Control: tag -1 + confirmed pending
On Fri, Aug 02, 2019 at 01:24:00AM +, Ximin Luo wrote:
> We are blocked on FTP masters accepting rust-bstr and the new build
> dependencies of the new version of cargo.
Hi Ximin,
Thanks for the explanation.
> Please check the debcargo-conf.git repo first,
Source: rust-cargo
Version: 0.35.0-1
Severity: serious
Justification: FTBFS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
rust-cargo fails to rebuild from source (in a clean sbuild environment).
I ran into this while rebuilding all reverse dependencies of rust-openssl-sys
prior to uploadi
Package: libykpiv1
Version: 1.6.2-1
Severity: serious
Tags: security buster sid upstream fixed-upstream pending
Justification: Security issue
Hi,
Yubico released a new version of libykpiv, mentionning “security fixes” in
the NEWS file, but without publishing a new security advisory.
I believe th
Package: yubikey-manager
Version: 2.0.0-2
Severity: serious
Tags: fixed-upstream upstream pending
Justification: RoM, severe usability degradation for many users
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
See https://github.com/Yubico/yubikey-manager/pull/220
- -- System Information:
Debia
clone 917807 -1
retitle -1 Orphan libcaca
severity -1 normal
thanks
Hi Sam,
I'm planning on fixing those security issues for Buster.
Given that you last touched the package in 2014, and didn't address this
critical
bug within 3 months, may I go ahead and orphan the package while I'm at it?
I
Control: tag -1 + patch pending
Dear maintainer,
On Sun, Jan 20, 2019 at 04:57:04AM +0100, Andreas Beckmann wrote:
> during a test with piuparts I noticed your package ships (or creates)
> a broken symlink.
Given the lack of answer, I prepared a fixed version, and performed a NMU
to DELAYED/3, s
Package: python3-stem
Version: 1.7.0-1~bpo9+1
Severity: serious
Justification: Non installable
Control: block 905212 by -1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
The version of python3-stem in stretch-backports isn't installable due to
its dependency on python3-distutils, which only
On Sat, Feb 09, 2019 at 01:54:19PM +0100, Nicolas Braud-Santoni wrote:
> On Sat, Feb 09, 2019 at 11:19:47AM +0100, Sébastien Delafond wrote:
> > don't forget to use -sa as it will be new there
>
> OK. My first dput didn't seem to include the orig tarball, even though I
On Sat, Feb 09, 2019 at 11:19:47AM +0100, Sébastien Delafond wrote:
> On Feb/08, Nicolas Braud-Santoni wrote:
> > I backported the fix and prepared an upload.
> > The debdiff is attached, and the commands used to produced it are
> > documented below.
> >
> >
Dear security team,
On Fri, Feb 08, 2019 at 08:23:10PM +0100, Nicolas Braud-Santoni wrote:
> On Fri, Feb 08, 2019 at 02:08:40PM +0100, Salvatore Bonaccorso wrote:
> > The following vulnerability was published for libu2f-host.
> >
> > CVE-2018-20340[0]:
> > buffer ove
On Fri, Feb 08, 2019 at 02:08:40PM +0100, Salvatore Bonaccorso wrote:
> Hi,
>
> The following vulnerability was published for libu2f-host.
>
> CVE-2018-20340[0]:
> buffer overflow
Hi Salvatore & Sébastien,
Thanks a lot for the swift report(s). :)
I just uploaded a fixed version to unstable.
on should likely be taken
with... a grain of salt ;)
Best,
nicoo
- Forwarded message from Daniel Wallace -
Date: Tue, 28 Aug 2018 05:46:22 -0700
From: Daniel Wallace
To: saltstack/salt-jenkins
Cc: Nicolas Braud-Santoni , Comment
Subject: Re: [saltstack/salt-jenkins] [Py3][Tornado
tag 904654 + upstream fixed-upstream
forward 904654 https://github.com/saltstack/salt/issues/48556
tag 893817 - fixed-upstream
forward 893817 https://github.com/saltstack/salt-jenkins/issues/995
thanks
Hi,
Just updating the bugs metadata ;)
#904654 is fixed in upstream's 2018.3.3, to be relea
Package: cppo
Version: 1.6.4-1
Severity: serious
Tags: upstream
Justification: fails to build from source
The testsuite of cppo fails on arm{el,hf} and ppc64el in the same location:
https://buildd.debian.org/status/fetch.php?pkg=cppo&arch=ppc64el&ver=1.6.4-1&stamp=1533482737&raw=0
https://b
On Sun, Aug 26, 2018 at 06:08:58PM +0100, Nicolas Braud-Santoni wrote:
>
> I'm attaching the relevant files.
Oops, forgot the attachments.
exploit.ps
Description: PostScript document
signature.asc
Description: PGP signature
Package: ghostscript
Version: 9.22~dfsg-2.1
Severity: grave
Tags: security buster sid
Justification: user security hole
Hi,
Tavis Ormandy disclosed a new ghoscript security issue, leading directly to code
execution: http://openwall.com/lists/oss-security/2018/08/21/2
I don't think this is [CVE-
Dear LTS contributors,
I'm a co-maintainer of opam, the OCaml-specific dependencies manager, which
is currently broken in olstable: the version in Jessie is 1.2.0 and does
not support the current opam repository format[0], meaning that users
cannot install new OPAM packages, get updates, ... (see
On Thu, Aug 23, 2018 at 07:39:13PM +0200, Mehdi Dogguy wrote:
> On 2018-08-23 16:53, Nicolas Braud-Santoni wrote:
> > On Thu, Aug 23, 2018 at 03:00:22PM +0200, Mehdi Dogguy wrote:
> > > > It makes opam unusable for jessie users: already initialised ones can't
> &g
Hi Mehdi,
On Thu, Aug 23, 2018 at 03:00:22PM +0200, Mehdi Dogguy wrote:
> > [...]
> > It makes opam unusable for jessie users: already initialised ones can't
> > install new compilers nor update packages, and with a fresh install opam
> > is almost unusable (e.g. [3]).
>
> Unfortunately, we won't
Hi Salvatore,
On Tue, Aug 14, 2018 at 09:55:39PM +0200, Salvatore Bonaccorso wrote:
> On Tue, Aug 14, 2018 at 08:36:10PM +0200, Nicolas Braud-Santoni wrote:
> > Hi,
> >
> > Gunnar Wolf sponsored the upload to sid (thanks!) and I just prepared an
> > upload for stretch
PS: In case I need to be reached swiftly, IRC might be the most effective medium
(nicoo on irc.oftc.net/#debian-security)
On Tue, Aug 14, 2018 at 06:39:43PM +0200, Nicolas Braud-Santoni wrote:
> Package: libykpiv1
> Severity: serious
> Tags: security pending stretch buster sid
> J
Package: libykpiv1
Severity: serious
Tags: security pending stretch buster sid
Justification: security
libykpiv1 versions below 1.6.0 are affected by a buffer overflow, exploitable by
malicious USB devices, that can lead to arbitrary code execution.
I will upload the fixed upstream version later
Hi Gert,
On Sun, Jul 29, 2018 at 01:28:58PM +0200, Gert Wollny wrote:
> python-autobahn is currently not installable with python3-all-dev
> because the latter depends on python3.7 and python-autobahn depends on
> python-ubjson, which in turn FTBFS with python-3.7.
Thanks for the explanation. :)
Source: sumo
Version: 0.32.0+dfsg1-1
Severity: serious
Justification: FTBFS
Hi,
While rebuilding packages in preparation of the json-c transition (#904418),
I discovered that sumo fails to build from source, independently of the
transition.
Please find a build log attached.
Best,
nicoo
--
Source: vtk7
Version: 7.1.1+dfsg1-4
Severity: serious
Justification: FTBFS
While doing a rebuild of all reverse dependencies of json-c (as preparation
for transition #904418), I discovered that vtk7 fails to build due to a broken
build-dependency on python3-autobahn, independently of the upcoming
On Sat, May 26, 2018 at 11:18:40PM +0200, Nicolas Braud-Santoni wrote:
> In the meantime, I am forwarding this bug upstream (against pam-u2f), who
> might be able to pinpoint the issue faster than I would. (OTOH, several of
> the pam-u2f upstream developers are in the relevant packaging
Source: ocaml-rope
Version: 0.6-1
Severity: serious
Justification: FTBFS
Hi,
ocaml-rope fails to build using the new version of dune/jbuilder
due to dh_missing complaining about uninstalled files.
I will prepare a new upload momentarily.
Best,
nicoo
-- System Information:
Debian Release: b
Control: fixed -1 1.0~beta20-1
Hi,
I just checked and this was fixed by my upload of v1.0~beta20-1, ...
which I did because I ran into the same bug while packaging something else ;)
However, ocaml-rope now FTBFS due to dh_missing; I will file a bug and fix that
momentarily.
Best,
nicoo
On
Control: clone -1 -2
Control: retitle -2 RM: elasticsearch -- ROM; NPOASR; unmaintained since ~2
years; security issues
Control: severity -2 normal
Control: reassign -2 ftp.debian.org
On Thu, Mar 08, 2018 at 11:17:20PM +0100, Emmanuel Bourg wrote:
> Le 08/03/2018 à 22:50, Nicolas Braud-Santon
On Mon, Nov 21, 2016 at 09:33:18PM +0100, Hilko Bengen wrote:
> * Emmanuel Bourg:
> > Do you think elasticsearch should be removed from unstable?
>
> Not necessarily. It should just not become part of stretch because there
> is no sensible way to support it.
Given that this is the last activity a
Control: tag -1 pending
On Tue, Jan 23, 2018 at 01:33:39AM +0100, Andreas Beckmann wrote:
>
> let the new package figure out what it want's to do here ...
As I had an upload ready for the new upstream version,
I just added a conflict for now.
I will figure out what we can do to solve this in a
Source: glances
Version: 2.11.1-2
Severity: serious
Justification: fails to build from source
Dear maintainer,
glances version 2.11.1-2 fails to build from source here (under sbuild) :
> User Environment
>
>
> APT_CONFIG=/var/lib/sbuild/apt.conf
> HOME=/sbuild-nonexistent
> LAN
Control: tag -1 + moreinfo
Hi,
On Sun, Dec 10, 2017 at 07:44:14PM +0100, mirq-debo...@rere.qmqm.pl wrote:
> Package: git
> Version: 1:2.15.1-1
> Severity: grave
>
> --- Please enter the report below this line. ---
>
> git 2.15.x from testing can't properly fetch from remote repository:
I find
Package: python3-seaborn
Version: 0.7.1-2
Severity: serious
Dear Maintainer,
In a Python 3 interpreter, with python3-seaborn freshly installed,
`import seaborn` simply fails:
> >>> import seaborn
> Traceback (most recent call last):
> File "/usr/lib/python3.5/tkinter/__init__.py", line 36, in
Package: vagrant-sshfs
Version: 1.3.0-1
Severity: grave
Dear Maintainer,
After installing vagrant-sshfs, I cannot run vagrant anymore.
> % vagrant init debian/jessie64; vagrant up --provider libvirt
> /usr/lib/ruby/vendor_ruby/i18n/backend/base.rb:184:in `rescue in load_yml':
> can not load tra
Package: zfs-dkms
Version: 0.6.5.8-3
Followup-For: Bug #851513
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Confirmed not working in stretch.
See attached make.log
- -- System Information:
Debian Release: 9.0
APT prefers testing
APT policy: (900, 'testing'), (500, 'unstable')
Architectu
Hi,
I was working on this today at the Salzburg BSP and should finish
tomorrow.
Best,
nicoo
Control: tag -1 pending
X-Debbugs-CC: hol...@debian.org
Hi,
I prepared an upload for a new version of cloud-init which fixes
(among other things) this bug. It is currently available in the
v0.7.8/master branch on alioth.
Should I NMU this?
Best,
nicoo
signature.asc
Description: PGP signa
Hi Lucas,
Your report is in essence a duplicate of #832877 (which is assigned to
ssreflect).
There is an upload pending that solves this issue ;)
Best,
nicoo
PS: I'm not merging those bugs, since they are assigned to different
source packages; after the upload, ssreflect will be built
Control: tag -1 upstream
On Sat, Jul 23, 2016 at 08:35:15PM +0200, Ralf Treinen wrote:
>
> Why also does not compile with the current vesion of why3. I talked
> to why upstream about this a few days ago. There will be a new upstream
> release of why soon which will fix this. I suspect this will
Hi Stéphane,
camlduce is not compilable since 2013, and requires an update upstream
to make it work with recent versions of OCaml.
Since you are the upstream developer, I would like to ask you if there
are any plans to make this happen in the forseeable future.
If not, would you be OK with caml
Control: tag -1 pending
Hi,
I prepared an upload for a new upstream version of camlpdf.
As part of this, I updated the copyright information.
Best,
nicoo
Control: tag -1 pending
Hi,
I prepared an upload for an up-to-date version of aac-tactics,
which (obviously) solves the FTBFS.
I should push it to alioth in the evening.
Best,
nicoo
Hi,
coq-float and why cannot build under Coq 8.5, leading to two FTBFS bugs.
(Note: This is about why, not why3)
I confirmed that (beyond some mild build-system breakage) the issues
are due to changes in Coq, and neither are still maintained upstream.
As such, I would like to suggest we delete t
Control: block -1 by 830478
Hi,
I attempted to fix this, and it seems to be a simple missing
Build-Depends. However, I discovered that the dependency installs
its source in the wrong directory.
The fix is thus blocked on #830478
Best,
nicoo
Package: golang-github-docker-docker-dev
Severity: serious
Dear Maintainer,
While working on #829237 (FTBFS on systemd-docker), I discovered that
golang-github-docker-docker-dev installs its source under
/usr/share/gocode/${DH_GOPKG} rather than /usr/share/gocode/src/${DH_GOPKG}.
Best,
nico
Control: tags -1 + moreinfo
Control: severity -1 important
Control: retitle -1 unison fails to synchronize FS modified under Windows
Hi,
According to the documentation, only file timestamps are
used, not directory timestamps, and fastchecks can be disabled:
https://www.cis.upenn.edu/~bcpierce
Control: tags -1 - patch + pending
The patch was merged in the packaging repo a month ago.
Please upload the updated package.
signature.asc
Description: PGP signature
Control: tags -1 patch
Hi,
A patch was submitted, as a pull request against the packaging repo[0].
[0] https://github.com/Yubico/libu2f-server-dpkg/pull/1
signature.asc
Description: PGP signature
Control: tags -1 patch
The previous patch contained a typo in the changelog.
Please find enclosed a fixed version.
Best,
nicoo
From e8a764087c88dc569f5d264cf9e28845499a0efb Mon Sep 17 00:00:00 2001
From: Nicolas Braud-Santoni
Date: Mon, 9 May 2016 00:23:54 +0200
Subject: [PATCH] Fix
From cb99d35f7cb0abf91d40403201a66895ee8f6c35 Mon Sep 17 00:00:00 2001
From: Nicolas Braud-Santoni
Date: Mon, 9 May 2016 00:23:54 +0200
Subject: [PATCH] Fix dependencies and bump Standards-Version
---
debian/changelog | 6 ++
debian/control | 5 +++--
2 files changed, 9 insertions(+), 2 deletions(-)
51 matches
Mail list logo
