On Mon, Sep 09, 2013 at 05:15:51PM +0200, Ondřej Surý wrote:
On Mon, Sep 9, 2013 at 4:43 PM, Moritz Mühlenhoff j...@inutil.org wrote:
On Sat, Nov 24, 2012 at 11:46:02AM +0100, Ondřej Surý wrote:
severity 694143 wishlist
thank you
We are in freeze, and the libav9 is not even
Sebastian Ramacher sramac...@debian.org schrieb:
#720814 motion
Should be removed from testing IMO. Has only seen NMUs since two years.
#721026 renpy (fixed upstram)
I'll take care of that in the next days.
no patch, not pending:
#720824 opal (seems to be fixed in experimental)
See the
On Sat, Aug 31, 2013 at 02:54:43PM +0200, Moritz Muehlenhoff wrote:
On Tue, Aug 13, 2013 at 11:48:56AM +0200, Julien Cristau wrote:
A number of packages are involved in both libav and libx264 transitions.
Do you want to do both of them at the same time, or serialized?
I've successfully
On Mon, Jun 17, 2013 at 12:00:45AM +0100, Steven Chamberlain wrote:
On 16/06/13 19:57, Moritz Mühlenhoff wrote:
Wheezy has both kfreebsd-8 and kfreebsd-9. Shouldn't kfreebsd-8 be dropped
now?
Some other things I'm wondering about are:
stable updates - would we need to keep kfreebsd-8
On Mon, Mar 04, 2013 at 09:00:39PM +0100, Cyril Brulebois wrote:
Adam D. Barratt a...@adam-barratt.org.uk (04/03/2013):
On Mon, 2013-03-04 at 19:07 +0100, Moritz Muehlenhoff wrote:
please unblock busybox 1:1.20.0-8. It fixes CVE-2013-1813
security tracker says:
[squeeze] - busybox
On Sat, Mar 02, 2013 at 01:12:51PM +0100, Julien Cristau wrote:
On Fri, Mar 1, 2013 at 17:56:10 +0100, Moritz Muehlenhoff wrote:
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock chromium-browser
I'm skeptical that owncloud should be shipped in Wheezy. It has
frequent security issues and the initial maintainers appear to
be inactive, all updates after October have been NMUs...
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble?
Niels Thykier ni...@thykier.net schrieb:
On 2013-02-17 23:04, Matthias Klose wrote:
There is a bug report open for openjdk-6 in wheezy (#675495) and squeeze
didn't
see any security updates for several months. To summarize, no party
involved is
capable or willing to provide security
On Fri, Feb 15, 2013 at 06:15:37PM +, Adam D. Barratt wrote:
[resending to team@security rather than -security@lists]
On Sun, 2013-02-10 at 22:21 +, Steven Chamberlain wrote:
On 10/02/13 22:13, Adam D. Barratt wrote:
On Sun, 2013-02-10 at 20:59 +, Steven Chamberlain wrote:
On Fri, Jan 25, 2013 at 01:39:52PM +0100, Julien Cristau wrote:
On Fri, Jan 25, 2013 at 09:56:25 +0100, Patrick Matthäi wrote:
+diff -Naur glusterfs-3.2.7.orig/libglusterfs/src/statedump.c
glusterfs-3.2.7/libglusterfs/src/statedump.c
+--- glusterfs-3.2.7.orig/libglusterfs/src/statedump.c
Nico Golde n...@debian.org schrieb:
Hi,
* Julien Cristau jcris...@debian.org [2012-12-28 18:12]:
Control: tags -1 moreinfo
On Mon, Dec 17, 2012 at 13:16:13 +0100, Nico Golde wrote:
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags:
On Tue, Dec 25, 2012 at 11:57:56AM +0100, Paul Gevers wrote:
Hi,
I am touching on this bug as part of the request by the RT [1].
Reading through the discussion of a later CVE bug in bind9 [2], my
expectation regarding the unblock bind9/1:9.8.4.dfsg-1 request is that
the answer will be no,
On Wed, Dec 12, 2012 at 08:42:21PM +0100, Philipp Kern wrote:
Dear Moritz,
On Wed, Dec 12, 2012 at 07:21:47PM +0100, Moritz Muehlenhoff wrote:
gimp / CVE-2012-5576
Blocked by missing s390x build. I've contacted the buildd maints, but got
no reponse.
I beg to differ:
pkern@grieg
On Wed, Dec 12, 2012 at 07:04:04PM +, Adam D. Barratt wrote:
Control: tags -1 + confirmed
On Mon, 2012-10-22 at 20:53 +0200, Moritz Muehlenhoff wrote:
Ok to upload to t-p-u with the attached debdiff?
This fixes CVE-2011-4612 / #652663)
Much as I dislike wheel re-inventing, I'm
On Tue, Nov 06, 2012 at 04:31:54PM +0900, OHURA Makoto wrote:
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal
Please unblock package xemacs21
xemacs21 21.4.22-4 fixed #670292 and #677849 which are RC bugs.
xeamcs21 was
On Wed, Oct 17, 2012 at 07:10:06PM +0100, Adam D. Barratt wrote:
On Wed, 2012-10-17 at 19:00 +0200, Moritz Muehlenhoff wrote:
please unblock icedove 10.0.9-1
It fixes multiple security issues
I notice the README.Debian note about iceowl-extension's security
support (or rather lack
Dmitry Smirnov only...@member.fsf.org schrieb:
--nextPart3575724.xime2j9Qld
Content-Type: Text/Plain;
charset=windows-1251
Content-Transfer-Encoding: quoted-printable
On Sun, 30 Sep 2012 06:07:18 Julien Cristau wrote:
At this point my preference would go towards removing zabbix from
Cyril Brulebois k...@debian.org schrieb:
unblock openssh-blacklist/0.4.1+nmu1
We could also consider to demote openssh's dependency on openssh-blacklist
to a Suggests, it's been 4.5 years since DSA-1571-1...
Cheers,
Moritz
--
To UNSUBSCRIBE, email to
Adam D. Barratt a...@adam-barratt.org.uk schrieb:
Control: tags -1 + moreinfo
On Fri, 2012-07-13 at 13:03 +1000, Aníbal Monsalve Salazar wrote:
Please unblock libpng (with udeb binary package).
Upstream released libpng 1.2.50 to fix CVE-2012-3386 recently. I
extracted the relevant change.
On Sat, Aug 04, 2012 at 12:37:23AM +0200, Tobias Hansen wrote:
Hi,
t1lib has no upstream, but a number of security vulnerabilities and reverse
dependencies.
We need to know if #637488 can be ignored for wheezy or if we should go for
removal and file bugs against the reverse
Du schriebst in gmane.linux.debian.devel.release:
Rob Browning r...@defaultvalue.org writes:
Right, that one I can't explain. So far, only murphy hates the package
(both revisions). It builds fine on biber, and also here in a wheezy
i386 chroot.
It looks like one difference between biber
On Wed, Jul 04, 2012 at 10:55:18AM +0100, Neil McGovern wrote:
On Tue, Jul 03, 2012 at 11:09:04PM +0200, Moritz Mühlenhoff wrote:
I suggest we remove libggi from Wheezy. It's totally obsolete these days,
dead upstream and RC-buggy since 1.5 years (608981).
Removing it would involve
Hi release team,
I suggest we remove libggi from Wheezy. It's totally obsolete these days,
dead upstream and RC-buggy since 1.5 years (608981).
Removing it would involve the following packages:
GGI-related and to be removed along, no rev-deps on their own:
libgiigic
libggimisc
libggiwmh
On Wed, May 02, 2012 at 10:59:23PM +0100, Adam D. Barratt wrote:
team@security, could you confirm the above is correct and also that
there aren't any plans for a fix for the issue via the security archive
in the near future?
Indeed.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to
Nicholas Bamber nicho...@periapt.co.uk schrieb:
Release team,
We are debating whether to
a.) allow both mysql-5.1 and mysql-5.5 to go into wheezy
or
b.) whether to try and effect a transition to 5.5
There should be only one MySQL release in Wheezy, otherwise
all security issues need
On Mon, Mar 26, 2012 at 10:35:49AM +0200, Mathieu Parent wrote:
Hi,
Julien:
rm hints added.
This is a bit rude (not your fault). AFAIK, we * haven't be notified
of this removal.
[*]: the pkg-kolab maintainers (no mention of it in #647221, for example)
Moritz:
They are as
On Sun, Mar 25, 2012 at 11:28:40AM +0100, Adam D. Barratt wrote:
On Mon, 2012-03-12 at 18:40 +0100, Moritz Muehlenhoff wrote:
As discussed on IRC last week. I've validated with a local rebuild
that these packages have properly hardened build flags now that
cdbs has been fixed.
[...]
nmu
On Mon, Feb 06, 2012 at 06:38:28PM +, Adam D. Barratt wrote:
tag 658909 + moreinfo
thanks
On Mon, 2012-02-06 at 18:57 +0100, Moritz Muehlenhoff wrote:
Please remove kolab-cyrus-imapd from testing.
Not quite so easy:
Checking reverse dependencies...
# Broken Depends:
kolabd:
On Thu, Jan 12, 2012 at 10:18:25PM +0100, Julien Cristau wrote:
On Sun, Dec 25, 2011 at 17:45:42 +0100, Moritz Mühlenhoff wrote:
Hi,
fix for CVE-2011-1575 in stable. There's some config.log leftovers
from the buildsystem in the debdiff, dunno where that comes from.
The security fix has
On Thu, Jan 05, 2012 at 10:00:43AM +0100, Christoph Berg wrote:
Re: Moritz Muehlenhoff 2012-01-04 20120104171956.ga4...@inutil.org
Can you also assess whether (old)stable are affected, and if so, provide
packages? If not (affected or able), do let us know aswell.
In any case,
Philipp Kern pk...@debian.org schrieb:
Why is that, given that according to the tracker, lenny isn't even
affected? I'd appreciate a fix for a remote DoS of a network service
through security, to be honest.
For all practical purposes the KDC is local to your trust context.
Cheers,
On Sat, Dec 31, 2011 at 05:19:21PM -0500, Michael Gilbert wrote:
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: rm
Severity: normal
Please remove amsn from testing. Based on the maintainer's opinion,
and the fact that hasn't gotten any security support
Thijs Kinkhorst th...@debian.org schrieb:
On Thu, December 29, 2011 09:10, Adam D. Barratt wrote:
On 28.12.2011 23:45, John Wright wrote:
Attached is a patch to the python-debian package which I intend to
upload to stable.
Apparently you already _have_ uploaded it.
Eight hours is really
Hi,
I'd like to fix CVE-2011-4089 for the next point update.
debdiff below.
Cheers,
Moritz
diff -u bzip2-1.0.5/bzexe bzip2-1.0.5/bzexe
--- bzip2-1.0.5/bzexe
+++ bzip2-1.0.5/bzexe
@@ -125,7 +125,7 @@
umask $umask
/bin/chmod 700 $tmpfile
prog=`echo $0 | /bin/sed 's|^.*/||'`
- if
On Mon, Dec 26, 2011 at 03:38:07PM +, Adam D. Barratt wrote:
On 26.12.2011 13:26, Moritz Mühlenhoff wrote:
I'd like to fix CVE-2011-4089 for the next point update.
[...]
+bzip2 (1.0.5-6+squeeze1) stable; urgency=low
+
+ * Non-maintainer upload by the Security Team
+ * Fix CVE-2011
Hi,
fix for CVE-2011-1575 in stable. There's some config.log leftovers
from the buildsystem in the debdiff, dunno where that comes from.
The security fix has been isolated from the 1.0.30 release.
Cheers,
Moritz
diff -u pure-ftpd-1.0.28/debian/changelog pure-ftpd-1.0.28/debian/changelog
On Thu, Dec 22, 2011 at 09:08:42PM +, Adam D. Barratt wrote:
On Thu, 2011-12-22 at 19:45 +0100, Moritz Mühlenhoff wrote:
I'd like to fix rpm/CVE-2011-3378 in the next stable point update.
Please go ahead; thanks.
Thanks, uploaded.
Debdiff atttached.
debdiff.rpm is a somewhat
Hi,
I'd like to fix rpm/CVE-2011-3378 in the next stable point update.
Debdiff atttached.
Cheers,
Moritz
debdiff.rpm
Description: application/redhat-package-manager
On Thu, Dec 01, 2011 at 09:47:53PM +0100, Florian Weimer wrote:
* Moritz Mühlenhoff:
Florian, what's the status of openjdk6 for stable/oldstable?
I've released the pending update for squeeze. lenny will eventually
follow, and so will the pending updates for squeeze, but judging by my
Ben Hutchings b...@decadent.org.uk schrieb:
--=-H5TOWby5lstdx8paRFAT
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Given a freeze in June 2012, we will have a choice between these Linux
releases (with estimated dates):
3.2 (December 2011)
3.3 (March
On Wed, Nov 30, 2011 at 08:15:31PM +, Adam D. Barratt wrote:
On Wed, 2011-11-30 at 14:22 -0430, Miguel Landaeta wrote:
I have prepared an upload to fix #650430 / CVE-2011-4358.
This bug affects mojarra 2.0.3-1 in stable.
Thanks for working on this.
I'm attaching the debdiff with
On Fri, Oct 21, 2011 at 11:07:30AM +0200, Florian Weimer wrote:
* Moritz Muehlenhoff:
As for stable/oldstable: I noticed that Red Hat provided packages for
update 29 for RHEL 4 (RHEL 5 onwards use OpenJDK):
http://lwn.net/Articles/463919/
If anyone remembers the rationale behind the
On Thu, Oct 06, 2011 at 08:15:19PM +0200, Julien Cristau wrote:
- cherokee (FTBFS on mips; need a bug filed).
#641774
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Niels Thykier ni...@thykier.net schrieb:
On 2011-09-14 18:36, Kees Cook wrote:
Hi,
On Wed, Sep 14, 2011 at 08:02:13AM +0200, Niels Thykier wrote:
I have two questions so far. First what usertag will you be using for
the bugs (if any)? As far as I can tell, there is not listed on the
Here's a status update on the libav transition.
The following packages are present in testing and FTBFS when built
against libav/0.7.1. The bugs have been usertagged with the user
j...@debian.org and the tag libav07:
vxl (638251)
gnash (638249)
ffmpeg2theora (638245)
picard (638244)
libphash
On Wed, Sep 07, 2011 at 06:16:18PM +0530, Ritesh Raj Sarraf wrote:
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
The fusecompress package is buggy. There have been reports of data
corruption. I've pinged upstream many times but
On Fri, Sep 02, 2011 at 11:31:34PM +0200, Julien Cristau wrote:
On Thu, Sep 1, 2011 at 23:23:35 +0200, Moritz Mühlenhoff wrote:
avifile
Fails: https://buildd.debian.org/status/package.php?p=avifilesuite=sid
Weird, I'll look into it.
Cheers,
Moritz
--
To UNSUBSCRIBE, email
On Fri, Sep 02, 2011 at 07:35:08PM +0200, Julien Cristau wrote:
The following packages are compatible with libav from experimental:
[...]
Scheduled binNMUs for those. taoframework is arch:all though so needs a
source upload, please contact the maintainers.
Filed as #640224.
Cheers,
On Wed, Aug 24, 2011 at 11:04:03PM +0200, Moritz Muehlenhoff wrote:
On Sat, Aug 20, 2011 at 11:39:03AM +0200, Moritz Mühlenhoff wrote:
On Mon, Jul 25, 2011 at 08:07:00AM +0200, Reinhard Tartler wrote:
On Mon, Jul 25, 2011 at 05:10:38 (CEST), Andres Mejia wrote:
Has there been any
On Mon, Jul 25, 2011 at 08:07:00AM +0200, Reinhard Tartler wrote:
On Mon, Jul 25, 2011 at 05:10:38 (CEST), Andres Mejia wrote:
Has there been any work on transitioning to libav-0.7?
The package itself is ready since *May*, and in the meantime the
transition has already started in Ubuntu
On Wed, Jul 27, 2011 at 06:38:00PM +0100, Jonathan Wiltshire wrote:
Sec-team, has a proper CVE number been assigned for mentioning in the
changelog?
No, there hasn't been any CVE assignment.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a
On Sat, May 21, 2011 at 02:11:31PM +0200, Mehdi Dogguy wrote:
On 05/21/2011 11:52 AM, Moritz Muehlenhoff wrote:
Please remove bugzilla from testing. It's unmaintained with several
unhandled
security issues and Debian has been - fully correctly IMO - criticises
heavily
by upstream
Adam D. Barratt a...@adam-barratt.org.uk schrieb:
On Wed, 2011-05-18 at 15:41 +, maximilian attems wrote:
2 commits of klibc 1.5.22 are candidates for stable fixes:
* [klibc] ipconfig: comment new escape function
security fix for CVE-2011-0997 type vulnerability
corresponding cve
Modestas Vainius mo...@debian.org schrieb:
This is a multi-part MIME message sent by reportbug.
--===686344907970967==
Content-Type: text/plain; charset=us-ascii
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Package: release.debian.org
On Sat, Apr 30, 2011 at 06:26:51PM +0200, Florian Weimer wrote:
* Adam D. Barratt:
I do share Florian's concern about the potential breakage as a result of
the change. Do we have any idea how many packages in {old,}stable would
be affected and to what degree? Particularly in the case of
Matthijs Möhlmann matth...@cacholong.nl schrieb:
On Mar 28, 2011, at 11:36 PM, Adam D. Barratt wrote:
Hi,
Thanks for working on fixing issues in stable.
On Mon, 2011-03-28 at 22:41 +0200, Matthijs Möhlmann wrote:
According to bug #617606 there are currently 2 CVE's open.
CVE-2011-1024:
On Wed, Feb 02, 2011 at 07:33:27PM +0100, Julien Cristau wrote:
On Mon, Jan 10, 2011 at 20:56:01 +0100, Moritz Muehlenhoff wrote:
State of browser support
Debian Squeeze includes several browser engines which are affected by a
frequent
stream of security vulnerabilities. The high
On Sat, Jan 29, 2011 at 07:52:38PM +0100, Guido Günther wrote:
On Sat, Jan 29, 2011 at 05:48:43PM +, Adam D. Barratt wrote:
On Tue, 2011-01-25 at 09:16 +0100, Guido Günther wrote:
On Mon, Jan 24, 2011 at 08:43:38PM +, Adam D. Barratt wrote:
The main problem I'm having with
On Sun, Jan 16, 2011 at 12:28:06AM +0100, Philipp Kern wrote:
Hi,
On Sat, Jan 15, 2011 at 07:07:50PM +0100, Thijs Kinkhorst wrote:
As you may or may not know the ia32-libs and ia32-libs-gtk packages in
lenny are in a suboptimal state. It boils down to that they contain the
'current'
Niko Tyni nt...@debian.org schrieb:
--PEIAKu/WMn1b1Hv9
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Fri, Jan 14, 2011 at 09:28:09AM +0200, Niko Tyni wrote:
I thought stable would be fixed with a DSA, but as the next Lenny point
release will be out real soon
On Mon, Jan 10, 2011 at 06:47:21PM -0500, Michael Gilbert wrote:
On Tue, 11 Jan 2011 00:40:42 +0100, Moritz Muehlenhoff wrote:
On Mon, Jan 10, 2011 at 11:12:39PM +0100, Josselin Mouette wrote:
Heya,
Le lundi 10 janvier 2011 à 20:56 +0100, Moritz Muehlenhoff a écrit :
As such,
Hi,
I would like to upload attached update to surfraw for stable.
(The Debian Security Tracker was moved to a debian.org host
some time ago and while the enyo.de old site provided a
redirect for some time, it is now gone)
Cheers,
Moritz
diff -u surfraw-2.2.2/debian/changelog
On Wed, Jan 12, 2011 at 10:19:48PM +, Adam D. Barratt wrote:
On Wed, 2011-01-12 at 22:59 +0100, Moritz Mühlenhoff wrote:
Hi,
I would like to upload attached update to surfraw for stable.
(The Debian Security Tracker was moved to a debian.org host
some time ago and while the enyo.de
Adam D. Barratt a...@adam-barratt.org.uk schrieb:
On Fri, 2010-12-24 at 09:22 +0100, Guido Günther wrote:
Hi,
On Thu, Dec 23, 2010 at 10:02:45PM +, Adam D. Barratt wrote:
On Tue, 2010-11-16 at 15:58 +0100, Guido Günther wrote:
As discussed with Moritz from the security team there
201 - 264 of 264 matches
Mail list logo