Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: ca...@packages.debian.org
Control: affects -1 + src:cacti
User: release.debian@packages.debian.org
Usertags: pu
[ Reason ]
Previous upload fail debci, forget to backport test
[ Impact ]
Low a few line
[ Tests ]
Salsa
Le samedi 24 août 2024, 13:35:03 UTC Paul Gevers a écrit :
> Hi Bastien,
>
> On 24-08-2024 15:18, Bastien Roucariès wrote:
> > Le samedi 24 août 2024, 11:03:38 UTC Paul Gevers a écrit :
> >> I'm wondering if you may have hardened cacti and that if fails on that
> &
Le samedi 24 août 2024, 11:03:38 UTC Paul Gevers a écrit :
> Hi,
>
> On 24-08-2024 10:31, Bastien Roucariès wrote:
> > Could you reject the time of investigation ?
>
> I'm wondering if you may have hardened cacti and that if fails on that
> now. If this is to b
Le samedi 24 août 2024, 06:04:39 UTC Paul Gevers a écrit :
> Hi,
>
> On 22-08-2024 17:38, Bastien Roucariès wrote:
> > [ Tests ]
> > Automated test and manual test of the application by myself and others,
> > including users.
>
> Did you run the autopk
Hi,
Le mercredi 21 août 2024, 12:53:39 UTC Bastien Roucariès a écrit :
> Le mardi 20 août 2024, 07:37:46 UTC Bastien Roucariès a écrit :
> > Le mardi 20 août 2024, 07:11:13 UTC Emilio Pozuelo Monfort a écrit :
> > > On 28/07/2024 20:56, Bastien Roucariès wrote:
> > > &g
control: tags -1 + moreinfo
We get information that this upgrade may break some unrelated software
Could you wait a little bit ?
Thanks
Bastien
signature.asc
Description: This is a digitally signed message part.
Le jeudi 22 août 2024, 18:01:02 UTC Adam D. Barratt a écrit :
> Control: tags -1 + moreinfo
>
> On Thu, 2024-08-22 at 15:38 +, Bastien Roucariès wrote:
> > [ Reason ]
> > Security upload. Except CVE-2024-27082 that need
> > coordination with other packages.
>
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: ca...@packages.debian.org
Control: affects -1 + src:cacti
User: release.debian@packages.debian.org
Usertags: pu
[ Reason ]
Security upload. Except CVE-2024-27082 that need
coordination with other packages.
[ Impact ]
CV
Le mardi 20 août 2024, 07:37:46 UTC Bastien Roucariès a écrit :
> Le mardi 20 août 2024, 07:11:13 UTC Emilio Pozuelo Monfort a écrit :
> > On 28/07/2024 20:56, Bastien Roucariès wrote:
> > > control: tags -1 - moreinfo
> > >
> > > Hi,
> > >
> >
Le mardi 20 août 2024, 07:11:13 UTC Emilio Pozuelo Monfort a écrit :
> On 28/07/2024 20:56, Bastien Roucariès wrote:
> > control: tags -1 - moreinfo
> >
> > Hi,
> >
> > Last reverse deps of lib magick pipeline is not really bad
> > https://salsa.debian.or
Le samedi 17 août 2024, 16:38:10 UTC Adam D. Barratt a écrit :
> Control: tags -1 + confirmed
>
> On Mon, 2024-07-29 at 15:32 +, Bastien Roucariès wrote:
> > Security fix CVE-2024-31497
Done
>
> Please go ahead.
>
> Regards,
>
> Adam
>
signature.
Le mercredi 14 août 2024, 19:54:15 UTC Bastien Roucariès a écrit :
Dear adam
Debdiff joined
> Le mercredi 14 août 2024, 19:53:13 UTC Adam D. Barratt a écrit :
> > COntrol: tags -1 + moreinfo
> >
> > On Mon, 2024-08-05 at 17:56 +0000, Bastien Roucariès wrote:
control: tags -1 + pending
Le mercredi 14 août 2024, 19:49:55 UTC Adam D. Barratt a écrit :
> Control: tags -1 + confirmed
>
> On Mon, 2024-08-05 at 13:16 +, Bastien Roucariès wrote:
> > [ Reason ]
> > CVE-2022-39369
> >
> > [ Impact ]
> > Service Hostn
Le mercredi 14 août 2024, 19:53:13 UTC Adam D. Barratt a écrit :
> COntrol: tags -1 + moreinfo
>
> On Mon, 2024-08-05 at 17:56 +, Bastien Roucariès wrote:
> > CVE-2022-39369
> >
> > [ Impact ]
> > Service Hostname Discovery Exploitation
>
> diff -
Package: release.debian.org
Severity: normal
Tags: bullseye
X-Debbugs-Cc: ocsinventory-ser...@packages.debian.org
Control: affects -1 + src:ocsinventory-server
User: release.debian@packages.debian.org
Usertags: pu
[ Reason ]
CVE-2022-39369
[ Impact ]
Service Hostname Discovery Exploitation
T
Package: release.debian.org
Severity: normal
Tags: bullseye
X-Debbugs-Cc: fusiondirect...@packages.debian.org
Control: affects -1 + src:fusiondirectory
User: release.debian@packages.debian.org
Usertags: pu
Control: block -1 by 1077984
[ Reason ]
CVE-2022-39369
[ Impact ]
Service Hostname Disc
The debdiffdiff -Nru php-cas-1.3.8/debian/changelog php-cas-1.3.8/debian/changelog
--- php-cas-1.3.8/debian/changelog 2019-12-07 20:07:56.0 +
+++ php-cas-1.3.8/debian/changelog 2024-07-11 10:16:11.0 +
@@ -1,3 +1,22 @@
+php-cas (1.3.8-1+deb11u1) bullseye-security; urgency=hig
Package: release.debian.org
Severity: normal
Tags: bullseye
X-Debbugs-Cc: php-...@packages.debian.org
Control: affects -1 + src:php-cas
User: release.debian@packages.debian.org
Usertags: pu
[ Reason ]
CVE-2022-39369
[ Impact ]
Service Hostname Discovery Exploitation
The phpCAS library uses H
Package: release.debian.org
Severity: normal
Tags: bullseye
X-Debbugs-Cc: pu...@packages.debian.org
Control: affects -1 + src:putty
User: release.debian@packages.debian.org
Usertags: pu
[ Reason ]
Security fix CVE-2024-31497
[ Impact ]
Vulnerable biased nonce generation is still here.
[ Test
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: pu...@packages.debian.org
Control: affects -1 + src:putty
User: release.debian@packages.debian.org
Usertags: pu
[ Reason ]
Security fix CVE-2024-31497
[ Impact ]
Vulnerable biased nonce generation is still here.
[ Test
control: tags -1 - moreinfo
Hi,
Last reverse deps of lib magick pipeline is not really bad
https://salsa.debian.org/debian/imagemagick/-/pipelines/708187
A lot of failure are due to broken package or does not use pkgconfig
I suppose we could go to experimental
Bastien
signature.asc
Descriptio
control: forcemerge 1076158 -1
signature.asc
Description: This is a digitally signed message part.
Package: release.debian.org
Severity: normal
Tags: bullseye
X-Debbugs-Cc: imagemag...@packages.debian.org
Control: affects -1 + src:imagemagick
User: release.debian@packages.debian.org
Usertags: pu
[ Reason ]
* CVE-2023-34151 fix was incomplete (Closes: #1070340)
* Fix variation of CVE-20
Package: release.debian.org
Severity: normal
Tags: bullseye
X-Debbugs-Cc: imagemag...@packages.debian.org
Control: affects -1 + src:imagemagick
User: release.debian@packages.debian.org
Usertags: pu
[ Reason ]
* CVE-2023-34151 fix was incomplete (Closes: #1070340)
* Fix variation of CVE-2
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: imagemag...@packages.debian.org
Control: affects -1 + src:imagemagick
User: release.debian@packages.debian.org
Usertags: pu
[ Reason ]
* CVE-2023-34151 fix was incomplete (Closes: #1070340)
* Fix variation of CVE-20
Le dimanche 16 juin 2024, 20:15:33 UTC Adam D. Barratt a écrit :
Hi
I am sorry I forget to enable by default for bullseye the NUL reject (only for
bullseye)
I will upload ASAP
Bastien
> On Sun, 2024-06-16 at 20:09 +0000, Bastien Roucariès wrote:
> > Le dimanche 16 juin 2024, 20:08:42
Package: release.debian.org
Severity: normal
Tags: bullseye
X-Debbugs-Cc: pymo...@packages.debian.org
Control: affects -1 + src:pymongo
User: release.debian@packages.debian.org
Usertags: pu
[ Reason ]
CVE-2024-5629
[ Impact ]
An out-of-bounds read in the 'bson' module allows deserialization
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: pymo...@packages.debian.org
Control: affects -1 + src:pymongo
User: release.debian@packages.debian.org
Usertags: pu
[ Reason ]
CVE-2024-5629
[ Impact ]
An out-of-bounds read in the 'bson' module allows deserialization
Le dimanche 16 juin 2024, 20:08:42 UTC Adam D. Barratt a écrit :
> On Sat, 2024-06-15 at 19:43 +0100, Jonathan Wiltshire wrote:
> > "slightly non-conformant" really good justification for a pop-up
> > news item on upgrades? I don't recall the other MTAs doing this.
> >
> > It's up to you, either
control: tag -1 - moreinfo
Le samedi 15 juin 2024, 22:49:24 UTC Jonathan Wiltshire a écrit :
Hi,
Thanks for the review
> Control: tag -1 moreinfo
>
> Hi,
>
> On Fri, Apr 12, 2024 at 10:18:02PM +, Bastien Roucariès wrote:
> > diff -Nru zookeeper-3.8.0/debian/chan
Package: release.debian.org
Severity: normal
Tags: bullseye
X-Debbugs-Cc: sendm...@packages.debian.org
Control: affects -1 + src:sendmail
User: release.debian@packages.debian.org
Usertags: pu
[ Reason ]
Fix CVE-2023-51765 (smtp smugling)
[ Impact ]
SMTP smugling
[ Tests ]
Manual test using
Le dimanche 2 juin 2024, 11:17:33 UTC Sebastian Ramacher a écrit :
> On 2024-02-02 17:21:43 +0000, Bastien Roucariès wrote:
> > Le vendredi 2 février 2024, 16:53:10 UTC Sebastian Ramacher a écrit :
> > > Control: tags -1 moreinfo
> > >
> > > Hi Bastien
>
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: sendm...@packages.debian.org
Control: affects -1 + src:sendmail
User: release.debian@packages.debian.org
Usertags: pu
[ Reason ]
sendmail was affected by CVE-2023-51765
[ Impact ]
close CVE-2023-51765 and reject NUL mai
Package: release.debian.org
Severity: normal
Tags: bullseye
X-Debbugs-Cc: fos...@packages.debian.org
Control: affects -1 + src:fossil
User: release.debian@packages.debian.org
Usertags: pu
this bug was opened by previous arrangement with maintainer.
[ Reason ]
fossil is affected by a regressio
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: fos...@packages.debian.org
Control: affects -1 + src:fossil
User: release.debian@packages.debian.org
Usertags: pu
this bug was opened by previous arrangement with maintainer.
[ Reason ]
fossil is affected by a regressio
Package: release.debian.org
Severity: important
Tags: bullseye
X-Debbugs-Cc: w...@packages.debian.org
Control: affects -1 + src:wpa
User: release.debian@packages.debian.org
Usertags: pu
tags: security
[ Reason ]
CVE-2023-52160 security bug
[ Impact ]
security bug is present
[ Tests ]
Test s
Package: release.debian.org
Severity: important
Tags: bookworm
X-Debbugs-Cc: w...@packages.debian.org
Control: affects -1 + src:wpa
User: release.debian@packages.debian.org
Usertags: pu
tags: security
[ Reason ]
CVE-2023-52160 security bug
[ Impact ]
security bug is present
[ Tests ]
Test s
Le samedi 13 avril 2024, 14:01:24 UTC Bastien Roucariès a écrit :
> Le samedi 13 avril 2024, 14:00:00 UTC Moritz Mühlenhoff a écrit :
> Hi,
>
> > Am Tue, Apr 09, 2024 at 10:01:11AM +0200 schrieb Andreas Beckmann:
> > > Package: release.debian.org
> > > Seve
gt; Usertags: pu
> > X-Debbugs-Cc: Bastien Roucariès
> > Control: affects -1 + src:json-smart
> > Control: block 1039985 with -1
> > Control: block 1033474 with -1
> >
> > [ Reason ]
> > Two CVEs were fixed in buster-lts, but not yet in bullseye or later,
>
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: zookee...@packages.debian.org
Control: affects -1 + src:zookeeper
User: release.debian@packages.debian.org
Usertags: pu
[ Reason ]
CVE-2024-23944 (Closes: #1066947):
An information disclosure in persistent watchers
Le vendredi 2 février 2024, 16:53:10 UTC Sebastian Ramacher a écrit :
> Control: tags -1 moreinfo
>
> Hi Bastien
>
> On 2024-01-05 22:35:44 +, Bastien Roucariès wrote:
> > Package: release.debian.org
> > Severity: important
> > User: release.debian
Hi,
A gentle remainder about imagemagick7 transition plan.
Many thanks for santiago to review partially it, but I need green light from
release team.
Bastien
signature.asc
Description: This is a digitally signed message part.
Package: release.debian.org
Severity: important
User: release.debian@packages.debian.org
Usertags: transition
X-Debbugs-CC: ftpmas...@debian.org
Imagemagick will need a new major bump
I achieved to get imagemagick 7 build for experimental (it is only on salsa not
uploaded yet).
Every package
Hi,
I have just uploaded
Bastien
signature.asc
Description: This is a digitally signed message part.
Hi,
I achieved to get imagemagick 7 build for experimental.
Every package include a version in the package name (except legacy pacakge name
and perl*) so I plan to do some step by step migration, because it is mainly
coinstallable with imagemagick 6.
- upload to experimental a version with per
Le vendredi 1 décembre 2023, 21:04:12 UTC Helmut Grohne a écrit :
> Hi developers,
>
> I have unfortunate news regarding /usr-merge. I uncovered yet another
> problem that we haven't seen mentioned earlier. We do not yet know how
> to deal with it and it may take some time to come up with a good
>
Le dimanche 22 octobre 2023, 15:03:50 UTC Sebastian Ramacher a écrit :
> Control: tags -1 confirmed
>
> On 2023-10-22 14:51:42 +, Bastien Roucariès wrote:
> > Le dimanche 22 octobre 2023, 14:08:20 UTC Sebastian Ramacher a écrit :
> > > Hi Bastien
> > >
&
Le dimanche 22 octobre 2023, 14:08:20 UTC Sebastian Ramacher a écrit :
> Hi Bastien
>
> On 2023-10-21 20:10:47 +, Bastien Roucariès wrote:
> > Can I go ahead with imagemagick experimental ?
>
> As a year has past since the last mail to the transition bug report: did
>
Hi,
Can I go ahead with imagemagick experimental ?
Thanks
Bastien
signature.asc
Description: This is a digitally signed message part.
ue outside the range of unsigned char
+(Closes: #1016442)
+ * Fix CVE-2022-32546: Value outside the range of representable
+values of type 'unsigned long' at coders/pcl.c,
+ * Use Salsa CI
+
+ -- Bastien Roucariès Fri, 26 May 2023 07:10:27 +
+
imagemagick (8:6.9.11.60+dfsg-1
Hi,
I want to have some guidance about CVE-2023-1289
Fixing it will need to add a field recursion in an exported structure... It
will therefore break ABI
We could also disable internal svg coder and fallback on inkscape
You marked the bug no DSA, so maybe we could postpone
Bastien
signature.
-2021-33587 (Closes: #989264, #1032188)
+
+ -- Bastien Roucariès Wed, 01 Mar 2023 13:47:23 +
+
node-css-what (4.0.0-3) unstable; urgency=medium
* Team upload
diff -Nru
node-css-what-4.0.0/debian/patches/0001-Partial-fix-of-reDos-CVE-2022-21222-CVE-2021-33587-a.patch
node-css-what-4.0.0
Hi,
adding support to armv6-support will help here
Bastien
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
Imagemagick changes some internal structures. Upstream bump so (safe), so ask
for a rebuilt.
Ben file:
title = "imagemagick";
is_affected = .depends ~
"(?:libmagickcore-6.q[^-]+-6|libma
Hi,
I am going to ask an exception for imagemagick (see debian-private for reason
of being late). It is a fixing 2 CVEs and an RC bug
Normally it is on the pipe so may be we do not need exception.
Bastien
signature.asc
Description: This is a digitally signed message part.
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
Imagemagick upstream break the API in stable 6 version.
They are a few security bug and I prefer to go to newest pacakge in order to
close the maximum of security bugs without back port
Package: release.debian.org
Severity: wishlist
Hi,
I plan to release imagemagick 7 before next stable version. And I want to
coexist imagemagick6 and imagemagick7.
Moreover I wish to allow smooth upgrade between the two
So I open a bug in order to allow discussion with release team.
Main
Package: release.debian.org
Severity: important
Hi,
I have just landed an imagemagick version in experimental, that break the ABI.
Previous ABI used double_t that is not ABI stable...
Could we get a transition of libmagickcore, libmagickwand and libmagick++
I have rebuilded reverse deps a few
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package imagemagick
change are self contained and security fixes. Will avoid a security release
just after release.
* Fix minor security bugs:
+ CVE-2017-9409: Memory l
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package imagemagick
This fix more than 10 security bugs and a RC bug due to built-using
unblock imagemagick/8:6.9.7.4+dfsg-8
-- System Information:
Debian Release: 9.0
AP
control: affect 844357 src:zbar
control: block -1 by 844357
Le jeudi 29 décembre 2016, 16:37:43 CET Emilio Pozuelo Monfort a écrit :
> Control: tags -1 confirmed
> > The break was in 6.9.2-10 released in mid 2015. This is moreover only two
> > version latter than current jessie and I believe it w
Package: release.debian.org
Severity: normal
Hi,
Due to #846385 could be possible to get transition for imagemagick.
Sorry for being late but upstream is really sloppy.
The break was in 6.9.2-10 released in mid 2015. This is moreover only two
version latter than current jessie and I believe i
Package: release.debian.org
Severity: normal
Hi,
imagemagick waiting in NEWs (8:6.9.5.9+dfsg-1) will need a transition to
experimental to unstable;
Next stable version need to be based on this version from a security point of
view. It fix more than 50 securities bugs..;
Moreover this version
bug (DOS). Some special crafted JPEG
+files could create a dos due to missing check in
+embeded EXIF properties (EXIF directory offsets
+must be greater than 0). Fix CVE-2014-8716
+(Closes: #768494).
+
+ -- Bastien Roucariès Fri, 07 Nov 2014
21:16:20 +0100
+
imagemagick (8
ade from wheezy - trying to overwrite
+/usr/share/man/man1/morph.1.gz", thanks to Andreas Beckmann (Closes:
+ #767834).
+
+ -- Bastien Roucariès Sat, 15 Nov 2014
15:47:21 +0100
+
xmorph (1:20140707) unstable; urgency=low
[ A Mennucc1 ]
diff -Nru xmorph-20140707/debian/control x
65 matches
Mail list logo
