Le samedi 5 octobre 2024, 21:46:06 UTC Bastien Roucariès a écrit :
Hi mike,
> Could you test this
> https://salsa.debian.org/horde-team/php-horde-editor/-/merge_requests/1
>
> Please fix syntax error my phpskills are old
>
> It will only normaly run an editor other thing ma
/ Ola
>
> On Mon, 30 Sept 2024 at 18:19, Bastien Roucariès wrote:
>
> > Hi,
> >
> > Can someone test why libreoffice fail under bullseye ?
> >
> > Branch
> > debian/bullseye
> >
> > repo
> > g...@salsa.debian.org:lts-team
Le lundi 30 septembre 2024, 16:18:51 UTC Bastien Roucariès a écrit :
Hi,
a gentle remainder about libreoffice
> Hi,
>
> Can someone test why libreoffice fail under bullseye ?
>
> Branch
> debian/bullseye
>
> repo
> g...@salsa.debian.org:lts-team/packages/libreoffice.
Le mercredi 2 octobre 2024, 09:54:16 UTC Mike Gabriel a écrit :
> Hi Bastien,
>
> On Di 01 Okt 2024 19:48:02 CEST, Bastien Roucariès wrote:
>
> > Le mardi 1 octobre 2024, 17:02:40 UTC Sylvain Beucler a écrit :
> >> Hello Mike,
> >>
> >> On
Le mardi 1 octobre 2024, 17:02:40 UTC Sylvain Beucler a écrit :
> Hello Mike,
>
> On 12/08/2024 18:40, Santiago Ruano Rincón wrote:
> > El 12/08/24 a las 00:27, Mike Gabriel escribió:
> >> On So 11 Aug 2024 12:57:23 CEST, Moritz Muehlenhoff wrote:
> >>> On Sat, Aug 10, 2024 at 11:19:24AM -0300, S
I've worked during September on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS
===
Cacti
---
I backported bookworm fixes
I fix autopkgtest suite
I Investigate status of CVE-2024-27082
I Fix CVE-2022-41444
Hi,
Can someone test why libreoffice fail under bullseye ?
Branch
debian/bullseye
repo
g...@salsa.debian.org:lts-team/packages/libreoffice.git
Note that current bullseye fail
Same error:
osl_Profile::oldtests::test_profile finished in: 1ms
(anonymous namespace)::Test::test finished in: 0ms
os
Le samedi 7 septembre 2024, 03:43:24 UTC Otto Kekäläinen a écrit :
Hi,
I can also review here
bastien
> Hi!
>
> I am willing to do the minor version security/bugfix imports for
> MariaDB 10.5.x and Galera 4.x to Bullseye, but to ensure highest
> quality and good process, I am seeking somebody wh
I've worked during august on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS
===
MariaDB
Following triaging work fot LTS/ELTS I proposed a NEWS entry for
for breaking change CVE-2024-21096. I hel
Le lundi 12 août 2024, 16:15:53 UTC Bastien Roucariès a écrit :
> Le lundi 12 août 2024, 00:27:17 UTC Mike Gabriel a écrit :
> > Hi Moritz, hi Santiago,
> >
> > On So 11 Aug 2024 12:57:23 CEST, Moritz Muehlenhoff wrote:
> >
> > > On Sat, Aug 10, 2024 at 11:
Le lundi 12 août 2024, 00:27:17 UTC Mike Gabriel a écrit :
> Hi Moritz, hi Santiago,
>
> On So 11 Aug 2024 12:57:23 CEST, Moritz Muehlenhoff wrote:
>
> > On Sat, Aug 10, 2024 at 11:19:24AM -0300, Santiago Ruano Rincón wrote:
> >> (I had tried to answer from the web debian-lts archive, and I don'
I've worked during july on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS
===
imagemagick
Following previous month fix and in order to avoid regression during upgrade
from buster to bull
I've worked during may on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS
===
sendmail
-
Following previous month fix and in order to avoid regression during upgrade
from buster to bullseye/bookwo
Hi,
After a few hours I get the impression that fixing CVE-2024-0914 even for
bookworm will be extremly hard (lack of constant time operation, massive code
change...)
I suppose the best way is to a full bakport of unstable way to buster and for
ELTS to stretch/jessie
What it your point of vi
I've worked during may on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS
===
apache2
I investigate the port of bullseye proposed by yadd the maintainer, and made
some change in order
to get apac
Hi
Could you test shim that is here
https://salsa.debian.org/efi-team/shim/-/tree/buster/updates?ref_type=heads
I will like to test this on real hardware and kvm.
However, I fail to test the non signed version, and I could not found
documentation of how to test.
Due to particular nature of the
I've worked during april on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS
===
Putty
I have tested putty against terrapin and released DLA 3794-1
Fix of CVE-2024-31497 are proposed and wait review
I've worked during mars on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS
===
composer
--
I triaged #1063603/CVE-2024-24821 and confirmed that this CVE does not affect
buster.
I backported local
I've worked during february on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS
===
sudo
---
I have released DLA 3732-1, following previous month work.
Ansible
--
Following previous month work, I h
Le mardi 27 février 2024, 05:31:01 UTC Sean Whitton a écrit :
> Hello Bastien,
>
> Is there someway I could help with imagemagick under LTS? It looks like
> the status has been unchanged for some months. I'm not an expert but I
> can review things. Thanks!
>
>
Hi sean
I have made a few relea
I've worked during january on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
ELTS:
tinyxml
--
Fix CVE-2023-34194 and release ELA-1029-1.
Note that this project is dead upstram, but a fork seems ac
Le mardi 2 janvier 2024, 14:53:22 UTC Bastien Roucariès a écrit :
Hi,
Obviously the report should be read for decembre 2023
> I've worked during november 2023 on the below listed packages, for Freexian
> LTS/ELTS [1]
>
> Many thanks to Freexian and our sponsors [2] for providing
I've worked during november 2023 on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
ELTS:
The work consisted to fix libreoffice both for stretch and jessie.
I have fixed CVE-2020-12801 CVE-2020-12802 CVE-2020
I've worked during november 2023 on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
ELTS:
python3.5
---
Folowing previous month work, I have finalized to fix testsuite, by
regenerating certifica
I've worked during September 2023 on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS
===
prometheus-alertmanager
---
I have released DLA 3609-1 following fixes from previous
Le jeudi 12 octobre 2023, 08:07:48 UTC Bastien Roucariès a écrit :
Hi,
> Hi,
>
> I have a FTBFS that I do not achieve to fix on batik
>
> https://salsa.debian.org/lts-team/packages/batik/-/commit/b91844ef6472d9e5ddada7593f844a9c23d55b6c
Solved thanks to all
Bastien
>
>
Hi,
I have a FTBFS that I do not achieve to fix on batik
https://salsa.debian.org/lts-team/packages/batik/-/commit/b91844ef6472d9e5ddada7593f844a9c23d55b6c
I have tried to add maven.compiler.source=1.7 without success
Any idea how to solve ?
Bastien
signature.asc
Description: This is a digit
Le vendredi 6 octobre 2023, 19:31:43 UTC Roberto C. Sánchez a écrit :
> Hi Bastien,
>
> On Fri, Sep 29, 2023 at 09:12:57PM +, Bastien Roucariès wrote:
> > Hi,
> >
> > I tried to fix CVE-2021-32686 by using patch from upstream.
> >
> > I think the pro
I've worked during September 2023 on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
ELTS:
My work this month was concentrated on libreoffice. This a huge package (with a
lot of line of code), that take a lo
Le jeudi 28 septembre 2023, 22:46:41 UTC Bastien Roucariès a écrit :
Hi,
An update
> Hi
>
> I am trying to fix the CVE for SALT
Salt need to be updated due to a failure on the custom crypto protocol what was
broken. Both server and client need to be updated due to protoc
Hi,
I tried to fix CVE-2021-32686 by using patch from upstream.
I think the problem is hard to solve:
- patch does not apply cleanly and backport will be difficult (moreover it is
hard to test this kind of race condition)
- ring use a heavy patched PJSIP. A solution will be to use the repackage
Hi
I am trying to fix the CVE for SALT
Unfortunatly this will need a backport of salt 3002.9 that in turn need:
python3-saltfactories >= 0.907 (that need python3-setuptools (>= 50.3.2),
python3-setuptools-scm (>= 3.4) to be investigated)
python3-attr (>= 19.1)
I believe the first one used only
I've worked during August 2023 on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS:
===
docker.io:
* Santiago is trying to test my release. Testing is especially complicated due
to lack of integration test case
I've worked during July 2023 on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS:
docker.io:
* I have continued my work on docker.io and investigate FTBFS #1040141
linked to fallout of CVE-2022-39253. This
Hi,
I have uploaded a docker.io package under https://people.debian.org/~rouca/apt/
I will like some testing, and review particularly swarm mode.
Code is available as usual under git
https://salsa.debian.org/lts-team/packages/docker.io
Review of
https://salsa.debian.org/lts-team/packages/dock
Le mercredi 5 juillet 2023, 04:52:48 UTC Anton Gladky a écrit :
> Hello,
>
> I am looking into CVE-2023-33460 and I am not sure that ruby-yajl
> is affected. There is no direct dependency on yajl, where the vulnerability
> was detected.
ruby-yajl include a old version of yajl 1.01.12
The vuln cod
Source: docker.io
Version: 18.09.1+dfsg1-7.1+deb10u3
Severity: serious
Justification: FTBFS
X-Debbugs-Cc: debian-lts@lists.debian.org
Dear Maintainer,
The current security version FTBFS for me with
-- FAIL: TestCheckoutGit (0.52s)
gitutils_test.go:188: assertion failed: error is not nil: exit
Hi,
This month activity consisted to:
- release ELA-865-1 for imagemagick
- release ELA-869-1 for php-phpseclib including introducing a test suite.
- release ELA-875-1 for libxpm
- Triage yajl. Fix was not release but yajl is embed in other package. Check if
this CVE affects other package and
Le mardi 27 juin 2023, 18:46:25 UTC Tobias Frost a écrit :
> Hi,
>
> time for an small update:
>
> Please note that the packages offered below are WIP status and are intended
> for testing only.
>
> php-cas
> ===
>
> I've verified my patched version of php-cas against the apereo CAS
> imple
Le vendredi 23 juin 2023, 12:44:59 UTC Bastien Roucariès a écrit :
> Le jeudi 22 juin 2023, 13:51:54 UTC Ben Hutchings a écrit :
> > On Thu, 2023-06-22 at 10:37 +, Bastien Roucariès wrote:
> > > Hi,
> > >
> > > I want to discuss about CVE-2023-2884[0-2].
&g
Le jeudi 22 juin 2023, 13:51:54 UTC Ben Hutchings a écrit :
> On Thu, 2023-06-22 at 10:37 +0000, Bastien Roucariès wrote:
> > Hi,
> >
> > I want to discuss about CVE-2023-2884[0-2].
> >
> > In order to be vulnerable host kernel need to disable the xt_u32 module.
Hi,
I want to discuss about CVE-2023-2884[0-2].
In order to be vulnerable host kernel need to disable the xt_u32 module.
Moreover upstream drop for newer version support of xt_u32 see
https://github.com/moby/moby/commit/4d04068184cf34af7be43272db1687143327cdf7
Do we support only xt_bpf in bust
Hi,
The last two hours I tried to fix CVE-2022-46871 by backporting the timer
handling patch by patch until I get something approximativly sane.
If believe it is not really the way to go:
- it is quite fragile
- upstream does not correctly create separate commit and create periodic merge
from F
Hi,
This month activity consisted to:
- release UWSGI fixing CVE-2023-27522 initially reported against apache2 but
than may affects old version of uwsgi. I have reported this finding to the CVE
database and CVE was updated.
- the main part of the work was on imagemagick package:
* CVE-2021-36
Hi,
Here is my public monthly report.
Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.
https://www.freexian.com/services/debian-lts.html#sponsors
In april I spend my time on LTS as:
- fixing apache2 CVE-2023-25690 CVE-2023-27522. CVE-2023-25690 created
Hi,
Here is my public monthly report.
Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.
https://www.freexian.com/services/debian-lts.html#sponsors
In march (my first month) I spend my time on LTS as
- creating the right environment (pbuilder, tools) to
Le lundi 20 mars 2023, 08:31:59 UTC Emilio Pozuelo Monfort a écrit :
Hi,
> On 19/03/2023 07:50, Bastien Roucariès wrote:
> > Le jeudi 16 mars 2023 09:34:17 UTC, vous avez écrit :
> > Hi,
> >> Hi,
> >>
> >> I have been working in improving our Sal
triggered
+via the parse function.
+Fix CVE-2022-21222, CVE-2021-33587 (Closes: #989264, #1032188)
+
+ -- Bastien Roucariès Wed, 01 Mar 2023 15:33:15 +
+
node-css-what (2.1.0-1) unstable; urgency=medium
* new upstream version
diff -Nru node-css-what-2.1.0/debian/patches/0001-Partial
expression in the
+re_attr variable.
+The exploitation of this vulnerability could be triggered
+via the parse function.
+Fix CVE-2022-21222, CVE-2021-33587 (Closes: #989264, #1032188)
+
+ -- Bastien Roucariès Wed, 01 Mar 2023 15:33:15 +
+
node-css-what (2.1.0-1) unstable
49 matches
Mail list logo