Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
[ Reason ]
In preparation for the final buster point release before the transition
to LTS, it would be beneficial for users to update the apache2 package
to address the currently ope
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OSRM,
I have prepared a follow-up update of rustc-mozilla for buster (c.f.
#1001043). This update fixes build failures on i386 and
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OSRM,
To support updates to firefox-esr and thunderbird, I have prepared a
rustc update. Note that the updated source package is ca
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
SRM,
In preparing the rustc 1.51 upload/backport (to support backports of the
latest firefox-esr and thunderbird packages) it has
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hello release managers,
In order to support the update of rustc in buster, which in turn is
needed to support the updates of firefox
type='${content_type|application/x-gzip}'),
+ s3_put(local_file='rpm.tar.gz',
+
remote_file='${project}/${branch_name}/${revision}/${version_id}/${build_id}/${execution}/mongo-c-driver-rpm-packages.tar.gz',
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Dear Release Team,
[ Reason ]
I would like to fix CVE-2020-11022 and CVE-2020-11023. The same fix has
been prepared for stretch an
er. (Closes: #955019)
+
+ -- Roberto C. Sanchez Fri, 10 Apr 2020 20:32:35 -0400
+
php-horde-trean (1.1.7-1) unstable; urgency=medium
* New upstream version 1.1.7
diff -Nru
php-horde-trean-1.1.7/debian/patches/0001-CVE-2020-8865-SECURITY-Fix-Directory-Traversal-Vulerability.patch
php-hord
er. (Closes: #955019)
+
+ -- Roberto C. Sanchez Fri, 10 Apr 2020 20:31:30 -0400
+
php-horde-trean (1.1.9-3) unstable; urgency=medium
* Update Standards-Version to 4.1.4, no change
diff -Nru
php-horde-trean-1.1.9/debian/patches/0001-CVE-2020-8865-SECURITY-Fix-Directory-Traversal-Vulerabili
tained a remote code execution
+vulnerability. An authenticated remote attacker could use this flaw to
+cause execution of uploaded CSV data. (Closes: #951537)
+
+ -- Roberto C. Sanchez Fri, 10 Apr 2020 19:57:00 -0400
+
php-horde-data (2.1.4-5) unstable; urgency=medium
* Update Standards-
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Please find attached a proposed debdiff for php-horde-form. The change
fixes CVE-2020-8866, which the security team has classified
xt of the web server user.
+(Closes: #955020)
+
+ -- Roberto C. Sanchez Tue, 24 Mar 2020 13:55:11 -0400
+
php-horde-form (2.0.18-3.1) unstable; urgency=high
* Non-maintainer upload.
diff -Nru
php-horde-form-2.0.18/debian/patches/0002-SECURITY-Prevent-ability-to-specify-temporary-filena
+
+ * Fix CVE-2020-8518:
+The Horde Application Framework contained a remote code execution
+vulnerability. An authenticated remote attacker could use this flaw to
+cause execution of uploaded CSV data. (Closes: #951537)
+
+ -- Roberto C. Sanchez Fri, 10 Apr 2020 19:58:12 -0400
+
php
.2.13+debian0/debian/changelog 2016-12-18 16:01:07.0
-0500
+++ php-horde-5.2.13+debian0/debian/changelog 2019-12-13 21:10:06.0
-0500
@@ -1,3 +1,9 @@
+php-horde (5.2.13+debian0-1+deb9u1) stretch; urgency=high
+
+ * Fix CVE-2019-12095: Stored XSS vuln in the Horde Cloud Block.
+
+ -
/changelog 2018-10-25 15:08:21.0
-0400
+++ php-horde-5.2.20+debian0/debian/changelog 2019-12-13 21:13:53.0
-0500
@@ -1,3 +1,9 @@
+php-horde (5.2.20+debian0-1+deb10u1) buster; urgency=high
+
+ * Fix CVE-2019-12095: Stored XSS vuln in the Horde Cloud Block.
+
+ -- Roberto C. S
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
My upload of rubyluabridge 0.8.0-2 was a binary upload built on amd64.
This is because the package is maintained with mercurial-buildpackage
a
27;5.2.3.1'
+VERSION => '5.2.3.2'
};
my %params;
diff --git a/debian/changelog b/debian/changelog
index 89e1be53..321304ed 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+shorewall (5.2.3.2-1) unstable; urgency=medium
+
+ * New Upstream Versio
overly restrictive in counting PNG image chunks.
+ * CVE-2018-16336: remote denial of service (heap-based buffer over-read) via
+a crafted image file.
+
+ -- Roberto C. Sanchez Sat, 20 Oct 2018 22:43:10 -0400
+
exiv2 (0.25-3.1+deb9u1) stretch-security; urgency=high
* Non-maintainer
y=medium
+
+ * New Upstream Version
+
+ -- Roberto C. Sanchez Mon, 03 Apr 2017 11:03:18 -0400
+
shorewall-core (5.0.15.2-1) unstable; urgency=medium
* New Upstream Version
diff -Nru shorewall-core-5.0.15.2/install.sh shorewall-core-5.0.15.6/install.sh
--- shorewall-core-5.0.15.2/install.sh
3 23:47:17.0 -0400
@@ -1,3 +1,9 @@
+cpuset (1.5.6-4+deb8u1) jessie; urgency=high
+
+ * Update filesystem namespace prefix patch (Closes: #796893)
+
+ -- Roberto C. Sanchez Tue, 13 Oct 2015 23:46:35 -0400
+
cpuset (1.5.6-4) unstable; urgency=low
* Update Standards-Version to 3.9.5 (n
0 -0500
@@ -1,3 +1,9 @@
+shorewall (4.6.4.3-2) unstable; urgency=low
+
+ * Depend upon perl instead of perl-modules (Closes: #779119)
+
+ -- Roberto C. Sanchez Sat, 28 Feb 2015 17:07:05 -0500
+
shorewall (4.6.4.3-1) unstable; urgency=low
* New Upstream Version
diff -Nru shorewall-4.
nstable; urgency=low
+
+ * Fix init script so that start/stop works in the default configuration
+(Closes: #771754)
+
+ -- Roberto C. Sanchez Mon, 01 Dec 2014 21:46:54 -0500
+
shorewall-init (4.6.4.3-1) unstable; urgency=low
* New Upstream Version
diff -Nru shorewall-init-4.
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
nmu mumps_4.10.0.dfsg-3 . s390x . -m "Binary-only non-maintainer upload for
s390x; no source changes."
I am not 100% certain on this, but I
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Affected packages:
(unstable)roberto@miami:~$ apt-cache rdepends libsasl2-2
libsasl2-2
Reverse Depends:
znc
ziproxy
subversion
li
-0400
@@ -1,3 +1,9 @@
+shorewall (4.5.5.3-3) unstable; urgency=low
+
+ * Correct deficient behavior in handling of DNAT and SNAT packets
+
+ -- Roberto C. Sanchez Sat, 20 Oct 2012 21:36:27 -0400
+
shorewall (4.5.5.3-2) unstable; urgency=low
* Update README.Debian to identify correct lo
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Please unblock packages shorewall, shorewall6, shorewall-core
Pre-approval has already been given (c.f., Message IDs
<20120915192857.ga7...
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Please unblock package shorewall
New upstream point release
c.f. http://lists.debian.org/debian-release/2012/07/msg00093.html
unblock shore
-sasl2-mit-dbg.dirs:
+ - create /usr/lib/debug/usr/lib/sasl2/.
++ debian/rules:
+ - mv MIT libgssapiv2.so.2.0.23 into cyrus-sasl2-mit-dbg.
+
+ [ Roberto C. Sanchez ]
+ * Thanks to Luca Capello for providing the patch.
+
+ -- Roberto C. Sanchez Sat, 18 Dec 2010 11:14:59 -0500
+
c
to correct nested macro call.
+
+ -- Roberto C. Sanchez Sun, 28 Nov 2010 21:34:05 -0500
+
shorewall (4.4.11.6-2) unstable; urgency=low
* Incorporate patch from upstream: "Fix 10+ TC Interfaces."
diff -Nru shorewall-4.4.11.6/debian/patches/02_macro_JAP.patch shorewall-4.4
Package: release.debian.org
Severity: normal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I have uploaded the new upstream release of luabind (0.9.1+dfsg-2). If
this could be unblocked, it would be good. However, if that is not
possible, please feel free to close this bug with no action.
A
Package: release.debian.org
Severity: normal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I have uploaded the new upstream release of luabind (0.9.1+dfsg-1). If
this could be unblocked, it would be good. However, if that is not
possible, please feel free to close this bug with no action.
A
Package: release.debian.org
Severity: normal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This request is for unblocking of a new upstream release of the
following Shorewall project packages:
shorewall/4.4.11.4-1
shorewall6/4.4.11.4-1
shorewall-lite/4.4.11.4-1
shorewall6-lite/4.4.11.4-1
shorewa
Package: release.debian.org
Severity: normal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The shorewall and shorewall6 packages are stuck and in need of manual
hinting.
Regards,
- -Roberto
- -- System Information:
Debian Release: 5.0.4
APT prefers stable
APT policy: (500, 'stable')
Archit
Package: release.debian.org
Severity: normal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The shorewall and shorewall6 packages require manual hinting in order to
propogate. Please provide the hint.
Regards,
- -Roberto
- -- System Information:
Debian Release: 5.0.4
APT prefers stable
APT
Package: release.debian.org
Severity: normal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The shorewall and shorewall6 packages require manual hinting in order to
enter testing. Please allow them to migrate.
Regards,
- -Roberto
- -- System Information:
Debian Release: 5.0.4
APT prefers sta
This did not seem to get any attention on debian-devel, so I am cross
posting to debian-release. I would really be interested to know if
others think that the binNMU approach suggested by Matthias is
acceptable and/or viable.
Regards,
-Roberto
Roberto C. Sanchez wrote:
> Matthias Klose wr
Package: release.debian.org
Severity: normal
The shorewall and shorewall6 packages require manual hinting to move to
testing. Please hint.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
signature.asc
Description: OpenPGP digital signatur
Package: release.debian.org
Severity: minor
It appears that both shorewall and shorewall6 are stuck and require
manual hinting for testing propagation. Please hint them.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
signature.asc
Descri
Package: release.debian.org
Severity: normal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
It looks like shorewall and shorewall6 are in need of some manual
hinting. Please ensure their propagation into testing.
Regards,
- -Roberto
- -- System Information:
Debian Release: 5.0.3
APT prefers
Package: release.debian.org
Severity: normal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The libalien-wxwidgets-perl package Build-Depends on
'libextutils-cbuilder-perl (>= 0.24)' and it appears to have caused the
recent build failures. The libextutils-cbuilder-perl package is now
provided vi
is my last mail. Just do it the way you like.
>
Well, on kidding. Where on their page does it say that want to
sacrifice stability in favor of timliness. It doesn't. Their whole
objective was to accelerate the release process so that it would happen
"on time" *without* sacrificing the desired stability.
Regards,
-Roberto
--
Roberto C. Sanchez
http://people.connexer.com/~roberto
http://www.connexer.com
signature.asc
Description: Digital signature
Debian team while the recent event made
> some developpers quit the project, and others slow down their work? Maybe it's
> time to start asking yourself what's wrong, uh?
>
What recent event? That had nothing to do with the timeline versus
"when it's ready" debate
ks
for setting me straight.
Regards,
-Roberto
--
Roberto C. Sanchez
http://people.connexer.com/~roberto
http://www.connexer.com
signature.asc
Description: Digital signature
built by the kernel team.
>
> Well it looks right to me since it would allow the user to install the
> module without the linux-image on a domU, for example. Am I missing
> something?
>
Yes. This prevents users who install a kernel with 'make menuconfig &&
make &
a new upload tomorrow.
Should I go ahead and upload now or wait until after the Etch release?
Regards,
-Roberto
--
Roberto C. Sanchez
http://people.connexer.com/~roberto
http://www.connexer.com
signature.asc
Description: Digital signature
-java.
>
> Unblocked, with some hesitation.
>
That is awesome. One of my biggest annoyances is I have is keeping
Eclipse updated with its convoluted update mechanism across several
machines.
Regards,
-Roberto
--
Roberto C. Sanchez
http://people.connexer.com/~roberto
http://ww
her 2-3 years?
I'm sure that there are other examples.
Regards,
-Roberto
--
Roberto C. Sanchez
http://people.connexer.com/~roberto
http://www.connexer.com
signature.asc
Description: Digital signature
st archives and find the exact message if you
like.
Regards,
-Roberto
--
Roberto C. Sanchez
http://people.connexer.com/~roberto
http://www.connexer.com
signature.asc
Description: Digital signature
On Sun, Dec 24, 2006 at 10:48:52AM +0100, Andreas Barth wrote:
> * Roberto C. Sanchez ([EMAIL PROTECTED]) [061224 02:10]:
> > A Google search for "debian upgrade reports" (no quotes) returns a page
> > [0] that is out of date since it is a template for a woody -> sarg
st).
Regards,
-Roberto
[0] http://release.debian.org/upgrade-report.html
--
Roberto C. Sanchez
http://people.connexer.com/~roberto
http://www.connexer.com
signature.asc
Description: Digital signature
/sysklogd_1.4.1-20/changelog
--
Roberto C. Sanchez
http://people.connexer.com/~roberto
http://www.connexer.com
signature.asc
Description: Digital signature
+1 to the
Debian version of Etch's libc6? That way at the first security update
to libc6 or the release of Lenny (whichever comes first) the package
will be forcibly removed anyway. Another possibility would be to have
it depend on exactly the version of libc6 Etch releases with.
Regards,
nary package need to just be a dummy package which
depends upon libsasl2-modules-gssapi-mit?
Regards,
-Roberto
--
Roberto C. Sanchez
http://people.connexer.com/~roberto
http://www.connexer.com
signature.asc
Description: Digital signature
On Tue, Dec 12, 2006 at 12:02:37PM +0100, Andreas Barth wrote:
> * Roberto C. Sanchez ([EMAIL PROTECTED]) [061211 18:04]:
> > Please hint sword-text-kjv (2.3-1) and sword-text-sparv (1.1-1) into
> > Etch. Both have been in for 5 days and neither had any open bugs.
> > (Th
t
> thing will happen if someone manually installs
> libsasl2-modules-gssapi-mit, which isn't the same thing.
>
>
OK. Makes sense now. Thanks for the explanation.
Regards,
-Roberto
--
Roberto C. Sanchez
http://people.connexer.com/~roberto
http://www.connexer.com
signature.asc
Description: Digital signature
sl2 packages are
linked against MIT Kerberos. In fact, the new
libsasl2-modules-gssapi-mit package replaces and conflicts with the one
produced by cyrus-sasl2-mit. Thus, the upgrade path has already been
planned and implemented.
Regards,
-Roberto
--
Roberto C. Sanchez
http://people.connexer.c
Please hint sword-text-kjv (2.3-1) and sword-text-sparv (1.1-1) into
Etch. Both have been in for 5 days and neither had any open bugs.
(They would have been in sooner, but I had trouble finding a sponsor for
the upload).
Regards,
-Roberto
--
Roberto C. Sanchez
http://people.connexer.com
tch.
I will file a removal bug soon.
Regards,
-Roberto
--
Roberto C. Sanchez
http://people.connexer.com/~roberto
http://www.connexer.com
signature.asc
Description: Digital signature
ever is.
>
I don't understand. cyrus-sasl2-mit is still in Etch. If I do not
file an RC bug against it, how will it be removed?
Regards,
-Roberto
--
Roberto C. Sanchez
http://people.connexer.com/~roberto
http://www.connexer.com
signature.asc
Description: Digital signature
after Etch is released)
If these seem OK, can I go ahead with them?
Regards,
-Roberto
--
Roberto C. Sanchez
http://people.connexer.com/~roberto
http://www.connexer.com
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
ak on sarge->etch upgrade.
>
> (latest bug activity: 25. November)
>
> Sorry to be unable to help.
>
Check the report with which it was merged (#398534). There is a much
lengthier discussion there.
Regards,
-Roberto
--
Roberto C. Sanchez
http://people.connexer.com/~robe
AIL PROTECTED]>
----- End forwarded message -
--
Roberto C. Sanchez
http://people.connexer.com/~roberto
http://www.connexer.com
signature.asc
Description: Digital signature
upstream for over a year, I think it is not right to lead the users on.
I would recommend to remove the package entirely and then include
something in the release notes mentioning possible alternatives.
Regards,
-Roberto
--
Roberto C. Sanchez
http://people.connexer.com/~roberto
http://www.
Is rc-buggy: http://bugs.debian.org/397032
>
> Thus, I believe it should be removed from etch.
>
> Please cc: I'm not subscribed.
>
Given those criteria, I would think the better course of action would be
to remove it altogether.
Regards,
-Roberto
--
Roberto C. Sanchez
ht
istributing
> sourceless GPLed works is not clear of legal liability. Doing
> otherwise may put ourselves and our mirror operators in peril.
>
So what? Distributing GPL works *with* sources is also not clear of
legal liability.
Regards,
-Roberto
--
Roberto C. Sanchez
http://p
does not hurt anything if they are still in there.
Regards,
-Roberto
--
Roberto C. Sanchez
http://people.connexer.com/~roberto
http://www.connexer.com
signature.asc
Description: Digital signature
Nathanael Nerode wrote:
> "Debatable" ones removed from list.
>
> # 364264
> remove directvnc/0.7.5-7.1
I sent Ola a patch for this one and he uploaded it on Sunday.
-Roberto
--
Roberto C. Sanchez
http://familiasanchez.net/~roberto
signature.asc
Description: OpenPGP digital signature
bees and the project
would likely not have as many people going through the process of
becoming DDs.
Caveats: IANAL, YMMV, IMHPTPCOOFMRE (I may have pulled the preceding
completely out of my rear end)
-Roberto
--
Roberto C. Sanchez
http://familiasanchez.net/~roberto
--
To UNSUBSCRIBE, email
On Tue, Aug 30, 2005 at 10:16:27PM -0700, Greg KH wrote:
> On Tue, Aug 30, 2005 at 08:23:02PM -0400, Roberto C. Sanchez wrote:
> > >
> > I also don't understand why the gcc version is an issue. I mean, you
> > can compile a library with one version of gcc and li
the past by staying
on the bleeding edge. I know that I am only one data point, but I am
sure that I am not the only one.
> Option a) doesn't seem particularly sensible to me, btw, because the
> "risk" is near certain...
>
Incidentally, is it possible to
irst upgrading the
kernel and risk breakage; or b) upgrade the kernel twice. Once before
and once after. I suppose that it is possible to build the new kernel
inside of a chroot (or sbuild or pbuilder) if kernel-package is being
used.
I am simply pointing out that there is a potential issu
default version of gcc that is in Etch.
However, if you have to compile your own kernel, do you upgrade kernel,
dist-upgrade and then recompile with the new gcc?
-Roberto
--
Roberto C. Sanchez
http://familiasanchez.net/~roberto
pgpW7pc9GFg2D.pgp
Description: PGP signature
is necessary to get the
package into Sarge. If this is sufficient, I can have a new package
done and uploaded (by my sponsor) by tomorrow.
Comments would be appreciated.
-Roberto
[0] http://lists.debian.org/debian-legal/2005/07/msg00040.html
[1] http://packages.debian.org/httperf
--
Robe
d" to upgrade until 12 months after
whatever day the next release ships.
-Roberto
--
Roberto C. Sanchez
http://familiasanchez.net/~sanchezr
pgptmqgMf9DR1.pgp
Description: PGP signature
fixed a number of security vulnerabilities,
yet were uploaded with urgency low. Why is that? Should those security
fixes not go into Sarge?
-Roberto
--
Roberto C. Sanchez
http://familiasanchez.net/~sanchezr
pgpc6bSoYNaPc.pgp
Description: PGP signature
ion 2.1.1 about 'volatile' as a source of updated
packages for software like virus scanners etc. which depend on information
that easily becomes outdated.
===
greetings
-- vbi
-Roberto
--
Roberto C. Sanchez
http://familiasanchez.net/~sanchezr
--
To UNSUBSCRIBE, email to [EMAIL
rge and ask for removal from etch if nobody takes over the package.
>
I was unaware of this. I guess I should have checked its popcon rank :)
Personally, I have used both and found the new gnome-terminal to be
generally superior. But I guess OPMMV (other people's mileage may vary)
and they m
nctionally superseded by gnome-terminal GNOME 2+
* Has outstanding bugs that 3+ years old
-Roberto
[0] http://bugs.debian.org/multi-gnome-terminal
--
Roberto C. Sanchez
http://familiasanchez.net/~sanchezr
signature.asc
Description: OpenPGP digital signature
=303477
--
Roberto C. Sanchez
http://familiasanchez.net/~sanchezr
signature.asc
Description: OpenPGP digital signature
Christian Hammers wrote:
> Hello
>
> [1st issue - dpkg symlink bug workaround]
>
> On 2005-05-18 Roberto C. Sanchez wrote:
>
>>Quoting sean finney <[EMAIL PROTECTED]>:
>>
>>
>>>so at this point, we're not sure what to do to cover this
east ensure that people are not left with
only empty directories and a non-function DB.
-Roberto
--
Roberto C. Sanchez
http://familiasanchez.net/~sanchezr
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
ever, please contact
[EMAIL PROTECTED] We'll be happy to put you to work.
-
I'd like to volunteer to help.
-Roberto
--
Roberto C. Sanchez
http://familiasanchez.net/~sanchezr
signature.asc
Description: OpenPGP digital signature
82 matches
Mail list logo