Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: sendm...@packages.debian.org
Control: affects -1 + src:sendmail
User: release.debian@packages.debian.org
Usertags: pu
[ Reason ]
sendmail was affected by CVE-2023-51765
[ Impact ]
close CVE-2023-51765 and reject NUL
Package: release.debian.org
Severity: normal
Tags: bullseye
X-Debbugs-Cc: fos...@packages.debian.org
Control: affects -1 + src:fossil
User: release.debian@packages.debian.org
Usertags: pu
this bug was opened by previous arrangement with maintainer.
[ Reason ]
fossil is affected by a
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: fos...@packages.debian.org
Control: affects -1 + src:fossil
User: release.debian@packages.debian.org
Usertags: pu
this bug was opened by previous arrangement with maintainer.
[ Reason ]
fossil is affected by a
Le samedi 4 mai 2024, 12:40:25 UTC Andreas Beckmann a écrit :
> On 04/05/2024 13.02, Andreas Beckmann wrote:
> >> I have patched sendmail in order to enable O RejectNUL=True directive,
> >> but I do not achieved the fact to enable it by default.
>
> >> Andreas could you get a glimpse at how to
Le lundi 29 avril 2024, 18:40:39 UTC Barak A. Pearlmutter a écrit :
> Bastien,
>
> Okay, got it. Thanks for letting me know.
>
> I can cherry-pick that fossil commit, but you know the right magic for
> a versioned apache2 breakage and how to deal with proposed-updates.
> So I think it would make
Package: sendmail-bin
Severity: important
Tags: security help
Forwarded: https://marc.info/?l=oss-security=171447187004229=2
Dear Maintainer,
CVE-2023-51765 is not fully fixed at least for forwarding bad mail.
We must reject NUL including mail as a stop gap method.
I have patched sendmail in
Package: release.debian.org
Severity: important
Tags: bullseye
X-Debbugs-Cc: w...@packages.debian.org
Control: affects -1 + src:wpa
User: release.debian@packages.debian.org
Usertags: pu
tags: security
[ Reason ]
CVE-2023-52160 security bug
[ Impact ]
security bug is present
[ Tests ]
Test
Package: release.debian.org
Severity: important
Tags: bookworm
X-Debbugs-Cc: w...@packages.debian.org
Control: affects -1 + src:wpa
User: release.debian@packages.debian.org
Usertags: pu
tags: security
[ Reason ]
CVE-2023-52160 security bug
[ Impact ]
security bug is present
[ Tests ]
Test
Le mardi 30 avril 2024, 14:56:07 UTC Barak A. Pearlmutter a écrit :
> I've uploaded a package with this fixed to unstable, 1:2.24-5, and
> it's been autobuilt and pushed out. Seems to work okay, and can be
> co-installed with apache2/sid.
>
> Just uploaded 1:2.24-6 that adds Breaks: apach2-bin
Le mardi 30 avril 2024, 14:56:07 UTC Barak A. Pearlmutter a écrit :
> currently Debian sqlite3 is
> compiled without SQLITE_ENABLE_JSON1 so the internal version is used.)
On this proble could you cross check ?
>SQLITE_ENABLE_JSON1
>
>This compile-time option is a no-op. Prior to SQLite
Source: fossil
Severity: important
Dear Maintainer,
> currently Debian sqlite3 is
> compiled without SQLITE_ENABLE_JSON1 so the internal version is used.)
On this proble could you cross check ?
>SQLITE_ENABLE_JSON1
>
>This compile-time option is a no-op. Prior to SQLite version 3.38.0
Le mardi 30 avril 2024, 15:24:11 UTC Benjamin Drung a écrit :
> Hi,
>
> On Mon, 2024-04-15 at 18:58 +, Bastien Roucariès wrote:
> > Package: distro-info
> > Version: 1.7
> > Severity: minor
> >
> > Dear Maintainer,
> >
> > distro-info --ali
Le mardi 30 avril 2024, 14:52:46 UTC Vincent Lefevre a écrit :
Hi,
> Control: tags -1 security
>
> On 2024-04-30 16:33:14 +0200, Vincent Lefevre wrote:
> > If I try to restart postfix, I get:
> >
> > postfix/postfix-script: warning: /var/spool/postfix/etc/resolv.conf and
> > /etc/resolv.conf
Le lundi 29 avril 2024, 18:40:39 UTC Barak A. Pearlmutter a écrit :
> Bastien,
>
> Okay, got it. Thanks for letting me know.
>
> I can cherry-pick that fossil commit, but you know the right magic for
> a versioned apache2 breakage and how to deal with proposed-updates.
> So I think it would make
Le lundi 29 avril 2024, 18:40:39 UTC Barak A. Pearlmutter a écrit :
> Bastien,
>
> Okay, got it. Thanks for letting me know.
>
> I can cherry-pick that fossil commit, but you know the right magic for
> a versioned apache2 breakage and how to deal with proposed-updates.
> So I think it would make
Package: fossil
Severity: serious
Justification: break unreleated package
affects: apache2
Dear Maintainer,
CVE-2024-24795 is fixed in apache2. However it break fossil
You need to apply https://fossil-scm.org/home/info/f4ffefe708793b03
See bug here:
Le lundi 15 avril 2024, 13:58:19 UTC Steve McIntyre a écrit :
> On Mon, Apr 15, 2024 at 11:33:14AM +0000, Bastien Roucariès wrote:
> >Source: shim
> >Followup-For: Bug #1061519
> >Control: tags -1 + patch
> >
> >Dear Maintainer,
> >
> >Please find a
Package: distro-info
Version: 1.7
Severity: minor
Dear Maintainer,
distro-info --alias=trixie -r is misleading it return trixie instead of 13...
Maybe a feature but should be documented
I workarround by doing in my script in two steps:
distro-info --$(distro-info --alias=trixie) -r
Bastien
Source: shim
Severity: minor
Dear Maintainer,
Could you install the ca used for secure boot somewhere in the tree ?
It will help to check by autopkgtest the ca chain
Bastien
signature.asc
Description: This is a digitally signed message part.
Source: shim
Followup-For: Bug #1061519
Control: tags -1 + patch
Dear Maintainer,
Please find a MR here
https://salsa.debian.org/efi-team/shim/-/merge_requests/13
Bastien
signature.asc
Description: This is a digitally signed message part.
Source: json-smart
Version: 2.2-3
Severity: wishlist
Dear Maintainer,
Please package the new upstream version
I do not achieve to get maven compile it
Bastien
signature.asc
Description: This is a digitally signed message part.
Le samedi 13 avril 2024, 14:01:24 UTC Bastien Roucariès a écrit :
> Le samedi 13 avril 2024, 14:00:00 UTC Moritz Mühlenhoff a écrit :
> Hi,
>
> > Am Tue, Apr 09, 2024 at 10:01:11AM +0200 schrieb Andreas Beckmann:
> > > Package: release.debian.org
> > > Seve
gt; Usertags: pu
> > X-Debbugs-Cc: Bastien Roucariès
> > Control: affects -1 + src:json-smart
> > Control: block 1039985 with -1
> > Control: block 1033474 with -1
> >
> > [ Reason ]
> > Two CVEs were fixed in buster-lts, but not yet in bullseye or later,
>
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: zookee...@packages.debian.org
Control: affects -1 + src:zookeeper
User: release.debian@packages.debian.org
Usertags: pu
[ Reason ]
CVE-2024-23944 (Closes: #1066947):
An information disclosure in persistent watchers
control: tags -1 + patch
Hi,
You will find a merge request for fixing CVE-2023-52160
https://salsa.debian.org/debian/wpa/-/merge_requests/15
I can do a NMU if neeeded
Bastien
signature.asc
Description: This is a digitally signed message part.
n.net/deps/dep3/
>
>
> Le 28 mars 2024 19:23:08 GMT+01:00, "Bastien Roucariès" a
> écrit :
> >Le jeudi 28 mars 2024, 18:16:09 UTC Fab Stz a écrit :
> >> Hello Bastien,
> >>
> >> Iirc not so many packages depend on it and none seems to use
rules on the merge request. It
> uses upstream's build script that builds the complete js.
I do not understand:
- please document the patch using dep format
- explain how the build script do not ship in /usr/share debian/missingsources
bastien
>
> Regards
> Fab
>
> Le 28 ma
Le jeudi 28 mars 2024, 17:21:48 UTC Fab Stz a écrit :
> Dear Maintainers,
>
> I'm thinking of doing an NMU for the package by updating it to 3.13.0-0.1.
> The
> MR is now open since July 2023 and this bug referencing it has been existing
> for about 10 days (in case the MR wouldn't have been
Source: jupyterlab
Version: 4.0.11+ds1-1
Severity: important
Dear Maintainer,
Your package include files included elsewhere:
python3-jupyterlab: /usr/share/jupyter/lab/staging/node_modules/get-
intrinsic/.eslintrc
python3-jupyterlab: /usr/share/jupyter/lab/staging/node_modules/get-
Source: jupyterlab
Version: 4.0.11+ds1-1
Severity: important
Dear Maintainer,
node-call-bind provided virtual package provides these files
python3-jupyterlab: /usr/share/jupyter/lab/staging/node_modules/call-
bind/.eslintignore
python3-jupyterlab:
Source: jupyterlab
Version: 4.0.11+ds1-1
Severity: serious
Justification: duplicate code source not build from source
Dear Maintainer,
Your package include the following file packaged elsewhere
python3-jupyterlab:
/usr/share/jupyter/lab/staging/node_modules/@xtuc/long/LICENSE
python3-jupyterlab:
control: tags -1 + pending
Uploaded waiting ftpmaster
Le vendredi 9 février 2024, 03:39:41 UTC Marco Trevisan a écrit :
> Package: wnpp
> Severity: wishlist
> Owner: Marco Trevisan (Treviño)
> X-Debbugs-CC: debian-de...@lists.debian.org
>
> * Package name: node-long
> Version :
Le jeudi 8 février 2024, 19:57:22 UTC Bill Allombert a écrit :
> On Thu, Feb 08, 2024 at 06:39:18PM +0000, Bastien Roucariès wrote:
> > Le jeudi 8 février 2024, 18:31:28 UTC Santiago Ruano Rincón a écrit :
> > > On Sat, 14 Oct 2023 20:23:18 +0200 Bill Allombert
> > >
Le jeudi 8 février 2024, 18:31:28 UTC Santiago Ruano Rincón a écrit :
> On Sat, 14 Oct 2023 20:23:18 +0200 Bill Allombert wrote:
> > On Sun, Sep 18, 2022 at 12:14:07AM +0100, Colin Watson wrote:
> > > Package: lintian
> > > Version: 2.115.3
> > > Severity: normal
> > >
> > > Lintian issues these
Le lundi 5 février 2024, 12:42:04 UTC Bill Allombert a écrit :
> On Mon, Feb 05, 2024 at 12:28:02PM +0100, Axel Beckert wrote:
> > Hi Bill,
> >
> > Bill Allombert wrote:
> > > By the way, what happened to lintian.debian.org ?
> >
> > Seems as if someone (not me, just noticed it today when
> >
Le dimanche 4 février 2024, 14:02:58 UTC Bill Allombert a écrit :
> On Tue, Aug 16, 2022 at 11:56:20AM +0000, Bastien Roucariès wrote:
> > Source: lintian
> > Version: 2.115.2
> > Followup-For: Bug #1012289
> >
> > Dear Maintainer,
> >
> > I will
Le vendredi 2 février 2024, 16:53:10 UTC Sebastian Ramacher a écrit :
> Control: tags -1 moreinfo
>
> Hi Bastien
>
> On 2024-01-05 22:35:44 +, Bastien Roucariès wrote:
> > Package: release.debian.org
> > Severity: important
> > User: release.debian
Hi,
A gentle remainder about imagemagick7 transition plan.
Many thanks for santiago to review partially it, but I need green light from
release team.
Bastien
signature.asc
Description: This is a digitally signed message part.
Source: tinyxml
Version: 2.6.2-6;1
Severity: important
Tags: security
Justification: security support
X-Debbugs-Cc: Debian Security Team
Dear Maintainer,
It seems that a fork of tinyxml is well maintained here
https://github.com/leethomason/tinyxml2
Could be possible to evaluate the switch of
Source: sudo
Severity: serious
Tags: ftbfs
Justification: yacc/lex are prefered source
Dear Maintainer,
You do not pass the --with-devel=yes configure flags thus you do not rebuild
from source autogenerated file like gram.c and gram.h from gram.y
Usually debian build from source grammar file
On Sun, 31 Dec 2023 07:14:26 +0100 Salvatore Bonaccorso
wrote:
Hi Guilhem, hi Moritz,
> Hi Guilhem, hi Moritz,
>
> On Sat, Dec 30, 2023 at 11:26:02PM +0100, Guilhem Moulin wrote:
> > On Sat, 30 Dec 2023 at 21:02:16 +0100, Felix Geyer wrote:
> > > There are some minor changes staged in the salsa
Package: release.debian.org
Severity: important
User: release.debian@packages.debian.org
Usertags: transition
X-Debbugs-CC: ftpmas...@debian.org
Imagemagick will need a new major bump
I achieved to get imagemagick 7 build for experimental (it is only on salsa not
uploaded yet).
Every
Hi,
I have just fix this CVE for buster and I want to know if you need help to
release a fix for unstable ?
The LTS fix are here https://salsa.debian.org/lts-team/packages/keystone/
Thanks
Bastien
signature.asc
Description: This is a digitally signed message part.
Hi,
I have just uploaded
Bastien
signature.asc
Description: This is a digitally signed message part.
control: reopen -1
control: found -1 5.4.0-1
control: forwarded -1
https://github.com/ansible-collections/amazon.aws/pull/1704
control: tag -1 + fixed-upstream
Hi,
This bug lie in ansible...
Reopen this bug and use the patch as fwd field.
rouca
signature.asc
Description: This is a digitally
Le lundi 13 novembre 2023, 11:18:42 UTC Markus Koschany a écrit :
> Hey,
>
> Am Montag, dem 13.11.2023 um 09:19 + schrieb Bastien Roucariès:
>
> [...]
> > Apo can I add myself to your package ? Do you care to comaintain with
> > javascript team ?
>
> I
Le samedi 11 novembre 2023, 18:22:41 UTC Bastien Roucariès a écrit :
> control: tags -1 + patch
>
> Hi,
>
> Could you apply the merge request
> https://salsa.debian.org/multimedia-team/audiofile/-/merge_requests/5 and
> made a release ?
>
> It fix the two CVE
>
control: tags -1 + patch
Hi,
Could you apply the merge request
https://salsa.debian.org/multimedia-team/audiofile/-/merge_requests/5 and made
a release ?
It fix the two CVE
Bastien
signature.asc
Description: This is a digitally signed message part.
control: tags -1 + pending
I have a merge request waiting here
Plan a NMU/7
https://salsa.debian.org/multimedia-team/sox/-/merge_requests?scope=all=opened
rouca
signature.asc
Description: This is a digitally signed message part.
Hi,
I have one package that fail actually due to this.
A CVE was fixed by coordinating a fix between rmagick and imagemagick and I
test that the CVE is closed using an autopkgtest
I believe also it is important from a security point of view to add fix for
security issue
Bastien
Package: wnpp
Severity: important
Owner: Bastien Roucariès
X-Debbugs-Cc: debian-de...@lists.debian.org
* Package name: node-envinfo
Version : 7.11.0+~cs13.4.1
Upstream Contact: https://github.com/tabrindle/envinfo#readme
https://github.com/sindresorhus/os-name
Package: dh-nodejs
Version: 0.15.15
Severity: important
Dear Maintainer,
dh-nodejs should provide dh-nodejs-autodocs
-- System Information:
Debian Release: trixie/sid
APT prefers testing-debug
APT policy: (900, 'testing-debug'), (900, 'testing')
Architecture: amd64 (x86_64)
Foreign
Package: node-minimatch
Version: 9.0.3-4
Severity: serious
Justification: FTBFS other package
Dear Maintainer,
I could not build node-envinfo due to the trick done for default export only
for require. Webpack do a mix of two and do not find the import default...
Therefore it is required to
Package: python3
Version: 3.11.4-5+b1
Severity: important
Tags: newcomer
Dear Maintainer,
I order to avoid some strange error in autopkgtest of python related package,
could be possible to recommend netbase ? It is needed for acessing
/etc/services and well known port/host
Bastien
-- System
Package: webpack
Version: 5.76.1+dfsg1+~cs17.16.16-1
Severity: important
Dear Maintainer,
I think the way to go is to split env from webpack
env need webpack to build but need a few package
Yadd what do you think ?
Bastien
signature.asc
Description: This is a digitally signed message part.
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: imagemag...@packages.debian.org
Control: affects -1 + src:imagemagick
Please remove this two transitionnal package
Thanks
Bastien
control: retitle -1 golang-github-facebook-ent: include non free font Calibre
Le mardi 24 octobre 2023, 06:13:41 UTC Cyril Brulebois a écrit :
> Hi Bastien,
>
> Bastien Roucariès (2023-10-23):
> > Source: golang-github-facebook-ent
> > Version: 0.5.4-3
> > Severi
control: retitle -1 fasttext: website is build with Docusaurus not packaged
for debian
Le mardi 24 octobre 2023, 06:41:55 UTC Andrius Merkys a écrit :
> Hi,
>
> On 2023-10-23 22:06, Bastien Roucariès wrote:
> > Source: fasttext
>
> Source package names in Subject an
control: retitle -1 node-katex: website is build with Docusaurus not packaged
for debian
Le mardi 24 octobre 2023, 06:40:59 UTC Andrius Merkys a écrit :
> Hi,
>
> On 2023-10-23 22:04, Bastien Roucariès wrote:
> > Source: node-katex
>
> Source package names in Subject an
Source: golang-github-facebook-ent
Version: 0.5.4-3
Severity: serious
Tags: ftbfs
Justification: FTBFS
Control: block -1 by 1054426
Dear Maintainer,
The documentation is build with docusaurus.
See website directory
https://sources.debian.org/src/golang-github-facebook-ent/0.5.4-3/doc/website/
Source: node-graphql
Version: 16.8.1-1
Severity: serious
Tags: ftbfs
Justification: FTBFS
Control: block -1 by 1054426
Dear Maintainer,
The documentation is build with docusaurus.
See website directory
https://sources.debian.org/src/node-graphql/16.8.1-1/website/src/pages/index.jsx/?hl=2#L2
control: reassign -1 ts-node
signature.asc
Description: This is a digitally signed message part.
Source: node-ts-jest
Version: 29.1.1+~cs0.2.6-2
Severity: serious
Tags: ftbfs
Justification: FTBFS
Control: block -1 by 1054426
Dear Maintainer,
The documentation is build with docusaurus.
See website directory
https://sources.debian.org/data/main/n/node-ts-jest/29.1.1%2B~cs0.2.6-2/website/
Source: ts-nod
Version: 10.9.1+~cs8.8.29-1
Severity: serious
Tags: ftbfs
Justification: FTBFS
Control: block -1 by 1054426
Dear Maintainer,
The documentation is build with docusaurus.
See website directory
https://sources.debian.org/src/ts-node/10.9.1%252B~cs8.8.29-1/website/
You should
Source: node-rjsf
Version: 5.6.2+~5.0.1-1
Severity: serious
Tags: ftbfs
Justification: FTBFS
Control: block -1 by 1054426
Dear Maintainer,
The documentation is build with docusaurus.
See website directory
Source: golang-entgo-ent
Version: 0.11.3-4
Severity: serious
Tags: ftbfs
Justification: FTBFS
Control: block -1 by 1054426
Dear Maintainer,
The documentation is build with docusaurus.
See website directory
https://sources.debian.org/data/main/g/golang-entgo-ent/0.11.3-4/doc/website
You should
Source: golang-ariga-atlas
Version: 0.7.2-2
Severity: serious
Tags: ftbfs
Justification: FTBFS
Control: block -1 by 1054426
Dear Maintainer,
The documentation is build with docusaurus.
See website directory
https://sources.debian.org/src/golang-ariga-atlas/0.7.2-2/doc/website/
You should
Source: node-react-redux
Version: 8.1.2+dfsg1+~cs1.2.3-1
Severity: serious
Tags: ftbfs
Justification: FTBFS
Control: block -1 by 1054426
Dear Maintainer,
The documentation is build with docusaurus.
See website directory
You should repack or package docusaurus and rebuild
Bastien
Source: node-redux
Version: 4.2.1-1
Severity: serious
Tags: ftbfs
Justification: FTBFS
Control: block -1 by 1054426
Dear Maintainer,
The documentation is build with docusaurus.
See website directory
You should repack or package docusaurus and rebuild
Bastien
signature.asc
Description: This
Source: fasttext
Version: 0.9.2+ds-5
Severity: serious
Tags: ftbfs
Justification: FTBFS
Control: block -1 by 1054426
Dear Maintainer,
The documentation is build with docusaurus.
See website directory
You should repack or package docusaurus and rebuild
Bastien
signature.asc
Description:
Source: node-katex
Version: 0.16.4+~cs6.1.0-1
Severity: serious
Tags: ftbfs
Justification: FTBFS
Control: block -1 by 1054426
Dear Maintainer,
The documentation is build with docusaurus.
See:
https://sources.debian.org/src/node-katex/0.16.4+~cs6.1.0-1/website/
You should repack or package
Source: node-puppeteer
Version: 13.4.1+dfsg-2
Severity: serious
Tags: ftbfs
Justification: FTBFS
Control: block -1 by 1054426
Dear Maintainer,
The documentation is build with docusaurus.
See:
https://sources.debian.org/src/node-puppeteer/13.4.1+dfsg-2/website/
You should repack or package
Package: wnpp
Severity: wishlist
* Package name: docusaurus
Version : 1
Upstream Contact: Facebook, Inc. and its affiliates. (Facebook, Inc. and its
affiliates.)
* URL : https://github.com/facebook/docusaurus
* License : expat
Programming Lang: javascript
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: ruby-rails-assets-punyc...@packages.debian.org
Control: affects -1 + src:ruby-rails-assets-punycode
Control: block 1051089 by -1
Please remove libjs-punycode. It is now provide by
Le dimanche 22 octobre 2023, 15:03:50 UTC Sebastian Ramacher a écrit :
> Control: tags -1 confirmed
>
> On 2023-10-22 14:51:42 +, Bastien Roucariès wrote:
> > Le dimanche 22 octobre 2023, 14:08:20 UTC Sebastian Ramacher a écrit :
> > > Hi Bastien
> > >
&
Le dimanche 22 octobre 2023, 14:08:20 UTC Sebastian Ramacher a écrit :
> Hi Bastien
>
> On 2023-10-21 20:10:47 +, Bastien Roucariès wrote:
> > Can I go ahead with imagemagick experimental ?
>
> As a year has past since the last mail to the transition bug report: did
>
Hi,
Can I go ahead with imagemagick experimental ?
Thanks
Bastien
signature.asc
Description: This is a digitally signed message part.
control: tags -1 + moreinfo
Hi,
>ruby-rails-assets-punycode depends on libjs-punycode but nothing
>builds that package. It used to be provided by the same source
>package.
I do not understand what break
libjs-punycode is provided by node-punycode
See
Source: prometheus-alertmanager
Severity: important
Dear Maintainer,
Could you package the GUI.
ELM is now under debian
Bastien
-- System Information:
Debian Release: trixie/sid
APT prefers testing-debug
APT policy: (900, 'testing-debug'), (900, 'testing')
Architecture: amd64 (x86_64)
control: owner -1 !
Control: retitle -1 ITP: grub-btrfs -- provides grub entries for btrfs
snapshots (boot environments/restore points)
Hi,
I need this package for day work (for teaching).
The kaisen linux is suitable for me to be imported and sponsored. Kaisen do you
want some sponsoring and
Le dimanche 10 septembre 2023, 04:33:06 UTC Debian Bug Tracking System a écrit :
> This is an automatic notification regarding your Bug report
> which was filed against the debian-policy package:
>
> #991984: Please document minimal environment variable needed for
> sensible-utils
>
> It has
Le dimanche 10 septembre 2023, 05:44:02 UTC Rene Engelhard a écrit :
> severity 1051474 important
>
> thanks
>
> Hi,
>
> Am 08.09.23 um 19:19 schrieb Bastien Roucariès:
> > Source: libreoffice
> > Severity: serious
> > Tags: security
> > Justifica
Source: libreoffice
Severity: serious
Tags: security
Justification: Document embdeded code copy + copyright
X-Debbugs-Cc: Debian Security Team
Dear Maintainer,
Could you document that you embded a few tar ball under the security tracker ?
For oldstable/stable/unstable
Version should be
Le vendredi 18 août 2023, 23:16:04 UTC Markus Koschany a écrit :
> Am Montag, dem 31.07.2023 um 11:56 + schrieb Bastien Roucariès:
> > Source: ublock-origin
> > Severity: serious
> > Justification: not prefered form of modification
> >
> > Dear Maintaine
control: tags -1 + patch
Hi,
Find the patch hereFrom: =?utf-8?q?Bastien_Roucari=C3=A8s?=
Date: Sun, 13 Aug 2023 14:14:09 +
Subject: CVE-2023-32627 Filter null sampling rate in VOC coder
Avoid a divide by zero and out of bound read by rejecting null sampling rate in VOC file
bug:
Hi,
This problem is fixed by CVE-2022-31650.patch
Channel could not overflow
signature.asc
Description: This is a digitally signed message part.
Source: zoneminder
Severity: serious
Justification: embded code copy
Dear Maintainer,
Your package include a copy of cake php. Could you use the packaged one ?
Thanks
signature.asc
Description: This is a digitally signed message part.
Source: umatrix
Followup-For: Bug #976697
Forwarded: https://gitlab.com/vannilla/ematrix/
Dear Maintainer,
I have asked guidance to the last fork about firefox/chromium support. If not
RM is the wayto go
Bastien
-- System Information:
Debian Release: trixie/sid
APT prefers testing-debug
Source: ublock-origin
Severity: serious
Justification: not prefered form of modification
Dear Maintainer,
src/lib include a few library that are already packaged for debian.
per se it is not a serious bug, but we should try if possible after testing to
use packaged version
The serious bug is
Source: ruby-rails-assets-punycode
Severity: serious
Justification: source is missing
Dear Maintainer,
You package node-punycode without source...
I plan to fix this
Bastien
signature.asc
Description: This is a digitally signed message part.
Source: php-horde-editor
Severity: serious
Tags: security
Justification: security reason EOL
X-Debbugs-Cc: Debian Security Team
Dear Maintainer,
ckeditor4 go to EOL since June by upstream.
You use ckeditor3. With my javascript hat maint of ckeditor I think we could
migrate your software to
Package: firefox-esr
Version: 115.0.2esr-1
Severity: important
control: clone -1 src:firefox
control: clone -1 src:chromium
Dear Maintainer,
Could you allow by providing a webext-https-everywhere and correct break
replace (versionned) a smooth upgrade for webext-https-everywhere
Source: netdata
Severity: serious
Dear Maintainer,
pako is packaged for debian as node-pako and minify now under
/usr/share/javascript/pako
Moreover the first line of your missing source show a webpack line so your
source are not on the prefered form and thus this is a serious bug
You should
Source: mediawiki
Version: 1:1.39.4-2
Severity: serious
Justification: missing source
Dear Maintainer,
resources/lib/
(https://sources.debian.org/src/mediawiki/1:1.39.4-2/resources/lib/)
include a few library already packaged for debian.
Moreover some source are missing (I have only checked
Source: novnc
Severity: serious
Justification: embed code copy
Dear Maintainer,
Your package include an embded code copy of node-pako (under vendor)
Could you please use the packaged node-pako ?
Thanks
bastien
signature.asc
Description: This is a digitally signed message part.
Source: sogo
Severity: serious
Tags: ftbfs security
Justification: FTBFS + security
X-Debbugs-Cc: Debian Security Team
Dear Maintainer,
https://sources.debian.org/src/sogo/5.8.4-1/UI/WebServerResources/js/vendor/
inlclude a few library precompiled and that seems outdated (bad from a security
Source: ldap-account-manager
Severity: serious
Tags: ftbfs security
Justification: FTBFS + security
Dear Maintainer,
Ldap-account-manager include a few vendored and outdated (without security
support) javascript library
Could you remove this depends and use packaged library
Thanks
Source: request-tracker5
Severity: serious
Tags: ftbfs
Justification: FTBFS
Control: tags -1 + security
Dear Maintainer,
https://sources.debian.org/src/request-
tracker5/5.0.3+dfsg-3/share/static/RichText/
include ckeditor outdated (with CVE) and moreover minified
Could you use the packaged
Package: node-lodash
Version: 4.17.21+dfsg+~cs8.31.198.20210220-9
Severity: important
Dear Maintainer,
Could you add lodash-es mini package to lodash
It is only running
lodash modularize exports=es -o ./
and installing to right part.
it is needed for ckeditor5
Thanks
signature.asc
control: reopen -1
control: notfound -1 19
control: reassign -1 qemu-user
control: found -1 1:8.0.2+dfsg-3
control: found -1
control: forwarded -1 https://gitlab.com/qemu-project/qemu/-/issues/1776
control: affects -1 src:isa-support
control: severity -1 important
Hi,
THis is a qemu bug mark as
1 - 100 of 551 matches
Mail list logo
