On Mon, Oct 15, 2012 at 05:38:37AM -0400, Reinhard Tartler wrote:
> > None of these are merged into 0.5.x, has the code diverged so much?
>
> I arrived only today from my two week trip and will work on backports
> for 0.7-0.5 this week. Sorry for the delay.
Merry christmas Reinhard,
did you have
On Sat, Dec 08, 2012 at 11:32:57AM +0100, Didier Raboud wrote:
> Le samedi, 8 décembre 2012 09.12:20, Yves-Alexis Perez a écrit :
> > On sam., 2012-12-08 at 01:58 +0100, Didier 'OdyX' Raboud wrote:
> > >
> > > I propose to get CVE-2012-5519 (#692791) fixed with the attached debdiff.
> > >
> > To
On Thu, Nov 08, 2012 at 10:40:19PM +0100, Pierre Chifflier wrote:
> On Thu, Nov 08, 2012 at 08:03:35AM +0100, Moritz Muehlenhoff wrote:
> > Package: trousers
> > Severity: grave
> > Tags: security
> > Justification: user security hole
> >
> > Please see here for details:
> > https://bugzilla.redha
severity 687485 important
thanks
On Sat, Oct 13, 2012 at 10:00:01AM +0100, Nicholas Bamber wrote:
> On 10/10/12 23:27, Nicholas Bamber wrote:
> > The patch did not compile as expected. I've been bogged down with other
> > packages. However I expect to have another go next week and look at
> > fixi
On Fri, Dec 28, 2012 at 05:03:25PM +0100, Pierre Chifflier wrote:
> >
> > Sorry for the late reply. This seems to have fallen through the cracks
> > and I'm currently catching up with old mail.
> >
> > I think this doesn't warrant a DSA, but could you fix this through
> > a stable point update?
>
On Fri, Dec 28, 2012 at 06:40:29PM +0100, Didier 'OdyX' Raboud wrote:
> Le jeudi, 27 décembre 2012 20.43:12, Moritz Mühlenhoff a écrit :
> > AFAICS can there haven't been any regressions, can we should go ahead with
> > the update now.
>
> EPARSE
I meant: No
On Tue, Jan 08, 2013 at 02:45:59AM +0200, Tzafrir Cohen wrote:
> Hi,
>
> On Wed, Jan 02, 2013 at 10:56:43PM +0100, Salvatore Bonaccorso wrote:
> > Package: asterisk
> > Severity: grave
> > Tags: security
> > Justification: user security hole
> >
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SH
On Sat, Jan 12, 2013 at 12:30:11AM +, Debian Bug Tracking System wrote:
> This is an automatic notification regarding your Bug report
> which was filed against the mysql-5.5 package:
>
> #695001: mysql-5.5: New MySQL issues
>
> It has been closed by Nicholas Bamber .
>
> Their explanation is
On Fri, Jan 11, 2013 at 03:56:25PM +, Jonathan Wiltshire wrote:
> Control: found -1 3.2.1-2
>
> On 2013-01-11 13:50, Moritz Muehlenhoff wrote:
> >Package: nagios3
> >Severity: grave
> >Tags: security
> >Justification: user security hole
> >
> >This was assigned CVE-2012-6096:
> >
> >http://arc
On Fri, Feb 01, 2013 at 10:09:34PM +, Jonathan Wiltshire wrote:
> On Sun, Jan 20, 2013 at 08:49:26PM +0100, Moritz Mühlenhoff wrote:
> > On Fri, Jan 11, 2013 at 03:56:25PM +, Jonathan Wiltshire wrote:
> > > Control: found -1 3.2.1-2
> > >
> > > On
On Sat, Jan 26, 2013 at 11:26:27AM +, Adam D. Barratt wrote:
> On Sun, 2013-01-13 at 11:53 -0800, Clint Byrum wrote:
> > According to this blog post by Stewart Smith:
> >
> > http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/
> >
> > It loo
On Sun, Jan 27, 2013 at 11:45:06AM +0200, Timo Aaltonen wrote:
> On 26.01.2013 23:06, Salvatore Bonaccorso wrote:
> >Hi Timo
> >
> >On Thu, Jan 24, 2013 at 08:46:43PM +0200, Timo Aaltonen wrote:
> >>On 24.01.2013 20:30, Moritz Muehlenhoff wrote:
> >>>Package: sssd
> >>>Severity: grave
> >>>Tags: se
Source: sox
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for sox.
CVE-2022-39236[0]:
| Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript.
| Starting with version 17.1.0-rc.1, improperly formed beacon eve
Source: barbican
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for barbican.
CVE-2022-3100[0]:
access policy bypass via query string injection
Only reference so far is Red Hat Bugzilla:
https://bugzilla.redhat.com/show_bug.cg
Source: php8.1
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for php8.1.
CVE-2022-31628[0]:
| In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar
| uncompressor code would recursively uncompress "quines" gzip files,
Source: libmodbus
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for libmodbus.
CVE-2022-0367[0]:
| A heap-based buffer overflow flaw was found in libmodbus in function
| modbus_reply() in src/modbus.c.
https://bugzilla.redhat
Source: nomad
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for nomad.
CVE-2021-37218[0]:
| HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server
| agents with a valid certificate signed by the same CA to ac
Source: python-opcua
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for python-opcua.
CVE-2022-25304[0]:
| All versions of package opcua; all versions of package asyncua are
| vulnerable to Denial of Service (DoS) due to a miss
Source: snort
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for snort.
These all lack details, but all boil down to the fact Snort needs
to be updated:
CVE-2020-3315[0]:
| Multiple Cisco products are affected by a vulnerab
Source: strongswan
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for strongswan.
CVE-2022-40617[0]:
https://www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-(cve-2022-40617).html
Patch: https://download.strongswan.
Source: pngcheck
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for pngcheck.
CVE-2020-35511[0]:
| A global buffer overflow was discovered in pngcheck function in
| pngcheck-2.4.0(5 patches applied) via a crafted png file.
Onl
Source: lava
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for lava.
CVE-2022-42902[0]:
| In Linaro Automated Validation Architecture (LAVA) before 2022.10,
| there is dynamic code execution in lava_server/lavatable.py. Due to
Source: nekohtml
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for nekohtml.
CVE-2022-24839[0]:
| org.cyberneko.html is an html parser written in Java. The fork of
| `org.cyberneko.html` used by Nokogiri (Rubygem) raises a
| `
Source: commons-text
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for commons-text.
CVE-2022-42889[0]:
| Apache Commons Text performs variable interpolation, allowing
| properties to be dynamically evaluated and expanded. The
Am Thu, Oct 13, 2022 at 09:36:09PM +0200 schrieb Markus Koschany:
> Hi,
>
> I just had a go at this issue and I discovered that libxalan2-java in Debian
> is
> not affected but rather bcel.
>
> https://tracker.debian.org/pkg/bcel
>
> The fixing commit in OpenJDK addresses the same code which is
Source: tiff
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for tiff.
CVE-2022-3627[0]:
| LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in
| libtiff/tif_unix.c:346 when called from extractImageSection,
| tools/tiff
reassign 926276 ftp.debian.org
retitle 926276 RM: guacamole-client -- RoQA; unmaintained, RC-buggy, open
security issues, dropping from testing since 2017
severity 926276 normal
thanks
Am Tue, Apr 02, 2019 at 10:04:34PM +0200 schrieb Moritz Muehlenhoff:
> Source: guacamole-client
> Severity: seri
Am Mon, Jan 16, 2023 at 12:46:37PM + schrieb Didier 'OdyX' Raboud:
> > I understand that would be annoying for you, but I don't think that it would
> > affect the majority of our users.
>
> Hrm. More and more laptops come with usb-c only, and dongles/docks become more
> and more common.
>
> I
Source: mysql-8.0
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for mysql-8.0.
All fixed in 8.0.32.
CVE-2023-21863[0]:
| Vulnerability in the MySQL Server product of Oracle MySQL (component:
| Server: Optimizer). Supported
Source: virtualbox
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for virtualbox.
Fixed in 7.0.6
CVE-2023-21884[0]:
| Vulnerability in the Oracle VM VirtualBox product of Oracle
| Virtualization (component: Core). Supported
Source: swift
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for swift.
CVE-2022-47950:
OSSA-2023-001: Arbitrary file access through custom S3 XML entities
Sébastien Meriot (OVH) reported a vulnerability in Swift's S3 XML
pars
Source: curl
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for curl.
CVE-2023-23914
curl: HSTS ignored on multiple requests
https://curl.se/docs/CVE-2023-23916.html
CVE-2023-23915
curl: HSTS amnesia with --parallel
https:/
Source: hdf5
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for hdf5. The reports
mentioned a vendor disclosure, but not sure when/how.
CVE-2022-26061[0]:
| A heap-based buffer overflow vulnerability exists in the gif2h5
| f
Source: emacs
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for emacs.
CVE-2022-48339[0]:
| An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has
| a command injection vulnerability. In the hfy-istext-comman
Source: upx-ucl
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for upx-ucl.
CVE-2023-23457[0]:
| A Segmentation fault was found in UPX in
| PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with
| a crafted input
Source: py7zr
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for py7zr.
CVE-2022-40152[0]:
| Those using Woodstox to parse XML data may be vulnerable to Denial of
| Service attacks (DOS) if DTD support is enabled. If the parser
Source: asterisk
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for asterisk.
CVE-2022-23537[0]:
| PJSIP is a free and open source multimedia communication library
| written in C language implementing standard based protocol
Source: libheif
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for libheif.
CVE-2023-0996[0]:
| There is a vulnerability in the strided image data parsing code in the
| emscripten wrapper for libheif. An attacker could exploit
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2022-3222[0]:
| Uncontrolled Recursion in GitHub repository gpac/gpac prior to
| 2.1.0-DEV.
https://huntr.dev/bounties/b29c69fa-3eac-41e4-9d4f-d861ab
Source: upx-ucl
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for upx-ucl.
CVE-2023-23456[0]:
| A heap-based buffer overflow issue was discovered in UPX in
| PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to
|
Source: libengine-gost-openssl1.1
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for libengine-gost-openssl1.1.
CVE-2022-29242[0]:
| GOST engine is a reference implementation of the Russian GOST crypto
| algorithms for OpenSSL.
Source: apache2
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for apache2.
CVE-2022-31813[0]:
| Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-*
| headers to the origin server based on client side Connec
Source: exo
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for exo.
CVE-2022-32278[0]:
| XFCE 4.16 allows attackers to execute arbitrary code because xdg-open
| can execute a .desktop file on an attacker-controlled FTP server.
Am Thu, Jun 30, 2022 at 02:16:55PM +0200 schrieb Santiago Vila:
> Dear Steven and Mark:
>
> I plan to apply the attached patches (from Enrico Zini) to fix CVE-2022-0529
> and CVE-2022-0530 in Debian unzip, but before doing so I would like to have
> some feedback from upstream (i.e. you) or either
Source: nomacs
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for nomacs.
CVE-2020-23884[0]:
| A buffer overflow in Nomacs v3.15.0 allows attackers to cause a denial
| of service (DoS) via a crafted MNG file.
https://github.co
Source: bitcoin
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for bitcoin.
CVE-2021-31876[0]:
| Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the
| replacement policy specified in BIP125, which makes it easier
Source: radare2
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for radare2.
CVE-2022-1714[0]:
| Heap-based Buffer Overflow in GitHub repository radareorg/radare2
| prior to 5.7.0. The bug causes the program reads data past t
Source: guzzle
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for guzzle.
CVE-2022-31090[0]:
| Guzzle, an extensible PHP HTTP client. `Authorization` headers on
| requests are sensitive information. In affected versions when
Source: dlt-daemon
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for dlt-daemon.
CVE-2022-31291[0]:
| An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows
| attackers to cause a double free via crafted TCP packets
Source: squirrel3
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for squirrel3.
CVE-2022-30292[0]:
| Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due to
| lack of a certain sq_reservestack call.
https://github.c
Am Mon, Mar 08, 2021 at 09:05:22AM + schrieb Mike Gabriel:
> Hi Salvatore,
>
> On Sa 06 Mär 2021 20:31:46 CET, Salvatore Bonaccorso wrote:
>
> > Hi,
> >
> > On Wed, Apr 03, 2019 at 12:27:25PM +, Mike Gabriel wrote:
> > > Hi Moritz,
> > >
> > > On Di 02 Apr 2019 22:04:34 CEST, Moritz M
Source: ruby-sinatra
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for ruby-sinatra.
CVE-2022-29970[0]:
| Sinatra before 2.2.0 does not validate that the expanded path matches
| public_dir when serving static files.
https://g
Source: ruby-kubeclient
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for ruby-kubeclient.
CVE-2022-0759[0]:
| A flaw was found in all versions of kubeclient up to (but not
| including) v4.9.3, the Ruby client for Kubernetes R
Source: dojo
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for dojo.
CVE-2021-23450[0]:
| All versions of package dojo are vulnerable to Prototype Pollution via
| the setObject function.
https://github.com/advisories/GHSA-m8g
Source: ruby-yajl
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for ruby-yajl.
CVE-2022-24795[0]:
| yajl-ruby is a C binding to the YAJL JSON parsing and generation
| library. The 1.x branch and the 2.x branch of `yajl` contai
Source: ruby-jmespath
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for ruby-jmespath.
CVE-2022-32511[0]:
| jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a
| situation where JSON.parse is preferable.
http
Source: openexr
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for openexr.
CVE-2021-3933[0]:
| An integer overflow could occur when OpenEXR processes a crafted file
| on systems where size_t < 64 bits. This could cause an i
Am Sat, Dec 18, 2021 at 03:46:28PM +0100 schrieb Markus Koschany:
> Renpy still has not been ported to Python 3 yet. The status of renpy and other
> Python 2 games was previously discussed on debian-devel-games.
>
> https://lists.debian.org/debian-devel-games/2020/12/msg00013.html
>
> A removal r
Source: dogtag-pki
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for dogtag-pki.
CVE-2022-2414[0]:
https://bugzilla.redhat.com/show_bug.cgi?id=2104676
https://github.com/dogtagpki/pki/pull/4021
https://github.com/dogtagpki/pk
Source: onionshare
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for onionshare.
CVE-2021-41867[0]:
| An information disclosure vulnerability in OnionShare 2.3 before 2.4
| allows remote unauthenticated attackers to retriev
Source: mruby
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for mruby.
CVE-2021-46020[0]:
| An untrusted pointer dereference in mrb_vm_exec() of mruby v3.0.0 can
| lead to a segmentation fault or application crash.
https:/
Source: asterisk
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for asterisk.
CVE-2022-24764[0]:
| PJSIP is a free and open source multimedia communication library
| written in C. Versions 2.12 and prior contain a stack buff
Source: libde265
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for libde265.
CVE-2022-1253[0]:
| Heap-based Buffer Overflow in GitHub repository strukturag/libde265
| prior to and including 1.0.8. The fix is established in
Source: apache-jena
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for apache-jena.
Unfortunately the Apache security process is quite poor and limited
information gets made available, so it might be needed to reach out
to u
Source: ring
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for ring.
CVE-2021-32686[0]:
| PJSIP is a free and open source multimedia communication library
| written in C language implementing standard based protocols such a
severity 1027788 important
thanks
Am Tue, Jan 03, 2023 at 12:03:41PM +0100 schrieb Marcus Frings:
> Package: leafnode
> Version: 1.12.0-1
> Severity: grave
>
> Dear Moritz,
>
> after upgrading openbsd-inetd to 0.20221205-1 I can't connect to my
> local leafnode instance anymore and Gnus refuses
Source: pgpool2
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for pgpool2.
CVE-2023-22332[0]:
| Information disclosure vulnerability exists in Pgpool-II 4.4.0 to
| 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.
Source: rails
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for rails.
CVE-2023-22796[0]:
https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116
https://g
severity 1008271 normal
reassign 1008271 ftp.debian.org
retitle 1008271 RM: arriero -- RoQA; depends on Python 2, unmaintained
thanks
Am Fri, Mar 25, 2022 at 08:57:10PM +0100 schrieb Moritz Muehlenhoff:
> Source: arriero
> Version: 0.6-1
> Severity: serious
>
> Your package came up as a candidate
severity 1008274 normal
reassign 1008274 ftp.debian.org
retitle 1008274 RM: -- RoM; depends on Python 2, unmaintained
thanks
Am Fri, Mar 25, 2022 at 08:59:21PM +0100 schrieb Moritz Muehlenhoff:
> Source: sandsifter
> Version: 1.04-1
> Severity: serious
>
> Your package came up as a candidate for
severity 1008272 normal
reassign 1008272 ftp.debian.org
retitle 1008272 RM: -- RoM; depends on Python 2, unmaintained
thanks
Am Fri, Mar 25, 2022 at 08:57:50PM +0100 schrieb Moritz Muehlenhoff:
> Source: postnews
> Version: 0.7-1
> Severity: serious
>
> Your package came up as a candidate for re
severity 1008285 normal
reassign 1008285 ftp.debian.org
retitle 1008285 RM: -- RoM; Depends on Python 2
thanks
Am Fri, Mar 25, 2022 at 11:30:26PM +0100 schrieb Moritz Muehlenhoff:
> Source: zorp
> Version: 7.0.1~alpha2-3
> Severity: serious
>
> Your package came up as a candidate for removal fro
Am Fri, Oct 29, 2021 at 01:36:27PM + schrieb Tim Theisen:
> I plan to upload a new version this weekend.
Did you make progress with updating condor?
Cheers,
Moritz
severity 1008500 normal
reassign 1008500 ftp.debian.org
retitle 1008500 RM: undertaker -- RoQA; Depends on Python 2, unmaintained
thanks
Reassigning for removal
severity 1008499 normal
reassign 1008499 ftp.debian.org
retitle 1008499 RM: neard -- RoQA; depends on Python 2, unmaintained
thanks
Reassigning for removal
severity 1008700 normal
reassign 1008700 ftp.debian.org
retitle 1008700 RM: geda-gaf -- RoM; Depends on Python 2, replacement exists
thanks
Reassigning for removal.
severity 1008703 normal
reassign 1008703 ftp.debian.org
retitle 1008703 RM: sortsmill-tools -- RoM; Depends on Python 2, unmaintained
thanks
Reassigning for removal
severity 1008704 normal
reassign 1008704 ftp.debian.org
retitle 1008704 RM: astk -- RoM; depends on Python 2, unmaintained
thanks
Reassigning for removal.
severity 1008792 normal
reassign 1008792 ftp.debian.org
retitle 1008792 RM: vmtk -- RoM; Depends on Python 2, unmaintained
thanks
Reassigning for removal
severity 1009276 normal
reassign 1009276 ftp.debian.org
retitle 1009276 RM: fsl -- RoM; Depends on Python 2, FTBFS, unmaintained
thanks
Reassigning for removal.
severity 1009280 normal
reassign 1009280 ftp.debian.org
retitle 1009280 RM: python-passfd -- RoQA; Depends on Python 2, no reverse deps
thanks
Reassigning for removal.
Cheers,
Moritz
severity 1009282 normal
reassign 1009282 ftp.debian.org
retitle 1009282 RM: live-wrapper -- RoQA; Depends on Python 2, depends on
removed package
thanks
Reassigning for removal.
Cheers,
Moritz
severity 1015975 normal
reassign 1015975 ftp.debian.org
retitle 1015975 RM: -- RoM; depends on Python 2, unmaintained, dead
upstream
thanks
Am Sun, Jul 24, 2022 at 08:03:54PM +0200 schrieb Moritz Muehlenhoff:
> Source: python-neuroshare
> Version: 0.9.2-1
> Severity: serious
>
> Your package ca
severity 1015973 normal
reassign 1015973 ftp.debian.org
retitle 1015973 RM: xdeb -- RoM; depends on Python 2, unmaintained
thanks
Am Sun, Jul 24, 2022 at 07:59:33PM +0200 schrieb Moritz Muehlenhoff:
> Source: xdeb
> Version: 0.6.7
> Severity: serious
>
> Your package came up as a candidate for re
severity 1015977 normal
reassign 1015977 ftp.debian.org
retitle 1015977 RM: vland -- RoM; depends on Python 2
thanks
Am Sun, Jul 24, 2022 at 08:12:27PM +0200 schrieb Moritz Muehlenhoff:
> Source: vland
> Version: 0.8-1
> Severity: serious
>
> Your package came up as a candidate for removal from D
severity 1015979 normal
reassign 1015979 ftp.debian.org
retitle 1015979 RM: python-unshare -- RoM; depends on Python 2
thanks
Am Sun, Jul 24, 2022 at 08:15:51PM +0200 schrieb Moritz Muehlenhoff:
> Source: python-unshare
> Version: 0.2-1
> Severity: serious
>
> Your package came up as a candidate
severity 1015980 normal
reassign 1015980 ftp.debian.org
retitle 1015980 RM: pd-aubio -- RoM; Depends on Python 2, unmaintained
thanks
Am Sun, Jul 24, 2022 at 08:17:27PM +0200 schrieb Moritz Muehlenhoff:
> Source: pd-aubio
> Version: 0.4-1
> Severity: serious
>
> Your package came up as a candidat
severity 1015981 normal
reassign 1015981 ftp.debian.org
retitle 1015981 RM: grokmirror -- RoM; Depends on Python 2, unmaintained
thanks
Am Sun, Jul 24, 2022 at 08:20:21PM +0200 schrieb Moritz Muehlenhoff:
> Source: grokmirror
> Version: 1.0.0-1.1
> Severity: serious
>
> Your package came up as a
severity 1016667 normal
reassign 1016667 ftp.debian.org
retitle 1016667 RM: caldav-tester -- RoM; depends on Python 2
thanks
> Your package came up as a candidate for removal from Debian:
> The plan is to remove Python 2 in Bookworm and there's no
> porting activity towards Python 3.
>
> If you d
severity 1016986 normal
reassign 1016986 ftp.debian.org
retitle 1016986 RM: pd-py -- RoM; depends on Python 2
thanks
> Your package came up as a candidate for removal from Debian:
> - Still depends on Python 2, which is finally being removed in Bookworm
> - Last upload in 2018
>
> If you disagree
severity 995838 normal
reassign 995838 ftp.debian.org
retitle 995838 RM: condor -- RoM; unmaintained, many RC bugs, toolchain issues
(GCC9/Python2)
thanks
Am Mon, Apr 25, 2022 at 11:05:51PM +0200 schrieb Moritz Mühlenhoff:
> Am Fri, Oct 29, 2021 at 01:36:27PM + schrieb Tim Theisen:
&g
Source: netatalk
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for netatalk.
CVE-2022-43634[0]:
| This vulnerability allows remote attackers to execute arbitrary code
| on affected installations of Netatalk. Authentication is
Source: bzip2
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for bzip2.
CVE-2023-29415[0]:
| An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A denial
| of service (process hang) can occur with a crafted archive
Source: owslib
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for owslib.
CVE-2023-27476[0]:
| OWSLib is a Python package for client programming with Open Geospatial
| Consortium (OGC) web service interface standards, and their
Source: mysql-8.0
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for mysql-8.0.
CVE-2023-21982[0]:
| Vulnerability in the MySQL Server product of Oracle MySQL (component:
| Server: Optimizer). Supported versions that are aff
Source: dogecoin
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for dogecoin.
CVE-2021-37491[0]:
| An issue discovered in src/wallet/wallet.cpp in Dogecoin Project
| Dogecoin Core 1.14.3 and earlier allows attackers to view
Source: consul
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for consul.
CVE-2021-41803[0]:
| HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not
| properly validate the node or segment names prior to interpolation
Source: slic3r
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for slic3r.
CVE-2022-36788[0]:
| A heap-based buffer overflow vulnerability exists in the TriangleMesh
| clone functionality of Slic3r libslic3r 1.3.0 and Master Com
Source: frr
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for frr.
CVE-2022-43681[0]:
| An out-of-bounds read exists in the BGP daemon of FRRouting FRR
| through 8.4. When sending a malformed BGP OPEN message that ends with
Source: openjdk-17
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for openjdk-17.
CVE-2023-21930[0]:
| Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition
| product of Oracle Java SE (component: JSSE). Sup
1 - 100 of 1031 matches
Mail list logo
