Bug#950816: mpv: unintended code execution vulnerability

2020-02-14 Thread astian
:00 2001 From: astian Date: Mon, 11 Feb 2020 21:08:51 + Subject: [PATCH] lua: fix unintended code execution vulnerability Backport of upstream commit cce7062a8a6b6a3b3666aea3ff86db879cba67b6 ("lua: fix highly security relevant arbitrary code execution") to release 0.32.0. Note: B

Bug#950816: Acknowledgement (mpv: unintended code execution vulnerability)

2020-02-06 Thread astian
astian: > If Lua scripts are enabled (they are by default) and configured for use > (Debian doesn't seem to have any active by default) Correction: mpv as shipped by Debian does have some active Lua scripts embedded in the ELF binary, but, as the author says in the quoted commit, they

Bug#950816: mpv: unintended code execution vulnerability

2020-02-06 Thread astian
Package: mpv Version: 0.32.0-1 Severity: grave Tags: security fixed-upstream Justification: user security hole Dear Maintainer, If Lua scripts are enabled (they are by default) and configured for use (Debian doesn't seem to have any active by default) mpv could end up loading unintended code

Bug#929439: minetest-mod-pipeworks: Missing dependency

2019-05-23 Thread astian
Package: minetest-mod-pipeworks Version: 20190430-1 Severity: serious Justification: Policy 3.5. Dependencies Dear Maintainer, Package lacks a dependency on "basic_materials" (minetest-mod-basic-materials). -- System Information: Debian Release: 10.0 APT prefers unstable-debug APT policy:

Bug#879631: python3-flask-socketio: missing dependency

2017-10-23 Thread astian
Package: python3-flask-socketio Version: 2.9.0-1 Severity: serious Dear Maintainer, This package lacks a dependency on the upstream "python-socketio" [0], which provides a "socketio" module. Please do not confuse it with the Debian package of the same name, which also provides a "socketio":

Bug#789927: libanthyinput0: fails to upgrade from 'sid' - trying to overwrite /usr/lib/x86_64-linux-gnu/libanthyinput.so.0.0.0'

2017-08-30 Thread astian
Control: affects -1 ibus-anthy Control: found -1 ibus-anthy/1.5.9-2 Control: found -1 anthy/1:0.3-5 Hi, Packaging is still broken on sid. (Interesting how 2 years of forewarning were still not sufficient to prevent this.) $ sudo apt install ibus-anthy Reading package lists... Done