please check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
exhaustive so please check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
': No such file
or directory
Provides a writable temporary home directory to gpg to avoid the error.
Signed-off-by: Chris Lamb
(this message was generated automatically)
--
Greetings
https://bugs.debian.org/913930
u, I have not seen this one. This test was not changed recently;
> neither was the associated check 'manpages.pm'.
Mm, this appears to be caused by the recent groff 1.22.4-1 upload to
unstable. Cloning, etc.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
.
This is in no way exhaustive so please check over the entire package
carefully and address these on your next upload.
(Please also clarify in debian/rules why you disable the testsuite
there.)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
cro `dep' not defined
> > (possibly missing space after `de')
I don't recall seeing one for these.
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Hi Esteban,
> This bug was already fixed, but I have a question. How do you find the
Just good ol' GNU grep. :)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
exhaustive so please check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
.
This is in no way exhaustive so please check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
please check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
loper"?
(This is in no way exhaustive so please check over the entire package
carefully and address these on your next upload.)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
so please check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
.
This is in no way exhaustive so please check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Chris Lamb wrote:
> Vincent Danjean wrote:
>
> > However, the git does not seem to have been moved to salsa.
>
> I fixed a number of CVEs recently and I would love to push my changes
> to suitable branches. Can the PEAR maintainers please migrate this
> repo ASAP
/scratchpad.py.
This is in no way exhaustive so please check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Chris Lamb wrote:
> > However, the git does not seem to have been moved to salsa.
>
> I fixed a number of CVEs recently and I would love to push my changes
> to suitable branches. Can the PEAR maintainers please migrate this
> repo ASAP?
Gentle ping on this folks?
.
This is in no way exhaustive so please check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Control: tag -1 pending
Hello,
Bug #915626 in python-django reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
://code.djangoproject.com/ticket/30016
… but it might an upstream SQLite bug. Laszlo, any ideas at this stage?
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
found 906609 1:3.3-2
thanks
(Tagging with correct version...)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
"long long", therefore has a sizeof==8, but […]
Hm, unfortunately this is outside of my wheelhouse... May I suggest
contacting the MIPS porters? Again, would really love to see gnucash
released in buster...
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Chris Lamb wrote:
> $ PYTHONPATH=.. python3 ./runtests.py --parallel=1 --failfast
> […]
> Testing against Django installed in '/home/lamby/git/debian/python-
> team/modules/python-django/django'
> Creating test database for alias 'default'...
> Creating test databas
go/django'
Creating test database for alias 'default'...
Creating test database for alias 'other'...
System check identified no issues (0 silenced).
.
--
Ran 1 test in 0.020s
OK
(Note that this is an entirely diffe
(my?) drive-thru comments on IRC.)
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Control: tag -1 pending
Hello,
Bug #891753 in python-django reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below, and you can check the diff of the fix at:
patch files explicitly.
Refer to https://bugs.debian.org/904302 and https://lists.debian.org/
debian-devel-announce/2018/11/msg4.html for more details.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
or to conditionally patch files explicitly.
Refer to https://bugs.debian.org/904302 and https://lists.debian.org/
debian-devel-announce/2018/11/msg4.html for more details.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
ccordingly.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
(from 1:2.6.19-1)
Is there a bug for this? (Would you like one?)
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
pstream; can we make a new upload to Debian?
gnucash has been out of testing for a while, alas. :(
(Not tagging /this/ bug as "fixed-upstream" as it's a separate issue AIUI...)
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Control: tag -1 pending
Hello,
Bug #913005 in ruby-rack reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below, and you can check the diff of the fix at:
block 913005 by 914184
thanks
Hi Salvatore,
> I think those will be no-dsa and can be adressed via a point release
Thanks, filed as: #914184.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Control: tag -1 pending
Hello,
Bug #913005 in ruby-rack reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below, and you can check the diff of the fix at:
forcemerge 914074 914129
thanks
I believe this is a duplicate of:
https://bugs.debian.org/914074
(Please continue any discussion there.)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Chris Lamb wrote:
> Security team, like ruby-i18n, I would be more than happy to prepare
> and upload a stable security upload of this package when addressing
> it in jessie LTS.
[…]
> Ruby team, again, I could easily upload to sid at the same time. Let
> me know here to
will come back with a debdiff.
Ruby team, again, I could easily upload to sid at the same time. Let
me know here too.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
"debian/1.7.2+dfsg-2+deb8u1".
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
> and CVE-2018-10874, then.
Cool. I will therefore leave this with the stable security team for
now but will handle CVE-2018-16837 in jessie LTS.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
(Forwarding for completeness)
- Original message -
From: Moritz Mühlenhoff
To: Chris Lamb
Cc: "Manuel A. Fernandez Montecelo" ,
t...@security.debian.org
Subject: Re: Bug#912617: libsdl2-image: CVE-2018-3977: do_layer_surface code
execution vulnerability
Date: Wed, 7 Nov 201
Chris Lamb wrote:
> * Uploaded libsdl2-image 2.0.3+dfsg1-3 to fix #912617 in sid.
>
> * Uploaded sdl-image1.2 1.2.12-10 to sid to fix #912618 in sid.
>
> I will address jessie in the next day or so, although I think I
> would prefer to attack stable first.
Security team,
Chris Lamb wrote:
> > File conflict between redis-server-dbgsym and redis-tools-dbgsym
>
> This (still) affects stable but I fear the fix:
>
> redis (4:4.0.0-2) unstable; urgency=medium
>
>* Make /usr/bin/redis-server in the main redis-server package a symlink
o, I've:
* Uploaded libsdl2-image 2.0.3+dfsg1-3 to fix #912617 in sid.
* Uploaded sdl-image1.2 1.2.12-10 to sid to fix #912618 in sid.
I will address jessie in the next day or so, although I think I
would prefer to attack stable first.
Regards,
--
,''`.
: :' : Chris Lam
egards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
I can also work on the
stable/sid releases too if you wish; please let me know.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
--- libsdl2-image-2.0.1+dfsg.orig/IMG_xcf.c
+++ libsdl2-image-2.0.1+dfsg/IMG_xcf.c
@@ -637,6 +637,9 @@
Chris Lamb wrote:
> Security team: This still affects stretch and jessie [unless]
> I'm missing something - would you like me to prepare an upload for
> stable? I'm happy to take the LTS side of things.
Gentle ping on this?
Regards,
--
,''`.
: :' : C
nd jessie as I unless
I'm missing something - would you like me to prepare an upload for
stable? I'm happy to take the LTS side of things.
(If so Ivo, can I push these to some VCS? I note it is in collab-
maint but I thought I might check...)
Best wishes,
--
,''`.
: :' : C
VE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-16837
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16837
Regards,
--
,''`.
: :' : Chris Lamb
| 1 +
2 files changed, 21 insertions(+)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
affects 911767 lastpass-cli
block 898940 by 911767
thanks
Hi,
> error: Peer certificate cannot be authenticated with given CA
> certificates
An request to update the "stable" distribution has been filed
as #911767.
Regards,
--
,''`.
: :' : Chris Lamb
* future lastpass root CA (GlobalSign R3) */
+ "cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A=",
/* future lastpass.com primary (leaf) */
"0hkr5YW/WE6Nq5hNTcApxpuaiwlwy5HUFiOt3Qd9VBc=",
/* future lastpass.com backup (leaf) */
Regards,
--
,''`.
ses: #868551)
… is too invasive for a stable update. The version in stable is a
little outdated anyway, and the backport is recommended anyway…
Thoughts?
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
d
Attempted"...)
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
libfiu.0.97-1.sid.i386.log.txt.gz
Description: Binary data
exhaustive so please check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
please check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
.
This is in no way exhaustive so please check over the entire package
carefully and address these on your next upload.
(I'd also prefer to see an inline comment why you disable the testsuite.)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
exhaustive so please check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
includes six.py etc. etc.)
This is in no way exhaustive so please check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
exhaustive so please check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
exhaustive so please check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
, etc.
This is in no way exhaustive so please check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
so please check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
.
This is in no way exhaustive so please check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
ying & checking!
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
.
This is in no way exhaustive so please check over the entire package
carefully and address these on your next upload.
(It would also be nice to see privacy-breach-generic addressed.)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
exhaustive so please check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
.
This is in no way exhaustive so please check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
.
This is in no way exhaustive so please check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Hi,
> gnucash: FTBFS on mips/sid: Segmentation fault
Gentle ping on this? gnucash is not currently in testing (!).
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-16984
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16984
Regards,
--
,''`.
: :
d8773572df43f5
Great stuff; thanks! The only thing I would add would be something that
explicitly addresses the the "freeware" term - it is a bit of a
"trigger word" for people looking for DFSG violations.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
.
This is in no way exhaustive so please check over the entire package
carefully and address these on your next upload.
(It would also be great if you used the "real" DEP-5 style? You are so
close as it is, after all.)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@
ht and almost-literally copy your (own) words, ie.:
> This is only a comment, copied from the PCL sources (and I believe not
> even true over there).
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
as "freeware" (!= is this even DFSG-free software?).
This is in no way exhaustive so please check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
exhaustive so please check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
, as I highlight above, a new version might contain different files
in this directory?
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
probably just resurface or require
a different wildcard in the future.
Why not just repack the tarball properly to remove "site/"?
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
rds,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Hi,
> > Sorry, please provide a .dsc; I am very busy, alas...
>
> Understood...
No, sorry, please provide a HTTP-accessible link to .dsc with all the
sources, etc. Just like a regular sponsor request…
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la..
dard git-buildpackage
> workflow.
Sorry, please provide a .dsc; I am very busy, alas...
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
an ask the rest of your team?
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
(?).
This is in no way exhaustive so please check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
kg-voip-team/kamailio/tree/stretch-security
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Hi security team,
> kamailo: CVE-2018-16657
Would you like me to prepare a stretch-security debdiff for
this issue?
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
cker/CVE-2018-16657
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16657
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Control: tag -1 pending
Hello,
Bug #906348 in django-prometheus reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below, and you can check the diff of the fix at:
severity 830215 important
thanks
I'm lowering severity as violating a "may not" is not an RC bug as per
Policy § 1.1.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
severity 830214 important
thanks
I'm lowering severity as violating a "may not" is not an RC bug as per
Policy §1.1.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
ot;, which apparently violates DFSG §6:
https://lists.debian.org/debian-devel/2018/08/msg00319.html
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
debian.org/status/fetch.php?pkg=gnucash=s390x=1%3A3.2-1=1530791265=0
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
gnucash.1:3.2-1.sid.mips.log.txt.gz
Description: Binary data
ks OK to me, please upload to security-master.
Uploaded to security-master.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
low. (CVE-2015-9262) Closes: #906012)
-- Chris Lamb Mon, 13 Aug 2018 09:09:13 +0200
Full debdiff attached. Permission to upload to stretch-security?
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
diffstat for libxcursor_1.1.1
/CVE-2015-9262
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9262
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
for at least
Sun Microsystems, Nokia, Network Resonance, etc. etc.
This is in no way exhaustive so please check over the entire package
carefully and address these on your next upload.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
over the entire package
carefully and address these on your next upload. :)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Control: tag -1 pending
Hello,
Bug #905765 in django-prometheus reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below, and you can check the diff of the fix at:
301 - 400 of 2916 matches
Mail list logo