On Fri, Mar 20, 2020 at 06:47:37PM -0400, Antoine Beaupr?? wrote:
> On 2020-03-20 23:41:59, Moritz M??hlenhoff wrote:
> > On Sat, Nov 09, 2019 at 06:11:46PM -0500, Antoine Beaupr?? wrote:
> >> There was a 3 year old "python 3" branch sitting around in the repo that
> >> I revived by merging in the
On Sun, Mar 15, 2020 at 02:15:00PM -0400, Sandro Tosi wrote:
> > While these are all good arguments for removal, I still got the hardware
> > and thus enjoy having the software to use it in Debian. :)
> >
> > But I realise that it need some porting to keep working, and lack the
> > spare time requi
On Sun, Dec 15, 2019 at 10:40:56PM +0100, Moritz Mühlenhoff wrote:
> On Sun, Oct 06, 2019 at 05:09:30PM -0400, Jeremy Bicha wrote:
> > Control: severity -1 serious
> > Control: tags -1 -buster
> >
> >
> > As part of the Python2 removal, it is our intent tha
On Sun, Dec 15, 2019 at 02:01:30PM +, Jelmer Vernooij wrote:
> FWIW Upstream is working on Python 3 support here:
> https://github.com/rabbitvcs/rabbitvcs/issues/279
Hi Ritesh,
this is fixed in 0.18, could you please update the package? rabbitcvs is among
the last handful of packages blocking
On Tue, Feb 04, 2020 at 03:14:22PM -0300, eamanu wrote:
> Source: coccinelle
> Version: 1.0.4.deb-3
>
> Hi everybody,
>
> This issue was forward to upstream [1].
>
> The dependency will be remove from coccinelle soon
>
> [1] https://systeme.lip6.fr/pipermail/cocci/2020-February/006836.html
Dea
On Sun, Oct 06, 2019 at 06:00:02PM -0400, Jeremy Bicha wrote:
> Control: severity -1 serious
> Tags: fixed-upstream
>
> It looks to me like upstream has ported gasp to Python3 and GObject
> Introspection.
>
> https://launchpad.net/gasp-core
Hi Luke,
are you still interested in maintaining python
On Wed, Mar 18, 2020 at 10:38:17AM +0530, Vasudev Kamath wrote:
>
> Sorry for the delayed response here. I let the package to fall of from
> testing as upstream does not yet any support for building python3.
> Though currently there is some work going on for supporting python3 in
> upstream, I'm n
On Tue, Jan 21, 2020 at 12:02:45AM +1100, Stuart Prescott wrote:
> It seems that the upstream for src:sx has disappeared and so I guess the
> porting work to change this package to be Python 3 compatible has not been
> done.
>
> At a quick glance, the porting doesn't look that hard to do, but is
On Fri, Aug 30, 2019 at 07:11:19AM +, Matthias Klose wrote:
> Package: src:bbqsql
> Version: 1.1-4
> Severity: normal
> Tags: sid bullseye
> User: debian-pyt...@lists.debian.org
> Usertags: py2removal
>
> Python2 becomes end-of-live upstream, and Debian aims to remove
> Python2 from the distri
On Fri, Mar 27, 2020 at 11:00:03AM +0100, Marcos Fouces wrote:
> Hello Moritz
>
> I believe that bbqsql could be removed. It has a very low popcon and i
> didn't see any repo on Github taking over from Neophasis.
Thanks. I've just filed a removal bug.
Cheers,
Moritz
On Fri, Aug 30, 2019 at 07:16:06AM +, Matthias Klose wrote:
> Package: src:dvcs-autosync
> Version: 0.5+nmu1
> Severity: normal
> Tags: sid bullseye
> User: debian-pyt...@lists.debian.org
> Usertags: py2removal
>
> Python2 becomes end-of-live upstream, and Debian aims to remove
> Python2 from
On Sat, Jan 06, 2018 at 01:01:28PM -0500, Antoine Beaupré wrote:
> Control: forwarded -1 https://gitlab.com/anarcat/gameclock/issues/1
>
> Understood.
Hi Antoine,
let's remove gameclock from the archive for now? When ported it
can still be reintroduced, but currently it's among the last
handful o
On Fri, Jan 03, 2020 at 02:42:22AM -0500, Thomas Ross wrote:
> I've started to port Mirage to Python 3 + PyGObject here:
> https://gitlab.com/thomasross/mirage/tree/python3
What's the status? If this isn't complete, could we upload
that to experimental and remove mirage from unstable (which
avoids
On Sun, Oct 13, 2019 at 07:16:47PM +, Chris Knadle wrote:
> There has been some discussion about #936299 on the upstream mailing list, and
> there have been a few upstream commits starting to port the code to Python3.
>
> http://intrepid.danplanet.com/pipermail/chirp_devel/2019-August/005580.h
On Fri, Aug 30, 2019 at 07:42:40AM +, Matthias Klose wrote:
> Package: src:python-nemu
> Version: 0.3.1-1
> Severity: normal
> Tags: sid bullseye
> User: debian-pyt...@lists.debian.org
> Usertags: py2removal
>
> Python2 becomes end-of-live upstream, and Debian aims to remove
> Python2 from the
On Fri, Mar 27, 2020 at 07:25:36PM -0400, Antoine Beaupré wrote:
> On 2020-03-27 22:44:31, Moritz Mühlenhoff wrote:
> > On Sat, Jan 06, 2018 at 01:01:28PM -0500, Antoine Beaupré wrote:
> >> Control: forwarded -1 https://gitlab.com/anarcat/gameclock/issues/1
> >>
Am Sun, Dec 05, 2021 at 10:53:56AM +0100 schrieb Paul Gevers:
> Hi Andres,
>
> On 05-12-2021 03:36, Andres Salomon wrote:
> > So what's happening with chromium in both sid and stable? I saw on
> > d-release that it was removed from testing (#998676 and #998732), with a
> > discussion about ending
Source: consul
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for consul.
CVE-2021-37219[0]:
| HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows
| non-server agents with a valid certificate signed by the sa
Source: mysql-8.0
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for mysql-8.0.
All fixed in latest CPU:
CVE-2022-21569[0]:
| Vulnerability in the MySQL Server product of Oracle MySQL (component:
| Server: Optimizer). Suppo
Source: libxalan2-java
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for libxalan2-java.
CVE-2022-34169[0]:
| The Apache Xalan Java XSLT library is vulnerable to an integer
| truncation issue when processing malicious XSLT sty
Source: libtirpc
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for libtirpc.
CVE-2021-46828[0]:
| In libtirpc before 1.3.3rc1, remote attackers could exhaust the file
| descriptors of a process that uses libtirpc because idle
Source: php-dompdf
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for php-dompdf.
CVE-2022-2400[0]:
| External Control of File Name or Path in GitHub repository
| dompdf/dompdf prior to 2.0.0.
https://huntr.dev/bounties/a6da5e
Am Mon, Apr 11, 2022 at 09:21:25AM +0200 schrieb Michael Banck:
> Hi,
>
> On Mon, Apr 11, 2022 at 08:38:21AM +0300, Andrius Merkys wrote:
> > Hi,
> >
> > On 2022-04-11 01:35, Moritz Muehlenhoff wrote:
> > > Source: cinfony
> > > Version: 1.2-4
> > > Severity: serious
> > >
> > > Your package cam
Source: undertow
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for undertow.
CVE-2021-3859[0]:
https://bugzilla.redhat.com/show_bug.cgi?id=2010378
If you fix the vulnerability please also make sure to include the
CVE (Common
Source: guacamole-client
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for guacamole-client.
CVE-2021-41767[0]:
| Apache Guacamole 1.3.0 and older may incorrectly include a private
| tunnel identifier in the non-private det
Source: mistune
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for mistune.
CVE-2022-34749[0]:
| In mistune through 2.0.2, support of inline markup is implemented by
| using regular expressions that can involve a high amount of
Source: net-snmp
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for net-snmp.
5.9.3 fixes the following issues:
- These two CVEs can be exploited by a user with read-only credentials:
- CVE-2022-24805 A buffer overflow
Source: rails
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for rails.
CVE-2022-32224[0]:
https://github.com/advisories/GHSA-3hhc-qp5v-9p2j
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnera
Am Thu, Jul 28, 2022 at 09:25:44PM +1000 schrieb Craig Small:
> I said:
>
> > I had uploaded net-snmp 5.9.3 anyway but I'll add those CVEs to the
> > changelog.
> > I'm trying to find where they've made the changes to see if it is possible
> > to get at least bullseye fixed.
> >
> I've had a look
Am Sun, Jul 24, 2022 at 10:06:03PM +0200 schrieb Andreas Tille:
> Unfortunately the package does not build[1] which is probably a gcc
> issue. If someone would volunteer to fix this issue we might be able to
> keep the package. If there is no response in say two weeks we should
> probably remove
Source: dovecot
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for dovecot.
CVE-2022-30550[0]:
| An issue was discovered in the auth component in Dovecot 2.2 and 2.3
| before 2.3.20. When two passdb configuration entries exist
Am Fri, Jul 29, 2022 at 02:52:32PM -0700 schrieb Noah Meyerhans:
> My inclination is that this won't need a DSA and can wait for a bullseye
> point release,
Agreed! Marking it as such in the Debian Security Tracker.
Cheers,
Moritz
Am Sun, Jul 31, 2022 at 11:42:01AM +0200 schrieb Salvatore Bonaccorso:
> Hi Jérôme,
>
> On Sat, Jul 16, 2022 at 12:42:05AM +, Debian Bug Tracking System wrote:
> > puppetdb (7.10.1-1) experimental; urgency=medium
> > .
> >* New upstream version 7.10.1 (Closes: #990419, #1012577)
>
> Whe
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2022-29339[0]:
| In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in
| utils/bitstream.c has a failed assertion, which causes a Denial of
Source: 389-ds-base
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for 389-ds-base.
CVE-2022-0918[0]:
| A vulnerability was discovered in the 389 Directory Server that allows
| an unauthenticated attacker with network access to
Source: undertow
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for undertow.
CVE-2022-1319[0]:
https://bugzilla.redhat.com/show_bug.cgi?id=2073890
CVE-2021-3629[1]:
| A flaw was found in Undertow. A potential security iss
Am Fri, Aug 05, 2022 at 09:36:00AM +0200 schrieb Andreas Tille:
> Hi Moritz,
>
> Am Fri, Jul 29, 2022 at 04:42:00PM +0200 schrieb Moritz Mühlenhoff:
> > Am Sun, Jul 24, 2022 at 10:06:03PM +0200 schrieb Andreas Tille:
> > > Unfortunately the package does not build[1]
Source: php8.1
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for php8.1.
It's specific to 8.1.x
CVE-2022-31627[0]:
| In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as
| finfo_buffer, due to incorrect patch a
Source: sofia-sip
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for sofia-sip.
CVE-2022-31001[0]:
| Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-
| Agent library. Prior to version 1.13.8, an attacker c
Source: connman
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for connman.
CVE-2022-32292[0]:
| In ConnMan through 1.41, remote attackers able to send HTTP requests
| to the gweb component are able to exploit a heap-based b
Source: frr
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for frr.
CVE-2022-37035[0]:
| An issue was discovered in bgpd in FRRouting (FRR) 8.3. In
| bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c,
| there
Source: rails
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for rails.
CVE-2022-2[0]:
| A XSS Vulnerability in Action View tag helpers >= 5.2.0 and <
| 5.2.0 which would allow an attacker to inject content if able to
| con
Source: dpdk
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities are fixed in DSA 5222, but filing a bug
to track the fix in unstable:
CVE-2022-28199[0]:
| NVIDIA’s distribution of the Data Plane Development Kit
| (MLNX_DPDK) contains a v
Source: swfmill
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for swfmill.
CVE-2022-36139[0]:
| SWFMill commit 53d7690 was discovered to contain a heap-buffer
| overflow via SWF::Writer::writeByte(unsigned char).
https://g
Source: mplayer
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for mplayer.
CVE-2022-38600[0]:
| Mplayer SVN-r38374-13.0.1 is vulnerable to Memory Leak via vf.c and
| vf_vo.c.
https://trac.mplayerhq.hu/ticket/2390#comment:2
Source: wolfssl
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for wolfssl.
CVE-2022-38152[0]:
| An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client
| connects to a wolfSSL server and SSL_clear is called o
Hi Manuel,
> > Given upstream's reply at https://github.com/K-3D/k3d/issues/38 this
> > seems unlikely to get ported, let's remove k3d?
>
> Basically I'd like to extend its life in Debian and keep users using
> this package rather than having to build the version themselves, as
> long as it doesn'
Am Wed, Mar 30, 2022 at 04:43:12PM -0600 schrieb Bdale Garbee:
> Moritz Muehlenhoff writes:
>
> > Source: geda-gaf
> > Version: 1:1.8.2-11
> > Severity: serious
> >
> > Your package came up as a candidate for removal from Debian:
>
> For the record, I've previously indicated that I consider lept
Am Mon, Apr 11, 2022 at 10:50:05AM +0200 schrieb Richard Ulrich:
> Hi Moritz,
>
> If it all worked and was in sync with electrum, that would be great.
>
> But I stopped updating it back then because in the end most of the time
> I still had to install electrum and those plugins manually.
>
> So,
Am Fri, Aug 30, 2019 at 07:26:40AM + schrieb Matthias Klose:
> Package: src:mini-buildd
> Version: 1.0.41
> Severity: normal
> Tags: sid bullseye
> User: debian-pyt...@lists.debian.org
> Usertags: py2removal
>
> Python2 becomes end-of-live upstream, and Debian aims to remove
> Python2 from the
Source: mysql-8.0
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for mysql-8.0.
CVE-2022-39400[0]:
| Vulnerability in the MySQL Server product of Oracle MySQL (component:
| Server: Optimizer). Supported versions that are aff
Source: netatalk
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for netatalk.
CVE-2022-45188[0]:
| Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow
| resulting in code execution via a crafted .appl file. Th
On Sat, Aug 22, 2020 at 04:37:16PM +0200, Sebastiaan Couwenberg wrote:
> On 8/22/20 4:26 PM, Moritz Muehlenhoff wrote:
> > On Sat, Aug 22, 2020 at 07:58:34AM +0200, Sebastiaan Couwenberg wrote:
> >> Hi Moritz,
> >>
> >> This is fixed in icingaweb2 (2.8.2-1) which was just uploaded to unstable.
> >>
On Fri, Mar 27, 2020 at 11:57:00PM +0100, Moritz Mühlenhoff wrote:
> On Fri, Aug 30, 2019 at 07:42:40AM +, Matthias Klose wrote:
> > Package: src:python-nemu
> > Version: 0.3.1-1
> > Severity: normal
> > Tags: sid bullseye
> > User: debian-pyt...@lists.de
On Fri, Aug 30, 2019 at 07:27:37AM +, Matthias Klose wrote:
> Package: src:mysql-workbench
> Version: 8.0.17+dfsg-1
> Severity: normal
> Tags: sid bullseye
> User: debian-pyt...@lists.debian.org
> Usertags: py2removal
>
> Python2 becomes end-of-live upstream, and Debian aims to remove
> Python
On Fri, Aug 30, 2019 at 07:30:23AM +, Matthias Klose wrote:
> Package: src:pbgenomicconsensus
> Version: 2.3.2-5
> Severity: normal
> Tags: sid bullseye
> User: debian-pyt...@lists.debian.org
> Usertags: py2removal
>
> Python2 becomes end-of-live upstream, and Debian aims to remove
> Python2 f
On Wed, Jun 24, 2020 at 03:18:18PM +0200, Mattia Rizzolo wrote:
> On Tue, Jun 23, 2020 at 10:58:17PM +0200, Moritz Mühlenhoff wrote:
> > With the removal of gnome-doc-utils the only remaining rdep of
> > python-libxml2
> > is gone (apart from src:chirp, but it's already
On Sun, Aug 02, 2020 at 06:24:44PM +0300, Ilias Tsitsimpis wrote:
> Control: severity -1 serious
>
> On Sun, Jul 26, 2020 at 01:21PM, Moritz Mühlenhoff wrote:
> > Nine months later there's no progress, let's remove?
>
> Agreed.
>
> Raising the severity t
On Fri, Aug 30, 2019 at 07:29:10AM +, Matthias Klose wrote:
> Package: src:olefile
> Version: 0.46-1
> Severity: normal
> Tags: sid bullseye
> User: debian-pyt...@lists.debian.org
> Usertags: py2removal
>
> Python2 becomes end-of-live upstream, and Debian aims to remove
> Python2 from the dist
On Sun, Jul 26, 2020 at 01:31:08PM +0200, Moritz Mühlenhoff wrote:
> Hi Marcos,
>
> I overlooked this in my inbox..
>
> On Tue, Jul 07, 2020 at 11:15:58PM +0200, Marcos Fouces wrote:
> > Hello Moritz
> >
> > I did some work time ago on ganglia [1] but i never g
On Thu, Dec 26, 2019 at 03:57:53PM +0100, Sascha Steinbiss wrote:
> Just an update: Python 3 compatibility is indeed introduced in the latest
> upstream version, however, that version also adds some new dependencies that
> would need to be packaged and pass NEW. For example, python-virustotal-api
On Tue, Sep 01, 2020 at 07:11:46PM +1000, Dmitry Smirnov wrote:
> On Tuesday, 1 September 2020 4:57:56 AM AEST Moritz Mühlenhoff wrote:
> > There's radio silence on https://bugs.mysql.com/bug.php?id=98839,
>
> They are not very transparent and their public bug tracker is some
On Fri, Aug 30, 2019 at 07:30:59AM +, Matthias Klose wrote:
> Package: src:piggyphoto
> Version: 0.1dev-git20141014
> Severity: normal
> Tags: sid bullseye
> User: debian-pyt...@lists.debian.org
> Usertags: py2removal
>
> Python2 becomes end-of-live upstream, and Debian aims to remove
> Python
On Fri, Sep 11, 2020 at 09:51:24PM +0200, Aigars Mahinovs wrote:
> Agreed. It was packaged as a reverse dependency for other software,
> but other problems eventually prevented the packaging of that.
Ack, I've just filed an RM bug.
Cheers,
Moritz
On Mon, Sep 14, 2020 at 12:17:00AM +0200, Marcos Fouces wrote:
> Hi Moritz!
>
> Yes, i uploaded it to salsa.d.o and i am waiting for Frontdesk aproval
> to become DD (that should happens in a few days) in order to upload it
> myself instead of asking for sponsorship.
>
> Its new home is here: htt
On Tue, Sep 15, 2020 at 10:56:22AM +0200, Andreas Tille wrote:
> Hi Moritz,
>
> On Mon, Aug 31, 2020 at 08:59:37PM +0200, Moritz Mühlenhoff wrote:
> > On Fri, Aug 30, 2019 at 07:30:23AM +, Matthias Klose wrote:
> > > Package: src:pbgenomicconsensus
> > >
On Fri, Aug 30, 2019 at 07:34:39AM +, Matthias Klose wrote:
> Package: src:pynifti
> Version: 0.20100607.1-4.1
> Severity: normal
> Tags: sid bullseye
> User: debian-pyt...@lists.debian.org
> Usertags: py2removal
>
> Python2 becomes end-of-live upstream, and Debian aims to remove
> Python2 fro
On Fri, Aug 30, 2019 at 07:43:00AM +, Matthias Klose wrote:
> Package: src:python-ntlm
> Version: 1.1.0-1
> Severity: normal
> Tags: sid bullseye
> User: debian-pyt...@lists.debian.org
> Usertags: py2removal
>
> Python2 becomes end-of-live upstream, and Debian aims to remove
> Python2 from the
On Mon, Jun 29, 2020 at 08:41:26PM +0200, Michael Hanke wrote:
> Hi,
>
> yes, that sounds like to best course of action to me.
Ack, I've filed an RM bug.
Cheers,
Moritz
On Fri, Aug 30, 2019 at 07:37:25AM +, Matthias Klose wrote:
> Package: src:python-cjson
> Version: 1.2.1-1
> Severity: normal
> Tags: sid bullseye
> User: debian-pyt...@lists.debian.org
> Usertags: py2removal
>
> Python2 becomes end-of-live upstream, and Debian aims to remove
> Python2 from th
On Sun, Jun 07, 2020 at 01:03:15AM +0200, Moritz Mühlenhoff wrote:
> On Fri, Aug 30, 2019 at 07:32:38AM +, Matthias Klose wrote:
> > Package: src:purity-ng
> > Version: 0.2.0-2.1
> > Severity: normal
> > Tags: sid bullseye
> > User: debian-pyt...@lists.de
Am Fri, Jan 29, 2021 at 09:56:46PM + schrieb Thorsten Alteholz:
> Hi Moritz,
>
> On Fri, 29 Jan 2021, Moritz Mühlenhoff wrote:
> > opencaster seems dead upstream, should it be removed or are
> > you planning to port it to Python 3 yourself?
>
> I don't pla
Am Sun, Feb 09, 2020 at 01:18:27PM +0100 schrieb Andreas Tille:
> Hi,
>
> I've taken over this package into Debian Med team to
>
>https://salsa.debian.org/med-team/python-neuroshare
>
> It needs some remaining work to port for Python3 which I
> can not do right now. Any help is welcome.
Wh
Source: nss
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for nss.
CVE-2023-6135[0]:
| Multiple NSS NIST curves were susceptible to a side-channel attack
| known as "Minerva". This attack could potentially allow an attacker
|
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2023-48958[0]:
| gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in
| gf_mpd_resolve_url media_tools/mpd.c:4589.
https://github.com/gpac/
Source: cacti
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for cacti.
CVE-2023-49084[0]:
| Cacti is a robust performance and fault management framework and a
| frontend to RRDTool - a Time Series Database (TSDB). While usi
Source: falcosecurity-libs
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for falcosecurity-libs.
CVE-2023-49287[0]:
| TinyDir is a lightweight C directory and file reader. Buffer
| overflows in the `tinydir_file_open()` functi
Source: gemmi
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for gemmi.
CVE-2023-49287[0]:
| TinyDir is a lightweight C directory and file reader. Buffer
| overflows in the `tinydir_file_open()` function. This vulnerability
| h
Source: lwip
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for lwip.
CVE-2023-49287[0]:
| TinyDir is a lightweight C directory and file reader. Buffer
| overflows in the `tinydir_file_open()` function. This vulnerability
| has
Source: clickhouse
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for clickhouse.
CVE-2023-48298[0]:
| ClickHouse® is an open-source column-oriented database management
| system that allows generating analytical data reports
Source: w3m
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for w3m.
CVE-2023-4255[0]:
| An out-of-bounds write issue has been discovered in the backspace
| handling of the checkType() function in etc.c within the W3M
| applicat
Source: lrzip
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for lrzip.
CVE-2023-39741[0]:
| lrzip v0.651 was discovered to contain a heap overflow via the
| libzpaq::PostProcessor::write(int) function at /libzpaq/libzpaq.cpp.
Source: ruby-sidekiq
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for ruby-sidekiq.
CVE-2023-26141[0]:
| Versions of the package sidekiq before 7.1.3 are vulnerable to
| Denial of Service (DoS) due to insufficient checks in t
Source: asterisk
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for asterisk.
CVE-2023-37457[0]:
| Asterisk is an open source private branch exchange and telephony
| toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 an
Source: ring
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for pjsig, which is
bundled in ring:
CVE-2023-38703[0]:
| PJSIP is a free and open source multimedia communication library
| written in C with high level API in C, C++
Source: nuget
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for nuget.
CVE-2023-29337[0]:
Does https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29337
affect nuget as packaged in Debian?
If you fix the vulnerabil
Source: freeimage
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for freeimage.
CVE-2020-21428[0]:
| Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp
| in FreeImage 3.18.0 allows remote attackers to run arbitr
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2023-3012[0]:
| NULL Pointer Dereference in GitHub repository gpac/gpac prior to
| 2.2.2.
https://huntr.dev/bounties/916b787a-c603-409d-afc6-25bb0207
Source: freeimage
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for freeimage.
CVE-2020-22524[0]:
| Buffer Overflow vulnerability in FreeImage_Load function in
| FreeImage Library 3.19.0(r1828) allows attackers to cuase a deni
Source: nghttp2
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for nghttp2.
CVE-2023-44487[0]:
| The HTTP/2 protocol allows a denial of service (server resource
| consumption) because request cancellation can reset many streams
Source: trafficserver
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for trafficserver.
CVE-2023-44487[0]:
| The HTTP/2 protocol allows a denial of service (server resource
| consumption) because request cancellation can reset
Source: zabbix
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for zabbix.
CVE-2023-32721[0]:
| A stored XSS has been found in the Zabbix web application in the
| Maps element if a URL field is set with spaces before URL.
ht
Source: node-babel7
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for node-babel7.
CVE-2023-45133[0]:
| Babel is a compiler for writingJavaScript. In `@babel/traverse`
| prior to versions 7.23.2 and 8.0.0-alpha.4 and all versi
Source: openimageio
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for openimageio.
CVE-2022-43592[0]:
| An information disclosure vulnerability exists in the
| DPXOutput::close() functionality of OpenImageIO Project OpenIma
Am Wed, Dec 28, 2022 at 05:31:34PM +0100 schrieb Moritz Mühlenhoff:
> Source: openimageio
> X-Debbugs-CC: t...@security.debian.org
> Severity: grave
> Tags: security
>
> Hi,
>
> The following vulnerabilities were published for openimageio.
And two more
Source: ruby-rails-html-sanitizer
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for ruby-rails-html-sanitizer.
CVE-2022-23517[0]:
| rails-html-sanitizer is responsible for sanitizing HTML fragments in
| Rails applications.
Source: python-git
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for python-git.
CVE-2022-24439[0]:
| All versions of package gitpython are vulnerable to Remote Code
| Execution (RCE) due to improper user input validation, whi
Am Sun, Jan 08, 2023 at 12:27:52AM -0500 schrieb Andres Salomon:
>
> On Fri, Jan 6 2023 at 11:36:02 AM +0200, Adrian Bunk
> wrote:
> > On Fri, Jan 06, 2023 at 10:18:16AM +0100, Moritz Muehlenhoff wrote:
> > > ...
> > > We might consider to set some expectation for oldstable-security,
> > > thoug
Am Thu, Oct 20, 2022 at 11:28:22PM -0300 schrieb David da Silva Polverari:
> Hi,
>
> I adjusted the affected versions in the BTS, but I couldn't find any
> patch for it. The reference to buffer overflows seem related to
> CVE-2020-27818, so I wonder whether it is a duplicate or not.
>
> If it is,
Am Sun, Nov 27, 2022 at 11:45:27AM +0100 schrieb Clément Hermann:
> Hi
>
> Le 25/10/2022 à 13:53, Clément Hermann a écrit :
> > Hi Moritz,
> >
> > Le 25/10/2022 à 11:15, Moritz Muehlenhoff a écrit :
> >
> > > Given that the primary use case for onionshare will be tails, my
> > > suggestion would
601 - 700 of 1031 matches
Mail list logo
