-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Tue, 18 Jun 2019 13:14:33 +1000
Source: libapt-pkg-perl
Binary: libapt-pkg-perl libapt-pkg-perl-dbgsym
Architecture: source amd64
Version: 0.1.36
Distribution: unstable
Urgency: medium
Maintainer: Brendan O'Dea
Changed-By: Brendan
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 23 Jun 2019 01:52:26 +0200
Source: freeorion
Architecture: source
Version: 0.4.8-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Games Team
Changed-By: Markus Koschany
Closes: 930417
Changes:
freeorion (0.4.8-3)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sat, 22 Jun 2019 17:37:51 +0200
Source: openjdk-13
Architecture: source
Version: 13~26-1
Distribution: experimental
Urgency: medium
Maintainer: OpenJDK Team
Changed-By: Matthias Klose
Changes:
openjdk-13 (13~26-1) experimental;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sat, 22 Jun 2019 20:46:50 +
Source: acpid
Architecture: source
Version: 1:2.0.31-1.1
Distribution: experimental
Urgency: medium
Maintainer: Debian Acpi Team
Changed-By: Dmitry Bogatov
Closes: 923871
Changes:
acpid
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 23 Jun 2019 01:25:10 +0800
Source: docker.io
Architecture: source
Version: 18.09.1+dfsg1-7.1
Distribution: unstable
Urgency: medium
Maintainer: Dmitry Smirnov
Changed-By: Shengjing Zhu
Closes: 929662
Changes:
docker.io
On 2019-06-22 10:51:35 +0200, Vincent Lefevre wrote:
> The /etc/mailcap file contains many rules with '%s' instead of %s,
> for instance:
>
> text/*; less '%s'; needsterminal
> audio/ogg; ogginfo '%s'; copiousoutput
>
> This is incorrect. [...]
I suppose that the update-mime script could
-guide-mips64el installation-guide-mipsel
installation-guide-ppc64el installation-guide-s390x
Architecture: source all
Version: 20190622
Distribution: unstable
Urgency: medium
Maintainer: Debian Install System Team
Changed-By: Samuel Thibault
Description:
installation-guide-amd64 - Debian
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sat, 22 Jun 2019 18:19:21 +0100
Source: debian-cd
Architecture: source
Version: 3.1.24
Distribution: unstable
Urgency: medium
Maintainer: Debian CD Group
Changed-By: Steve McIntyre <93...@debian.org>
Changes:
debian-cd (3.1.24)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sat, 22 Jun 2019 18:51:07 +0200
Source: par
Architecture: source
Version: 1.52-4
Distribution: experimental
Urgency: low
Maintainer: Andreas Metzler
Changed-By: Andreas Metzler
Closes: 615256 738479 889678 902676
Changes:
par
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sat, 22 Jun 2019 17:58:57 +0200
Source: openjdk-11
Architecture: source
Version: 11.0.4+8-1
Distribution: unstable
Urgency: medium
Maintainer: OpenJDK Team
Changed-By: Matthias Klose
Changes:
openjdk-11 (11.0.4+8-1) unstable;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Tue, 18 Jun 2019 16:20:51 +0800
Source: zfs-linux
Architecture: source
Version: 0.8.1-1
Distribution: experimental
Urgency: medium
Maintainer: Debian ZFS on Linux maintainers
Changed-By: Mo Zhou
Changes:
zfs-linux (0.8.1-1)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sat, 22 Jun 2019 16:45:18 +0200
Source: mariadb-10.3
Binary: libmariadb-dev libmariadbclient-dev libmariadb-dev-compat libmariadb3
libmariadbd19 libmariadbd-dev mariadb-common mariadb-client-core-10.3
mariadb-client-10.3
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 19 Jun 2019 21:58:59 +0200
Source: streamlink
Architecture: source
Version: 1.1.1+dfsg-1~exp1
Distribution: experimental
Urgency: low
Maintainer: Alexis Murzeau
Changed-By: Alexis Murzeau
Changes:
streamlink
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sat, 22 Jun 2019 18:53:26 +0530
Source: node-d3-scale
Architecture: source
Version: 1.0.7-2
Distribution: experimental
Urgency: medium
Maintainer: Debian Javascript Maintainers
Changed-By: Pirate Praveen
Changes:
node-d3-scale
Package: wnpp
Severity: wishlist
Owner: Jongmin Kim
* Package name: ruby-webpacker
Version : 4.0.7
Upstream Author : David Heinemeier Hansson
* URL : https://github.com/rails/webpacker
* License : Expat
Programming Lang: Ruby
Description : use webpack
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sat, 22 Jun 2019 14:44:19 +0200
Source: stellarium
Architecture: source
Version: 0.19.1-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Astro Maintainers
Changed-By: Tomasz Buchert
Changes:
stellarium (0.19.1-1)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sat, 22 Jun 2019 18:38:27 +0530
Source: node-d3-shape
Architecture: source
Version: 1.3.5-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Javascript Maintainers
Changed-By: Pirate Praveen
Changes:
node-d3-shape
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sat, 22 Jun 2019 13:26:19 +0200
Source: hwinfo
Architecture: source
Version: 21.66-1
Distribution: experimental
Urgency: medium
Maintainer: Sebastien Badia
Changed-By: Tomasz Buchert
Changes:
hwinfo (21.66-1) experimental;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sat, 22 Jun 2019 13:14:11 +0200
Source: nghttp2
Architecture: source
Version: 1.39.1-1
Distribution: experimental
Urgency: medium
Maintainer: Tomasz Buchert
Changed-By: Tomasz Buchert
Changes:
nghttp2 (1.39.1-1) experimental;
Package: wnpp
Severity: wishlist
Owner: Stephan Lachnit
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
* Package name: psu-targets
Version : 1
Upstream Author : Stephan Lachnit
* URL : https://github.com/stephanlachnit/psu-targets
* License : GPL-3
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sat, 22 Jun 2019 16:08:04 +0530
Source: node-d3-timer
Architecture: source
Version: 1.0.9-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Javascript Maintainers
Changed-By: Pirate Praveen
Changes:
node-d3-timer
On 2019-06-22 10:51:35 +0200, Vincent Lefevre wrote:
> execve("/home/vinc17/bin/sh.screen", ["sh", "-c", "less
> ''/var/tmp/_.txt''"], 0x564ffe666f40 /* 132 vars */) = 0
>
> i.e. the filename is eventually not quoted!
>
> Here the filename is sanitized, but I'm not sure that this is always
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sat, 22 Jun 2019 15:03:15 +0530
Source: node-d3-voronoi
Architecture: source
Version: 1.1.4-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Javascript Maintainers
Changed-By: Pirate Praveen
Changes:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sat, 22 Jun 2019 10:39:57 +0200
Source: libreoffice
Architecture: source
Version: 1:6.3.0~beta2-2
Distribution: experimental
Urgency: medium
Maintainer: Debian LibreOffice Maintainers
Changed-By: Rene Engelhard
Changes:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sat, 22 Jun 2019 10:53:32 +0200
Source: numlockx
Architecture: source
Version: 1.2-8
Distribution: unstable
Urgency: low
Maintainer: Andreas Metzler
Changed-By: Andreas Metzler
Closes: 846260 923349
Changes:
numlockx (1.2-8)
On 2019-06-22 10:51:35 +0200, Vincent Lefevre wrote:
[...]
> as seen in strace output:
>
> execve("/home/vinc17/bin/sh.screen", ["sh", "-c", "less
> ''/var/tmp/_.txt''"], 0x564ffe666f40 /* 132 vars */) = 0
FYI, the sh.screen is due to a modification I've done and is used
as a sh wrapper to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sat, 22 Jun 2019 14:20:19 +0530
Source: node-d3-zoom
Architecture: source
Version: 1.7.3-2
Distribution: experimental
Urgency: medium
Maintainer: Debian Javascript Maintainers
Changed-By: Pirate Praveen
Changes:
node-d3-zoom
Processing commands for cont...@bugs.debian.org:
> affects 930908 mutt
Bug #930908 [general] general: incorrect rules for %s in /etc/mailcap yielding
potentially unquoted metacharacters
Added indication that 930908 affects mutt
>
End of message, stopping processing here.
Please contact me if
Package: general
Severity: grave
Tags: security
Justification: user security hole
Affects: mutt
The /etc/mailcap file contains many rules with '%s' instead of %s,
for instance:
text/*; less '%s'; needsterminal
audio/ogg; ogginfo '%s'; copiousoutput
This is incorrect. For instance, Mutt quotes
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sat, 22 Jun 2019 16:43:08 +0900
Source: mikutter
Binary: mikutter
Architecture: source all
Version: 3.9.0~alpha2+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: HIGUCHI Daisuke (VDR dai)
Changed-By: HIGUCHI Daisuke (VDR
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sat, 22 Jun 2019 13:21:30 -0400
Source: node-d3-selection
Architecture: source
Version: 1.4.0-2
Distribution: experimental
Urgency: medium
Maintainer: Debian Javascript Maintainers
Changed-By: Nilesh
Changes:
node-d3-selection
This applies to any program which downloads ads from the
network at runtime. Serious problems with this:
* We don't know what ads might be displayed and whether we would
think them inappropriate, offensive, legally risky, or whatever.
* Downloading ads at runtime is a security risk: it
Package: wnpp
Severity: wishlist
Owner: Nicolas Braud-Santoni
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
* Package name: cni-plugins
Version : 0.8.1
Upstream Author : The CNI team
* URL : https://github.com/containernetworking/plugins
* License :
Package: wnpp
Severity: wishlist
Owner: Nicolas Braud-Santoni
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
* Package name: podman
Version : 1.4.2
Upstream Author : The github.com/containers authors
* URL : https://github.com/containers/podman
* License :
Package: wnpp
Severity: wishlist
Owner: Nicolas Braud-Santoni
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
* Package name: conmon
Version : 0.3.0
Upstream Author : The github.com/containers authors
* URL : https://github.com/containers/conmon
* License :
35 matches
Mail list logo