s by, for
instance, dh_installchangelogs, dpkg-gencontrol, dpkg-genchanges,
etc. :)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
hat it might return to testing without further
intervention on our part..?
Otherwise, we can very cleanly remove this build dependency, even
keeping the .arsc file support in diffoscope itself.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
lt;https://www.spinics.net/lists/linux-media/msg230147.html>
etc.
Does this spark anything worth trying? :-)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
f Debian.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
Dear Alberto,
Hope this finds you well. Any quick/immediate ideas on what might be
behind this build failure? Note that this is on ARM architectures
rather than amd64 — I often misread and conflate them at speed. :) Oh,
and I can't reproduce this on amd64 locally, at least, so I don't think
it
time some time to update.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-41056
https://www.cve.org/CVERecord?id=CVE-2023-41056
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
s well.
That would have the added advantage of "clearing out" the other patch
we had to apply re. Link-Time Optimisation.
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
Hey Alberto,
Hope all is well with you. Just wondering if you received the below
re. a recently-filed bug report against libfiu. I can reproduce it
locally if that helps.
Best wishes,
Chris
- Original message -
From: Lucas Nussbaum
To: sub...@bugs.debian.org
Subject: Bug#1054777:
ttps://security-tracker.debian.org/tracker/CVE-2023-41164
https://www.cve.org/CVERecord?id=CVE-2023-41164
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
tags 1050973 + pending
thanks
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
ntry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-36053
https://www.cve.org/CVERecord?id=CVE-2023-36053
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
No, please go ahead and do both: my availability is spotty for the next 18
hours. :)
(on mobile)
Utkarsh Gupta wrote:
> Hi Chris,
>
> On Wed, Jun 7, 2023 at 9:01 PM Chris Lamb wrote:
>> I see your 2.5.5-3+deb10u6 update on the debian/buster branch which
>> fixes the b
gh you mentioned you were going to wait a bit more, I'm just
100%-checking you aren't waiting on anything from me to upload that?
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
multiple files.
— <https://www.djangoproject.com/weblog/2023/may/03/security-releases/>
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
: https://cachelib.readthedocs.io/en/stable/changes/
* A similar-looking report on cachelib's Issue Page:
https://github.com/pallets-eco/cachelib/issues/39
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
st wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
2023-24580
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
are more interconnected that one might initially believe.
* Here are the release notes for Redis, showing the difference between
7.0.7 in testing and 7.0.8 in unstable:
https://raw.githubusercontent.com/redis/redis/7.0/00-RELEASENOTES
Regards,
--
,''`.
: :' : Chris Lamb
`. `'
Control: tag -1 pending
Hello,
Bug #1030251 in python-django reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
tps://security-tracker.debian.org/tracker/CVE-2023-23969
https://www.cve.org/CVERecord?id=CVE-2023-23969
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Hi all,
> […]
As Mattia writes on the Salsa bug [0], I now don't think this is a
network issue. In other words, the package FTBFS regardless of whether
you have network access or not.
To make debugging this easier, I've split out the inline Python code
in c341b63a [1], and simply running the
reassign 1026520 python-rstr
merge 1026569 1026520
affects 1026520 diffoscope
thanks
Lucas Nussbaum wrote:
> During a rebuild of all packages in sid, your package failed to build
> on amd64.
Quite so. However, I think the problem is elsewhere:
>> File
and build-indep.
(Closes: #999259)
* Remove a "debian/changelog~" editor backup file.
The full debdiff is attached.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
diffstat for leave_1.12-2.1 leave_1.12-2.
)
The full debdiff is attached.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
diffstat for xcolmix-1.07 xcolmix-1.07
changelog | 12
rules |5 -
2 files changed, 16 insertions(+), 1 deletion(-)
diff -Nru
reproducible by adding "-n" to the gzip(1) invocation.
(Closes: #777413)
The full debdiff is attached.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
diffstat for mailto_1.3.2-3 mailto_1.3.2-3.1
change
fixed in #1014102
Perhaps jobs just need to be resubmitted? I see that the version numbers on:
https://qa.debian.org/excuses.php?package=redis
... refer to the unfixed versions; for example, python-fakeredis
(version 1.6.1-1) was fixed in 1.7.1-1.
Regards,
--
,''`.
: :' :
ts/2
> https://salsa.debian.org/python-team/packages/python-fakeredis/-/merge_requests/3
Uploading now. :)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
Raphael Hertzog wrote:
> As such, as much as I hate it, I think than only (a) is realistic.
Yeah. :/ Okay, I'll upload 3.3.14 shortly.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
S version in Debian unstable.
b) Wait for the 4.x stream to become designated LTS. I believe this
should happen with version 4.2, due for release in about 6 or 7
months:
https://www.djangoproject.com/download/
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'
4265
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
>> #54 Does not return a reply when the command times out: [0;31mFAILED[0;0m
I suspect that the root cause here is that Redis 7.x is now in
unstable (vs. 6.x).
// Chris
CI pipeline, and I'll upload it
tomorrow.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
bin/redis-check-rdb.
Hm! That is an interesting hypothesis, but I can't seem to reproduce
this problem locally. I'm using systemd 251.2-5, you?
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
Sebastian Ramacher wrote:
> E: Build killed with signal TERM after 150 minutes of inactivity
> [..]
Hm, I requested a giveback using the automated service and it seems to
build properly... this time.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debi
ntry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-28346
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
rds,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
python-plac.1.3.4-1.unstable.amd64.log.txt.gz
Description: Binary data
unembargoed.
[0] https://security-tracker.debian.org/tracker/CVE-2022-0543
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0543
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
/cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
fix; it was a SQLite compatibility issue.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
Control: tag -1 pending
Hello,
Bug #1004464 in python-django reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
Control: tag -1 pending
Hello,
Bug #1004464 in python-django reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
ferent version: 2:3.2.11.
It's not a problem at all — am only mentioning it explicitly in case you
have a bug in a script (or similar) that might need updating.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
t round of more serious Django issues?
That works for me. I think I've reflected that in data/CVE/list in
this commit:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/09807490bc5924c02b11adb4f85ed9467f50efcf
Regards,
--
,''`.
: :' : Chris Lamb
solution logic, that will not call methods, nor allow
> indexing on dictionaries.
>
> * CVE-2021-45452: Potential directory-traversal via Storage.save() [2]
>
> Storage.save() allowed directory-traversal if directly passed
> suitably crafted file names.
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
rity-tracker.debian.org/tracker/CVE-2021-45452
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45452
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
tags 996995 + patch
severity 996995 serious
thanks
Patch attached.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
diff --git a/dhpython/debhelper.py b/dhpython/debhelper.py
index 7308bbe..55b91c0 100644
--- a/dhpython
), undef,
ARRAY(0x5645120b1938), 1) called at /usr/bin/lintian line 502
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
ses it.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
this.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
issue.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
Jochen Sprickerhof wrote:
> I have no idea about Redis/Fakeredis, adding Ondřej as he did all the
> uploads, lately.
Hey Ondřej, any input here? Otherwise, not sure what to suggest...
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
kg-redis/commit/98b2cbd5085cd1d526ac9f30cb205ebcf8d8e38a
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
Chris Lamb wrote:
> Sure thing -- I've forwarded this upstream here:
>
> https://github.com/redis/redis/issues/9273
Okay, so the latest reply there suggests that this is (now) the
expected and behaviour of Redis going forward.
I still don't quite grasp what it is that fakeredis i
ream here:
https://github.com/redis/redis/issues/9273
As you can see, your testcase was very useful in putting together this bug
report. Thanks!
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
posing this
issue, but being able to pin it down would be the ideal next step,
especially as the testsuite is so large (and there were quite a few
changes).
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-diff --git a/.github/workflows/dai
fakeredis
maintainer chime in perhaps?
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
However, why the slight change to security-related overflow handling
in bitfield fields *on i386 systems* should result in this failure
eludes me... :/
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
versions. Alas, this upload was an
attempt to address a different regression (which shouldn't have been
introduced/uploaded to begin with... ultimately, just underscoring
the entire purpose of freezes.) Lesson learned.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@d
sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-32761
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32761
Regards,
--
,''`.
: :' : C
for closing the bug. And, circling
back to my remarks above about not being overly wedded to rules, I am
very happy to re-explore this in the future if it comes up repeatedly
for others.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian
) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-32625
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32625
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
ense to specify libjs-query as a Depends on your package
instead?
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
https://www.djangoproject.com/weblog/2021/may/06/security-releases/
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / c
.com/weblog/2021/may/04/security-releases/
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
name=CVE-2021-29477
[1] https://security-tracker.debian.org/tracker/CVE-2021-29478
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29478
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
ntry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-28658
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28658
[1] https://www.djangoproject.com/weblog/2021/apr/06/security-releases/
Regards,
--
,''`.
: :' : Chris
Hi,
> > ACK. Have filed #983526 for this purpose.
>
> Can you please add as well the fixes for the other open issues?
This was done on Feb 26th:
https://bugs.debian.org/983526#22
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
the next DSA seems fine to me.
Sure thing. I've filed this as #983527.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
hink this should rather go via s-p-u.
ACK. Have filed #983526 for this purpose.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
Chris Lamb wrote:
> Package: redis
> Version: 3:3.2.6-3+deb9u3
[..]
> CVE-2021-21309:
> https://groups.google.com/g/redis-db/c/fV7cI3GSgoQ/m/ocwV-MlzAgAJ
Security team, would you like an upload to stretch-security or should
this go via s-p-u? I mention that option specifically as the
ards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Chris Lamb wrote:
> The following vulnerability was published for python-django.
[…]
>
> Django is vulnerable because it embeds parse_qsl:
>
> https://www.djangoproject.com/weblog/2021/feb/19/security-releases/
Security team, let me know if you would like an update for st
ntry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-23336
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
6b49222ac9463b
6.2-rc1
6.2-rc2
6.2-rc3
Not sure if previous s390x builds were failing, which might be another
route to fixing this.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
pstream.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
2021-3281
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3281
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Hi Paul,
> sorry, I missed the follow up somehow. Mea culpa
Oh, not at all! Thank you for working on the autopkgtest stuff and
handling all the replies from these RC bugs.
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
he reference. Closing this bug...
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
en updated recently? I can't seem to locate one.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
Control: tag -1 pending
Hello,
Bug #978263 in python-django reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
(--purge):
installed minidlna package post-removal script subprocess returned error
exit status 1
Errors were encountered while processing:
minidlna
E: Sub-process /usr/bin/dpkg returned an error code (1)
Patch attached.
Regards,
--
,''`.
: :' : Chris Lamb
Hi Diane,
> Think it would be reasonable for me to to push this patch and make a
> new team release?
Ah, I had not noticed it had dropped out of testing. Yes, please go
ahead.
Kind regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
Control: tag -1 pending
Hello,
Bug #972518 in diffoscope reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
the
reliability of said mechanism.
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
s
is not working as expected).
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-diff --git a/debian/control b/debian/control
index e7a8882..7d18b97 100644
--- a/debian/control
+++ b/debian/control
@@ -22,7 +22,8 @@ Package: jhbuild
Architecture: all
Depends: ${s
on3/dist-packages/black/__init__.py", line 65, in
> >
> > from _black_version import version as __version__
> > ModuleNotFoundError: No module named '_black_version'
This is #970901 in black. I actually provided a patch for this issue a
few days ago, but no response from the maintainer y
dh $@ --with sphinxdoc,python3 --buildsystem=pybuild
override_dh_auto_build:
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-diff --git a/debian/rules b/debian/rules
index 09908f4..1a70969 100755
--- a/debian/rules
+++ b/d
Control: tag -1 pending
Hello,
Bug #969753 in diffoscope reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
f this is the right solution, or something better has to be
> implemented.
Thanks. Adding the decorator in test_pgp.py looks fine at a first
glance, but needing PGP support to diff two directories (!) is a
symptom of a deeper problem with pgpdump integration.
Will investigate.
Regards,
--
,'
ttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24584
[2] https://www.djangoproject.com/weblog/2020/sep/01/security-releases/
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
le to
help you any further. Good luck...
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
commit/d0f0b21559ab162164c25c4b76dcfdeac92b8487
… but also made a few related changes while I was in this rather
unloved part of the code (eg. 8ce4515f1).
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
Hi John Scott,
> On Wednesday, September 11, 2019 4:03:59 AM EDT Chris Lamb wrote:
>
> > I just ACCEPTed minder from NEW but noticed it was missing attribution
> > for at least Tomáš Mráz.
>
> This bug is against crypto-policies, but it appears you accepted minder too
>
Hi Sébastien,
> They look fine, please upload to security-master.
Done.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
Chris Lamb wrote:
> I'd like to perform another Lintian release but for various reasons
> I'd prefer to have this issue addressed before doing another upload.
Just to be 100% explicit here, I don't feel I can cut a new release
until this bug is resolved.
R
Chris Lamb wrote:
> The full debdiffs are attached. Can you especially check the
> versioning scheme and distribution fields for me? I often get this
> wrong and end up confusing myself. Really appreciated.
They are now attached.
Regards,
--
,''`.
: :' : C
Chris Lamb wrote:
> I will wait a few days to see what upstream says. I will also have to
> re-release for jessie LTS, alas.
Okay, this is now fixed in the following versions (without and with
the regression fix):
DistributionUpload with regressionUpload with regression
e appropriate to explain concisely and exactly what a user
may need to change (eg. "if you were relying on X, you should do Y".)
We should also consider bumping the major version number of Lintian
itself if we are strictly following the semver.org versioning scheme.
Regards,
--
ion to contribute to this
discussion itself.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org chris-lamb.co.uk
`-
1 - 100 of 2915 matches
Mail list logo