On Thu, Jun 13, 2024 at 08:17:41PM +0200, Moritz Muehlenhoff wrote:
> Thanks, these look good! Please upload to security-master, I'll take care
> of the DSA over the weekend.
Thanks for verifying, thus just uploaded to security-master. And thanks
in advance for taking care of the DSA.
Cheers,
Package: gramps
Version: 5.2.2+dfsg-0.1
Severity: grave
Justification: causes non-serious data loss
Dear Maintainer,
New version of gramps in Trixie upgrade.
Insisted on upgrading database advising to create backup without means.
Upgraded and loaded database.
Spat error, lost new record.
On 12-Jun-2024, Ben Finney wrote:
> On 11-Jun-2024, Christoph Berg wrote:
>
> > File "/usr/share/dput/dput/dput.py", line 1152, in
> > upload_files_via_method_scp
> > line.strip() for line in ssh_config_options.split("\n"))
> >
> >
Processing control commands:
> tag -1 pending
Bug #1073106 [src:swarm-cluster] swarm-cluster: replace to-be-removed markdown
build-dependency
Added tag(s) pending.
--
1073106: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073106
Debian Bug Tracking System
Contact ow...@bugs.debian.org
Control: tag -1 pending
Hello,
Bug #1073106 in swarm-cluster reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
Your message dated Fri, 14 Jun 2024 01:19:10 +
with message-id
and subject line Bug#1073104: fixed in srst2 0.2.0-12
has caused the Debian Bug report #1073104,
regarding srst2: replace to-be-removed markdown build-dependency
to be marked as done.
This means that you claim that the problem
Processing control commands:
> tag -1 pending
Bug #1073105 [src:ssake] ssake: replace to-be-removed markdown build-dependency
Added tag(s) pending.
--
1073105: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073105
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Control: tag -1 pending
Hello,
Bug #1073105 in ssake reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
Your message dated Fri, 14 Jun 2024 00:49:09 +
with message-id
and subject line Bug#1073103: fixed in scythe 0.994+git20141017.20d3cff-5
has caused the Debian Bug report #1073103,
regarding scythe: replace to-be-removed markdown build-dependency
to be marked as done.
This means that you
Processing control commands:
> tag -1 pending
Bug #1073104 [src:srst2] srst2: replace to-be-removed markdown build-dependency
Added tag(s) pending.
--
1073104: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073104
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Control: tag -1 pending
Hello,
Bug #1073104 in srst2 reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
Your message dated Fri, 14 Jun 2024 00:06:13 +
with message-id
and subject line Bug#1073095: fixed in hilive 2.0a-4
has caused the Debian Bug report #1073095,
regarding hilive: replace to-be-removed markdown build-dependency
to be marked as done.
This means that you claim that the problem
Processing control commands:
> tag -1 pending
Bug #1073103 [src:scythe] scythe: replace to-be-removed markdown
build-dependency
Added tag(s) pending.
--
1073103: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073103
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Control: tag -1 pending
Hello,
Bug #1073103 in scythe reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
Processing control commands:
> tag -1 pending
Bug #1073098 [src:libvcflib] libvcflib: replace to-be-removed markdown
build-dependency
Added tag(s) pending.
--
1073098: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073098
Debian Bug Tracking System
Contact ow...@bugs.debian.org with
Control: tag -1 pending
Hello,
Bug #1073098 in libvcflib reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
Processing control commands:
> tag -1 pending
Bug #1073095 [src:hilive] hilive: replace to-be-removed markdown
build-dependency
Added tag(s) pending.
--
1073095: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073095
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Control: tag -1 pending
Hello,
Bug #1073095 in hilive reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
Your message dated Fri, 14 Jun 2024 00:49:15 +0200
with message-id <20240614004915.0844e4e3d0aba4539f1c8...@paranoici.org>
and subject line Re: Bug#1072977: apt-listbugs 0.1.42 is broken
has caused the Debian Bug report #1072977,
regarding apt-listbugs 0.1.42 is broken
to be marked as done.
This
Your message dated Thu, 13 Jun 2024 22:04:12 +
with message-id
and subject line Bug#1073112: fixed in daemontools 1:0.76-12
has caused the Debian Bug report #1073112,
regarding daemontools: autopkgtest daemontools-run-systemd is flaky
to be marked as done.
This means that you claim that the
Processing commands for cont...@bugs.debian.org:
> merge 1073076 1073078
Bug #1073076 [src:pd-iemmatrix] pd-iemmatrix: autopkgtest regression on s390x:
failing test doesn't stop
Bug #1073076 [src:pd-iemmatrix] pd-iemmatrix: autopkgtest regression on s390x:
failing test doesn't stop
Added tag(s)
Your message dated Thu, 13 Jun 2024 21:21:43 +
with message-id
and subject line Bug#1073110: fixed in vsearch 2.28.1-2
has caused the Debian Bug report #1073110,
regarding vsearch: replace to-be-removed markdown build-dependency
to be marked as done.
This means that you claim that the
Your message dated Thu, 13 Jun 2024 21:17:35 +
with message-id
and subject line Bug#1072792: fixed in nvidia-graphics-drivers 470.256.02-1
has caused the Debian Bug report #1072792,
regarding nvidia-graphics-drivers: CVE-2024-0090, CVE-2024-0091, CVE-2024-0092
to be marked as done.
This
Hi Florian,
> Please give those packages an additional check, and feel free to just
> upload them when they indeed meet your requirements, or briefly ping me
> back for me to upload them / possibly apply further changes, whatever
> suits you best.
Thanks, these look good! Please upload to
Control: tag -1 pending
Hello,
Bug #1073110 in vsearch reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
Processing control commands:
> tag -1 pending
Bug #1073110 [src:vsearch] vsearch: replace to-be-removed markdown
build-dependency
Added tag(s) pending.
--
1073110: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073110
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Processing control commands:
> close -1 2.5-1
Bug #1073170 [src:libabigail] src:libabigail: fails to migrate to testing for
too long: uploader built arch:all binaries
Marked as fixed in versions libabigail/2.5-1.
Bug #1073170 [src:libabigail] src:libabigail: fails to migrate to testing for
too
Source: libabigail
Version: 2.4-3
Severity: serious
Control: close -1 2.5-1
Tags: sid trixie pending
User: release.debian@packages.debian.org
Usertags: out-of-sync
Dear maintainer(s),
The Release Team considers packages that are out-of-sync between testing
and unstable for more than 30
Processing control commands:
> close -1 2.31.0+dfsg-1
Bug #1073168 [src:mold] src:mold: fails to migrate to testing for too long:
FTBFS on armel
Marked as fixed in versions mold/2.31.0+dfsg-1.
Bug #1073168 [src:mold] src:mold: fails to migrate to testing for too long:
FTBFS on armel
Marked Bug
Source: mold
Version: 2.30.0+dfsg-1
Severity: serious
Control: close -1 2.31.0+dfsg-1
Tags: sid trixie ftbfs
User: release.debian@packages.debian.org
Usertags: out-of-sync
Dear maintainer(s),
The Release Team considers packages that are out-of-sync between testing
and unstable for more
Processing control commands:
> close -1 2.2.0+dfsg-3
Bug #1073167 [src:rxtx] src:rxtx: fails to migrate to testing for too long:
FTBFS nearly everywhere
Marked as fixed in versions rxtx/2.2.0+dfsg-3.
Bug #1073167 [src:rxtx] src:rxtx: fails to migrate to testing for too long:
FTBFS nearly
Source: rxtx
Version: 2.2.0+dfsg-2
Severity: serious
Control: close -1 2.2.0+dfsg-3
Tags: sid trixie
User: release.debian@packages.debian.org
Usertags: out-of-sync
Control: block -1 by 1070417
Dear maintainer(s),
The Release Team considers packages that are out-of-sync between testing
and
Processing commands for cont...@bugs.debian.org:
> found 1069163 4:20.08.3-1
Bug #1069163 {Done: Patrick Franz } [libkf5kmanagesieve5]
libkf5kmanagesieve5: CVE-2023-52723: sends password as username when
authenticating against sieve servers
Marked as found in versions libkf5ksieve/4:20.08.3-1.
Processing control commands:
> merge -1 1072779
Bug #1073165 {Done: Paul Gevers }
[src:golang-golang-x-tools] src:golang-golang-x-tools: fails to migrate to
testing for too long: triggers autopkgtest issues
Bug #1072779 {Done: Paul Gevers }
[src:golang-golang-x-tools]
Control: merge -1 1072779
Sorry for the noise, I wasn't paying enough attention that I already
filed this report earlier.
On Thu, 13 Jun 2024 22:36:00 +0200 Paul Gevers wrote:
Source: golang-golang-x-tools
Version: 1:0.19.0+ds-1
Severity: serious
Control: close -1 1:0.20.0+ds-1
Tags: sid
Processing control commands:
> close -1 3.0.0-2
Bug #1073166 [src:django-pipeline] src:django-pipeline: fails to migrate to
testing for too long: autopkgtest failure
Marked as fixed in versions django-pipeline/3.0.0-2.
Bug #1073166 [src:django-pipeline] src:django-pipeline: fails to migrate to
Source: django-pipeline
Version: 1.6.14-6
Severity: serious
Control: close -1 3.0.0-2
Tags: sid trixie
User: release.debian@packages.debian.org
Usertags: out-of-sync
Dear maintainer(s),
The Release Team considers packages that are out-of-sync between testing
and unstable for more than 30
Processing commands for cont...@bugs.debian.org:
> merge 1073076 1073078
Bug #1073076 [src:pd-iemmatrix] pd-iemmatrix: autopkgtest regression on s390x:
failing test doesn't stop
Unable to merge bugs because:
severity of #1073078 is 'serious' not 'important'
package of #1073078 is 'pd-iemmatrix'
Processing commands for cont...@bugs.debian.org:
> severity 1073076 serious
Bug #1073076 [src:pd-iemmatrix] pd-iemmatrix: autopkgtest regression on s390x:
failing test doesn't stop
Severity set to 'serious' from 'important'
> thanks
Stopping processing here.
Please contact me if you need
Processing commands for cont...@bugs.debian.org:
> reassign 1073078 src:pd-iemmatrix
Bug #1073078 [pd-iemmatrix] puredata breaks pd-iemmatrix autopkgtest: it now
times out
Bug reassigned from package 'pd-iemmatrix' to 'src:pd-iemmatrix'.
Ignoring request to alter found versions of bug #1073078
Source: golang-golang-x-tools
Version: 1:0.19.0+ds-1
Severity: serious
Control: close -1 1:0.20.0+ds-1
Tags: sid trixie
User: release.debian@packages.debian.org
Usertags: out-of-sync
Dear maintainer(s),
The Release Team considers packages that are out-of-sync between testing
and unstable
Processing control commands:
> close -1 1:0.20.0+ds-1
Bug #1073165 [src:golang-golang-x-tools] src:golang-golang-x-tools: fails to
migrate to testing for too long: triggers autopkgtest issues
Marked as fixed in versions golang-golang-x-tools/1:0.20.0+ds-1.
Bug #1073165
Processing commands for cont...@bugs.debian.org:
> found 1073152 0.3.3-1
Bug #1073152 [ruby-xmlrpc] ruby-xmlrpc 0.3.3-1 has a file conflict with
conserver-client
Marked as found in versions ruby-xmlrpc/0.3.3-1.
> notfound 1073152 0.3.2-2
Bug #1073152 [ruby-xmlrpc] ruby-xmlrpc 0.3.3-1 has a file
Package: yojson-tools
Version: 2.2.1-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts fileconflict
Hi,
during a test with piuparts I noticed your package fails to upgrade from
'testing'.
It installed fine in 'testing', then the upgrade to 'sid' fails
because it tries to
I know about this issue and have created a patch for it:
https://salsa.debian.org/rust-team/debcargo-conf/-/commit/59345de27bee1925390fe36301803e460a80d51a
However, I cannot get debcargo to build a new source-only package with that
patch included.
Anybody may upload a new revision to fix this
Your message dated Thu, 13 Jun 2024 17:50:40 +
with message-id
and subject line Bug#1072847: fixed in lacme 0.8.3-1
has caused the Debian Bug report #1072847,
regarding lacme: Post-issuance validation fails in the default configuration
to be marked as done.
This means that you claim that the
On 6/12/24 22:25, Paul Pfeister wrote:
Any opposition to naming the importable package `sherlocklib`?
The installable package (via apt) would presumably remain `sherlock`
The importable module (via python) would become `sherlocklib`
The binary exec would remain `sherlock`
Fine for me, as long
Source: rust-yoke
Version: 0.7.3-1
Severity: serious
X-Debbugs-CC: sylves...@debian.org
Control: block -1 by 1073146
librust-yoke-dev is uninstallable because it has Depends:
librust-yoke-derive-0.7-dev
It also has unsatisfiable Depends: librust-zerofrom-0.1+derive-dev
(see the blocking bug)
Processing control commands:
> block -1 by 1073146
Bug #1073151 [src:rust-yoke] rust-yoke: unsatisfiable dependency
librust-yoke-derive-0.7-dev
1073151 was not blocked by any bugs.
1073151 was not blocking any bugs.
Added blocking bug(s) of 1073151: 1073146
--
1073151:
On 6/10/24 23:43, Paul Pfeister wrote:
When building the rpm, I named the (rpm) package sherlock-project to
have parity with PyPI, due to the same conflicting package. The
importable module is still simply sherlock, however, which is _less than
ideal_, and should probably be addressed.
With
Package: ruby-xmlrpc
Version: 0.3.2-2
Severity: serious
Dear Maintainer,
ruby-xmlrpc 0.3.3-1 ships a new file named /usr/bin/console
This file already exists in another package named conserver-client.
Conserver has been shipping this binary for a very long time. (probably
since 2001 when that
Your message dated Thu, 13 Jun 2024 14:51:32 +
with message-id
and subject line Bug#1042737: fixed in libzstd 1.5.6+dfsg-1
has caused the Debian Bug report #1042737,
regarding libzstd build fails when using "dpkg-buildpackage -us -uc -ui -F"
to be marked as done.
This means that you claim
Processing commands for cont...@bugs.debian.org:
> reassign 1073078 pd-iemmatrix
Bug #1073078 [src:puredata, src:pd-iemmatrix] puredata breaks pd-iemmatrix
autopkgtest: it now times out
Bug reassigned from package 'src:puredata, src:pd-iemmatrix' to 'pd-iemmatrix'.
No longer marked as found in
Source: rust-zerofrom
Version: 0.1.3-1
Severity: serious
X-Debbugs-CC: sylves...@debian.org
librust-zerofrom-dev is uninstallable because it has Depends:
librust-zerofrom-derive-0.1-dev
This issue is preventing rust-zerofrom from reaching Testing.
https://tracker.debian.org/pkg/rust-zerofrom
Source: rust-bcrypt
Version: 0.15.1-1
Severity: serious
Control: affects -1 src:rust-getrandom
X-Debbugs-CC: b...@debian.org
librust-bcrypt-dev is uninstallable because it has Depends:
librust-getrandom-0.2+js-dev
While rust-getrandom 0.2 is packaged in Debian,
librust-getrandom-0.2+js-dev is
Processing control commands:
> affects -1 src:rust-getrandom
Bug #1073145 [src:rust-bcrypt] rust-bcrypt: unsatisfiable dependency
librust-getrandom-0.2+js-dev
Added indication that 1073145 affects src:rust-getrandom
--
1073145: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073145
Debian
Processing commands for cont...@bugs.debian.org:
> found 1072847 0.8.0-2+deb11u1
Bug #1072847 [lacme] lacme: Post-issuance validation fails in the default
configuration
Marked as found in versions lacme/0.8.0-2+deb11u1.
> found 1072847 0.8.2-1
Bug #1072847 [lacme] lacme: Post-issuance validation
Package: lua-vips
Version: 1.1.11-3
Severity: serious
Tags: ftbfs
Justification: fails to build from source
Failing build log:
https://buildd.debian.org/status/fetch.php?pkg=lua-vips=mips64el=1.1.11-3=1718268467=0
I have yet to reproduce on a porter box, but it seems it's a bug in luajit.
Your message dated Thu, 13 Jun 2024 13:20:54 +
with message-id
and subject line Bug#1073102: fixed in rtpengine 11.5.1.25-1
has caused the Debian Bug report #1073102,
regarding rtpengine: replace to-be-removed markdown build-dependency
to be marked as done.
This means that you claim that the
Processing commands for cont...@bugs.debian.org:
> limit source composer
Limiting to bugs with field 'source' containing at least one of 'composer'
Limit currently set to 'source':'composer'
> tags 1073126 + pending
Bug #1073126 [src:composer] composer: CVE-2024-35242: Multiple command
Your message dated Thu, 13 Jun 2024 10:49:12 +
with message-id
and subject line Bug#1073125: fixed in composer 2.7.7-1
has caused the Debian Bug report #1073125,
regarding composer: CVE-2024-35241: Command injection via malicious git branch
name
to be marked as done.
This means that you
Your message dated Thu, 13 Jun 2024 10:49:12 +
with message-id
and subject line Bug#1073126: fixed in composer 2.7.7-1
has caused the Debian Bug report #1073126,
regarding composer: CVE-2024-35242: Multiple command injections via malicious
git/hg branch names
to be marked as done.
This
Hello,
I just updated the NEWS file. I hope it's OK now, but any potential improvement
is welcome.
Mt
Le jeudi 13 juin 2024 à 01:09 +0200, Guillem Jover a écrit :
> On Thu, 2024-06-13 at 00:45:14 +0200, Martin Quinson wrote:
> > Le jeudi 13 juin 2024 à 00:29 +0200, Guillem Jover a écrit :
> > >
Processing commands for cont...@bugs.debian.org:
> severity 1072643 normal
Bug #1072643 {Done: Martin Quinson } [po4a]
Regression: po4a fails on valid non-utf8 file
Severity set to 'normal' from 'serious'
> reopen 1072643
Bug #1072643 {Done: Martin Quinson } [po4a]
Regression: po4a fails on
severity 1072643 normal
reopen 1072643
thanks
Note: The commands from Helge did not work, I'm reopening as "normal".
Thanks.
Hello Martin.
Please disregard the severity aspect of this bug. The RC status
was just an artifact of a FTBFS bug being reassigned to another
package. I agree that it would have been better to downgrade at
the same time of doing the reassign.
Everything we ask (Helge and I) is that this is
reopen 1072643
severity 1072643 important
found 1072643 0.72
thanks
Hello Martin,
Am Thu, Jun 13, 2024 at 12:26:53AM +0200 schrieb Martin Quinson:
> I think that the fix applied to #1072594 (recoding the input file from latin-1
> to UTF-8) was not necessary. Changing the config of po4a to
Adding the dnsmasq maintainer in CC.
to 13. kesäk. 2024 klo 11.39 Paul Gevers (elb...@debian.org) kirjoitti:
> On 13-06-2024 3:36 a.m., Martin-Éric Racine wrote:
> > Subsequent ones randomly timeout waiting for an IP from the DHCP
> > server. This could well be an issue with dnsmasq, which is
Hi,
On 13-06-2024 3:36 a.m., Martin-Éric Racine wrote:
https://ci.debian.net/packages/d/dhcpcd/unstable/amd64/
I was looking at https://ci.debian.net/packages/d/dhcpcd/testing/amd64/
Most of these pre-date your previous bug report (#1069599) about the
missing Depends on systemd-timesyncd
Processing commands for cont...@bugs.debian.org:
> tags 1061159 + sid trixie
Bug #1061159 [src:sdaps] sdaps: FTBFS: command 'sdaps_clean_i18n' has no such
option 'all'
Added tag(s) sid and trixie.
> notfixed 1056496 1.2-6
Bug #1056496 {Done: Emmanuel Arias } [src:python-pyknon]
python-pyknon's
Hi Francesco,
I'm very sorry, this bug was my fault. I have installed some gems
globally (in /var/lib/gems/3.1.0/). The library hhtpclient 2.8.3 was
also installed as a gem. And since I uninstall it your little script
works. So the "bug" is solved. I should have started with that.
I installed
Source: clamav
Version: 1.3.1+dfsg-3
Severity: serious
tags: patch
Hello, in Ubuntu, where the kernel is configured to forbid unaligned accesses
on armhf, the package FTBFS
(this should be reproducible also on some Debian buildd machines, this is why
I'm reporting as serious severity)
example
Source: composer
Version: 2.7.6-3
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for composer.
CVE-2024-35242[0]:
| Composer is a dependency manager for PHP. On the
Source: composer
Version: 2.7.6-3
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for composer.
CVE-2024-35241[0]:
| Composer is a dependency manager for PHP. On the
74 matches
Mail list logo
