Bug#1056147: midge possibly contains non-DFSG-free examples
Control: tag -1 patch I have now uploaded a possible repackaged .orig.tar.bz2: http://users.am-1.org/~ivan/src/sfn.2xNKGoveuNoRGASEQosuADUES3vYQfQmWVeMuitdtLI.tar.bz2 It was produced with the following shell command (where 39 blocks starting with 180 cover the entirety of midge-0.2.41 /examples/covers/ directory in the Tar file.) $ (zcat | (dd count=180 ; dd count=39 > /dev/null ; dd) | bzip2 -4c) \ < midge_0.2.41.orig.tar.gz > midge_0.2.41+dfsg1.orig.tar.bz2 -- FSF associate member #7257 http://am-1.org/~ivan/
Processed: Re: midge possibly contains non-DFSG-free examples
Processing control commands: > tag -1 patch Bug #1056147 [src:midge] midge possibly contains non-DFSG-free examples Added tag(s) patch. -- 1056147: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056147 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1056251: RM: cpufreqd -- RoQA; orphaned, uses obsolete cpufrequtils
Package: ftp.debian.org Severity: normal User: ftp.debian@packages.debian.org Usertags: remove X-Debbugs-Cc: cpufr...@packages.debian.org Control: affects -1 + src:cpufreqd Dear ftpmasters, please remove cpufreqd. It is orphaned in Debian, had its last maintainer upload over 10 years ago, upstream is dead, and it uses the obsolete cpufrequtils package, which itself should go away soon (#877016). Thanks, Chris
Bug#1056276: E: The repository 'http://ftp.us.debian.org/debian bookworm-security Release' does not have a Release file.
Source: bookworm Version: 1.1.2+git20210715-2 Severity: important X-Debbugs-Cc: q53...@aol.com Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation? * What exactly did you do (or not do) that was effective (or ineffective)? * What was the outcome of this action? * What outcome did you expect instead? *** End of the template - remove these template lines *** This situation has existed since I upgraded to version 12 (bookworm) I have not found any work-around. This situation prevents me from updating or upgrading my computer system. Another issue is that 'grep' does not work. 'libreoffice Calc' does not work. synaptic package manager cannot fix broken packages! E: Unable to correct problems, you have held broken packages. E: Unable to correct dependencies Err:1 http://ftp.us.debian.org/debian bookworm/main amd64 libbatik-java all 1.16+dfsg-1 404 Not Found [IP: 2620:0:861:2:208:80:154:139 80] Err:2 http://ftp.us.debian.org/debian bookworm/main amd64 mariadb-common all 1:10.11.3-1 404 Not Found [IP: 2620:0:861:2:208:80:154:139 80] Err:3 http://ftp.us.debian.org/debian bookworm/main amd64 libmariadb3 amd64 1:10.11.3-1 404 Not Found [IP: 2620:0:861:2:208:80:154:139 80] E: Failed to fetch http://ftp.us.debian.org/debian/pool/main/b/batik/libbatik-java_1.16%2bdfsg-1_all.deb 404 Not Found [IP: 2620:0:861:2:208:80:154:139 80] E: Failed to fetch http://ftp.us.debian.org/debian/pool/main/m/mariadb/mariadb-common_10.11.3-1_all.deb 404 Not Found [IP: 2620:0:861:2:208:80:154:139 80] E: Failed to fetch http://ftp.us.debian.org/debian/pool/main/m/mariadb/libmariadb3_10.11.3-1_amd64.deb 404 Not Found [IP: 2620:0:861:2:208:80:154:139 80] -- System Information: Debian Release: 12.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-12-amd64 (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_FIRMWARE_WORKAROUND Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Bug#1056282: gpac: CVE-2023-47384 CVE-2023-4785 CVE-2023-48011 CVE-2023-48013 CVE-2023-48014 CVE-2023-5998 CVE-2023-46001
Source: gpac X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for gpac. CVE-2023-47384[0]: | MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to | contain a memory leak in the function gf_isom_add_chapter at | /isomedia/isom_write.c. This vulnerability allows attackers to cause | a Denial of Service (DoS) via a crafted MP4 file. https://github.com/gpac/gpac/issues/2672 CVE-2023-4785[1]: | Lack of error handling in the TCP server in Google's gRPC starting | version 1.23 on posix-compatible platforms (ex. Linux) allows an | attacker to cause a denial of service by initiating a significant | number of connections with the server. Note that gRPC C++ Python, | and Ruby are affected, but gRPC Java, and Go are NOT affected. https://github.com/grpc/grpc/pull/33656 https://github.com/grpc/grpc/pull/33667 https://github.com/grpc/grpc/pull/33669 https://github.com/grpc/grpc/pull/33670 https://github.com/grpc/grpc/pull/33672 CVE-2023-48011[2]: | GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a | heap-use-after-free via the flush_ref_samples function at | /gpac/src/isomedia/movie_fragments.c. https://github.com/gpac/gpac/issues/2611 https://github.com/gpac/gpac/commit/c70f49dda4946d6db6aa55588f6a756b76bd84ea CVE-2023-48013[3]: | GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a | double free via the gf_filterpacket_del function at | /gpac/src/filter_core/filter.c. https://github.com/gpac/gpac/issues/2612 https://github.com/gpac/gpac/commit/cd8a95c1efb8f5bfc950b86c2ef77b4c76f6b893 CVE-2023-48014[4]: | GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a | stack overflow via the hevc_parse_vps_extension function at | /media_tools/av_parsers.c. https://github.com/gpac/gpac/issues/2613 https://github.com/gpac/gpac/commit/66abf0887c89c29a484d9e65e70882794e9e3a1b CVE-2023-5998[5]: | Out-of-bounds Read in GitHub repository gpac/gpac prior to | 2.3.0-DEV. https://huntr.com/bounties/ea02a231-b688-422b-a881-ef415bcf6113 https://github.com/gpac/gpac/commit/db74835944548fc3bdf03121b0e012373bdebb3e CVE-2023-46001[6]: | Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV- | rev573-g201320819-master allows a local attacker to cause a denial | of service via the gpac/src/isomedia/isom_read.c:2807:51 function in | gf_isom_get_user_data. https://github.com/gpac/gpac/issues/2629 https://github.com/gpac/gpac/commit/e79b0cf7e72404750630bc01340e999f3940dbc4 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-47384 https://www.cve.org/CVERecord?id=CVE-2023-47384 [1] https://security-tracker.debian.org/tracker/CVE-2023-4785 https://www.cve.org/CVERecord?id=CVE-2023-4785 [2] https://security-tracker.debian.org/tracker/CVE-2023-48011 https://www.cve.org/CVERecord?id=CVE-2023-48011 [3] https://security-tracker.debian.org/tracker/CVE-2023-48013 https://www.cve.org/CVERecord?id=CVE-2023-48013 [4] https://security-tracker.debian.org/tracker/CVE-2023-48014 https://www.cve.org/CVERecord?id=CVE-2023-48014 [5] https://security-tracker.debian.org/tracker/CVE-2023-5998 https://www.cve.org/CVERecord?id=CVE-2023-5998 [6] https://security-tracker.debian.org/tracker/CVE-2023-46001 https://www.cve.org/CVERecord?id=CVE-2023-46001 Please adjust the affected versions in the BTS as needed.
Processed: retitle 1056282 to gpac: CVE-2023-47384 CVE-2023-48011 CVE-2023-48013 CVE-2023-48014 CVE-2023-5998 CVE-2023-46001
Processing commands for cont...@bugs.debian.org: > retitle 1056282 gpac: CVE-2023-47384 CVE-2023-48011 CVE-2023-48013 > CVE-2023-48014 CVE-2023-5998 CVE-2023-46001 Bug #1056282 [src:gpac] gpac: CVE-2023-47384 CVE-2023-4785 CVE-2023-48011 CVE-2023-48013 CVE-2023-48014 CVE-2023-5998 CVE-2023-46001 Changed Bug title to 'gpac: CVE-2023-47384 CVE-2023-48011 CVE-2023-48013 CVE-2023-48014 CVE-2023-5998 CVE-2023-46001' from 'gpac: CVE-2023-47384 CVE-2023-4785 CVE-2023-48011 CVE-2023-48013 CVE-2023-48014 CVE-2023-5998 CVE-2023-46001'. > thanks Stopping processing here. Please contact me if you need assistance. -- 1056282: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056282 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: tagging 1056284, tagging 1056283, tagging 1056282 ...
Processing commands for cont...@bugs.debian.org: > tags 1056284 + upstream Bug #1056284 [src:nss] nss: CVE-2023-5388 Added tag(s) upstream. > tags 1056283 + upstream fixed-upstream Bug #1056283 [src:postgresql-15] postgresql-15: CVE-2023-5868 CVE-2023-5869 CVE-2023-5870 Added tag(s) upstream and fixed-upstream. > tags 1056282 + upstream Bug #1056282 [src:gpac] gpac: CVE-2023-47384 CVE-2023-48011 CVE-2023-48013 CVE-2023-48014 CVE-2023-5998 CVE-2023-46001 Added tag(s) upstream. > # remove CVE which was for grpc > retitle 1056282 gpac: CVE-2023-47384 CVE-2023-48011 CVE-2023-48013 > CVE-2023-48014 CVE-2023-5998 CVE-2023-46001 Bug #1056282 [src:gpac] gpac: CVE-2023-47384 CVE-2023-48011 CVE-2023-48013 CVE-2023-48014 CVE-2023-5998 CVE-2023-46001 Ignoring request to change the title of bug#1056282 to the same title > thanks Stopping processing here. Please contact me if you need assistance. -- 1056282: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056282 1056283: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056283 1056284: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056284 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1052574: geotranz: FTBFS with OpenJDK 21 due to unsupported javac source/target level 7
Dear Maintainers, Would it be possible to consider the attached debdiff as a fix for this issue? Testing done: - build in sid chroot - build in sid chroot with default Java 21 Thank you for considering this patch!!! Best Regards, Vladimir. geotranz_1052574.debdiff Description: Binary data
Bug#1053018: Additional information
Dear Maintainers, Would it be possible to consider a merge request[1] that addresses this issue? Best Regards, Vladimir. [1] https://salsa.debian.org/java-team/closure-compiler/-/merge_requests/2
