Source: pdns-recursor
Version: 5.0.7-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for pdns-recursor.
CVE-2024-25590[0]:
| An attacker can publish a zone containing specific Resource Record
| Set
Source: unbound
Version: 1.20.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for unbound.
CVE-2024-8508[0]:
| NLnet Labs Unbound up to and including version 1.21.0 contains a
| vulnerability whe
Hi Jeremy,
On Thu, Oct 03, 2024 at 11:23:19AM -0400, Jeremy Bícha wrote:
> All of these except for CVE-2024-32661 appear to have been fixed in
> 2.11.7 according to the upstream links.
>
> I am cherry-picking Ubuntu's version of the CVE-2024-32661 fix in my
> freerdp2 2.11.7+dfsg1-3 upload.
Than
Hi,
On Tue, Oct 01, 2024 at 11:54:28PM +0200, Eric wrote:
> Hi !
>
> I saw the request to test with 6.12-rc1. I tried that, but probably did
> something wrong because it fails to boot (looks like it happens when
> switching to fb console).
>
> I have not managed to get any message (and it's a di
Hi,
On Wed, Oct 02, 2024 at 04:28:54PM +0300, Adrian Bunk wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: secur...@debian.org, Laszlo Boszormenyi (GCS)
>
> * CVE-2023-7104: Session extension
Hi Sebastian,
On Thu, Sep 26, 2024 at 11:58:21PM +0200, Salvatore Bonaccorso wrote:
> Hi Sebastian,
>
> On Thu, Sep 26, 2024 at 06:14:33PM +0200, Sebastian Ramacher wrote:
> > Control: tags -1 confirmed
> > Control: forwarded -1
> > https://release.debia
Hi,
On Tue, Oct 01, 2024 at 04:50:59PM +0200, Anton Lundin wrote:
> Package: nfs-kernel-server
> Version: 2.6.2-4
>
> I've used NFSv4 referalls to contralize my configuration of which
> nfs-server servers which shares.
>
> I've just configured in /etc/exports like:
> /srv/foo -async,no_subtree_c
Hi,
On Mon, Sep 23, 2024 at 05:51:34AM -, Helmut Grohne wrote:
> Source: syncmaildir
> Severity: important
> User: helm...@debian.org
> Usertags: sidremove
>
> Dear maintainer,
>
> I suggest removing syncmaildir from Debian for the following reasons:
> * It accumulated one RC-bug:
>+ #1
Control: tags -1 + upstream
Control: forwarded -1
https://lore.kernel.org/regressions/zvgcdyfkgwhpj...@eldamar.lan/T/#u
Hi,
On Thu, Sep 26, 2024 at 03:52:22PM +0200, Eric wrote:
> On 25/09/2024 18:21, Salvatore Bonaccorso wrote:
> > Control: tags -1 - moreinfo
> >
> > Hi
Control: tags -1 + moreinfo
Hi
On Fri, Sep 06, 2024 at 09:48:21AM +0100, makepeace wrote:
> Package: apos
> Severity: important
> X-Debbugs-Cc: makepeacemce...@duck.com
>
> Dear Maintainer,
>
> When I get the automatic system updates, one package repeatedly fails to
> install and I get the fol
Hi,
On Fri, Sep 27, 2024 at 07:37:03AM +0200, Salvatore Bonaccorso wrote:
> Source: cups-filters
> Version: 1.28.17-3
> Severity: grave
> Tags: security upstream
> X-Debbugs-Cc: car...@debian.org, Debian Security Team
>
>
> Hi,
>
> The following vulnerability
Source: cups-filters
Version: 1.28.17-3
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for cups-filters.
CVE-2024-47177[0]:
| CUPS is a standards-based, open-source printing system, and cups-
| filters
Source: libcupsfilters
Version: 2.0.0-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libcupsfilters.
CVE-2024-47076[0]:
| CUPS is a standards-based, open-source printing system, and
| `libcups
Source: cups-filters
Version: 1.28.17-3
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for cups-filters.
CVE-2024-47176[0]:
| CUPS is a standards-based, open-source printing system, and `cups-
| browsed
Hi Sebastian,
On Thu, Sep 26, 2024 at 06:14:33PM +0200, Sebastian Ramacher wrote:
> Control: tags -1 confirmed
> Control: forwarded -1
> https://release.debian.org/transitions/html/auto-iniparser.html
>
> On 2024-09-23 19:05:03 +0200, Salvatore Bonaccorso wrote:
> > Packag
Control: tags -1 + moreinfo
Hi Andreas,
On Thu, Sep 26, 2024 at 02:35:52PM +0200, Andreas Beckmann wrote:
> Source: linux
> Version: 6.10.11-1
> Severity: important
> Control: found -1 6.11-1~exp1
> Control: found -1 6.10.6-1~bpo12+1
>
> Hi,
>
> on my Lenovo Thinkpad T16 Gen 3, suspend does not
Source: linux
Source-Version: 6.10.11-1
Hi,
On Thu, Sep 26, 2024 at 08:19:35AM +0200, Salvatore Bonaccorso wrote:
> Control: tags -1 + upstream
> Control: forwarded -1
> https://lore.kernel.org/lkml/20240910124009.10183-1-peter.ujfal...@linux.intel.com/
> https://lore.ke
Control: tags -1 + upstream
Control: forwarded -1
https://lore.kernel.org/lkml/20240910124009.10183-1-peter.ujfal...@linux.intel.com/
https://lore.kernel.org/all/ZuFcBcJztAgicjNt@vaman/
Hi,
On Thu, Sep 26, 2024 at 03:18:18AM +, gabriel wrote:
> Package: src:linux
> Version: 6.10.9-1
> Sever
Control: forwarded -1
https://osdn.net/projects/tomoyo/lists/archive/users-en/2024-September/000765.html
Hi,
On Tue, Sep 24, 2024 at 01:28:19AM +0200, Ben Hutchings wrote:
> Control: tag -1 upstream
>
> On Tue, 2024-09-17 at 01:45 +0200, Alfred Agrell wrote:
> > Package: src:linux
> > Version:
Hi Stefan,
On Wed, Aug 14, 2024 at 01:22:05AM +0200, Stefan wrote:
> Hi Salvatore,
>
> sorry, I had not the time to run all tests I planned.
>
> Here is what I found out so far:
>
> * The errors can be reproduced with the program `f3`, see
> https://fight-flash-fraud.readthedocs.io/en/latest/in
- Forwarded message from Eric -
Hi,
new bisect done !
On 24/09/2024 21:05, Salvatore Bonaccorso wrote:
> Hi,
>
> On Tue, Sep 24, 2024 at 08:17:34PM +0200, Eric wrote:
> > > On 22/09/2024 21:22, Eric wrote:
> > > The bisect is comp
Control: tags -1 - moreinfo
Hi Eric,
On Wed, Sep 25, 2024 at 07:54:40AM +0200, Eric wrote:
> Hi,
>
> new bisect done !
>
> On 24/09/2024 21:05, Salvatore Bonaccorso wrote:
> > Hi,
> >
> > On Tue, Sep 24, 2024 at 08:17:34PM +0200, Eric wrote:
> &
Source: libapache-mod-jk
Version: 1:1.2.49-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libapache-mod-jk.
CVE-2024-46544[0]:
| Incorrect Default Permissions vulnerability in Apache Tomcat
|
Source: node-rollup
Version: 3.29.4-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-rollup.
CVE-2024-47068[0]:
| Rollup is a module bundler for JavaScript. Versions prior to 3.29.5
| and 4
Hi,
On Tue, Sep 24, 2024 at 08:17:34PM +0200, Eric wrote:
> > On 22/09/2024 21:22, Eric wrote:
> > The bisect is complete and yields this result
> >
> > 15115033f056cbd7649b8e1806287f71bdb7ce5c is the first bad commit
> > commit 15115033f056cbd7649b8e1806287f71bdb7ce5c
> > Author: Maciej Fijalkow
Source: ruby-webrick
Version: 1.8.1-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/ruby/webrick/issues/145
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for ruby-webrick.
CVE-2024-47220[0]:
| An issue was discove
Package: release.debian.org
Severity: normal
X-Debbugs-Cc: inipar...@packages.debian.org, cava-a...@packages.debian.org,
libapache2-mod-t...@packages.debian.org, mtd-ut...@packages.debian.org,
nd...@packages.debian.org, ukui-interf...@packages.debian.org, car...@debian.org
Control: affects -1 + s
Control: tags -1 + moreinfo
Hi Eric,
On Sun, Sep 15, 2024 at 01:47:41PM +0200, Eric Degenetais wrote:
> Package: src:linux
> Version: 6.1.106-3
> Severity: normal
>
> Dear Maintainer,
>
> *** Reporter, please consider answering these questions, where appropriate ***
>
>* What led up to the
Hi Mikhail,
Thanks a lot for reporting back, much appreciated.
On Sat, Sep 21, 2024 at 07:04:39PM +0300, Mikhail Krylov wrote:
> Just tested the thing again.
>
> It is not fully fixed, and by that I mean, I still see an occastional
> corruption here or there, but it is much better than it was. 9
Hi,
On Sun, Sep 15, 2024 at 05:23:10PM +0200, Francesco Poli wrote:
> On Sat, 27 Jul 2024 17:54:34 +0200 Francesco Poli wrote:
>
> [...]
> > I reiterate the request to people from the Debian Kernel Team: could
> > someone please step in, test the three files, and share his/her insight
> [...]
> >
Source: micropython
Version: 1.22.1+ds-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for micropython.
CVE-2024-8946[0]:
| A vulnerability was found in MicroPython 1.23.0. It has been
| classified
Source: qemu
Version: 1:9.1.0+ds-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for qemu.
CVE-2024-8612[0]:
| A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and
| virtio-crypto devices.
Control: tags -1 + moreinfo
Hi,
This might be related to
https://lore.kernel.org/linux-nfs/b78c88db-8b3a-4008-94cb-82ae08f0e...@free.fr/
There is an upstream commit 7b589a9b45ae ("netfs: Fix handling of
USE_PGPRIV2 and WRITE_TO_CACHE flags") which is in 6.11-rc4, so can
you confirm the issue dis
Hi,
On Wed, Sep 18, 2024 at 12:01:01PM +, Kocher Emanuel, Bedag wrote:
> Hi Salvatore
>
> On 18/09/2024 10:21, Salvatore Bonaccorso wrote:
> > Resending to the correct bug (#1082081)
> >
> > On Wed, Sep 18, 2024 at 10:19:28AM +0200, Salvatore Bonaccorso wrote
Hi Santiago,
On Wed, Sep 18, 2024 at 09:06:14AM -0300, Santiago Ruano Rincón wrote:
> El 23/02/24 a las 13:32, Colin Watson escribió:
> > On Fri, Feb 23, 2024 at 12:40:41PM +, P Tamil Selvam wrote:
> > > Pls. let us know the ETA by when openssh issue will be fixed in bookworm
> > > release ?
Resending to the correct bug (#1082081)
On Wed, Sep 18, 2024 at 10:19:28AM +0200, Salvatore Bonaccorso wrote:
> Hi David, hi Emanuel,
>
> On Wed, Sep 18, 2024 at 08:29:54AM +0200, David Prévot wrote:
> > Control: clone -1 -2
> > Control: reopen -2
> > Contro
Hi David, hi Emanuel,
On Wed, Sep 18, 2024 at 08:29:54AM +0200, David Prévot wrote:
> Control: clone -1 -2
> Control: reopen -2
> Control: found -2 linux/6.1.106-3
> Control: retitle -2 Performance issues on VM (virtio)
>
> Hi,
>
> Le Mon, Sep 16, 2024 at 11:37:07AM +, Kocher Emanuel, Bedag
Source: nextcloud-desktop
Version: 3.13.2-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for nextcloud-desktop.
CVE-2024-46958[0]:
| In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux,
| s
(code storing time_t values in void* variables will
+still break in 2038). (Closes: #1068782)
+ * d/patches/default-source: define _DEFAULT_SOURCE to get access to
+prototype of strlcpy. (Closes: #1071322)
+
+ -- Salvatore Bonaccorso Mon, 16 Sep 2024 21:36:36 +0200
+
libesmtp (1.1.
Source: flask-appbuilder
Version: 4.4.1+ds-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for flask-appbuilder.
CVE-2024-45314[0]:
| Flask-AppBuilder is an application development framework. Prior
Hi,
On Sun, Sep 15, 2024 at 01:15:11AM +0200, Alban Browaeys wrote:
> On Sat, 14 Sep 2024 10:06:28 +0200 Salvatore Bonaccorso
> wrote:
> > close 832609 1:1.3.4-2
> > thanks
> >
>
> I see that you fixed in 1:1.3.4-2 :
>systemd: Don't degrade system
Hi Petter,
On Sun, Sep 15, 2024 at 10:07:00AM +0200, Petter Reinholdtsen wrote:
>
> The original upstream issue was closed 2024-02-28. The CVE is mentioned
> in https://github.com/openNDS/openNDS/issues/600 >, closed
> 2024-05-29.
>
> I thus suspect a new upstream version will fix this issue.
Control: reassign -1 evdi-dkms 1.14.2+dfsg-1
Hi Hans,
On Sat, Sep 14, 2024 at 08:26:14PM +, Hans Krueger wrote:
>
> Hello Salvatore,
>
> Here some output I received when I tried to install the linux headers that
> might be helpful:
>
> ~$ sudo apt-get install linux-headers-6.10.9-common
Source: opennds
Version: 10.2.0+dfsg-1
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/openNDS/openNDS/issues/571
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for opennds.
CVE-2024-257
Source: wolfssl
Version: 5.7.0-0.3
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/wolfSSL/wolfssl/pull/7619
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for wolfssl.
CVE-2024-5814[0]:
Source: wolfssl
Version: 5.7.0-0.3
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/wolfSSL/wolfssl/pull/7416
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for wolfssl.
CVE-2024-5288[0]:
Source: wolfssl
Version: 5.7.0-0.3
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/wolfSSL/wolfssl/pull/7020
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for wolfssl.
CVE-2024-1544[0]:
Source: wolfssl
Version: 5.7.0-0.3
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/wolfSSL/wolfssl/pull/7604
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for wolfssl.
CVE-2024-5991[0]:
Source: node-path-to-regexp
Source-Version: 6.3.0-1
- Forwarded message from Debian FTP Masters
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sat, 14 Sep 2024 16:14:48 +0400
Source: node-path-to-regexp
Architecture: source
Version: 6.3.0-1
Distribution: unstable
U
Hi Hans,
On Sat, Sep 14, 2024 at 03:11:49PM +0200, Hans Nobody wrote:
> Dear Salvatore,
>
> Thanks for your quick reply.
>
> Of course, I would like to support by providing the additional information.
>
> As this is my first bug report, would you please give me a hand by explaining
> how I bes
Hi Chris,
On Sat, Sep 14, 2024 at 01:26:07AM +0200, Chris Hofstaedtler wrote:
> Hello Salvatore,
>
> On Fri, Sep 13, 2024 at 08:47:27PM +0200, Salvatore Bonaccorso wrote:
> > Unfortunately the 64bit time transition for armhf and armel is still
> > blocking us to get
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: l...@packages.debian.org, car...@debian.org
Control: affects -1 + src:lnav
User: ftp.debian@packages.debian.org
Usertags: remove
Dear FTP masters,
Can you please remove lnav for armel and armhf for lnav.
It is blocking that we can have
Control: tags -1 + moreinfo
Hi Hans,
On Sat, Sep 14, 2024 at 01:08:04PM +0200, Hans Krueger wrote:
> Package: linux-headers-6.10.9-amd64
> Version: 6.10.9-1
> Severity: important
> X-Debbugs-Cc: kruege...@yahoo.com
>
> Dear Maintainer,
>
> *** Reporter, please consider answering these questions
Hi Petter,
On Sat, Sep 14, 2024 at 12:13:58PM +0200, Petter Reinholdtsen wrote:
>
> Debugging NFS is still interesting to the few NFS system administrators
> running into problems, and Linux is still not doing as good job as
> Solaris did with handling NFS servers disappearing and reappearing. :)
Hi Ben,
On Sat, Mar 19, 2022 at 08:58:46PM +0100, Ben Hutchings wrote:
> I'm not sure that this bug was ever fixed.
>
> nfs-utils actually uses nfs_getport() to get the port. That passes a
> timeout of {-1, 0} to libtirpc, which is invalid and should result in
> using the rpcbind client's defaul
Source: criu
Version: 3.17.1-2
Severity: grave
Forwarded: https://github.com/checkpoint-restore/criu/issues/2477
X-Debbugs-Cc: car...@debian.org
Control: tags -1 + bookworm
As reported in, in stable, with glibc 2.36-9+deb12u8 criu restore
fails.
Regards,
Salvatore
Control: tags 1067018 + help
Control: tags 1067284 + help
Hi Michael,
On Fri, Sep 13, 2024 at 02:20:40PM +0200, Michael Prokop wrote:
> Hi!
>
> * Salvatore Bonaccorso [Fri Apr 19, 2024 at 10:31:52PM +0200]:
> > FWIW, I will try to work on the new available upstream version in th
On Fri, Sep 13, 2024 at 11:35:12PM +0900, wf...@debian.org wrote:
> At 2024-08-18 21:19 Salvatore Bonaccorso wrote:
>
> > The following vulnerability was published for fence-agents.
> >
> > CVE-2024-5651[0]:
> > | A flaw was found in fence agents that rely on SSH/Te
Hi,
On Fri, Aug 10, 2012 at 10:33:07AM +0200, Harald Dunkel wrote:
> Package: autofs5
> Version: 5.0.4-3.2+b1
>
> If /home/* is managed via autofs5, then quilt gets stuck
> when it tries to access /home/.pc .
>
>
> auto.master:
> /home /etc/auto.home
> /net-hosts
>
> auto.hom
Control: tags -1 + moreinfo unreproducible
On Wed, Jun 14, 2023 at 08:10:55AM +0200, Rik Theys wrote:
> Package: autofs
> Version: 5.1.8-2
> Severity: minor
>
> Dear Maintainer,
>
> When running "automount -m" to debug the maps used by autofs, I noticed that
> this triggers segfaults as can be s
Source: php-twig
Version: 3.8.0-3
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 3.5.1-1
Hi,
The following vulnerability was published for php-twig.
CVE-2024-45411[0]:
| Twig is a template language for PHP. Under some circumstance
Source: ruby-saml
Version: 1.15.0-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1.13.0-1
Hi,
The following vulnerability was published for ruby-saml.
CVE-2024-45409[0]:
| The Ruby SAML library is for implementing the client sid
Source: cpanminus
Version: 1.7047-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/miyagawa/cpanminus/issues/611
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for cpanminus.
Mainly filling the bug to track the upst
Source: openipmi
Version: 2.0.33-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for openipmi.
CVE-2024-42934[0]:
| missing check on the authorization type on incoming LAN messages in
| IPMI simula
Source: u-boot
Version: 2024.01+dfsg-5
Severity: important
Tags: security upstream
Forwarded: https://lists.denx.de/pipermail/u-boot/2024-August/562528.html
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for u-boot.
CVE-2024-42040[0]:
| Buffe
Source: autofs
Source-Version: 5.1.8-1
On Thu, Sep 30, 2010 at 08:11:40AM +0200, Salvatore Bonaccorso wrote:
> Package: autofs5
> Version: 5.0.4-3.1
> Severity: minor
>
> Hi
>
> During migrating our setup from autofs to autofs5 and introducing the
> need of the -
loses:
+#1078408)
+
+ -- Salvatore Bonaccorso Wed, 11 Sep 2024 20:56:38 +0200
+
autofs (5.1.9-1.1) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru autofs-5.1.9/debian/patches/autofs-5.1.9-Fix-incompatible-function-pointer-types.patch autofs-5.1.9/debian/patches/autofs-5.1.
Source: intel-microcode
Version: 3.20240813.2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 3.20240813.1~deb12u1
The following vulnerabilities were published for intel-microcode.
CVE-2024-23984[0] and CVE-2024-24968[1].
If y
Hi Ben,
On Tue, Sep 10, 2024 at 10:04:54PM +0200, Ben Hutchings wrote:
> Control: found -1 5.10.218-1
>
> On Tue, 2024-09-10 at 21:22 +0300, Βασίλειος A. Ζοῦκος wrote:
> > Attached the file: kern.log.gz
> > Thanks for the prompt responce
>
> - The Ethernet driver in question is sky2, which h
Control: reassign -1 src:linux 5.10.223-1
Control: tags -1 + moreinfo
Hi,
On Tue, Sep 10, 2024 at 07:40:42PM +0300, Βασίλειος A. Ζοῦκος wrote:
> Package: linux-image-5.10.0-32-amd64
> Version: 5.10.223-1
> Error message:
> ===
> Message from syslogd@debian64-izoukos at Sep 10 18:26:05 ...
> kerne
Source: python-flask-cors
Version: 4.0.1-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/corydolphin/flask-cors/issues/337
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for python-flask-cors.
CVE-2024-6221[0]:
| A
Hi,
On Tue, Sep 10, 2024 at 05:07:29PM +0200, Salvatore Bonaccorso wrote:
> Hi,
>
> On Tue, Sep 10, 2024 at 06:59:51AM +, Markus Wollny wrote:
> > Package: apache2
> > Version: 2.4.62-1~deb12u1
> > Severity: important
> > X-Debbugs-Cc: markus.wol...@comp
Hi,
On Tue, Sep 10, 2024 at 06:59:51AM +, Markus Wollny wrote:
> Package: apache2
> Version: 2.4.62-1~deb12u1
> Severity: important
> X-Debbugs-Cc: markus.wol...@computec.de, t...@security.debian.org
>
> Dear Maintainer,
>
> After upgrading apache2 packages, we noticed that our SEO rewriting
Source: htmldoc
Version: 1.9.18-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/michaelrsweet/htmldoc/issues/528
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for htmldoc.
CVE-2024-45508[0]:
| HTMLDOC before 1.9.1
Hi Tito,
On Sun, Sep 08, 2024 at 12:07:26AM +0200, XXX XXX wrote:
> On Sat, 7 Sep 2024 09:13:09 +0200
> Salvatore Bonaccorso wrote:
>
> > Hi,
> >
> > On Fri, Sep 06, 2024 at 10:47:04PM +0200, XXX XXX wrote:
> > > On Fri, 6 Sep 2024 22:04:27 +02
Hi Simon,
Thanks for your reply, much appreciated!
On Sat, Sep 07, 2024 at 07:20:14PM +0100, Simon McVittie wrote:
> On Sat, 07 Sep 2024 at 12:13:20 +0200, Salvatore Bonaccorso wrote:
> > We discussed this, if we should release the update for ikiwiki-hosting
> > (real impact) and
Hi,
On Sun, Dec 17, 2023 at 04:23:51PM +0100, Gioele Barabucci wrote:
> Control: tags -1 patch
> Control: retitle -1 nfs-common makes Python required on NFS clients
>
> On Fri, 25 Aug 2023 16:58:33 +0200 Gioele Barabucci
> wrote:
> > > > could you please move the three Python scripts included in
gelog 2024-09-08 21:03:20.0 +0200
@@ -1,3 +1,10 @@
+tgt (1:1.0.85-1.3) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * chap: Use proper entropy source (CVE-2024-45751) (Closes: #1081158)
+
+ -- Salvatore Bonaccorso Sun, 08 Sep 2024 21:03:20 +0200
+
tgt (1:1.0.85-1.2) unstabl
Source: tgt
Version: 1:1.0.85-1.2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1:1.0.85-1
Hi,
The following vulnerability was published for tgt.
CVE-2024-45751[0]:
| tgt (aka Linux target framework) before 1.0.93 attempts to
rship of the new git directory.
+(LP: #2067942, Closes: #1072394)
+
+ -- Salvatore Bonaccorso Sat, 07 Sep 2024 11:31:30 +0200
+
fcgiwrap (1.1.0-14) unstable; urgency=medium
* Brown paper bag release.
diff -Nru fcgiwrap-1.1.0/debian/tests/git-http-backend
fcgiwrap-1.1.0/debian/tests/git
nd the
+git-daemon running as ikiwiki-anon needs to be able to read them all.
+(Closes: #1076751)
+
+ -- Salvatore Bonaccorso Sat, 07 Sep 2024 11:38:42 +0200
+
ikiwiki-hosting (0.20220716-2) unstable; urgency=medium
* d/p/ikisite-backup-Create-the-bundle-as-the-site-s-user.patch:
di
Hi
On Sat, Aug 24, 2024 at 01:08:01AM -0700, Forest wrote:
> After further testing today, that commit also seems to be (intermittently)
> causing ffmpeg and mkvmerge to write corrupt files to cifs mounts.
>
>
> On Fri, 23 Aug 2024 22:13:07 +0200, Salvatore Bonaccorso wrote:
Hi Jeremy,
On Thu, Aug 01, 2024 at 07:22:34AM +0200, Salvatore Bonaccorso wrote:
> Hi Jeremy,
>
> On Sun, Jun 30, 2024 at 02:47:41PM +0200, Salvatore Bonaccorso wrote:
> > Hi Jeremy,
> >
> > On Mon, Jun 17, 2024 at 04:31:04PM -0400, Jeremy T. Bouse wrote:
> >
Hi,
On Fri, Sep 06, 2024 at 10:47:04PM +0200, XXX XXX wrote:
> On Fri, 6 Sep 2024 22:04:27 +0200
> Salvatore Bonaccorso wrote:
>
> > Control: tags -1 + moreinfo
> >
> > Hi,
> >
> > On Mon, Sep 02, 2024 at 11:09:42PM +0200, XXX XXX wrote:
> > &g
Control: tags -1 + moreinfo
Hi,
On Mon, Sep 02, 2024 at 11:09:42PM +0200, XXX XXX wrote:
> Hi,
> this bug seems to be fixed in linux kernel 6.1.107,
> I suspect the commit that fixed it is:
>
> commit 6dcc8ba8a6074bb79040f502dc66ad23a58a1c86
> Author: Florian Westphal
> Date: Wed Aug 7 21:28:
Hi,
On Fri, Sep 06, 2024 at 12:49:25AM +0200, Santiago Vila wrote:
> El 4/9/24 a las 19:52, Sebastian Andrzej Siewior escribió:
> > On 2024-09-01 22:02:27 [+0200], Santiago Vila wrote:
> > > Could we please fix it in bookworm as well?
> > > (packages in stable must build in stable)
> >
> > I plan
Source: aardvark-dns
Version: 1.12.1-2
Severity: grave
Tags: security upstream
Forwarded: https://github.com/containers/aardvark-dns/issues/500
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for aardvark-dns.
CVE-2024-8418[0]:
| A flaw was fo
Source: clamav
Version: 1.3.1+dfsg-5
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1.0.5+dfsg-1~deb12u1
Control: found -1 0.103.10+dfsg-0+deb11u1
Hi,
The following vulnerabilities were published for clamav.
CVE-2024-20505[0]:
| A
Hi,
On Thu, Sep 05, 2024 at 10:03:16AM +0200, Uwe Kleine-König wrote:
> Control: notfixed 1076110 6.10.7-1
> Control: fixed 1076110 6.9.11-1
>
> Hello,
>
> On Thu, Sep 05, 2024 at 09:14:41AM +0200, Salvatore Bonaccorso wrote:
> > On Wed, Sep 04, 2024 at 11:38:14PM +0200
Hi,
On Wed, Sep 04, 2024 at 01:53:01PM -0700, Robin Björklin wrote:
> Package: linux-image-amd64
> Version: 6.1.85-1
> Severity: normal
> Tags: upstream
> X-Debbugs-Cc: robin.bjork...@gmail.com
>
> Dear Maintainer,
>
> When attempting to use fstrim on an XFS file system I found that it
> trims
Source: apr
Version: 1.7.2-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for apr.
CVE-2023-49582[0]:
| Lax permissions set by the Apache Portable Runtime library on Unix
| platforms would allow l
Source: wireshark
Version: 4.2.6-1
Severity: important
Tags: security upstream
Forwarded: https://gitlab.com/wireshark/wireshark/-/issues/19943
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for wireshark.
CVE-2024-8250[0]:
| NTLMSSP dissecto
Hi Mike,
On Sat, Aug 31, 2024 at 02:16:06PM +0100, Mike Ricketts wrote:
> On 31/08/2024 13:44, Salvatore Bonaccorso wrote:
> > close 1080200
> > thanks
> >
> > bullseye-backports is discontinued, situation would resolve once the signed
> > packages are around.
Source: xfpt
Version: 1.00-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for xfpt.
CVE-2024-43700[0]:
| xfpt versions prior to 1.01 fails to handle appropriately some
| parameters inside the inpu
Source: libvirt
Version: 10.6.0-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libvirt.
CVE-2024-8235[0]:
| A flaw was found in libvirt. A refactor of the code fetching the
| list of interfaces fo
Control: tags -1 + moreinfo
Hi,
On Fri, Aug 30, 2024 at 08:48:00PM +0300, Aptivi wrote:
> Package: src:linux
> Version: 6.10.6-1
> Severity: grave
> File: /usr/lib/modules/6.10.6-amd64/kernel/drivers/gpu/drm/vmwgfx
> Justification: renders package unusable
> X-Debbugs-Cc: c...@aptivi.anonaddy.com
Source: expat
Version: 2.6.2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/libexpat/libexpat/issues/889
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for expat.
CVE-2024-45492[0]:
| An issue was discovered in li
Source: expat
Version: 2.6.2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/libexpat/libexpat/issues/888
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for expat.
CVE-2024-45491[0]:
| An issue was discovered in li
Source: expat
Version: 2.6.2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/libexpat/libexpat/issues/887
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for expat.
CVE-2024-45490[0]:
| An issue was discovered in li
Hi Tobi,
On Sat, Jun 22, 2024 at 08:46:39PM +0200, Salvatore Bonaccorso wrote:
> Hi Tobi,
>
> On Wed, Feb 21, 2024 at 08:00:42AM +, Jonathan Wiltshire wrote:
> > Control: tag -1 moreinfo
> >
> > Hi,
> >
> > On Sat, Oct 28, 2023 at 05:58:38PM +0200, To
1 - 100 of 4563 matches
Mail list logo