On Mon, Jun 17, 2024 at 06:18:40PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Fri, 2024-06-14 at 23:25 +0200, Moritz Muehlenhoff wrote:
> > Attached debdiff fixes three minor security issues. The update
> > has been tested on a Bookworm system. debdi
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: bl...@packages.debian.org, iwama...@debian.org
Control: affects -1 + src:bluez
User: release.debian@packages.debian.org
Usertags: pu
Attached debdiff fixes three minor security issues. The update
has been tested on a Boo
On Wed, May 01, 2024 at 06:29:29PM +0100, Adam D. Barratt wrote:
> On Wed, 2024-05-01 at 13:02 +0200, Moritz Muehlenhoff wrote:
> > Please remove salt in the next Bullseye point release.
> > It was already removed frm unstable for being unsupportable
> > and unmaintained (htt
Package: release.debian.org
Severity: normal
X-Debbugs-Cc: s...@packages.debian.org
Control: affects -1 + src:salt
User: release.debian@packages.debian.org
Usertags: rm
Please remove salt in the next Bullseye point release.
It was already removed frm unstable for being unsupportable
and unmain
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: libtomm...@packages.debian.org
Control: affects -1 + src:libtommath
Addresses CVE-2023-36328, debdiff below. Acked by Dominique before.
Cheers,
Moritz
diff
Thorsten Alteholz wrote:
[ Adding DSA to the CC list ]
> On Mon, 18 Mar 2024, Emilio Pozuelo Monfort wrote:
> > > One solution which has been discussed in the past is to import a full copy
> > > of stable towards stable-security at the beginning of each release cycle,
> > > but that is currently
On Mon, Mar 18, 2024 at 01:13:15PM +0100, Emilio Pozuelo Monfort wrote:
> [ Adding debian-dak@ to Cc ]
> > One solution which has been discussed in the past is to import a full copy
> > of stable towards stable-security at the beginning of each release cycle,
> > but that is currently not possible
On Mon, Feb 12, 2024 at 06:16:48PM +, Jonathan Wiltshire wrote:
> On Mon, Feb 12, 2024 at 09:24:47AM +, Holger Levsen wrote:
> > hi,
> >
> > On Sun, Feb 11, 2024 at 09:44:18PM +, Jonathan Wiltshire wrote:
> > > Requested by security team. Not in stable or testing.
> >
> > once this ha
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: un...@packages.debian.org
Control: affects -1 + src:unadf
Addresses two no-dsa security issues, same fix already rolled out
for Bookworm. Debdiff below.
Cheers,
On Fri, Jan 19, 2024 at 02:38:32AM +, Thorsten Glaser wrote:
> Hi
>
> TIL about the existence of nvidia-openjdk-8-jre.
>
> Would it not be better to drop that and remove the bug deliberately
> blocking openjdk-8 from entering testing/stable?
No, we have enough OpenJDK releases to look after
On Mon, Dec 25, 2023 at 10:32:41AM +0100, Tobias Frost wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: hapr...@packages.debian.org
> X-Debbugs-Cc: t...@security.debian.org
> Control: affects -1 +
On Fri, Dec 22, 2023 at 10:19:15AM -0300, Santiago Ruano Rincón wrote:
> El 22/12/23 a las 09:54, Moritz Muehlenhoff escribió:
> > On Thu, Dec 21, 2023 at 07:30:51PM -0300, Santiago Ruano Rincón wrote:
> > > So let me ask you: are you interested in addressing the infrastructure
On Thu, Dec 21, 2023 at 07:30:51PM -0300, Santiago Ruano Rincón wrote:
> So let me ask you: are you interested in addressing the infrastructure
> limitations to handle those kind of packages? and having some help for
> that?
Foremost this is an infrastructure limitation that needs to be resolved:
On Fri, Dec 15, 2023 at 10:39:04AM +0200, Adrian Bunk wrote:
> > That is a good point. However, I consider full coverage of security support
> > for stable to be an improvement over the current situation. Explicitly
> > stating that security support is not shipped for oldstable does not do any
> >
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: un...@packages.debian.org
Control: affects -1 + src:unadf
Fixes two minor security issues. These have actually been in
past releases (wheezy/jessie), but the patch wa
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: q...@packages.debian.org, m...@tls.msk.ru
Control: affects -1 + src:qemu
Various low severity security issues in qemu, debdiff below.
I've tested this on a Bullseye g
On Tue, Sep 05, 2023 at 04:04:27AM +0900, YOKOTA Hiroshi wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: 7...@packages.debian.org, yokota.h...@gmail.com,
> b...@debian.org, t...@security.debian.o
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
Hashicorp switched to the non-free BSL and security fixes will
only be made available until December 31 2023, so we should
remove it with the Bullseye 11.8 point release:
https://www.hashicorp.co
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
Needs to be removed alongside with nomad.
Cheers,
Moritz
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: test...@packages.debian.org, d...@debian.org,
vladimir.pe...@canonical.com
Control: affects -1 + src:testng7
We need to introduce a backport of testng7 in the versio
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: asmto...@packages.debian.org, ebo...@apache.org
Control: affects -1 + src:asmtools
We need to introduce a backport of asmtools in the version found in bookworm
to bul
On Fri, May 26, 2023 at 12:10:18AM +0200, Markus Koschany wrote:
> First of all trapperkeeper-webserver-jetty9-clojure should add a build-
> dependency on logback to detect such regressions in advance.
>
> #1036250 is mainly a logback problem, not a tomcat problem. I still would like
> to hear Emm
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
X-Debbugs-Cc: g...@packages.debian.org, siret...@tauware.de,
sramac...@debian.org
Control: affects -1 + src:gpac
In priot discussion between Reinhard, Sebastian and the Security team we've
come
On Sat, Mar 18, 2023 at 09:17:25AM +0100, Sebastian Ramacher wrote:
> Control: tags -1 moreinfo
>
> Hi security team
>
> On 2023-03-15 06:46:32 +0400, Yadd wrote:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian@packages.debian.org
> > Usertags: unblock
> > X-Debb
On Mon, Mar 13, 2023 at 03:07:34PM +, Holger Levsen wrote:
> On Mon, Mar 13, 2023 at 03:58:45PM +0100, Moritz Mühlenhoff wrote:
> > Am Mon, Mar 13, 2023 at 01:43:11PM +0100 schrieb Holger Levsen:
> > > * security-support-limited:
> > > - for golang and openjdk-17, point to the bookworm ma
On Mon, Mar 06, 2023 at 10:17:04PM +0100, Paul Gevers wrote:
> Dear security team,
>
> It's the time of the season to ask you to consider testing that the next
> security suite is working as intended. In our checklist [1] it's mentioned
> to coordinate with you an upload to bookworm-security to co
On Fri, Feb 24, 2023 at 10:29:07PM +0100, Markus Koschany wrote:
> Hi,
>
> Am Freitag, dem 24.02.2023 um 16:01 +0100 schrieb Moritz Mühlenhoff:
> [...]
> > Could we also ship the README.Debian.security that was recently added
> > in unstable to bullseye/buster?
>
> I've just uploaded a new revisi
On Fri, Jan 06, 2023 at 08:41:50AM +0100, Paul Gevers wrote:
> Dear Chromium team, Security team,
>
> On 27-01-2022 17:15, Moritz Muehlenhoff wrote:
> > On Wed, Jan 26, 2022 at 09:38:42PM +0100, Paul Gevers wrote:
> > > > So, I'm proposing the following: we unblo
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
This updates fixes various minor crashes in mplayer, which
don't warrant a DSA by itself. I've run the PoCs against
the updated build where applicable and also tested various
rando
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: d...@debian.org
openjdk bumped the requirements for the test suite within
their 11.x branch (which is what we ship in Bullseye), it
now needs jtreg6.
The debdiff is
On Mon, Aug 22, 2022 at 02:50:41PM +0530, Abhijith PA wrote:
> Hello Moritz,
>
> I've prepared a qemu build months back fixing pending CVEs then. I
> have now took 2 patches (CVE-2020-35504, CVE-2020-35505) from your
> diff and backported a new CVE, fixing total of ~35 CVEs.
>
> I've tested o
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: m...@tls.msk.ru
Various low severity qemu issues, but since quite a few
of those have piled up, it makes sense to move to an
update. Debdiff below.
Cheers,
Mor
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: fab...@debian.org
Fixes a minor security issue, debdiff below (and was just uploaded).
Tested with a few sample files.
Cheers,
Moritz
diff -Nru flac-1.3.3/de
On Wed, Jan 26, 2022 at 09:38:42PM +0100, Paul Gevers wrote:
> > So, I'm proposing the following: we unblock chromium from
> > testing, with the understanding that prior to bookworm's release, we
> > have a discussion with the release team about whether chromium will
> > be allowed in the stable re
On Sat, Jan 01, 2022 at 01:23:09PM -0500, Andres Salomon wrote:
> How should I handle this? NMU to sid, let people try it out, and then
> deal with buster/bullseye?
Yeah, let's proceed with unstable first in any case.
> Upload everything all at once? I'm also
> going to try building for buster, u
On Sun, Jan 02, 2022 at 06:53:51PM +0100, Mattia Rizzolo wrote:
> Correlated, do you know how long do they plan on keeping using python2?
> That's plainly unsuitable, it really is not going to last much longer in
> debian.
Current state of the Python 3 upstream migration can be found here:
https:/
On Sun, Dec 12, 2021 at 08:11:00PM -0500, Andres Salomon wrote:
> On 12/5/21 6:41 AM, Moritz Mühlenhoff wrote:
> > Am Sun, Dec 05, 2021 at 10:53:56AM +0100 schrieb Paul Gevers:
> > Exactly that.
> >
> > I'd suggest anyone who's interested in seeing Chromium supported to first
> > update it in unst
Hi Marco,
On Sun, Nov 28, 2021 at 11:57:09PM +0100, SEEWEB - Marco d'Itri wrote:
> https://rpki.exposed/ lists a long number of vulnerabilities affecting
Ironically this website is unreachable since at least yesterday :-)
> It is not really practical to extract and backport all these patches, s
-1,3 +1,10 @@
+jtharness (6.0-b15-1~deb10u1) buster; urgency=medium
+
+ * Rebuild for buster, needed for latest OpenJDK 11.x release
+- Switch to debhelper 12
+
+ -- Moritz Muehlenhoff Fri, 19 Nov 2021 16:17:12 +
+
jtharness (6.0-b15-1) unstable; urgency=medium
* Team upload.
-1,3 +1,10 @@
+jtreg (5.1-b01-2~deb10u1) buster; urgency=medium
+
+ * Rebuild for buster, needed for latest OpenJDK 11.x release
+- Switch to debhelper 12
+
+ -- Moritz Muehlenhoff Fri, 19 Nov 2021 16:26:05 +
+
jtreg (5.1-b01-2) unstable; urgency=medium
* Team upload.
diff -Nru jtreg-5.1-
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
X-Debbugs-Cc: boxe...@gmail.com
Please remove libgrokj2k/7.6.6-3 from testing (as discussed with the maintainer,
also CCed). libgrokj2k is still in rapid development (upstream is already at
9.3),
) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix CVE-2021-32055 (Closes: #988107)
+
+ -- Moritz Muehlenhoff Thu, 29 Jul 2021 23:13:20 +0200
+
neomutt (20201127+dfsg.1-1.1) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru neomutt-20201127+dfsg.1/debian/patches/series
On Tue, Jul 06, 2021 at 10:11:36PM +0200, Sebastian Ramacher wrote:
> Control: tags -1 moreinfo
>
> On 2021-07-06 11:20:10 +0200, Alberto Garcia wrote:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian@packages.debian.org
> > Usertags: unblock
> >
> > Please unbloc
On Sat, Jun 19, 2021 at 09:33:37PM +0200, Sebastian Ramacher wrote:
> Hallo Carsten
>
> On 2021-06-19 09:00:13 +0200, Carsten Schoenert wrote:
> > Hello Kevin, hello Sebastian,
> >
> > thanks for working on this issue in between times, I wasn't able to do
> > anything practically the last days.
>
: CVE-2018-25009, CVE-2018-25010,
CVE-2018-25011
+CVE-2020-36328, CVE-2018-25013, CVE-2018-25014, CVE-2020-36329,
CVE-2020-36330
+CVE-2020-36331, CVE-2020-36332
+
+ -- Moritz Muehlenhoff Sat, 05 Jun 2021 19:35:57 +0200
+
libwebp (0.6.1-2) unstable; urgency=medium
* Fix lintian warning
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
X-Debbugs-Cc: ebo...@apache.org
Please remove jodd from bullseye, it has open security issues and
there are currently no rdeps (it was uploaded for jmeter 3, which
didn't enter the archive yet).
On Fri, Feb 26, 2021 at 07:49:38AM +0100, Matthias Klose wrote:
> On 2/25/21 7:41 PM, Moritz Muehlenhoff wrote:
> > + * CVE-2021-3177
>
> are all the ctypes tests passing with this patch? See #983516.
I'll have a look at Marc' updated patch and revise if needed.
Cheers,
Moritz
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: d...@debian.org
debdiff below fixes three security issues, which don't warrant a DSA by itself.
Update has been tested on a Buster few systems (and verified with the P
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: d...@debian.org
debdiff below fixes two security issues, which don't warrant a DSA by itself.
Update has been tested on a Buster few systems (and verified with the PoC
On Sat, Feb 06, 2021 at 09:26:39PM +0100, Salvatore Bonaccorso wrote:
> Otherwise there will be
> expectation that both php7.4 and php8.0 will be covered by (security)
> support in bullseye if we release with php8.0 included.
Yeah, let's drop 8.0 then.
Cheers,
Moritz
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: po...@debian.org
Low severity security fix, synched up with Emilio on IRC for the upload.
Cheers,
Moritz
diff -Nru cairo-1.16.0/debian/changelog cairo-1.16.0/
On Wed, Nov 18, 2020 at 12:20:37PM +0100, Matthias Klose wrote:
> [removed the Python 2 bits]
>
> On 11/17/20 11:08 PM, Moritz Muehlenhoff wrote:
> > Package: debian-security-support
> > Severity: normal
> > X-Debbugs-Cc: d...@debian.org, t...@security.debian.or
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: mattiadebian.org
This fixes a few low severity security fixes affecting libxml2,
I've tested the package on a buster system with a few rdeps.
Cheers,
Moritz
di
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: ond...@debian.org, sunwea...@debian.org
This fixes a number of security issues in libjpeg,
which don't warrant a DSA. Package has been tested on
a buster system.
Cheer
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: g...@debian.org
A number of security fixes in sqlite, which don't warrant a DSA.
This has been tested on a Buster system (along with validating
included test cases that
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
Please remove sieve-extension in the next Buster point release, it's broken
with Thunderbird 78 (the addon interface has been removed) and has
already removed from unstable.
Cheers,
Mori
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
X-Debbugs-Cc: a...@sigxcpu.org
Please remove nostalgy in the next Buster point release, it's incompatible
with Thunderbird 78 (it has already removed from unstable)
Cheers,
Moritz
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: mo...@debian.org
[ Reason ]
Fixes a memory leak when running Transmission in daemon mode.
[ Tests ]
Have been using the package since a few weeks and the user
who repo
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: a...@debian.org
Low severity bugfix for freecol, which doesn't warrant a DSA.
The (identical) patch has been in unstable for half a year, also
doublechecked by playing
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: p...@debian.org
Low severity fix for Okular, which doesn't warrant a DSA.
I've tested with the reproducerand a number of other PDF
files that everything works as expect
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: guil...@debian.org
Fix for CVE-2020-10188, which doesn' really warrant a DSA.
(The numbering in debian/patches/series is the following
what's in unstable, the same pat
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: fab...@debian.org
Fix for CVE-2020-14983, which doesn't really warrant a DSA.
Debdiff attached.
Cheers,
Moritz
diff -Nru chocolate-doom-3.0.0/debian/changelog
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: jcowg...@debian.org
Attached debdiff fixes a few security issues in milkytracker
which don't warrant a DSA. I've verified all reproducers
and the (identical) patches ha
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: jcris...@debian.org, tjaal...@debian.org
This updates fixes a few security issues in libx11, which don't
warrant a DSA. Debdiff attached.
Cheers,
Moritz
diff -
On Thu, Aug 27, 2020 at 11:31:36AM +0200, Clément Hermann wrote:
> >>> On Wed, Aug 26, 2020 at 12:39:36PM +0200, Clément Hermann wrote:
> >>> > - a way for dak to get the orig tarball from main archive when
> >>> it's not
> >>> > already in the security archive (or at least, as a wo
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
Please remove 0.0~git20160715.0.c6aac99-4 from stable. There are
open security issues, upstream development has stopped and
there are no reverse deps.
Cheers,
Moritz
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
Fixes three minor security issues, debdiff attached.
Cheers,
Moritz
diff -Nru python3.7-3.7.3/debian/changelog python3.7-3.7.3/debian/changelog
--- python3.7-3.7.3/debian/ch
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
Fixes a minor security issue, debdiff below.
Cheers,
Moritz
diff -Nru commons-configuration2-2.2/debian/changelog
commons-configuration2-2.2/debian/changelog
--- commons-c
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
A few non-severe security issues, debdiff below.
Cheers,
Moritz
diff -Nru pillow-5.4.1/debian/changelog pillow-5.4.1/debian/changelog
--- pillow-5.4.1/debian/changelog
+0200
@@ -1,3 +1,9 @@
+transmission (2.94-2+deb10u1) buster; urgency=medium
+
+ * CVE-2018-10756 (Closes: #961461)
+
+ -- Moritz Muehlenhoff Fri, 29 May 2020 00:05:53 +0200
+
transmission (2.94-2) unstable; urgency=medium
[ Ondřej Nový ]
diff -Nru transmission-2.94/debian/patches/CVE-
0.1-2+deb10u1) buster; urgency=medium
+
+ * CVE-2020-11736 (Closes: #956638)
+
+ -- Moritz Muehlenhoff Wed, 08 Jul 2020 20:12:00 +0200
+
file-roller (3.30.1-2) unstable; urgency=medium
* Restore -Wl,-O1 to our LDFLAGS
diff -Nru file-roller-3.30.1/debian/patches/02_CVE-2020-11736.patch
file-r
On Tue, Jul 07, 2020 at 10:56:18PM +0200, Hans van Kranenburg wrote:
> Additional To: t...@security.debian.org
>
> Hi Security team,
>
> After our last security update, which was
> 4.11.3+24-g14b62ab3e5-1~deb10u1, we found out that there is a bugfix to
> be done to help users upgrade from Buster
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
Please remove radare2 from Stretch. There's a number of unfixed security issues
and upstream actively objects it's presence in a stable release: #950372
Cheers,
Moritz
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
See my earlier RM bug for radare2 itself.
Cheers,
Moritz
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
Please remove radare2 from Buster. There's a number of unfixed security issues
and upstream actively objects it's presence in a stable release: #950372
(There's an rdep (radere2-cutter) to be re
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
Attached debdiff fixes a minor security issue in mesa. I've been running
the updated packaged on a Buster workstation over the last days.
Cheers,
Moritz
diff -u mesa-18.3.6
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
Similar to the python2.7 update which landed in Buster 10.2. Debdiff
below. All these are fixed in bullseye/sid (but none had a dedicated
bug)
Cheers,
Moritz
diff -Nru pyth
On Thu, Nov 28, 2019 at 12:03:25PM +, Holger Levsen wrote:
> - for stretch, I will upload to stretch-security and that's it.
Sounds good, I'll take care of releasing that.
Cheers,
Moritz
On Wed, Nov 27, 2019 at 09:43:26AM +0100, Salvatore Bonaccorso wrote:
> Hi Holger,
>
> On Tue, Nov 26, 2019 at 01:03:00PM +, Holger Levsen wrote:
> > On Sun, Nov 24, 2019 at 08:27:40PM +, Adam D. Barratt wrote:
> > > On Sun, 2019-11-24 at 18:42 +, Holger Levsen wrote:
> > > > - or shou
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
(This is a followup update on top of the +deb10u1 already in s-p-u,
I've reached out to Tristan beforehand)
Attached debdiff fixes a memory leak in python-cryptography, which
was no
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
This fixes a number of low severity issues which have popped up since
the initial Buster release. Debdiff below.
Cheers,
Moritz
diff -u python2.7-2.7.16/debian/changelog py
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
Same as for #935458 in Buster, please also remove from Stretch.
Cheers,
Moritz
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
The NSS update below fixes a few non-severe security issues. I've been
running this version with Firefox on Buster (which uses the system
copy of NSS unlike Firefox in Stretch) witho
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
Please remove teeworlds in the 9.10 point release, it has open
security issues, but it's not really worth fixing as the package
from Stretch is now incompatible with current game servers.
Cheers
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
Attached debdiff fixes a number of bugs in sox. These have been in jessie
for a while already (Stretch and Jessie have the same base version as the
package was unmaintained for a wh
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
Hi,
please remove pump in the 10.1 point release. It's unmaintained both in Debian
and upstream and security-buggy. I've gotten in touch with Red Hat (the former
upstream), it was formerly develo
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
This update for OpenSSH fixes a dead lock in AuthorizedKeysCommand (#905226).
The fixed package is running fine on a formerly affected Stretch system
(https://phabricator.wikimedia
On Thu, Jul 04, 2019 at 12:30:24PM +0200, Paul Gevers wrote:
> Hi security-team,
>
> On 08-06-2019 23:45, Thorsten Alteholz wrote:
> > Hi everybody,
> >
> > On Wed, 5 Jun 2019, Paul Gevers wrote:
> >> One other problem is that tools are lacking to schedule binNMUs on the
> >> right packages in an
On Sat, Jun 22, 2019 at 07:52:40PM +0200, Paul Gevers wrote:
> Hi Ximin,
>
> On 22-06-2019 11:57, Ximin Luo wrote:
> > Paul Gevers:
> >> On 21-06-2019 07:38, Ximin Luo wrote:
> >>> rustc 1.34.2 was unblocked in bug #930661 but the bug requestor forgot to
> >>> file
> >>> the corresponding unblock
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
The next Firefox ESR 68 (about to obsolete ESR60 in October) will need rustc
1.34,
while buster currently has 1.32. This is against all freeze policies, but OTOH
only
bumping to 1.34 in th
On Thu, May 30, 2019 at 08:42:42AM +0200, Paul Gevers wrote:
> Control: tags -1 moreinfo
>
> Hi Alberto,
>
> On Sun, 26 May 2019 23:08:03 +0200 Alberto Garcia wrote:
> > Please unblock package webkit2gtk
> >
> > The new upstream stable release contains (among others) fixes
> > for these three s
On Mon, May 27, 2019 at 03:46:44PM +0200, Matthias Klose wrote:
> Control: tag -1 - moreinfo
>
> On 02.05.19 10:30, Julien Cristau wrote:
> > Control: tag -1 moreinfo
> >
> > Hi Matthias,
> >
> > On Mon, Apr 29, 2019 at 06:12:36PM +0200, Matthias Klose wrote:
> >> Package: release.debian.org
> >
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package firefox-esr. It's the latest ESR security release.
unblock firefox-esr/60.7.0esr-1
Cheers,
Moritz
On Wed, May 08, 2019 at 08:45:30AM +0200, Paul Gevers wrote:
> > 2. binNMU without full source upload for security-master.
> >
> >It's still not possible, and I don't know there's any effort to
> >change the dak.
> >
> >But I want to know how security team handles other static linked
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package chromium. It fixes the recent security issues and
we're also following upstream releases in stable.
unblock chromium/74.0.3729.108-1
Cheers,
Moritz
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package wireshark. It fixes the recent security issues by
updating to the latest 2.6.x
(Wireshark in stretch-security also follows upstream releases (as will
buster-security)
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
Fixes three issues in rails, debdiff below. Passes all regressions tests
and a quick functional test.
Cheers,
Moritz
diff -Nru rails-4.2.7.1/debian/changelog rails-4.2.7.1
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
Fixes two minor security issue, debdiff below.
Cheers,
Moritz
diff -Nru audiofile-0.3.6/debian/changelog audiofile-0.3.6/debian/changelog
--- audiofile-0.3.6/debian/change
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package audiofile. It fixes two security issues
and updates the meta data away from Alioth to Salsa.
unblock audiofile/0.3.6-5
Cheers,
Moritz
diff -Nru audiofile-0.
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
Fixes a number of minor issues, same patches are also in unstable for a week.
Cheers,
Moritz
diff -Nru gpac-0.5.2-426-gc5ad4e4+dfsg5/debian/changelog
gpac-0.5.2-426-gc5ad
1 - 100 of 723 matches
Mail list logo