12.7 git tag).
CVE-2022-2652[0]:
| Depending on the wa
onstant<_Tp, __v>::value' 71 |
> template |
>^ /usr/include/c++/10/type_traits:59:29: note:
> 'constexpr const _Tp value' previously declared here 59 |
> static constexpr _Tp value = __v; | ^
>
> Andreas
--
Neil Will
Source: milkytracker
Version: 1.03.00+dfsg-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for milkytracker.
CVE-2022-34927[0]:
| MilkyTracker v1.03.00 was discovered to contain a stack overflow
solete field Name from debian/upstream/metadata
> .
>[ Ole Streicher ]
>* Switch build depends on libnetpbm10-dev to libnetpbm-dev
> (Closes: #1003165)
1003165 is the wrong bug number and a different package. The B-D bug in
astrometry.net is 1016400.
https://bugs.debian.org
On Tue, 5 Jul 2022 11:58:12 +0200
Sebastiaan Couwenberg wrote:
> On 7/5/22 11:14, Neil Williams wrote:
> > CVE-2022-30045[0]:
> > | An issue was discovered in libezxml.a in ezXML 0.8.6. The function
> > | ezxml_decode() performs incorrect memory handling while parsing
&g
Source: scilab
Version: 6.1.1+dfsg2-3
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for scilab.
CVE-2022-30045[0]:
| An issue was discovered in libezxml.a in ezXML 0.8.6. The function
| ezxml_decode() pe
Source: navit
Version: 0.5.0+dfsg.1-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for navit.
CVE-2022-30045[0]:
| An issue was discovered in libezxml.a in ezXML 0.8.6. The function
| ezxml_decode() per
Source: mapcache
Version: 1.12.1-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for mapcache.
CVE-2022-30045[0]:
| An issue was discovered in libezxml.a in ezXML 0.8.6. The function
| ezxml_decode() per
Source: passportjs
Version: 0.5.2+~1.0.0-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for passportjs.
CVE-2022-25896[0]:
| This affects the package passport before 0.6.0. When a user logs in or
| logs
not ideal and it is a
lot of work but it may be necessary to have libavcodec4-dev and
libavcodec-dev with a new source package ffmpeg4 alongside ffmpeg.
>
> Thank you,
> -Steve
>
> [1] https://mail.kde.org/pipermail/digikam-users/2022-July/033796.html
>
--
Neil Williams
=
https://linux.codehelp.co.uk/
pgpbx_gmG9Uix.pgp
Description: OpenPGP digital signature
Source: rails
Version: 2:6.1.4.6+dfsg-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for rails.
CVE-2022-22577[0]:
| An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that
| could allow
Source: rails
Version: 2:6.1.4.6+dfsg-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for rails.
CVE-2022-21831[0]:
| A code injection vulnerability exists in the Active Storage >=
| v5.2.0 that
Source: smarty3
Version: 3.1.39-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for smarty3.
CVE-2022-29221[0]:
| Smarty is a template engine for PHP, facilitating the separation of
| presentati
Source: smarty4
Version: 4.1.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for smarty4.
CVE-2022-29221[0]:
| Smarty is a template engine for PHP, facilitating the separation of
| presentati
Source: pyjwt
Version: 2.3.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for pyjwt.
CVE-2022-29217[0]:
| PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple
| different JWT
Source: golang-github-hashicorp-go-getter
Version: 1.4.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for
golang-github-hashicorp-go-getter.
CVE-2022-26945[0]:
| HashiCorp go-getter befor
Source: golang-github-tidwall-gjson
Version: 1.6.7-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for golang-github-tidwall-gjson.
CVE-2021-42248[0]:
| GJSON <= 1.9.2 allows attackers to cause
Source: snowflake
Version: 1.1.0-2
Severity: grave
Tags: security
Justification: user security hole
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for snowflake.
CVE-2022-29222[0]:
| Pion DTLS is a Go implementation of Datagram Transport L
Source: snowflake
Version: 1.1.0-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for snowflake, via the
github.com/pion/dtls/v2 package included into debian/vendor/
CVE-2022-29189[0]:
| Pion DTLS is a
Source: node-formidable
Version: 3.2.3+20220426git971e3a7+~cs4.0.8-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-formidable.
CVE-2022-29622[0]:
| An arbitrary file upload vulnerability in form
Source: golang-gopkg-yaml.v3
Version: 3.0.0~git20200121.a6ecf24-3
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for golang-gopkg-yaml.v3-dev.
CVE-2022-28948[0]:
| An issue in the Unmarshal function in Go
Package: texlive-binaries
Version: 2022.20220321.62855-1
Severity: important
File: /usr/bin/pdftosrc
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
texlive-binaries in unstable, experimental and bookworm embeds
xpdfreader 4.03 and the code is exposed via the pdftosrc bina
Source: dokuwiki
Version: 0.0.20200729-0.1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for dokuwiki.
CVE-2022-28919[0]:
| HTMLCreator release_stable_2020-07-29 was discovered to contain a
| cross-site
Source: apscheduler
Version: 3.8.1-1
Severity: normal
X-Debbugs-Cc: codeh...@debian.org
Other packages using python3-apscheduler as a dependency have to work
around an error in the apscheduler packaging:
/usr/lib/python3/dist-packages/APScheduler-0.0.0.egg-info/PKG-INFO
Please fix the package so
Source: uclibc
Version: 1.0.35-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for uclibc.
CVE-2021-27419[0]:
| uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-
| around in functions ma
Package: libsdl2-ttf-dev
Version: 2.0.18+dfsg-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libsdl2-ttf.
CVE-2022-27470[0]:
| SDL_ttf v2.0.18 and below was discovered to contain an arbitrary
| memo
Source: libgoogle-gson-java
Version: 2.8.8-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libgoogle-gson-java.
CVE-2022-25647[0]:
| The package com.google.code.gson:gson before 2.8.9 are vulnerable
Source: ruby-xmlhash
Version: 1.3.6-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for ruby-xmlhash.
CVE-2022-21949[0]:
| A Improper Restriction of XML External Entity Reference vulnerability
| in SUSE
Source: ecdsautils
Version: 0.3.2+git20151018-2
Severity: wishlist
Tags: upstream
X-Debbugs-Cc: codeh...@debian.org
Hi,
I was checking new CVEs and noticed that ecdsautils uses an old fork of
the upstream project at https://github.com/tcatm/ecdsautils . This site
has since moved to https://github
Source: google-oauth-client-java
Version: 1.28.0-2
Severity: grave
Tags: security
Justification: user security hole
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for google-oauth-client-java.
CVE-2021-22573[0]:
| The vulnerability is that
any real-world usage of
cctbx was manageable on any current RISCV64 hardware.
> cctbx seems to build fine on riscv64 now. Can it be
> re-enabled?
Probably, yes. I won't have time to do an upload soon though.
If someone else has time to do it as a team upload, go ahead.
--
Neil Williams
Source: node-ejs
Version: 3.1.6-3
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-ejs.
CVE-2022-29078[0]:
| The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js
| allows server-si
Source: horizon-eda
Version: 2.2.0-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for horizon-eda.
CVE-2021-21897[0]:
| A code execution vulnerability exists in the
| DL_Dxf::handleLWPolylineData functi
Source: librecad
Version: 2.1.3-3
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for librecad.
CVE-2021-21897[0]:
| A code execution vulnerability exists in the
| DL_Dxf::handleLWPolylineData functionalit
Source: cloudcompare
Version: 2.11.3-5
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for cloudcompare.
CVE-2021-21897[0]:
| A code execution vulnerability exists in the
| DL_Dxf::handleLWPolylineData fun
Source: libowasp-esapi-java
Version: 2.2.3.1-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for libowasp-esapi-java.
CVE-2022-24891[0]:
| ESAPI (The OWASP Enterprise Security API) is a free, open sou
Source: httpx
Version: 0.22.0-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for httpx.
CVE-2021-41945[0]:
| Encode OSS httpx <=1.0.0.beta0 is affected by improper input
| validation in `httpx.
On Mon, 25 Apr 2022 21:43:30 -0700 tony mancill
wrote:
> On Mon, Apr 25, 2022 at 07:22:12PM +0200, Salvatore Bonaccorso wrote:
> > Hi!
> >
> > On Mon, Apr 25, 2022 at 01:48:43PM +0100, Neil Williams wrote:
> > > On Mon, 25 Apr 2022 13:39:49 +0100 Neil Williams
>
On Mon, 25 Apr 2022 13:39:49 +0100 Neil Williams wrote:
> Please note, the current homepage for libowasp-antisamy-java appears to
> have no commits beyond version 1.5.3 but the change for CVE-2022-29577
> does match the source code for libowasp-antisamy-java:
> https://sources.de
Source: libowasp-antisamy-java
Version: 1.5.3+dfsg-1.1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
Please note, the current homepage for libowasp-antisamy-java appears to
have no commits beyond version 1.5.3 but the change for CVE-2022-29577
do
pecify the location of omniMapper's config file.
Alternatively, set the environment variable OMNIMAPPER_CONFIG
or use the default /etc/omniMapper.cfg.
Use -v to verbosely record what's going on.
I'll close this bug report with the next upload of omniorb.
--
Neil Williams
=
Source: composer
Version: 2.2.9-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for composer.
CVE-2022-24828[0]:
| Composer is a dependency manager for the PHP programming language.
| Integrators using C
thout such an upgrade feature. If there is time, then we are
> working a V7 version with the V6 to V7 block upgrade capability and
> would like to release that.
Seems sensible.
>
> Thanks,
> Amul
>
> -Original Message-
> From: Andreas Tille
> Sent: Wednesday
Source: fis-gtm
Version: 6.3-014-3
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for fis-gtm.
CVE-2021-44492[0]:
| An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS
| GT.M through
Source: haskell-aeson
Version: 1.4.7.1-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for haskell-aeson.
CVE-2021-41119[0]:
| Wire-server is the system server for the wire back-end services.
| Releases
Source: grunt
Version: 1.4.1-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for grunt.
CVE-2022-0436[0]:
| Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.
If you fix the vulnerabilit
On Wed, 13 Apr 2022 11:18:50 +0100 Neil Williams
wrote:
> Source: ruby-devise-two-factor
> Version: 4.0.2-1
> Severity: important
> Tags: security
> X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
>
>
> Hi,
>
> The following vulnerability was publis
Source: ruby-devise-two-factor
Version: 4.0.2-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for ruby-devise-two-factor.
CVE-2021-43177[0]:
| As a result of an incomplete fix for CVE-2015-7225, in versi
Source: android-platform-frameworks-base
Version: 1:10.0.0+r36-3
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for android-platform-frameworks-base.
CVE-2021-39796[0]:
| In HarmfulAppWarningActivity of H
Source: mruby
Version: 3.0.0-3
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
The following vulnerability was published for mruby.
CVE-2022-1212[0]:
| Use-After-Free in str_escape in mruby/mruby in GitHub repository
| mruby/mruby prior to 3.2. Possibl
Source: ruby-asciidoctor-include-ext
Version: 0.3.1-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for ruby-asciidoctor-include-ext.
CVE-2022-24803[0]:
| Asciidoctor-include-ext is Asciidoctor’s s
Source: twisted
Version: 22.2.0-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for twisted.
CVE-2022-24801[0]:
| Twisted is an event-based framework for internet applications,
| supporting Python 3.6+.
Package: wnpp
Severity: wishlist
Owner: Neil Williams
X-Debbugs-Cc: debian-de...@lists.debian.org, codeh...@debian.org
* Package name: pyimagetool
Version : 1.0
Upstream Author : Kyle Gordon
* URL : https://github.com/kgord831/PyImageTool
* License : GPL3
Source: puma
Version: 5.5.2-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for puma.
CVE-2022-24790[0]:
| Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for
| Ruby/Rack applications. W
in but it may be necessary to retain the current patch method
and I don't see why that is against Policy. It's not pretty, I agree,
but I have not (yet) found an alternative.
--
Neil Williams
=
https://linux.codehelp.co.uk/
pgp0AGDKt81aG.pgp
Description: OpenPGP digital signature
Package: wnpp
Severity: wishlist
Owner: Neil Williams
X-Debbugs-Cc: debian-de...@lists.debian.org, codeh...@debian.org
* Package name: xrt
Version : 1.4.0-1
Upstream Author : Konstantin Klementiev
* URL : https://github.com/kklmn/xrt
* License : Expat
Source: clickhouse
Version: 18.16.1+ds-7.2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for clickhouse.
The vulnerabilities require authentication, but can be triggered by any user
with read
permis
Package: wnpp
Severity: wishlist
Owner: Neil Williams
X-Debbugs-Cc: debian-de...@lists.debian.org, codeh...@debian.org
* Package name: looktxt
Version : 1.5-1
Upstream Author : Emmanuel Farhi
* URL : https://github.com/farhi/looktxt
* License : GPL-2
Source: python-model-mommy
Version: Replaced by python-model-bakery
Severity: normal
Background:
https://linux.codehelp.co.uk/moving-to-bakery.html
"Model Bakery is a rename of the legacy Model Mommy project."
https://github.com/model-bakers/model_bakery
IMPORTANT: Model Mommy is no longer maint
Source: kotlin
Version: 1.3.31+~1.0.1+~0.11.12-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for kotlin.
CVE-2022-24329[0]:
| In JetBrains Kotlin before 1.6.0, it was not possible to lock
| dependencie
Source: tightvnc
Version: 1:1.3.10-5
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for tightvnc.
CVE-2022-23967[0]:
| In TightVNC 1.3.10, there is an integer signedness error and resultant
| heap-based b
Source: jackson-databind
Version: 2.13.0-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for jackson-databind.
CVE-2020-36518[0]:
| jackson-databind before 2.13.0 allows a Java StackOverflow exception
|
Source: ruby-commonmarker
Version: 0.23.2-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
iHi,
The following vulnerability was published for ruby-commonmarker.
https://sources.debian.org/src/ruby-commonmarker/0.23.2-2/ext/commonmarker/table.c/?hl=16
Source: r-cran-commonmark
Version: 1.7-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
The following vulnerability was published for r-cran-commonmark.
https://sources.debian.org/src/r-cran-commonmark/1.7-2/src/extensions/table.c/?hl=140#L140
CVE-2
Source: python-cmarkgfm
Version: 0.4.2-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for python-cmarkgfm.
https://sources.debian.org/src/python-cmarkgfm/0.4.2-1/third_party/cmark/extensions/table.c/?hl
Source: cmark-gfm
Version: 0.29.0.gfm.2-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
The following vulnerability was published for cmark-gfm.
CVE-2022-24724[0]:
| cmark-gfm is GitHub's extended version of the C reference
| implementation of Commo
Source: ghostwriter
Version: 2.1.1-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for ghostwriter.
https://sources.debian.org/src/ghostwriter/2.1.1-1/3rdparty/cmark-gfm/extensions/table.c/?hl=154#L154
Source: hoteldruid
Version: 3.0.3-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
The following vulnerability was published for hoteldruid.
CVE-2022-22909[0]:
| HotelDruid v3.0.3 was discovered to contain a remote code execution
| (RCE) vulnerabilit
Source: puppet-module-puppetlabs-firewall
Version: 1.12.0-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for puppet-module-puppetlabs-firewall.
CVE-2022-0675[0]:
| In certain situations it is possible f
On Thu, 3 Mar 2022 01:54:42 +0530 Nilesh Patra wrote:
> > python3-unicodedata2 has disappeared from the NEW queue, has it been
> > rejected?
>
> https://tracker.debian.org/pkg/python-unicodedata2
I must have caught it at just the wrong moment.
Thanks.
--
Neil Williams
?
--
Neil Williams
=
http://www.linux.codehelp.co.uk/
pgpJvYy9CU8bk.pgp
Description: OpenPGP digital signature
specific application
to calculate absored and transmitted flux in photons/sec
and write back to EPICS Process Variables.
* XRF Collector - interact with a small EPICS database to
collect data from a multi-element flourescence detector.
--
Neil Williams
=
https
Package: wnpp
Severity: wishlist
Owner: Neil Williams
X-Debbugs-Cc: debian-de...@lists.debian.org, codeh...@debian.org
* Package name: epicsapps
Version : 0.9.2
Upstream Author : Matthew Newville
* URL : https://github.com/pyepics/epicsapps
* License : EPICS
o enable checking for broken audio files, just add ` –all-features`
https://qarmin.github.io/czkawka/instructions/Compilation.html
--
Neil Williams
=
https://linux.codehelp.co.uk/
pgpye_elMLvHy.pgp
Description: OpenPGP digital signature
Source: sqlite3
Version: 3.37.2-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for sqlite3.
CVE-2021-45346[0]:
| A Memory Leak vulnerabilty exists in SQLite Project SQLite3 3.35.1 and
| 3.37.0
Package: wnpp
Severity: wishlist
Owner: Neil Williams
X-Debbugs-Cc: debian-de...@lists.debian.org, codeh...@debian.org
* Package name: wxutils
Version : 0.2.4
Upstream Author : Matthew Newville
* URL : https://github.com/newville/wxutils
* License : Expat
Package: wnpp
Severity: wishlist
Owner: Neil Williams
X-Debbugs-Cc: debian-de...@lists.debian.org, codeh...@debian.org
* Package name: wxmplot
Version : 0.9.46
Upstream Author : Matthew Newville
* URL : https://github.com/newville/wxmplot
* License : Expat
Source: freecad
Version: 0.19.2+dfsg1-3
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for freecad.
CVE-2021-45844[0]:
| Improper sanitization in the invocation of ODA File Converter from
| FreeCAD 0.19 a
Package: wnpp
Severity: wishlist
Owner: Neil Williams
X-Debbugs-Cc: debian-de...@lists.debian.org, codeh...@debian.org
* Package name: python-model-bakery
Version : 1.4.0
Upstream Author : berinfontes
* URL : https://github.com/model-bakers/model_bakery
* License
Package: wnpp
Severity: wishlist
Owner: Neil Williams
X-Debbugs-Cc: debian-de...@lists.debian.org, codeh...@debian.org
* Package name: xraydb
Version : 4.4.7
Upstream Author : Matthew Newville
* URL : https://github.com/xraypy/XrayDB
* License : Public domain
Source: epics-base
Version: 7.0.3.1-3
Severity: important
X-Debbugs-Cc: codeh...@debian.org
Experimental Physics and Industrial Control System (EPICS) in Debian
relates to the epics-base source package and the pyepics work that will
result in new packages in Debian in due course.
Currently, epics
; merging.
>
> I have not looked at the third script (update-vuln), I had so far
> little usecases to directly work with it.
>
> Regards and thanks a lot for your work on this part as well.
> Salvatore
--
Neil Williams
=
https://linux.codehelp.co.uk/
pgpt9_jYFPNC1.pgp
Description: OpenPGP digital signature
Source: libphp-adodb
Version: 5.20.19-1
Severity: grave
Tags: security
Justification: user security hole
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libphp-adodb.
CVE-2021-3850[0]:
| Authentication Bypass by Primary Weakness in GitH
Source: node-cached-path-relative
Version: 1.0.2-3
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-cached-path-relative.
CVE-2021-23518[0]:
| The package cached-path-relative before 1.1.0 are vuln
Source: iotjs
Version: 1.0+715-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for iotjs.
CVE-2022-22895[0]:
| Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via
| ecma_utf8_string
Source: iotjs
Version: 1.0+715-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for iotjs.
CVE-2021-46349[0]:
| There is an Assertion 'type == ECMA_OBJECT_TYPE_GENERAL || type ==
| ECMA_OBJECT_TYPE_PRO
On Tue, 18 Jan 2022 16:16:38 +0200
Andrius Merkys wrote:
> Hi Neil,
>
> On 2022-01-18 16:03, Neil Williams wrote:
> > The package build-depends in libobjcryst (ITP #1001380) which in
> > turn build-depends on cctbx (ITP: 679905), so packaging work will
> > continue
Package: wnpp
Severity: wishlist
Owner: Neil Williams
X-Debbugs-Cc: debian-de...@lists.debian.org, codeh...@debian.org
* Package name: pyobjcryst
Version : 2.2.1-1
Upstream Author : Prof. Simon Billinge
* URL : https://github.com/diffpy/pyobjcryst
* License
On Wed, 12 Jan 2022 11:11:42 +0100
Salvatore Bonaccorso wrote:
> Hi,
>
> On Wed, Jan 12, 2022 at 09:22:45AM +0000, Neil Williams wrote:
> > On Wed, 12 Jan 2022 12:44:14 +0800
> > Paul Wise wrote:
> >
> > > On Tue, 2022-01-11 at 11:20 +, Neil Williams
On Wed, 12 Jan 2022 12:44:14 +0800
Paul Wise wrote:
> On Tue, 2022-01-11 at 11:20 +0000, Neil Williams wrote:
>
> > I might need to brush up on my Perl and make a patch for lintian
> > which downloads the sec tracker JSON and checks the CVE list in the
> > .changes file
planned now that this will change and
> there will be only a JSON export of the data, we will need to adapt
> the security-tracker on that regard, and possibly you will be
> interested here :))
>
> > For now, I'll mirror the real changes in data/CVE/list, trying t
1 - 100 of 2348 matches
Mail list logo