Hi Ondřej,
Le Sun, Sep 22, 2024 at 09:30:24AM +0200, Ondřej Surý a écrit :
[…]
> > The next release will be RC 1, planned for 26 September 2024.
>
> I would like to start the transition to PHP 8.4 as soon as possible after
> that,
> so we have plenty of time to solve all the problems that comes
)
+ * Skip failing test with library loaded from system path
+
+ -- David Prévot Sat, 17 Aug 2024 07:41:44 +0200
+
symfony (4.4.19+dfsg-2+deb11u5) bullseye; urgency=medium
* make sure that the submitted year is an accepted choice (Closes: #1061033)
diff -Nru symfony-4.4.19+dfsg/debian/patches/series
=medium
+
+ * Fix homemade autoload (Closes: #1078843, #1078838, #1078837, #1078836)
+ * Skip failing test with library loaded from system path
+
+ -- David Prévot Sat, 17 Aug 2024 07:41:44 +0200
+
symfony (4.4.19+dfsg-2+deb11u5) bullseye; urgency=medium
* make sure that the submitted year
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
Tags: bookworm
X-Debbugs-Cc: s...@packages.debian.org, t...@security.debian.org
Control: affects -1 + src:spip
The spip package currently shipped in Bookworm (4.1 branch) is not
compatible with P
Thanks to Andreas Beckmann (Closes: #1070423)
+
+ -- David Prévot Sun, 05 May 2024 11:08:20 +0200
+
php-composer-pcre (3.1.0-1) unstable; urgency=medium
[ Jordi Boggiano ]
diff -Nru php-composer-pcre-3.1.0/debian/control
php-composer-pcre-3.1.0/debian/control
--- php-composer-pcre-3.1.0/de
Hi Adam,
Le Mon, Mar 25, 2024 at 06:44:54PM +, Adam D. Barratt a écrit :
> On Thu, 2024-02-29 at 11:18 +0100, David Prévot wrote:
> > This is a follow up from composer/DSA-5632-1.
[…]
> + * Track debian/bookworm-security
>
> Even though this update isn't going to the
Hi Adam,
Le Mon, Mar 25, 2024 at 06:43:31PM +, Adam D. Barratt a écrit :
> On Thu, 2024-02-29 at 11:10 +0100, David Prévot wrote:
> > [1/9 for bookworm]
> >
> > This is a follow up from composer/DSA-5632-1.
[…]
> All 9 of them. :-/
Yay, sorry about that…
> Pl
Hi,
Le Wed, Feb 21, 2024 at 08:19:06AM +0100, David Prévot a écrit :
> […] I wish to
> proceed with the transition during the next MiniDebCampHamburg happening
> early March (in less than two weeks).
>
> https://wiki.debian.org/DebianEvents/de/2024/MiniDebCampHamburg
And
Le Sat, Mar 02, 2024 at 11:22:22AM +0100, David Prévot a écrit :
[…]
> [x] attach debdiff against the package in oldstable
Second try.
diff -Nru php-phpseclib-2.0.30/debian/changelog php-phpseclib-2.0.30/debian/changelog
--- php-phpseclib-2.0.30/debian/changelog 2023-12-31 15:36:22.00
Package: release.debian.org
Severity: normal
Tags: bullseye
X-Debbugs-Cc: phpsec...@packages.debian.org, t...@security.debian.org
Control: affects -1 + src:phpseclib
User: release.debian@packages.debian.org
Usertags: pu
Hi,
This issue is simalar to #1065264 for bookworm
I’d like to see CVE-2
Package: release.debian.org
Severity: normal
Tags: bullseye
X-Debbugs-Cc: php-phpsec...@packages.debian.org, t...@security.debian.org
Control: affects -1 + src:php-phpseclib
User: release.debian@packages.debian.org
Usertags: pu
Hi,
This issue is similar to #1065263 for bookworm
I’d like to s
[CVE-2024-27355]
+- BigInteger: fix getLength()
+ * Force system dependencies loading
+
+ -- David Prévot Mon, 26 Feb 2024 22:58:32 +0100
+
phpseclib (1.0.20-1+deb12u1) bookworm-security; urgency=medium
* Track Bookworm
diff -Nru phpseclib-1.0.20/debian/patches/0011-BigInteger-put
]
+- Tests: updates for phpseclib 2.0
+- BigInteger: phpseclib 2.0 updates
+- BigInteger: fix getLength()
+
+ -- David Prévot Mon, 26 Feb 2024 23:23:19 +0100
+
php-phpseclib (2.0.42-1+deb12u1) bookworm-security; urgency=medium
* Track bookworm
diff -Nru php-phpseclib-2.0.42/debian
Le Thu, Feb 29, 2024 at 03:06:35PM +0100, David Prévot a écrit :
> [x] attach debdiff against the package in (old)stable
One more time…
diff -Nru php-doctrine-annotations-1.11.2/debian/autoload.php.tpl php-doctrine-annotations-1.11.2/debian/autoload.php.tpl
--- php-doctrine-annotations-1.1
Package: release.debian.org
Severity: normal
Tags: bullseye
X-Debbugs-Cc: php-doctrine-annotati...@packages.debian.org,
t...@security.debian.org
Control: affects -1 + src:php-doctrine-annotations
User: release.debian@packages.debian.org
Usertags: pu
[6/6 for bullseye]
This is a follow up fro
Package: release.debian.org
Severity: normal
Tags: bullseye
X-Debbugs-Cc: php-zend-c...@packages.debian.org, t...@security.debian.org
Control: affects -1 + src:php-zend-code
User: release.debian@packages.debian.org
Usertags: pu
[5/6 for bullseye]
This is a follow up from composer/DSA-5632-1,
Package: release.debian.org
Severity: normal
Tags: bullseye
X-Debbugs-Cc: php-proxy-mana...@packages.debian.org, t...@security.debian.org
Control: affects -1 + src:php-proxy-manager
User: release.debian@packages.debian.org
Usertags: pu
[4/6 for bullseye]
This is a follow up from composer/DSA-
Package: release.debian.org
Severity: normal
Tags: bullseye
X-Debbugs-Cc: symf...@packages.debian.org, t...@security.debian.org
Control: affects -1 + src:symfony
User: release.debian@packages.debian.org
Usertags: pu
[3/6 for bullseye]
This is a follow up from composer/DSA-5632-1, similar to #
/debian/changelog 2020-09-15 22:17:37.0 +0200
+++ php-symfony-contracts-1.1.10/debian/changelog 2024-02-18 11:57:14.0 +0100
@@ -1,3 +1,9 @@
+php-symfony-contracts (1.1.10-2+deb11u1) bookworm; urgency=medium
+
+ * Force system dependencies loading
+
+ -- David Prévot Sun, 18 Feb 2024
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: php-composer-xdebug-hand...@packages.debian.org,
t...@security.debian.org
Control: affects -1 + src:php-composer-xdebug-handler
User: release.debian@packages.debian.org
Usertags: pu
[1/6 for bullseye]
This is a follow
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: php-doctrine-deprecati...@packages.debian.org,
t...@security.debian.org
Control: affects -1 + src:php-doctrine-deprecations
User: release.debian@packages.debian.org
Usertags: pu
[9/9 for bookworm]
This is a follow up f
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: php-doctrine-le...@packages.debian.org, t...@security.debian.org
Control: affects -1 + src:php-doctrine-lexer
User: release.debian@packages.debian.org
Usertags: pu
[8/9 for bookworm]
This is a follow up from composer/DS
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: php-doctrine-annotati...@packages.debian.org,
t...@security.debian.org
Control: affects -1 + src:php-doctrine-annotations
User: release.debian@packages.debian.org
Usertags: pu
[7/9 for bookworm]
This is a follow up fro
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: php-zend-c...@packages.debian.org, t...@security.debian.org
Control: affects -1 + src:php-zend-code
User: release.debian@packages.debian.org
Usertags: pu
[6/9 for bookworm]
This is a follow up from composer/DSA-5632-1.
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: php-proxy-mana...@packages.debian.org, t...@security.debian.org
Control: affects -1 + src:php-proxy-manager
User: release.debian@packages.debian.org
Usertags: pu
[5/9 for bookworm]
This is a follow up from composer/DSA-
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: php-proxy-mana...@packages.debian.org, t...@security.debian.org
Control: affects -1 + src:php-proxy-manager
User: release.debian@packages.debian.org
Usertags: pu
[5/9 for bookworm]
This is a follow up from composer/DSA-
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: symf...@packages.debian.org, t...@security.debian.org
Control: affects -1 + src:symfony
User: release.debian@packages.debian.org
Usertags: pu
[4/9 for bookworm]
This is a follow up from composer/DSA-5632-1 and similar t
00 +0200
+++ php-symfony-contracts-2.5.2/debian/changelog 2024-02-15 22:48:06.0 +0100
@@ -1,3 +1,10 @@
+php-symfony-contracts (2.5.2-1+deb12u1) bookworm; urgency=medium
+
+ * Track debian/bookworm-security
+ * Force system dependencies loading
+
+ -- David Prévot Thu, 15 Feb 2024 22:48:06 +0
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: php-composer-xdebug-hand...@packages.debian.org,
t...@security.debian.org
Control: affects -1 + src:php-composer-xdebug-handler
User: release.debian@packages.debian.org
Usertags: pu
[2/9 for bookworm]
This is a follow
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: php-composer-class-map-genera...@packages.debian.org,
t...@security.debian.org
Control: affects -1 + src:php-composer-class-map-generator
User: release.debian@packages.debian.org
Usertags: pu
[1/9 for bookworm]
This is
control: severity 1039731 serious
control: severity 1051989 serious
control: severity 1051985 serious
control: severity 1039733 serious
Le Wed, Feb 21, 2024 at 08:19:06AM +0100, David Prévot a écrit :
> Le Wed, Jan 03, 2024 at 07:04:12PM +0100, David Prévot a écrit :
> […]
> > I’m
Hi,
Le Wed, Jan 03, 2024 at 07:04:12PM +0100, David Prévot a écrit :
[…]
> I’m in favour of raising the severity of bugs blocking this transition
> to RC level ASAP: Symfony 6 has been in experimental for a while now
I intend to do so early next week: symfony 6 was introduced in
experi
Control: retitle -1 bookworm-pu: package spip/4.1.9+dfsg-1+deb12u4
Le Sat, Dec 30, 2023 at 12:06:56PM +0100, Salvatore Bonaccorso a écrit :
> On Fri, Dec 22, 2023 at 01:28:00PM +0100, David Prévot wrote:
[…]
> > This issue is similar to #1059289 for oldstable.
> >
> > Ano
control: block -1 with 1051989
control: severity 1051989 important
control: severity 1051988 important
Le Sun, Sep 17, 2023 at 07:57:03PM +0530, David Prévot a écrit :
> […] roughly, the
> following end user packages (families) are not yet ready.
>
> civicrm (#1051988)
> kanboar
Le Fri, Dec 22, 2023 at 01:21:56PM +0100, David Prévot a écrit :
[…]
> [x] attach debdiff against the package in oldstable
For real now (the usual running gag of the missing attachement)… Merry
Christmas.
Cheers.
taffit
diff -Nru spip-3.2.11/debian/changelog spip-3.2.11/debian/change
+deb12u3) bookworm; urgency=medium
+
+ * Backport security fix from 4.1.13
+- fix XSS when calling some templates
+
+ -- David Prévot Thu, 21 Dec 2023 19:24:13 +0100
+
spip (4.1.9+dfsg-1+deb12u2) bookworm; urgency=medium
* Backport security fix from 4.1.11
diff -Nru spip-4.1.9+dfsg/debian
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: s...@packages.debian.org, t...@security.debian.org
Control: affects -1 + src:spip
Another upstream release fixed a security (XSS) issue. The last two
updates of this
]
+(Closes: #1057008)
+
+ -- David Prévot Tue, 28 Nov 2023 08:33:28 +0100
+
php-phpseclib3 (3.0.19-1) unstable; urgency=medium
[ Alexander Vlasov ]
diff -Nru php-phpseclib3-3.0.19/debian/control php-phpseclib3-3.0.19/debian/control
--- php-phpseclib3-3.0.19/debian/control 2023-03-06 08:00
s properly escape their input
+ [CVE-2023-46734] (Closes: #1055774)
+
+ -- David Prévot Sat, 11 Nov 2023 19:09:20 +0100
+
symfony (4.4.19+dfsg-2+deb11u3) bullseye; urgency=medium
* Drop dependency bump.
diff -Nru symfony-4.4.19+dfsg/debian/patches/Mime-regenerate-test-certificates.pat
4] (Closes: #1055774)
+- [Security] Fix possible session fixation when only the *token* changes
+ [CVE-2023-46733] (Closes: #1055775)
+
+ -- David Prévot Sat, 11 Nov 2023 18:59:39 +0100
+
symfony (5.4.23+dfsg-1) unstable; urgency=medium
[ Fabien Potencier ]
diff -Nru symfony-5.4.23+d
Hi,
> Le 24/06/2023 à 01:29, William Desportes a écrit :
[…]
> Great, #1041982 does not have much blockers anymore, maybe we can schedule
> the transition then.
FYI, we had a workshop during DebConf with Athos in order to try and
determine what other packages (and relevant blockers) need to be
up
Hi,
Le 24/06/2023 à 01:29, William Desportes a écrit :
As far as I understand, there was no more change than the composer bump change
needed for phpMyAdmin.
So I could introduce an OR to allow both versions.
That would be nice.
And tests pass you said.
Great, #1041982 does not have much
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
X-Debbugs-Cc: symf...@packages.debian.org, pkg-php-p...@lists.alioth.debian.org
Control: affects -1 + src:symfony
Control: block -1 by 1039731 1039732 1039733 1039734 1039735
Hi,
We’d li
+++ spip-3.2.11/debian/changelog 2023-07-08 20:38:26.0 +0200
@@ -1,3 +1,11 @@
+spip (3.2.11-3+deb11u9) bullseye; urgency=medium
+
+ * Backport security fix from 4.1.11
+- use an auth_desensibiliser_session() function to centralize extended
+ authentification data filtering.
+
+ -- David
auth_desensibiliser_session() function to centralize extended
+ authentification data filtering.
+
+ -- David Prévot Sat, 08 Jul 2023 20:29:04 +0200
+
spip (4.1.9+dfsg-1+deb12u1) bookworm; urgency=medium
[ David Prévot ]
diff -Nru spip-4.1.9+dfsg/debian/patches/0009-security-Utiliser-une
Hi,
Le 29/06/2023 à 00:24, Athos Ribeiro a écrit :
On Wed, Jun 28, 2023 at 10:31:53PM +0100, Adam D. Barratt wrote:
On Wed, 2023-06-28 at 17:57 -0300, Athos Ribeiro wrote:
[…]
Severity: serious
Justification: FTBFS
Tags: trixie sid ftbfs
User: pkg-php-p...@lists.alioth.debian.org
Usertags: ph
2023-06-11 15:38:54.0 +0200
@@ -1,3 +1,19 @@
+spip (4.1.9+dfsg-1+deb12u1) bookworm; urgency=medium
+
+ [ David Prévot ]
+ * Add CVE to previous changelog entry
+ * Update documented branch
+ * Backport security fixes from 4.1.10
+- Limit recursion depth in protege_champ() function
screen
+- Properly block hidden files in provided htaccess
+- Update security screen to 1.5.3
+
+ -- David Prévot Sun, 11 Jun 2023 15:47:39 +0200
+
spip (3.2.11-3+deb11u7) bullseye-security; urgency=medium
* Backport security fixes from v3.2.18
diff -Nru spip-3.2.11/debian/patches
Hi,
Le 22/04/2023 à 12:59, David Prévot a écrit :
[…]
[x] attach debdiff against the package in stable
For real now.diff --git a/debian/changelog b/debian/changelog
index bd0b1d7..a0c6ab8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+php-nyholm-psr7 (1.3.2-2
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: php-nyholm-p...@packages.debian.org, t...@security.debian.org
Control: affects -1 + src:php-nyholm-psr7
Hi,
Please note that this request is very similar to #1034713
--git a/debian/changelog b/debian/changelog
index 8635876..0093037 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+php-guzzlehttp-psr7 (1.7.0-1+deb11u2) bullseye; urgency=medium
+
+ * Fix improper input validation [CVE-2023-29197] (Closes: #1034581)
+
+ -- David Prévot Sat, 22
Hi,
Le 27/02/2023 à 08:18, David Prévot a écrit :
Le 26/02/2023 à 21:54, Paul Gevers a écrit :
On 08-02-2023 13:53, David Prévot wrote:
[ Tests ]
I didn’t test it thoroughly (I doubt to have much time for at least
another week), but it passes
There are issues with the installability of
Hi Paul,
Le 26/02/2023 à 21:54, Paul Gevers a écrit :
On 08-02-2023 13:53, David Prévot wrote:
[ Tests ]
I didn’t test it thoroughly (I doubt to have much time for at least
another week), but it passes
There are issues with the installability of src:symfony packages as can
be seen from the
Le 08/02/2023 à 13:53, David Prévot a écrit :
Package: release.debian.org
Severity: normal
Tags: bullseye
[…]
[ Tests ]
I didn’t test it thoroughly (I doubt to have much time for at least
another week), but it passes
… its (updated upstream) testsuite at buildtime, which is the same as
the
/Http] Remove CSRF tokens from storage on successful login
+ [CVE-2022-24895]
+
+ -- David Prévot Wed, 01 Feb 2023 19:38:41 +0100
+
symfony (4.4.19+dfsg-2+deb11u1) bullseye; urgency=medium
* Prevent CSV injection via formulas [CVE-2021-41270]
diff -Nru symfony-4.4.19+dfsg/debian/patches
Hi Ondřej, Mike and Horde team, PHP PEAR and Composer team, and Release
team.
Le 21/07/2022 à 13:22, David Prévot a écrit :
Le 14/07/2022 à 15:23, Paul Gevers a écrit :
Control: forwarded -1
https://release.debian.org/transitions/html/php8.2.html
[…]
php-defaults was updated in experimental
pattern (Closes: #989315)
+ * Use Authorization header instead of deprecated access_token query param
+(Closes: #955485)
+
+ -- David Prévot Sat, 28 May 2022 18:18:24 +0200
+
composer (1.8.4-1+deb10u1) buster-security; urgency=high
* Use debian/buster branch
diff --git a/debian/patches/0006
-2+deb11u1) bullseye; urgency=medium
+
+ * Fix code injection vulnerability [CVE-2022-24828] (Closes: #1009960)
+ * Update GitHub token pattern (Closes: #989315)
+ * Checkout ProcessExecutorMock.php needed for updated tests
+
+ -- David Prévot Sun, 29 May 2022 11:55:56 +0200
+
composer (2.0.9-2
Hi,
Le 28/05/2022 à 20:49, Adam D. Barratt a écrit :
On Fri, 2022-05-27 at 14:19 +0200, David Prévot wrote:
The security team asked me to address #1008236 [CVE-2022-24775] via a
point release, so here I am.
Please go ahead.
Uploaded, thanks.
Regards
David
Hi,
Le 27/05/2022 à 14:19, David Prévot a écrit :
[…]
[x] attach debdiff against the package in (old)stable
lalaladiff --git a/debian/changelog b/debian/changelog
index f3eb5e4..8635876 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+php-guzzlehttp-psr7 (1.7.0-1
/changelog
@@ -1,3 +1,11 @@
+php-guzzlehttp-psr7 (1.4.2-0.1+deb10u1) buster; urgency=medium
+
+ * Track Buster
+ * Backport fixes for improper header parsing [CVE-2022-24775]
+(Closes: #1008236)
+
+ -- David Prévot Fri, 27 May 2022 13:33:28 +0200
+
php-guzzlehttp-psr7 (1.4.2-0.1) unstable
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: pkg-php-p...@lists.alioth.debian.org
[ Reason ]
The security team asked me to address #1008236 [CVE-2022-24775] via a
point release, so here I am.
[ Tests ]
I did no
Le 09/02/2022 à 03:04, David Prévot a écrit :
[x] attach debdiff against the package in (old)stable
For real now…diff --git a/debian/changelog b/debian/changelog
index 5e67ca4afb..1b1f5f6fa7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,18 @@
+spip (3.2.11-3+deb11u2
@@ -1,7 +1,17 @@
+spip (3.2.4-1+deb10u6) buster; urgency=medium
+
+ * Document CVE fixed previously
+ * Backport security fixes (XSS) from 3.2.13
+
+ -- David Prévot Sat, 05 Feb 2022 09:21:02 -0400
+
spip (3.2.4-1+deb10u5) buster-security; urgency=high
* Backport security fixes from 3.2.12
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
Hi,
[ Reason ]
Two security issues (XSS) have been fixed in the latest upstream
version. As agreed with the security team, those are not worth a DSA.
[ Impact ]
Without these fix
Hi Paul,
Le 11/01/2022 à 15:52, Paul Gevers a écrit :
On 10-01-2022 23:43, David Prévot wrote:
Le 10/01/2022 à 16:44, Paul Gevers a écrit :
On 10-01-2022 21:13, Ondřej Surý wrote:
I thought I filled RM bugs for all of them, but I found only
#1003055 for php-apcu-bc, something must went wrong
Le 10/01/2022 à 16:44, Paul Gevers a écrit :
On 10-01-2022 21:13, Ondřej Surý wrote:
I thought I filled RM bugs for all of them, but I found only #1003055
for php-apcu-bc, something must went wrong.
Neither of these support PHP 8.x, and those packages should be removed.
Seems like that need
Hi,
Le 09/01/2022 à 14:37, Paul Gevers a écrit :
[…]
On 08-01-2022 23:09, David Prévot wrote:
[…]
PHPUnit requires the "dom" extension.
"""
where should that get fixed?
There are several php7.4-* packages pulled in those logs, so it’s not
really a surprise that do
Hi,
Le 08/01/2022 à 17:38, Paul Gevers a écrit :
On 01-01-2022 14:20, Ondřej Surý wrote:
[…]
I also see some autopkgtest regressions which have this (eg. [1, 2]):
"""
PHPUnit requires the "dom" extension.
"""
where should that get fixed?
There are several php7.4-* packages pulled in those lo
Le Sat, Dec 04, 2021 at 04:12:01PM -0400, David Prévot a écrit :
[…]
> Thanks, uploaded (with changelog updated).
Really uploaded now, seems like i failed to actually upload two weeks
ago, sorry about that.
Regards
David
signature.asc
Description: PGP signature
Hi Adam,
Le 04/12/2021 à 13:13, Adam D. Barratt a écrit :
On Fri, 2021-11-26 at 07:40 -0400, David Prévot wrote:
[…]
+symfony (4.4.19+dfsg-2+deb11u1) stable; urgency=medium
We generally prefer using codenames (so "bullseye")
Sorry, I used to know that…
Please go ahead.
Thanks
Hi,
Le 23/11/2021 à 15:57, Paul Gevers a écrit :> On 23-11-2021 11:52,
Ondřej Surý wrote:
[…]
Experimental is the ideal place to find that out. I does require
somebody to go through the regressions and file bug though, this doesn't
happen magically. I think David offered help there.
I’ve ch
[CVE-2021-41270]
+
+ -- David Prévot Wed, 24 Nov 2021 06:07:00 -0400
+
symfony (4.4.19+dfsg-2) unstable; urgency=medium
* Prevent user enumeration via response content [CVE-2021-21424]
diff --git a/debian/patches/Use-single-quote-to-escape-formulas.patch b/debian/patches/Use-single-quote-to-e
Hi,
Le 23/11/2021 à 15:57, Paul Gevers a écrit :
On 23-11-2021 11:52, Ondřej Surý wrote:
On 22. 11. 2021, at 22:28, David Prévot wrote:
I’ve just uploaded a version with your fix.
Thanks a lot.
+1.
David, can we now agree on a timeframe when we start the transition?
[…] it'
Hi Ondřej,
Le 22/11/2021 à 09:15, David Prévot a écrit :
Le 22/11/2021 à 08:45, Ondřej Surý a écrit :
> Or we could stop delaying the inevitable[1] and instead of bumping
> epoch just go ahead with the transition.
You don’t need to bump epoch
Please find attached a short debdif
[ Ondřej, your last mail didn’t make it to the transition bug report,
neither did the previous one. FWIW, I can only see a blank one from your
“Apple Mail” MUA. ]
[ Here is a copy of the sources of your email. I reply after this copy
to try not to add more confusion. ]
Le 22/11/2021 à 10:26,
Le 22/11/2021 à 08:45, Ondřej Surý a écrit :
> Or we could stop delaying the inevitable[1] and instead of bumping
> epoch just go ahead with the transition.
You don’t need to bump epoch (especially on source package and every
binary ones) just to temporarily bump version of one binary package.
Hi Ondřej,
Le 19/11/2021 à 16:41, Ondřej Surý a écrit :
I disagree, but I uploaded reverted package.
Unfortunately, you also need to bump binary packages version. This
revert got rejected:
$ ssh coccia.debian.org cat
/srv/ftp-master.debian.org/queue/reject/php-defaults_87_all-buildd.change
Hi Ondřej,
Le 19/11/2021 à 16:41, Ondřej Surý a écrit :
I disagree, but I uploaded reverted package.
Thank you for your quick action. However, php-defaults 86 as just
uploaded reverted the default PHP version to 8.0, de facto starting a
transition you wanted to skip (and still making it impo
Hi,
Le 10/11/2021 à 05:16, Sebastian Ramacher a écrit :
On 2021-09-05 19:26:39, Ondřej Surý wrote:
Hi Sebastian,
the PHP 8.1 RC1 was released, so I think it would be better to skip php8.0
[…]
I’ll update this issue when I am ready.
It seems that php-defaults (85) was uploaded to unstable,
phpunit-bridge description
+
+ -- David Prévot Thu, 13 May 2021 05:33:42 -0400
+
symfony (4.4.19+dfsg-1) unstable; urgency=medium
[ Fabien Potencier ]
diff --git a/debian/control b/debian/control
index c5df2fc3cc..d19d505d56 100644
--- a/debian/control
+++ b/debian/control
@@ -765,7 +765,7
Control: tags -1 -moreinfo
Control: retitle -1 unblock: spip/3.2.11-2
Hi Ivo,
Le 13/04/2021 à 10:52, Ivo De Decker a écrit :
I'm leaning towards accepting it. I suggest you upload it to unstable, and
we'll leave it there for a while.
Uploaded three weeks ago.
If issues show up (either in u
Control: tags -1 -moreinfo
Hi Paul,
Thank you for your reply.
Le 02/04/2021 à 16:41, Paul Gevers a écrit :
On 26-03-2021 20:53, David Prévot wrote:
Please unblock package spip
This package does have a bit of a track record for security issues.
Indeed. Since 3.3 will soon be released, the
uot;);
die("Error 403: ForbiddenError 403You are not authorized to view this page ($ecran_securite_raison)");
}
@@ -598,5 +606,6 @@ if (
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
header("Content-Type: text/html"
Le 21/02/2021 à 16:02, Paul Gevers a écrit :
Control: tags -1 moreinfo
Hi David,
On 21-02-2021 12:53, David Prévot wrote:
I recently added an autopkgtest to a package, and the autopkgtest failed
on all suites. I’m surprised to see that failure considered as a
regression (#983211)
[…]
We
Package: debci
Severity: normal
X-Debbugs-Cc: Debian Release Team
Hi,
I recently added an autopkgtest to a package, and the autopkgtest failed
on all suites. I’m surprised to see that failure considered as a
regression (#983211), so I believe there is a mistake somewhere (maybe
that’s just me no
Hi Mike,
Le 30/12/2020 à 04:03, Mike Gabriel a écrit :
So, bullseye will be shipped with PHP 8.0?
That’s the maintainer preference. The release team may not proceed
according to their doubts during the last meeting [1]. I believe the
related issues are worth investigating anyway: easy fixex
Hi,
Le Fri, Dec 11, 2020 at 12:38:01PM -0400, David Prévot a écrit :
> Le Tue, Dec 08, 2020 at 09:28:38AM +0100, Ondřej Surý a écrit :
>
> > I would like to transition the PHP to version 8.0;
>
> The timing of this request makes me uneasy […]
>
> > it's not suc
Hi Ondřej,
Le Tue, Dec 08, 2020 at 09:28:38AM +0100, Ondřej Surý a écrit :
> I would like to transition the PHP to version 8.0;
The timing of this request makes me uneasy: php8.0 has been in Debian
for less than a week, and we are a month away from the transition
freeze.
> it's not such a huge
Hi,
Le 17/09/2018 à 01:09, Adam Borowski a écrit :
> The updated package is 100% identical to the version in unstable, only the
> version number differs (+deb9u1).
Please, use ~deb9u1 instead: you don’t want to push a higher version
than in unstable.
Regards
David
signature.asc
Description:
Hi Cyril,
Le 30/06/2017 à 14:36, Cyril Brulebois a écrit :
> Control: retitle -1 stretch-pu: package phpunit/5.4.6-2~deb9u1
> Control: tag -1 moreinfo
> David Prévot (2017-06-28):
>> Please, allow this patched version of phpunit, built and tested in a
>> Stretch environment
+ * Upload previous fix to Stretch
+
+ -- David Prévot Wed, 28 Jun 2017 17:03:35 -1000
+
+phpunit (5.4.6-2) unstable; urgency=high
+
+ * Team upload
+ * Fix arbitrary PHP code execution via HTTP POST [CVE-2017-9841]
+(Closes: #866200)
+
+ -- David Prévot Wed, 28 Jun 2017 16:43:26 -1000
-9997] [CVE-2016-9998] (Closes: #848641)
- Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php
[CVE-2016-9152] (Closes: #847156)
* Backport security fix from 3.0.25
- Execution of arbitrary PHP code
-- David Prévot Wed, 26 Apr 2017 18:02:00 -1000
I’ve just deployed
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
Hi,
As discussed with the security team, please remove owncloud from stable:
we’re not able to maintain this version on our own anymore, especially
since we had to give up our efforts to provide
Hi,
Le 28/08/2016 à 04:09, Adam D. Barratt a écrit :
> Control; tags -1 + confirmed
[…]
> Oh, how I've missed Firefox plugin updates. :-|
Same here :/
> Please go ahead.
Thanks, all uploaded.
Regards
David
signature.asc
Description: OpenPGP digital signature
..cf52cbf 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+firegestures (1.10.9-1~deb8u1) jessie; urgency=medium
+
+ * Upload compatible version with recent Firefox in Jessie (Closes: #827277)
+
+ -- David Prévot Mon, 15 Aug 2016 18:49:34 -1000
+
firegestures (1.10.9-1) unstable
/changelog
@@ -1,3 +1,9 @@
+tabmixplus (0.5.0.0-1~deb8u1) jessie; urgency=medium
+
+ * Upload compatible version with recent Firefox in Jessie (Closes: #826995)
+
+ -- David Prévot Mon, 15 Aug 2016 16:34:54 -1000
+
tabmixplus (0.5.0.0-1) unstable; urgency=medium
* Upload stable version to unstable
~deb8u1) jessie; urgency=medium
+
+ * Upload compatible version with recent Firefox in Jessie (Closes: #829267)
+
+ -- David Prévot Mon, 15 Aug 2016 16:53:49 -1000
+
adblock-plus (2.7.3+dfsg-1) unstable; urgency=medium
[ Wladimir Palant ]
signature.asc
Description: OpenPGP digital signature
recent Firefox in Jessie (Closes: #826896)
+
+ -- David Prévot Mon, 15 Aug 2016 16:45:33 -1000
+
mozilla-noscript (2.9.0.11-1) unstable; urgency=medium
* Drop Iceape and Iceweasel from description
signature.asc
Description: OpenPGP digital signature
with recent Firefox in Jessie (Closes: #828622)
+
+ -- David Prévot Sat, 16 Jul 2016 08:54:01 -0400
+
greasemonkey (3.8-1) unstable; urgency=medium
* Team upload, to unstable since it’s a stable release
signature.asc
Description: OpenPGP digital signature
1 - 100 of 367 matches
Mail list logo
