Hi Steve,
Thanks for working on this!
On Thu, Dec 08, 2022 at 12:15:57AM +, Steve McIntyre wrote:
> [ Trying again without typos in addresses! ]
>
> Hey folks,
>
> As you (might?) have seen, since the most recent set of security
> patches went into Grub (2.06-3~deb10u2, 2.06-3~deb11u4 and 2
Processing changes file: mariadb-10.5_10.5.18-0+deb11u1_mips64el-buildd.changes
ACCEPT
Processing changes file: mariadb-10.5_10.5.18-0+deb11u1_mipsel-buildd.changes
ACCEPT
[ Trying again without typos in addresses! ]
Hey folks,
As you (might?) have seen, since the most recent set of security
patches went into Grub (2.06-3~deb10u2, 2.06-3~deb11u4 and 2.06-5)
I've been working on fixing up some of the fallout from the now
locked-down font loader. The current state of
Processing changes file: mariadb-10.5_10.5.18-0+deb11u1_arm64-buildd.changes
ACCEPT
Processing changes file: evolution-ews_3.38.3-1+deb11u1_mips64el-buildd.changes
ACCEPT
Processing changes file: evolution-ews_3.38.3-1+deb11u1_ppc64el-buildd.changes
ACCEPT
Processing changes file: evolution-ews_3.38.3-1+deb11u1_s390x-buildd.changes
ACCEPT
Processing changes file:
libapache2
On Wednesday, December 7, 2022 3:23:36 PM EST Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Sat, 2022-11-26 at 14:21 -0500, Scott Kitterman wrote:
> > Currently the pyspf-milter fails to start due to a leftover, invalid
> > import statement. This fixes it, backported from the upstr
Processing changes file: evolution-ews_3.38.3-1+deb11u1_mipsel-buildd.changes
ACCEPT
Processing changes file: mariadb-10.5_10.5.18-0+deb11u1_amd64-buildd.changes
ACCEPT
Processing changes file: mariadb-10.5_10.5.18-0+deb11u1_armhf-buildd.changes
ACCEPT
Processing changes file:
speech-dispatc
Package: release.debian.org
Severity: normal
X-Debbugs-Cc: Debian Qt/KDE Maintainers
Dear Release Team,
with the freeze approaching the Qt/KDE Team has put up a document [0]
to share our release goals for the Qt and KDE stack for bookworm. We’d
like to encourage you to have a look at it.
As a q
Processing control commands:
> affects -1 + src:mutt
Bug #1025716 [release.debian.org] bullseye-pu: package mutt/2.0.5-4.1+deb11u2
Added indication that 1025716 affects src:mutt
--
1025716: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025716
Debian Bug Tracking System
Contact ow...@bugs.de
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: m...@packages.debian.org, Marc Haber
, "Kevin J. McCarthy" , Antonio
Radici , car...@debian.org
Control: affects -1 + src:mutt
Hi Stable release managers,
[ Reason
Processing changes file: evolution-ews_3.38.3-1+deb11u1_i386-buildd.changes
ACCEPT
Processing changes file:
libapache2-mod-auth-mellon_0.17.0-1+deb11u1_i386-buildd.changes
ACCEPT
Processing changes file: mariadb-10.5_10.5.18-0+deb11u1_all-buildd.changes
ACCEPT
Processing changes file: mariad
Processing changes file: core-async-clojure_1.3.610-5+deb11u1_all-buildd.changes
ACCEPT
Processing changes file: evolution-ews_3.38.3-1+deb11u1_amd64-buildd.changes
ACCEPT
Processing changes file: evolution-ews_3.38.3-1+deb11u1_arm64-buildd.changes
ACCEPT
Processing changes file: evolution-ew
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: awst...@packages.debian.org, car...@debian.org
Control: affects -1 + src:awstats
Hi Stable release managers,
awstats is prone to a XSS vulnerability, but it does not
Processing control commands:
> affects -1 + src:awstats
Bug #1025710 [release.debian.org] bullseye-pu: package awstats/7.8-2+deb11u1
Added indication that 1025710 affects src:awstats
--
1025710: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025710
Debian Bug Tracking System
Contact ow...@bu
Processing control commands:
> tags -1 + confirmed
Bug #1025700 [release.debian.org] bullseye-pu: package
virglrenderer/0.8.2-5+deb11u1
Added tag(s) confirmed.
--
1025700: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025700
Debian Bug Tracking System
Contact ow...@bugs.debian.org with pro
Control: tags -1 + confirmed
On Wed, 2022-12-07 at 18:02 +0100, Tobias Frost wrote:
> I'm currently preparing a security update for virglrenderer for LTS
> and figured out that there is one of the fixed CVEs is not adressed
> in bullseye
> yet.
>
> The CVE fixed is CVE-2022-0135: (#1009073)
>
[.
Processing control commands:
> tags -1 + confirmed
Bug #1025601 [release.debian.org] bullseye-pu: package
leptonlib/1.79.0-1.1+deb11u1
Added tag(s) confirmed.
--
1025601: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025601
Debian Bug Tracking System
Contact ow...@bugs.debian.org with prob
Control: tags -1 + confirmed
On Tue, 2022-12-06 at 16:26 +0100, Helmut Grohne wrote:
> CVE-2022-38266 is a low impact vulnerability where leptonlib would
> crash
> with arithmetic exceptions on certain JPEG files. Since this is only
> DoS, it does not go via bullseye-security.
>
and thus:
+lept
Processing control commands:
> tags -1 + confirmed
Bug #1025414 [release.debian.org] bullseye-pu: package
node-hawk/8.0.1+dfsg-2+deb11u1
Added tag(s) confirmed.
--
1025414: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025414
Debian Bug Tracking System
Contact ow...@bugs.debian.org with pr
Control: tags -1 + confirmed
On Sun, 2022-12-04 at 11:42 +0100, Yadd wrote:
> node-hawk used a regular expression to parse `Host` HTTP header
> (`Hawk.utils.parseHost()`), which was subject to regular expression
> DoS attack
> (CVE-2022-29167).
>
Please go ahead.
Regards,
Adam
Control: tags -1 + confirmed
On Sat, 2022-12-03 at 20:25 +0100, Yadd wrote:
> node-qs is vulnerable to prototype pollution, this affects web
> applications using node-express (CVE-2022-24999)
>
Please go ahead.
Regards,
Adam
Processing control commands:
> tags -1 + confirmed
Bug #1025329 [release.debian.org] bullseye-pu: package
cwltool/3.0.20210124104916-3+deb11u1
Added tag(s) confirmed.
--
1025329: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025329
Debian Bug Tracking System
Contact ow...@bugs.debian.org w
Processing control commands:
> tags -1 + confirmed
Bug #1025387 [release.debian.org] bullseye-pu: package
node-qs/6.9.4+ds-1+deb11u1
Added tag(s) confirmed.
--
1025387: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025387
Debian Bug Tracking System
Contact ow...@bugs.debian.org with proble
Control: tags -1 + confirmed
On Fri, 2022-12-02 at 16:33 +0100, Michael R. Crusoe wrote:
> cwltool is not usable without the python3-distutils package also
> installed. This is rare, but can happen on fresh Debian installs.
>
> I discovered this today while testing instructions for WSL2 users.
>
Processing control commands:
> tags -1 + confirmed d-i
Bug #1025323 [release.debian.org] bullseye-pu: package nano/5.4-2+deb11u2
Added tag(s) confirmed and d-i.
--
1025323: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025323
Debian Bug Tracking System
Contact ow...@bugs.debian.org with pro
Control: tags -1 + confirmed d-i
On Fri, 2022-12-02 at 15:42 +0100, Jordi Mallach wrote:
> I'm requesting the acceptance of a new nano update for stable,
> with 3 additional upstream patches that fix two crash conditions
> and a data-loss condition.
>
Please go ahead.
Regards,
Adam
Processing control commands:
> tags -1 + confirmed
Bug #1025205 [release.debian.org] bullseye-pu: package
mplayer/2:1.4+ds1-1+deb11u1
Added tag(s) confirmed.
--
1025205: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025205
Debian Bug Tracking System
Contact ow...@bugs.debian.org with probl
Control: tags -1 + confirmed
On Wed, 2022-11-30 at 22:42 +0100, Moritz Muehlenhoff wrote:
> This updates fixes various minor crashes in mplayer, which
> don't warrant a DSA by itself. I've run the PoCs against
> the updated build where applicable and also tested various
> random media files.
>
>
Processing control commands:
> tags -1 + confirmed
Bug #1025137 [release.debian.org] bullseye-pu: package g810-led/0.4.2-1
Added tag(s) confirmed.
--
1025137: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025137
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Control: tags -1 + confirmed
On Wed, 2022-11-30 at 08:32 +0100, Stephen Kitt wrote:
> g810-led has a security issue in stable; it leaves /dev/input/eventXX
> device nodes world-readable and writable (CVE-2022-46338). The issue
> is marked no-dsa, but I would like to provide a fix in the next
> poi
Control: tags -1 + confirmed
On Tue, 2022-11-29 at 14:58 -0300, Guilherme de Paula Xavier
Segundoomnievents enables CORBA applications to communicate through
> asynchronous
> broadcast channels rather than direct method calls.
>
> omnievents-doc is a package that can be installed as a suggestion
Processing control commands:
> tags -1 + confirmed
Bug #1025083 [release.debian.org] bullseye-pu: package
omnievents/1:2.6.2-5.1+deb11u1
Added tag(s) confirmed.
--
1025083: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025083
Debian Bug Tracking System
Contact ow...@bugs.debian.org with pr
Processing control commands:
> tags -1 + confirmed
Bug #1025010 [release.debian.org] bullseye-pu: package jtreg6/6.1+2-1~deb11u1
Added tag(s) confirmed.
--
1025010: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025010
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Control: tags -1 + confirmed
On Mon, 2022-11-28 at 20:35 +0100, Moritz Muehlenhoff wrote:
> openjdk bumped the requirements for the test suite within
> their 11.x branch (which is what we ship in Bullseye), it
> now needs jtreg6.
>
"Yay". Please go ahead.
Regards,
Adam
Processing control commands:
> tags -1 + confirmed
Bug #1024745 [release.debian.org] bullseye-pu: package
node-xmldom/0.5.0-1+deb11u2
Added tag(s) confirmed.
--
1024745: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024745
Debian Bug Tracking System
Contact ow...@bugs.debian.org with probl
Control: tags -1 + confirmed
On Thu, 2022-11-24 at 09:26 +0100, Yadd wrote:
> node-xmldom is vulnerable: it doesn't verify that root element is
> uniq
> (#1024736, CVE-2022-39353)
>
Please go ahead.
Regards,
Adam
Processing control commands:
> tags -1 + confirmed
Bug #1024850 [release.debian.org] bullseye-pu: package spf-engine/2.9.2-1
Added tag(s) confirmed.
--
1024850: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024850
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Control: tags -1 + confirmed
On Sat, 2022-11-26 at 14:21 -0500, Scott Kitterman wrote:
> Currently the pyspf-milter fails to start due to a leftover, invalid
> import statement. This fixes it, backported from the upstream fix.
> There is no risk of regression since the milter binary doesn't work
Processing control commands:
> tags -1 + confirmed
Bug #1024805 [release.debian.org] bullseye-pu: package libvirt/7.0.0-3+deb11u1
Added tag(s) confirmed.
--
1024805: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024805
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Control: tags -1 + confirmed
On Fri, 2022-11-25 at 15:19 +0100, Guido Günther wrote:
> Fix lxc container reboots and shutdown (#983871, #991773).
>
Please go ahead.
Regards,
Adam
Processing control commands:
> tags -1 + confirmed
Bug #1019096 [release.debian.org] bullseye-pu: package
cifs-utils/2:6.11-3.1+deb11u2
Added tag(s) confirmed.
--
1019096: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019096
Debian Bug Tracking System
Contact ow...@bugs.debian.org with pro
Processing control commands:
> tags -1 + confirmed
Bug #1017723 [release.debian.org] bullseye-pu: package nftables/0.9.8-3.2
Added tag(s) confirmed.
--
1017723: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017723
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Control: tags -1 + confirmed
On Sun, 2022-09-04 at 15:09 +0100, Jeremy Sowden wrote:
> On 2022-09-03, at 14:53:45 +0100, Adam D. Barratt wrote:
> > On Fri, 2022-08-19 at 16:05 +0100, Jeremy Sowden wrote:
> > > The related nftables bug is:
> > >
> > > https://bugs.debian.org/cgi-bin/bugreport.cg
Control: tags -1 + confirmed
On Sat, 2022-09-03 at 22:12 +0300, Michael Tokarev wrote:
> There's a FTBFS issue with cifs-utils on bullseye, #993014.
> This update address that FTBFS issue only, with no other
> changes
>
> [ Reason ]
> The package fails to build from source when doing non-parallel
On Mon, 2022-09-19 at 19:25 +0200, Alberto Gonzalez Iniesta wrote:
> modsecurity-crs has been released today [1]. It fixes a security
> issue,
> here is the announcement:
>
> CVE-2022-39956 - Content-Type or Content-Transfer-Encoding MIME
> header fields
> abuse
>
[...]
> Important: The m
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-CC: dimitri.led...@canonical.com debian-b...@lists.debian.org
debian-wb-t...@lists.debian.org
Dear release team,
An improvement to reduce the number of dependencies pul
Processing changes file: libdatetime-timezone-perl_2.47-1+2022g_source.changes
ACCEPT
Processing changes file: mariadb-10.5_10.5.18-0+deb11u1_source.changes
ACCEPT
Processing changes file: core-async-clojure_1.3.610-5+deb11u1_source.changes
ACCEPT
Processing changes file: evolution-ews_3.38.3-1+deb11u1_source.changes
ACCEPT
Processing changes file: jhead_3.04-6+deb11u1_source.changes
ACCEPT
Processing changes file: jhead_3.04-6+deb11u1_amd64-buildd.chan
Control: reopen -1
Control: tags -1 + pending
On Wed, 2022-12-07 at 19:02 +, Debian FTP Masters wrote:
> Source: evolution-ews
> Source-Version: 3.38.3-1+deb11u1
> Done: Claudius Heine
>
> We believe that the bug you reported is fixed in the latest version
> of
> evolution-ews, which is due
Processing control commands:
> reopen -1
Bug #1021651 {Done: Claudius Heine } [release.debian.org]
bullseye-pu: package evolution-ews/3.38.3-1
'reopen' may be inappropriate when a bug has been closed with a version;
all fixed versions will be cleared, and you may need to re-add them.
Bug reopened
Processing commands for cont...@bugs.debian.org:
> package release.debian.org
Limiting to bugs with field 'package' containing at least one of
'release.debian.org'
Limit currently set to 'package':'release.debian.org'
> tags 1024054 = bullseye pending
Bug #1024054 [release.debian.org] bullseye-p
Your message dated Wed, 07 Dec 2022 19:02:08 +
with message-id
and subject line Bug#1021651: fixed in evolution-ews 3.38.3-1+deb11u1
has caused the Debian Bug report #1021651,
regarding bullseye-pu: package evolution-ews/3.38.3-1
to be marked as done.
This means that you claim that the proble
package release.debian.org
tags 1024054 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: mariadb-10.5
Version: 10.5.1
Processing commands for cont...@bugs.debian.org:
> package release.debian.org
Limiting to bugs with field 'package' containing at least one of
'release.debian.org'
Limit currently set to 'package':'release.debian.org'
> tags 1025173 = bullseye pending
Bug #1025173 [release.debian.org] bullseye-p
package release.debian.org
tags 1025173 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: libdatetime-timezone-perl
Ve
Processing changes file: chromium_107.0.5304.68-1~deb11u1_source.changes
ACCEPT
Processing changes file: chromium_107.0.5304.68-1~deb11u1_all-buildd.changes
ACCEPT
Processing changes file: chromium_107.0.5304.68-1~deb11u1_amd64-buildd.changes
ACCEPT
Processing changes file: chromium_107.0.530
Processing commands for cont...@bugs.debian.org:
> package release.debian.org
Limiting to bugs with field 'package' containing at least one of
'release.debian.org'
Limit currently set to 'package':'release.debian.org'
> tags 1025204 = bullseye pending
Bug #1025204 [release.debian.org] bullseye-p
Processing commands for cont...@bugs.debian.org:
> package release.debian.org
Limiting to bugs with field 'package' containing at least one of
'release.debian.org'
Limit currently set to 'package':'release.debian.org'
> tags 1023981 = bullseye pending
Bug #1023981 [release.debian.org] bullseye-p
Processing commands for cont...@bugs.debian.org:
> package release.debian.org
Limiting to bugs with field 'package' containing at least one of
'release.debian.org'
Limit currently set to 'package':'release.debian.org'
> tags 1021651 = bullseye pending
Bug #1021651 [release.debian.org] bullseye-p
package release.debian.org
tags 1025646 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: libapache2-mod-auth-mellon
V
package release.debian.org
tags 1025553 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: core-async-clojure
Version:
Processing commands for cont...@bugs.debian.org:
> package release.debian.org
Limiting to bugs with field 'package' containing at least one of
'release.debian.org'
Limit currently set to 'package':'release.debian.org'
> tags 1025646 = bullseye pending
Bug #1025646 [release.debian.org] bullseye-p
package release.debian.org
tags 1025204 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: speech-dispatcher
Version: 0
Processing commands for cont...@bugs.debian.org:
> package release.debian.org
Limiting to bugs with field 'package' containing at least one of
'release.debian.org'
Limit currently set to 'package':'release.debian.org'
> tags 1025553 = bullseye pending
Bug #1025553 [release.debian.org] bullseye-p
package release.debian.org
tags 1023981 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: onionshare
Version: 2.2-3+de
package release.debian.org
tags 1021651 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: evolution-ews
Version: 3.38.
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
Dear Release Managers:
I'd like to make this QA upload to fix FTBFS bug #997222 in bullseye,
plus allow compilation with kernels slightly newer than the one in
bullseye (for ex
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: Gert Wollny
(CC'ing Gert Wollny as maintainer of virglrenderer so he is
aware)
[ Reason ]
I'm currently preparing a security update for virglrenderer for LTS
and
Processing control commands:
> block -1 by 1023365
Bug #1019416 [release.debian.org] transition: wxwidgets3.2
1019416 was blocked by: 1019823 1019775 1019802 1019768 1019811 1019812 1019798
1019780 1019801 1019774 1019786 1019767 1019822 1019803 1019835 1019769 1019834
1019821 1019799 1019813 10
control: block -1 by 1023365
FWWIW, wxwidget 3.2 breaks at least prusa-slicer (#1022234, #1023365).
Upstream explictily says it does not (yet) support wxwidgets 3.2. [1]
Just mentioning here, as it *builds* fine against wxwigets3.0, but does
not work (instant crashes).
Prusa-Slicer is for many
71 matches
Mail list logo