On Wed, Jul 25, 2018 at 04:19:18AM +, Dmitry Smirnov wrote:
>* New upstream release [February 2018].
> + WebExtensions version (Closes: #881971).
lightbeam is also broken in stretch, do you plan to update it
there or should it be removed from stable?
Cheers,
Moritz
On Tue, Aug 21, 2018 at 07:53:52PM +0300, Adrian Bunk wrote:
> On Tue, Aug 21, 2018 at 07:11:59PM +0300, Adrian Bunk wrote:
> > Package: xul-ext-kwallet5
> > Version: 1.0-2
> > Severity: serious
> >
> > XUL addons are no longer supported.
>
> If it is confirmed that this package works with thunde
On Tue, Aug 21, 2018 at 08:04:57PM +0300, Adrian Bunk wrote:
> Package: xul-ext-custom-tab-width
> Version: 1.1-1
> Severity: serious
>
> XUL addons are no longer supported.
This is dead upstream and broken even in ESR, let's remove it
from the archive?
Cheers,
Moritz
On Tue, Jun 20, 2017 at 02:30:11PM +0200, Javier Barroso wrote:
> Package: xul-ext-pentadactyl
> Version: 1.2~r20170308-1
> Severity: important
>
> Maybe add a README if the package can work with firefox 54 (seems that
> multiprocess have to be disable).
> Not sure if would be good idea to add vim
On Thu, Nov 16, 2017 at 06:21:56AM +0100, Christoph Anton Mitterer wrote:
> Package: xul-ext-cookie-monster
> Version: 1.3.0.5-1
> Severity: normal
>
>
>
> Hi.
>
> Seems this addon is dead upstream (at least:
> https://addons.mozilla.org/en-US/firefox/addon/cookie-monster/
> says "This add-on h
On Sat, Sep 08, 2018 at 03:12:40PM +0800, Paul Wise wrote:
> On Tue, 21 Aug 2018 21:11:16 +0300 Adrian Bunk wrote:
>
> > Package: xul-ext-dom-inspector
> >
> > XUL addons are no longer supported.
>
> The native Firefox developer tools are almost a replacement,
> so I think this package can just
On Mon, Sep 17, 2018 at 01:13:18PM +0400, Jerome BENOIT wrote:
> Please consider to the new upstream version 10
> given that the current version of noscript provided in Stretch
> does not work with firefox-esr 60.2 recently brought in Stretch.
What's the plan for noscript in stretch? Is a backpor
On Tue, Aug 21, 2018 at 06:56:13PM +0300, Adrian Bunk wrote:
> Package: xul-ext-spdy-indicator
> Version: 2.2-1
> Severity: serious
>
> XUL addons are no longer supported.
Dmitry,
shall we remove it from the archive? SPDY itself is deprecated as well.
Cheers,
Moritz
retitle 854727 zziplib: Update Homepage field
severity 854727 normal
thanks
On Sat, May 26, 2018 at 08:49:00AM +, Niels Thykier wrote:
> On Thu, 1 Jun 2017 19:37:10 +0300 Adrian Bunk wrote:
> > clone 854727 -1
> > retitile -1 zziplib: unsuitable for future stable releases?
> > tags -1 - secur
On Tue, Aug 21, 2018 at 08:57:15PM +0300, Adrian Bunk wrote:
> Package: xul-ext-firegestures
> Version: 1.10.9-1
> Severity: serious
>
> XUL addons are no longer supported.
Seems dead upstream, let's remove?
Cheers,
Moritz
On Tue, Aug 21, 2018 at 09:00:13PM +0300, Adrian Bunk wrote:
> Package: xul-ext-firexpath
> Version: 0.9.7.1-3
> Severity: serious
>
> XUL addons are no longer supported.
Seems dead upstream, let's remove?
Cheers,
Moritz
On Tue, Aug 28, 2018 at 10:08:51AM +0300, Timo Jyrinki wrote:
> Unfortunately upstream has removed the API that makes it possible to add
> external spellcheckers, and the upstream selected library for
> spellchecking is unable to properly support a language with a structure
> of Finnish.
>
> Curre
On Tue, Aug 21, 2018 at 09:51:34PM +0300, Adrian Bunk wrote:
> Package: xul-ext-scrapbook
> Version: 1.5.13-3
> Severity: serious
>
> XUL addons are no longer supported.
Seems dead upstream, no release in over two years, let's remove?
Cheers,
Moritz
On Tue, Aug 21, 2018 at 08:54:05PM +0300, Adrian Bunk wrote:
> Package: xul-ext-adblock-plus-element-hiding-helper
> Version: 1.3.8-1
> Severity: serious
>
> XUL addons are no longer supported.
>
> If it is confirmed that this package works with thunderbird 60,
> it might be an option to change t
On Wed, Sep 05, 2018 at 05:43:52AM +, Mike Gabriel wrote:
> Hi Moritz,
>
> On Di 04 Sep 2018 23:25:51 CEST, Moritz Mühlenhoff wrote:
>
> > On Thu, May 31, 2018 at 09:17:18AM +0200, Dominik George wrote:
> > > Control: reassign -1 guacamole-server
>
n Thu, Oct 12, 2017 at 11:44:47PM +0200, Sebastian Andrzej Siewior wrote:
>
> this is a remainder about the openssl transition [0]. We really want to
> remove libssl1.0-dev from unstable for Buster. I will raise the severity
> of this bug to serious in a month. Please react before that happens.
E
On Fri, Oct 13, 2017 at 12:52:55AM -0400, Afif Elghraoui wrote:
>
>
> على الخميس 12 تشرين الأول 2017 17:44، كتب Sebastian Andrzej Siewior:
> > Hi,
> >
> > this is a remainder about the openssl transition [0]. We really want to
> > remove libssl1.0-dev from unstable for Buster. I will raise the
On Sat, Oct 13, 2018 at 12:32:16AM +0200, Emmanuel Bourg wrote:
> Le 12/10/2018 à 22:33, Moritz Mühlenhoff a écrit :
>
> > src:tcnetty has been fixed wrt OpenSSL 1.1 and netty-tcnative-1.1 has no
> > reverse dependencies in the archive. Shall we remove it from the archive?
&
On Fri, Oct 13, 2017 at 08:49:21AM +0100, Colin Tuckley wrote:
> > this is a remainder about the openssl transition [0]. We really want to
> > remove libssl1.0-dev from unstable for Buster. I will raise the severity
> > of this bug to serious in a month. Please react before that happens.
>
> I've
On Thu, May 31, 2018 at 09:17:18AM +0200, Dominik George wrote:
> Control: reassign -1 guacamole-server
> Control: merge 888321 -1
>
> Hi,
>
> > This bug is for tracking the efforts of porting guacamole-client to
> > FreeRDP v2.
>
> guacamole-client has nothing to do with freerdp. ITYM guacamol
On Sat, Sep 08, 2018 at 07:10:59AM +0200, Paul Gevers wrote:
> Dear security team,
>
> On 09/07/18 23:23, Moritz Muehlenhoff wrote:
> > Package: ghostscript
> > CVE ID : CVE-2018-15908 CVE-2018-15910 CVE-2018-15911
> > CVE-2018-16511 CVE-2018-16513 CVE-2018-16539
>
On Fri, Oct 13, 2017 at 10:53:28AM -0400, Antoine Beaupre wrote:
> Package: xul-ext-itsalltext
> Version: 1.9.2-2
> Severity: normal
> Tags: upstream
>
> Once Firefox 57 hits the archive, this extension will completely stop
> working, as it relies on the older XUL API. It also cannot be ported
> t
On Tue, Aug 21, 2018 at 09:52:20PM +0300, Adrian Bunk wrote:
> Package: xul-ext-sage
> Version: 1.5.4-2
> Severity: serious
>
> XUL addons are no longer supported.
Per https://github.com/petea/sage/issues/154 I doubt this will get
ported, removal seems like the sanest option (also for stretch).
On Mon, Sep 10, 2018 at 02:54:54AM +0200, b...@debian.16bits.net wrote:
> /proc/cpuinfo shows it supports sse, but not sse2. And movsd is a sse2
> instruction [1]
This is an intentional upstream change which also affects the binaries
provided by Mozilla:
https://support.mozilla.org/en-US/kb/your-
On Mon, Jul 23, 2018 at 06:18:28PM +0800, David Prévot wrote:
> Hi Christoph,
>
> On Sat, May 14, 2016 at 01:46:51AM +0200, Christoph Anton Mitterer wrote:
>
> > I think this is any extremely helpful add-on, and just because there is
> > (currently) no active upstream, doesn't mean it must necess
On Fri, Oct 12, 2018 at 08:07:48PM -0400, Afif Elghraoui wrote:
>
>
> على ٣/٢/١٤٤٠ هـ ٤:٣٣ م، كتب Moritz Mühlenhoff:
> > On Fri, Oct 13, 2017 at 12:52:55AM -0400, Afif Elghraoui wrote:
> > >
> > >
> >
> > What's the status? ori hasn
On Sun, Sep 10, 2017 at 01:43:08PM +0200, Vincent Danjean wrote:
> severity 874882 grave
> tag 874882 +help
> thanks
>
> Hi,
>
> Unless someone step up to maintain (debian and upstream) this
> program, I will ask for its removal. Upstream is long dead. I
> kept this program in Debian while th
On Fri, Oct 26, 2018 at 03:24:27PM +0800, Andrew Lee (李健秋) wrote:
> * CVE-2018-12466 probably not affected:
> - This pointed to the same commit in upstream github. And the url
> provided on the CVE listed vulnerable products that doesn't
> contains OBS 2.7.x:
> https://www.securityfoc
On Mon, Oct 08, 2018 at 10:44:15PM +0200, Moritz Mühlenhoff wrote:
> On Tue, Aug 28, 2018 at 10:08:51AM +0300, Timo Jyrinki wrote:
> > Unfortunately upstream has removed the API that makes it possible to add
> > external spellcheckers, and the upstream selected library for
>
On Tue, Aug 21, 2018 at 09:37:01PM +0300, Adrian Bunk wrote:
> Package: xul-ext-flashblock
> Version: 1.5.20-2
> Severity: serious
>
> XUL addons are no longer supported.
Seems dead upstream, let's remove?
Cheers,
Moritz
On Tue, Sep 25, 2018 at 10:00:59PM +0200, Moritz Mühlenhoff wrote:
> On Sat, Sep 08, 2018 at 03:40:36PM +0800, Paul Wise wrote:
> > On Tue, 21 Aug 2018 21:18:04 +0300 Adrian Bunk wrote:
> >
> > > Package: xul-ext-perspectives
> > >
> > > XUL addons are
On Tue, Sep 25, 2018 at 10:12:23PM +0200, Moritz Mühlenhoff wrote:
> On Tue, Aug 21, 2018 at 08:54:58PM +0300, Adrian Bunk wrote:
> > Package: xul-ext-all-in-one-sidebar
> > Version: 0.7.28-2
> > Severity: serious
> >
> > XUL addons are no longer supported.
>
On Tue, Sep 25, 2018 at 11:12:45PM +0200, Moritz Mühlenhoff wrote:
> On Sat, Sep 08, 2018 at 03:31:38PM +0800, Paul Wise wrote:
> > On Tue, 21 Aug 2018 21:10:27 +0300 Adrian Bunk wrote:
> >
> > > Package: xul-ext-livehttpheaders
> > >
> > > XUL addons ar
On Fri, Oct 26, 2018 at 09:25:59PM +0200, Lorenz wrote:
> On Fri, 28 Sep 2018 21:18:54 +0200 Moritz Mühlenhoff wrote:
> > On Wed, Sep 26, 2018 at 02:27:00AM +, Ximin Luo wrote:
> > > Pretty sure it doesn't work with TB60, I just upgraded myself and am no
> >
On Thu, Oct 04, 2018 at 01:55:46AM +1000, Dmitry Smirnov wrote:
> On Thursday, 4 October 2018 1:19:56 AM AEST Moritz Mühlenhoff wrote:
> > On Wed, Jul 25, 2018 at 04:19:18AM +, Dmitry Smirnov wrote:
> > >* New upstream release [February 2018].
> > >
> &g
On Sun, Nov 04, 2018 at 10:35:42PM +0100, Markus Koschany wrote:
> Package: mysql-connector-java
> X-Debbugs-CC: t...@security.debian.org
> Severity: grave
> Tags: security
>
> Hi,
>
> The following vulnerability was published for mysql-connector-java.
>
> CVE-2018-3258[0]:
> | Vulnerability in
On Tue, Oct 30, 2018 at 12:35:05AM -0400, Chris Lamb wrote:
> Hi Ivo,
>
> > From the upstream changelog for 2.7.1+dfsg-1 (already in unstable):
> [..]
> > - user module - do not pass ssh_key_passphrase on cmdline
> > (CVE-2018-16837)
>
> Thanks for providing this and no problem that this wasn't
On Thu, Nov 08, 2018 at 11:51:49AM +0100, Lee Garrett wrote:
> Hi,
>
> sorry for the late response. CVE-2018-16837 should be fairly straight-forward
> to fix in stretch and jessie.
>
> For CVE-2018-10875 I have a patch in my work dir that should fix it. I'll push
> it to the git stretch branch to
On Mon, Nov 05, 2018 at 02:13:39PM +0100, Moritz Mühlenhoff wrote:
> On Sun, Nov 04, 2018 at 10:35:42PM +0100, Markus Koschany wrote:
> > Package: mysql-connector-java
> > X-Debbugs-CC: t...@security.debian.org
> > Severity: grave
> > Tags: security
> >
On Tue, Aug 21, 2018 at 09:17:28PM +0300, Adrian Bunk wrote:
> Package: xul-ext-personasplus
> Version: 1.7.8-1
> Severity: serious
>
> XUL addons are no longer supported.
>
> If it is confirmed that this package works with thunderbird 60,
> it might be an option to change the dependency to only
On Sun, Nov 11, 2018 at 12:15:52AM +0100, Lee Garrett wrote:
> Quick follow-up: I don't have a patch for CVE-2018-10875. However, the patch
> in question I have is for CVE-2018-10855, which is already checked in on the
> stretch branch of the packaging repo.
>
> For some reason the security tracke
On Sun, Oct 28, 2018 at 01:53:46AM +0300, Adrian Bunk wrote:
> Control: tags 890980 + pending
> Control: tags 906855 + patch
> Control: tags 906855 + pending
>
> Dear maintainer,
>
> I've prepared an NMU for gnome-chemistry-utils (versioned as 0.14.17-1.1) and
> uploaded it to DELAYED/15. Please
On Mon, Nov 19, 2018 at 07:22:11AM -0500, Jeremy Bicha wrote:
> > Given that Xul is still supported in Thunderbird, let maybe drop the
> > support for
> > Firefox/Iceweasel (with a NOTE telling people how to migrate their existing
> > secrets) and upgrade to 0.13?
>
> While upgrading to 0.13 woul
On Sat, Oct 13, 2018 at 08:57:27AM +0200, Moritz Mühlenhoff wrote:
> On Sat, Oct 13, 2018 at 12:32:16AM +0200, Emmanuel Bourg wrote:
> > Le 12/10/2018 à 22:33, Moritz Mühlenhoff a écrit :
> >
> > > src:tcnetty has been fixed wrt OpenSSL 1.1 and netty-tcnative-1.1 has no
&g
On Sat, Nov 10, 2018 at 04:34:48PM +0100, Chris Hofstaedtler wrote:
> Hi everyone,
>
> thanks for reporting bugs against pdns in stretch.
> I intend to upload a new version to stretch to fix those bugs, but I
> cannot test all involved components personally. Please give this
> version a shot:
@Ch
On Mon, Dec 03, 2018 at 11:43:24AM +0100, Didier 'OdyX' Raboud wrote:
> > Please revert that one. We don't want more dependencies on
> > libssl1.0-dev. We want it actually out of testing and are down to one
> > package.
>
> Which one?
kde4libs, see #913959.
Cheers,
Moritz
On Mon, Oct 08, 2018 at 10:42:07PM +0200, Moritz Mühlenhoff wrote:
> On Tue, Aug 21, 2018 at 09:00:13PM +0300, Adrian Bunk wrote:
> > Package: xul-ext-firexpath
> > Version: 0.9.7.1-3
> > Severity: serious
> >
> > XUL addons are no longer supported.
>
>
On Sun, Sep 09, 2018 at 11:22:01PM +0200, Moritz Mühlenhoff wrote:
> On Tue, Aug 21, 2018 at 09:52:20PM +0300, Adrian Bunk wrote:
> > Package: xul-ext-sage
> > Version: 1.5.4-2
> > Severity: serious
> >
> > XUL addons are no longer supported.
>
> Per htt
On Sun, Sep 09, 2018 at 10:41:19PM +0200, Moritz Mühlenhoff wrote:
> On Fri, Oct 13, 2017 at 10:53:28AM -0400, Antoine Beaupre wrote:
> > Package: xul-ext-itsalltext
> > Version: 1.9.2-2
> > Severity: normal
> > Tags: upstream
> >
> > Once Firefox 5
On Tue, Aug 21, 2018 at 09:23:57PM +0300, Adrian Bunk wrote:
> Package: xul-ext-status4evar
> Version: 2016.10.11.01-1
> Severity: serious
>
> XUL addons are no longer supported.
Seems dead upstream, let's remove?
Cheers,
Moritz
On Tue, Aug 14, 2018 at 06:22:30PM +0200, Christoph Anton Mitterer wrote:
> Control: severity -1 grave
>
> Since FF ESR 52 has now left Debian unstable, the XUL version of this
> is no longer usable in Debian.
>
> Please upgrade to the WebExtensions version.
Does anyone intend/plan to switch the
On Tue, May 22, 2018 at 03:57:10PM +0200, Sascha Girrulat wrote:
> Source: autofill-forms
> Version: 1.1.3-1
> Severity: normal
>
> Dear Maintainer,
>
> the current version is not compatible with webextensions api but there
> is a never version[1] called autofillforms-e10s. We should replace the
On Thu, Sep 06, 2018 at 10:28:23PM +0800, Paul Wise wrote:
> Control: tags -1 fixed-upstream
>
> On Tue, 21 Aug 2018 21:27:13 +0300 Adrian Bunk wrote:
>
> > Package: xul-ext-uppity
> > XUL addons are no longer supported.
>
> Upstream has rewritten it as a WebExtension:
>
> https://github.com/ar
On Tue, Aug 21, 2018 at 09:21:22PM +0300, Adrian Bunk wrote:
> Package: xul-ext-reloadevery
> Version: 45.0.0-2
> Severity: serious
>
> XUL addons are no longer supported.
Seems dead upstream, let's remove?
Cheers,
Moritz
On Tue, Aug 21, 2018 at 07:07:51PM +0300, Adrian Bunk wrote:
> Package: xul-ext-colorfultabs
> Version: 31.1.0+dfsg-1
> Severity: serious
>
> XUL addons are no longer supported.
There's a web extension available (v32.7).
Does anyone intend/plan to switch the package to the web extention?
Otherwi
On Thu, Jun 15, 2017 at 01:02:47PM +0200, Ingo Saitz wrote:
> Package: xul-ext-greasemonkey
> Version: 3.8-1
> Severity: important
>
> Dear Maintainer,
>
> After updating firefox to version 54.0, the list of userscripts in
> about:addons is empty, and the installed scripts aren't applied to the
>
On Fri, Oct 05, 2018 at 04:03:09PM +0200, Michal Politowski wrote:
> Package: xul-ext-pwdhash
> Version: 1.7.4-1
> Followup-For: Bug #827310
>
> There appears to exist a webextension version 2.0 of PwdHash,
> which should work with current Firefox.
>
> https://addons.mozilla.org/en-GB/firefox/add
On Fri, Nov 17, 2017 at 01:50:10AM +0100, Christoph Anton Mitterer wrote:
> Package: xul-ext-webdeveloper
> Version: 1.2.13-1
> Severity: wishlist
>
>
> Hi.
>
> There is a new upstream version (2.0.1) which is a complete
> rewrite with webextensions support, making the addon work again
> in FF57
On Mon, Oct 08, 2018 at 11:07:43PM +0200, Moritz Mühlenhoff wrote:
> On Tue, Aug 21, 2018 at 09:51:34PM +0300, Adrian Bunk wrote:
> > Package: xul-ext-scrapbook
> > Version: 1.5.13-3
> > Severity: serious
> >
> > XUL addons are no longer supported.
>
>
On Wed, Oct 03, 2018 at 05:20:07PM +0200, Moritz Mühlenhoff wrote:
> On Tue, Jun 20, 2017 at 02:30:11PM +0200, Javier Barroso wrote:
> > Package: xul-ext-pentadactyl
> > Version: 1.2~r20170308-1
> > Severity: important
> >
> > Maybe add a README if the package can
On Mon, Oct 08, 2018 at 10:39:40PM +0200, Moritz Mühlenhoff wrote:
> On Tue, Aug 21, 2018 at 08:57:15PM +0300, Adrian Bunk wrote:
> > Package: xul-ext-firegestures
> > Version: 1.10.9-1
> > Severity: serious
> >
> > XUL addons are no longer supported.
>
>
On Tue, Aug 14, 2018 at 06:12:43PM +0200, Christoph Anton Mitterer wrote:
> Control: severity -1 grave
>
> Since FF ESR 52 has now left Debian unstable, the XUL version of this
> is no longer usable in Debian.
> Please upgrade to the WebExtensions version ASAP.
Does anyone intend/plan to switch t
On Thu, Nov 08, 2018 at 12:01:40AM +0800, Paul Wise wrote:
> On Wed, 2018-11-07 at 16:54 +0100, Julien Aubin wrote:
>
> > I used the update extensions from firefox and it gave me this one
> > with the same icon as the previous one.
> >
> > Url is :
> > https://addons.mozilla.org/en-US/firefox/add
Sebastian Andrzej Siewior wrote:
> Hi,
>
> this is a remainder about the openssl transition [0]. We really want to
> remove libssl1.0-dev from unstable for Buster. I will raise the severity
> of this bug to serious in a month. Please react before that happens.
Ulises,
this seems to be fixed in th
On Tue, Jan 16, 2018 at 09:05:15PM +0100, Stephen Kitt wrote:
>
> I’ve been meaning to look into all this further, but help is welcome.
This is unfixed for quite a while and the upstream homepage now
mentions "This is now - and has been for a long while - abandonware".
Shall we remove osslsignco
severity nn normal
reassign nn ftp.debian.org
retitle nn RM: aolserver4 -- RoQA; unmaintained upstream, alternatives
exist, low popcon
thanks
> > So my question: Can we remove aolserver4 from the archive?
>
> debian/copyright points to http://aolserver.sf.net/ where the latest news
>
On Wed, Mar 14, 2018 at 12:39:22PM -0300, Henrique de Moraes Holschuh wrote:
> On Wed, 14 Mar 2018, Moritz Muehlenhoff wrote:
> > On Sun, Jan 21, 2018 at 07:47:35AM -0200, Henrique de Moraes Holschuh wrote:
> > > severity 887856 grave
> > > block 887856 by 886998
> > > thanks
> > >
> > > On Sat, 2
On Mon, Oct 02, 2017 at 05:09:29PM +0200, Emmanuel Bourg wrote:
> Le 2/10/2017 à 15:08, Moritz Muehlenhoff a écrit :
>
> > Java maintainers, shall we follow the procedures for openjdk and
> > rebase to a new upstream release in stretch?
>
> Yes please, that's the only sustainable solution for ope
On Thu, Apr 12, 2018 at 05:14:18PM -0500, Dirk Eddelbuettel wrote:
>
> Further update. I took some files from the new (in-progress, unfinished it
> seems) upstream of libxls at https://github.com/evanmiller/libxls/, and got
> some advice from the libxls maintainer.
>
> He also put new issue ticke
On Mon, Apr 23, 2018 at 12:41:31PM +0100, Chris Lamb wrote:
> Hi Moritz,
>
> > > > gunicorn: CVE-2018-1000164
> > >
> > > I've prepared an upload for jessie. Permission to upload? :)
> >
> > Thanks, please upload.
>
> gunicorn_19.0-1+deb8u1_amd64.changes uploaded.
Released yesterday, thanks.
On Fri, Jul 21, 2017 at 09:51:45AM -0400, Antoine Beaupré wrote:
> On 2017-07-20 18:15:00, Philipp Kern wrote:
> > On 07/17/2017 09:41 PM, Antoine Beaupré wrote:
> >> Let's not jump the gun here. We're not shipping NSS in ca-certificates,
> >> just a tiny part of it: one text file, more or less.
>
On Wed, Jul 26, 2017 at 10:20:27PM +0100, Luca Boccassi wrote:
> Control: tags -1 pending
>
> On Wed, 2017-07-26 at 13:48 +0200, Julien Aubin wrote:
> > Package: nvidia-driver
> > Version: 375.66-2
> > Severity: critical
> >
> > Hi,
> >
> > NVidia driver is currently targetted by several critica
On Thu, Jul 27, 2017 at 09:59:46AM -0400, Daniel Kahn Gillmor wrote:
> Control: affects 869774 + thunderbird
> Control: retitle 869774 thunderbird 52 needs enigmail 1.9.8.1 or later
> Control: forwarded 869774 https://sourceforge.net/p/enigmail/bugs/687/
>
> Hi there--
>
> On Thu 2017-07-27 12:42
On Thu, Oct 12, 2017 at 11:44:34PM +0200, Sebastian Andrzej Siewior wrote:
> Hi,
>
> this is a remainder about the openssl transition [0]. We really want to
> remove libssl1.0-dev from unstable for Buster. I will raise the severity
> of this bug to serious in a month. Please react before that happ
On Fri, Sep 29, 2017 at 06:56:32PM +0200, Salvatore Bonaccorso wrote:
> Hi Antoine,
>
> On Thu, Sep 28, 2017 at 01:53:06PM -0400, Antoine Beaupré wrote:
> > Hi again,
> >
> > I reached out to joeyh to see how we could backport git-annex security
> > patches to wheezy. He responded by sharing the
Source: trafficserver
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for trafficserver.
CVE-2023-41752[0]:
| Exposure of Sensitive Information to an Unauthorized Actor
| vulnerability in Apache Traffic Server.This issue affe
Source: fastdds
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for fastdds.
CVE-2023-42459[0]:
| Fast DDS is a C++ implementation of the DDS (Data Distribution
| Service) standard of the OMG (Object Management Group). In affect
Source: open-vm-tools
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for open-vm-tools.
CVE-2023-34059[0]:
| open-vm-tools contains a file descriptor hijack vulnerability in the
| vmware-user-suid-wrapper. A malicious actor
Source: node-browserify-sign
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for node-browserify-sign.
CVE-2023-46234[0]:
| browserify-sign is a package to duplicate the functionality of
| node's crypto public key functions, muc
Source: zabbix
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for zabbix.
CVE-2023-29449[0]:
| JavaScript preprocessing, webhooks and global scripts can cause
| uncontrolled CPU, memory, and disk I/O utilization.
| Preproces
Source: salt
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for salt.
CVE-2023-34049[0]:
https://saltproject.io/security-announcements/2023-10-27-advisory/index.html
If you fix the vulnerability please also make sure to includ
Source: frr
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for frr.
CVE-2023-38407[0]:
| bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read
| beyond the end of the stream during labeled unicast parsing.
https:/
Source: snort
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for snort.
CVE-2023-20246[0]:
| Multiple Cisco products are affected by a vulnerability in Snort
| access control policies that could allow an unauthenticated, rem
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2023-47384[0]:
| MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to
| contain a memory leak in the function gf_isom_add_chapter at
| /iso
Source: smarty4
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for smarty4.
CVE-2024-35226[0]:
| Smarty is a template engine for PHP, facilitating the separation of
| presentation (HTML/CSS) from application logic. In affected
Source: smarty3
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for smarty3.
CVE-2024-35226[0]:
| Smarty is a template engine for PHP, facilitating the separation of
| presentation (HTML/CSS) from application logic. In affected
Source: squid
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for squid.
CVE-2024-37894[0]:
| Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP,
| and more. Due to an Out-of-bounds Write error when assigning ESI
|
Am Tue, Jun 20, 2023 at 06:06:26PM + schrieb Debian FTP Masters:
> Source: gpac
> Source-Version: 2.2.1+dfsg1-1
> Done: Reinhard Tartler
> Changes:
> gpac (2.2.1+dfsg1-1) experimental; urgency=medium
> .
>* New upstream version,
> closes: #1033116, #1034732, #1034187, #1036701, #103
Source: sox
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for sox.
CVE-2023-34432[0]:
| A heap buffer overflow vulnerability was found in sox, in the
| lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can
| lead to
Source: cjose
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for cjose.
CVE-2023-37464[0]:
| OpenIDC/cjose is a C library implementing the Javascript Object
| Signing and Encryption (JOSE). The AES GCM decryption routine
| inco
Source: bitcoin
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for bitcoin.
CVE-2023-37192[0]:
| Memory management and protection issues in Bitcoin Core v22 allows
| attackers to modify the stored sending address within the app
Source: restrictedpython
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for restrictedpython.
CVE-2023-37271[0]:
| RestrictedPython is a tool that helps to define a subset of the
| Python language which allows users to provide
Source: ruby-sanitize
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for ruby-sanitize.
CVE-2023-36823[0]:
| Sanitize is an allowlist-based HTML and CSS sanitizer. Using
| carefully crafted input, an attacker may be able to sne
Source: adminer
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for adminer.
CVE-2023-45196[0]:
| Adminer and AdminerEvo allow an unauthenticated remote attacker to
| cause a denial of service by connecting to an attacker-con
Hi Adrian,
> attached are proposed debdiffs for updating gtkwave to 3.3.118 in
> {bookworm,bullseye,buster}-security for review for a DSA
> (and as preview for buster).
Thanks!
> General notes:
>
> I checked a handful CVEs, and they were also present in buster.
> If anyone insists that I check
Source: anki
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for anki.
CVE-2024-26020[0]:
| An arbitrary script execution vulnerability exists in the MPV
| functionality of Ankitects Anki 24.04. A specially crafted flashcard
Source: clickhouse
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for clickhouse.
CVE-2024-6873[0]:
| It is possible to crash or redirect the execution flow of the
| ClickHouse server process from an unauthenticated vector by s
Source: neatvnc
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for neatvnc.
CVE-2024-42458[0]:
| server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly
| validate the security type.
https://www.openwall.com/lists/os
Source: nodejs
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for nodejs.
CVE-2024-27983[0]:
https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/
CVE-2024-27982[1]:
https://nodejs.org/en/blog/vulnerability
Source: apache2
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for apache2.
CVE-2024-27316[0]:
https://www.kb.cert.org/vuls/id/421644
https://www.openwall.com/lists/oss-security/2024/04/04/4
CVE-2024-24795[1]:
https://www.o
401 - 500 of 1031 matches
Mail list logo
