Bug#1059386: sendmail: CVE-2023-51765
Source: sendmail Version: 8.17.2-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for sendmail. CVE-2023-51765[0]: | sendmail through at least 8.14.7 allows SMTP smuggling in certain | configurations. Remote attackers can use a published exploitation | technique to inject e-mail messages that appear to originate from | the sendmail server, allowing bypass of an SPF protection mechanism. | This occurs because sendmail supports . but some other | popular e-mail servers do not. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-51765 https://www.cve.org/CVERecord?id=CVE-2023-51765 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
Bug#1059392: eboard FTCBFS: builds for the build architecture
Source: eboard Version: 1.1.3-2 Tags: patch User: debian-cr...@lists.debian.org Usertags: ftcbfs eboard fails to cross build from source, because it uses the build architecture compiler as a make default. Consider applying the attached patch to let dpkg's buildtools.mk initialize CC correctly for cross compilation. Helmut diff --minimal -Nru eboard-1.1.3/debian/changelog eboard-1.1.3/debian/changelog --- eboard-1.1.3/debian/changelog 2023-09-04 20:21:10.0 +0200 +++ eboard-1.1.3/debian/changelog 2023-12-22 11:19:12.0 +0100 @@ -1,3 +1,9 @@ +eboard (1.1.3-3) UNRELEASED; urgency=medium + + * Fix FTCBFS: Let dpkg's buildtools.mk initialize CC. (Closes: #-1) + + -- Helmut Grohne Fri, 22 Dec 2023 11:19:12 +0100 + eboard (1.1.3-2) unstable; urgency=medium * QA upload. diff --minimal -Nru eboard-1.1.3/debian/rules eboard-1.1.3/debian/rules --- eboard-1.1.3/debian/rules 2023-09-04 20:21:10.0 +0200 +++ eboard-1.1.3/debian/rules 2023-12-22 11:19:12.0 +0100 @@ -2,6 +2,7 @@ export DEB_BUILD_MAINT_OPTIONS = hardening=+all +-include /usr/share/dpkg/buildtools.mk include /usr/share/dpkg/buildflags.mk %:
Processing of bandwidthd_2.0.1+cvs20090917-16_source.changes
bandwidthd_2.0.1+cvs20090917-16_source.changes uploaded successfully to localhost along with the files: bandwidthd_2.0.1+cvs20090917-16.dsc bandwidthd_2.0.1+cvs20090917-16.debian.tar.xz bandwidthd_2.0.1+cvs20090917-16_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
bandwidthd_2.0.1+cvs20090917-16_source.changes ACCEPTED into unstable
Thank you for your contribution to Debian. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 24 Dec 2023 15:43:13 +0100 Source: bandwidthd Architecture: source Version: 2.0.1+cvs20090917-16 Distribution: unstable Urgency: medium Maintainer: Debian QA Group Changed-By: Pino Toscano Changes: bandwidthd (2.0.1+cvs20090917-16) unstable; urgency=medium . * QA upload. * Set Rules-Requires-Root to binary-targets, since file ownership/permissions are being set during install. Checksums-Sha1: 33cd87fcb27e601f40010c6ec2af820b7ecc1de6 1967 bandwidthd_2.0.1+cvs20090917-16.dsc c3ae8af872ff7bbd4628e44de122a4044025d66d 47968 bandwidthd_2.0.1+cvs20090917-16.debian.tar.xz f4a7ada5bcf57af87ac7b44c56dcba86ba26f258 6596 bandwidthd_2.0.1+cvs20090917-16_source.buildinfo Checksums-Sha256: 87a7930c56a2ac517aa82fb911d5d132d832d46870d8b211f20acc5baf29aa37 1967 bandwidthd_2.0.1+cvs20090917-16.dsc a05d392391a2d19af4a085259285f7b42200fa597e787bf0533db17855d1a932 47968 bandwidthd_2.0.1+cvs20090917-16.debian.tar.xz c4b19d3dfd8d3abac30a529b3bff5799bfdab6f75fe020c1f0485b191d36cfdb 6596 bandwidthd_2.0.1+cvs20090917-16_source.buildinfo Files: 09380694671e631e3f3d6eda7eb5bd06 1967 net optional bandwidthd_2.0.1+cvs20090917-16.dsc cb1f775c2c608b8332861169f65eb956 47968 net optional bandwidthd_2.0.1+cvs20090917-16.debian.tar.xz abb0ccad548b58b3dd8f5d276d5892d3 6596 net optional bandwidthd_2.0.1+cvs20090917-16_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEXyqfuC+mweEHcAcHLRkciEOxP00FAmWIQ6cACgkQLRkciEOx P02CVhAArGehlGSiVSbxETonapwz87J9tSG3OrKq8HxDDHPTzEJCC0aq99R1tlET rf9woEWQckAYYu6QMj8Csy6B42uOiik5UoWx17DjEXohSciJ43715E+iRN1Ej6t0 D92K7c2tSK3qzUwQsuVmtLTyVvyyfsWCKGLepMg+Yg42WC9nA1URJBIMem/IbJ4t q1v+E/2tNt8MOJaCy13rr58zBexS3dqATtLhO3qcxGCd1ISaMW9LUylYoWSaD0Gj RF/T0B0M90gzdXPrh0iW8+TS3oJkhSzt6cwFEdLs1zUTcnX6PQ6INEPdKv8JyRuT yD5G4d+5K/w8KatvWcxTnu9io7yH6v4Ba2kReDcwPSrPMYoreIpkdyZ6BrnfjrAq Pc+0fy7dvHrRs8sL0gHeitf7zX1sEfAmlQjr1Yr1JXMQ0OL0iqHuDSIogp5h3Awj FA8rJSkJnIuRIJi0uD3PtbNqhZCqnm1nvfhz1Dn+SFrbX6UdM5URBy/fOQHxT6WO Qrk/IUUNOr0dnQjqEtBMCddDn59W9rlmraiKDrdM/mttePwNl1v9OaI6Ycxqt77O 23EMoI46EuXN54JKrnT8WKpBlcrhLZ4/WntWFmsuyec3As0wWoxDFeFMAH0jc5C1 AAr26OGGV7frBdCufu8iWueOXzZO7aUWDCPAeAKyd0uSYIbVqR8= =FqE/ -END PGP SIGNATURE-
Processing of pyrandom2_1.0.2-1_source.changes
pyrandom2_1.0.2-1_source.changes uploaded successfully to localhost along with the files: pyrandom2_1.0.2-1.dsc pyrandom2_1.0.2.orig.tar.gz pyrandom2_1.0.2-1.debian.tar.xz pyrandom2_1.0.2-1_amd64.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
pyrandom2_1.0.2-1_source.changes ACCEPTED into unstable
Thank you for your contribution to Debian. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 24 Dec 2023 10:29:19 -0500 Source: pyrandom2 Architecture: source Version: 1.0.2-1 Distribution: unstable Urgency: medium Maintainer: Debian QA Group Changed-By: Boyuan Yang Changes: pyrandom2 (1.0.2-1) unstable; urgency=medium . * QA upload. * New upstream release. * Orphan the package. (See #1050249) * Refresh packaging: + Use debhelper compat v13. + Use Standards-Version 4.6.2. Checksums-Sha1: f18b37ce970d06ce14d46093b09a31638749866f 1937 pyrandom2_1.0.2-1.dsc cd4678882eae470af9305e71d32fda3c196680b1 17776 pyrandom2_1.0.2.orig.tar.gz 16d1363b78ce1606798097afbaf6ded153512050 4480 pyrandom2_1.0.2-1.debian.tar.xz f2431fd73c4046e3eb4d4389d2914648393c3ed4 6770 pyrandom2_1.0.2-1_amd64.buildinfo Checksums-Sha256: 3ffcbe974e199c9055f637f55ce1f1249154f296322d333d3f6c1b97a54ab862 1937 pyrandom2_1.0.2-1.dsc e63d92cfcbbe2f1dca064504e75f9e5e0f27f84867ec7fc7070cd71ca5d53fcd 17776 pyrandom2_1.0.2.orig.tar.gz 8c4dabb8efe164eb3601f2de43397c9fb3be75f43a47e17b32b6ff2a9f7a6ac1 4480 pyrandom2_1.0.2-1.debian.tar.xz 3bb49133d75d0c09ca3df3ae6660bae3d7c025ea4e86803a2ee7c931f5ed 6770 pyrandom2_1.0.2-1_amd64.buildinfo Files: e73e17c4648b233a17b72045eae15efc 1937 python optional pyrandom2_1.0.2-1.dsc 920128d6d09b7762de54efce542d4b2c 17776 python optional pyrandom2_1.0.2.orig.tar.gz d18d7a838b54edf2c72afef5cafdb94b 4480 python optional pyrandom2_1.0.2-1.debian.tar.xz 94d6071063df7d71a99eb3cbbaa4fb5b 6770 python optional pyrandom2_1.0.2-1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEfncpR22H1vEdkazLwpPntGGCWs4FAmWIT9wACgkQwpPntGGC Ws5zgQ/+NJqASgZTzK7w95y4U5aLsjSarsHtCwA76NA/+EY9T8iGG8B/t71rE11i 9jj1sR+358Qln1m8fgEzfnZDPMf1nmSx/jmOCUrxgqMcPNhMKd8cwhgDb26xlnhl 19AvYSNMuekrbIoqINdtgkDN2fgA77J+wNg+/ZI5vtZ8jBQTTeQ0zgtmmGEx5a+V TWjHVCA36N501pSOafu2C9oDXhXGScdoJnTH9eIfNWQylC/YzBJ7dw8QiKZl/SVX NrKRA8WnaGKEpiOsNv+9OI5QqlZDtUnvU2bZQtYHVasUK2P6LaekxCw4H6LrAKG6 pn7ToAy+9rC8tBJko0SbAdiV4GJi4JKgjs7swtXyf5o94DyR2GdLL3XDVchY0SrM geNfFr9WBpDZPqmV9iEChorQSZ+keqeiQiwEBO/BIOPWNeGWbeOxBmySSz9mtWom kmTPDfG8HSCJFAgD5vtX3TJZO/nlCWwPVSLgsNRAM5UlPqlaQcjQk370BYoGJQAO XxAPoaR4S/sOM4X6RnuwKFam6MRKjcl3snFdRjQlEZa6uJNjvwiYB7Xydv5iluMs VQrEe3kBbKN9U2MPDhyOJZLOe8+O7wD3/VV+1IUHZ7nW7ts/rvaZtcpLsD/Fy4Sh s4LMr3zH7hYJ9aI1eluHf+QfLwWTbqhhhODOaKFK5PwgvilwdCM= =iZ8F -END PGP SIGNATURE-
Bug#924202: marked as done (pmacct: broken symlink: /usr/share/pmacct/examples -> ../../lib/pmacct/examples)
Your message dated Sun, 24 Dec 2023 17:36:24 + with message-id and subject line Bug#924202: fixed in pmacct 1.7.8-1 has caused the Debian Bug report #924202, regarding pmacct: broken symlink: /usr/share/pmacct/examples -> ../../lib/pmacct/examples to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 924202: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924202 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: pmacct Version: 1.7.2-3 Severity: normal User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package ships (or creates) a broken symlink. >From the attached log (scroll to the bottom...): 0m24.7s ERROR: FAIL: Broken symlinks: /usr/share/pmacct/examples -> ../../lib/pmacct/examples (pmacct) The package ships the examples under /usr/lib/x86_64-linux-gnu/pmacct/examples/ instead. cheers, Andreas pmacct_1.7.2-3.log.gz Description: application/gzip --- End Message --- --- Begin Message --- Source: pmacct Source-Version: 1.7.8-1 Done: Boyuan Yang We believe that the bug you reported is fixed in the latest version of pmacct, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 924...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Boyuan Yang (supplier of updated pmacct package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 24 Dec 2023 12:09:05 -0500 Source: pmacct Architecture: source Version: 1.7.8-1 Distribution: unstable Urgency: medium Maintainer: Debian QA Group Changed-By: Boyuan Yang Closes: 924202 Changes: pmacct (1.7.8-1) unstable; urgency=medium . * QA upload. * New upstream release. * debian/control: + Enable ebpf support [linux-any]. + Re-enable avro and ndpi support. + Bump Standards-Version to 4.6.2. + Drop build-dependency on autotools-dev (lintian). + Avoid direct dependency on lsb-base (lintian: use sysvinit-utils). * debian/pmacct.links: Correctly link examples directory in multiarch location. (Closes: #924202) * debian/rules: Merge duplicated and overridden dh_installsystemd invocation that was accidentally introduced by Debian Janitor. * debian/rules: Avoid manually setting DEB_HOST_ARCH_OS variable. Use /usr/share/dpkg/architecture.mk instead. * debian/pmacct.maintscript: Added to replace scattered manual dpkg-maintscript-helper invocation (lintian). Checksums-Sha1: f24942d12e39811c440f9b8e52fa04ae707972b5 2096 pmacct_1.7.8-1.dsc 3e0e77d5bef95f645ac5a6601962221c600abd6b 2175335 pmacct_1.7.8.orig.tar.gz 03e63bb2bc8cf8c34ed3bc428661d0345da60923 13288 pmacct_1.7.8-1.debian.tar.xz 3a593c51cd8f3db9263af51c6c3a5804797a59d2 8492 pmacct_1.7.8-1_amd64.buildinfo Checksums-Sha256: 85ea8eaa87d471f741ed489ec9cf0176963b72b8414024f6c550c309f0f90228 2096 pmacct_1.7.8-1.dsc 4df50a3c6c7bdace3345bbf3bd4f6fa7a6722ec1fb45dfd266ad956b327da98a 2175335 pmacct_1.7.8.orig.tar.gz 69bf8bb591b14e00c8c205457c1dc3d7e9b0edbc52ee00876fa45412b5f330a5 13288 pmacct_1.7.8-1.debian.tar.xz d827b5be2edfdb87583eb68996d1663318f54212a621ec8ebfd9b51c53f58e84 8492 pmacct_1.7.8-1_amd64.buildinfo Files: 6e7d74ea6ba53498a56a16f1b7d5f332 2096 net optional pmacct_1.7.8-1.dsc 35a1de30d9f089bf260b9704ab383666 2175335 net optional pmacct_1.7.8.orig.tar.gz 2a8c4c4d835fddf30d04f809e06d70da 13288 net optional pmacct_1.7.8-1.debian.tar.xz 41640c1cee7d530a2fd689d934c2c0d8 8492 net optional pmacct_1.7.8-1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEfncpR22H1vEdkazLwpPntGGCWs4FAmWIZ0UACgkQwpPntGGC Ws4MzA//d9Psg1EfBljmpmJ+MJZaato4FshvY9CL4+BSUjYElGPE75aBnZds+stF CYxtpNXQ541jBhATvQow2GSD2i70YMKgAn0AcukVjx9rWsDJAHDb7cqkTVldAuIP jvxRsC6JMXr81Eo0OqD5H5qyRAFhg5AklXMW4ywKa86fvN9Jxj4af4rjcpGGn1TK vA/fD0wo1QTeXuDH2KwoXuimxHWKBIi4A4Oem0zOdd2RjtAQ1+qYTi+umpkLkTD7 uOh8Vc6a9Hfh+xO9i7CH3MyTLz+bVV7yFYd+J+O5V0KkUX/TILlPquYtUwgMXqW7 lNbpGdkFyUBJrDyfSXlJ6ca7Z/zvmzFTmXwGsYxtn52jhDu2u4IHDsqbm1W4NxK3 idEGHRRnt0uLCO/Ve+pff82e7OxJYhgiu2w2YNxq6mt+NclW2B+B6FmwpHubbaNO NEE9uruDWMNVtjpTI8LGiWHZ3tiCEDcGbpKpX5AwKgFApN640X25nBPbVxj61jpo 9twRih9ysRamBKAUNu7wUpJx6g1lF7SZ9pc8dkCRlE7CQV1fZL7v
Processing of pmacct_1.7.8-1_source.changes
pmacct_1.7.8-1_source.changes uploaded successfully to localhost along with the files: pmacct_1.7.8-1.dsc pmacct_1.7.8.orig.tar.gz pmacct_1.7.8-1.debian.tar.xz pmacct_1.7.8-1_amd64.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
pmacct_1.7.8-1_source.changes ACCEPTED into unstable
Thank you for your contribution to Debian. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 24 Dec 2023 12:09:05 -0500 Source: pmacct Architecture: source Version: 1.7.8-1 Distribution: unstable Urgency: medium Maintainer: Debian QA Group Changed-By: Boyuan Yang Closes: 924202 Changes: pmacct (1.7.8-1) unstable; urgency=medium . * QA upload. * New upstream release. * debian/control: + Enable ebpf support [linux-any]. + Re-enable avro and ndpi support. + Bump Standards-Version to 4.6.2. + Drop build-dependency on autotools-dev (lintian). + Avoid direct dependency on lsb-base (lintian: use sysvinit-utils). * debian/pmacct.links: Correctly link examples directory in multiarch location. (Closes: #924202) * debian/rules: Merge duplicated and overridden dh_installsystemd invocation that was accidentally introduced by Debian Janitor. * debian/rules: Avoid manually setting DEB_HOST_ARCH_OS variable. Use /usr/share/dpkg/architecture.mk instead. * debian/pmacct.maintscript: Added to replace scattered manual dpkg-maintscript-helper invocation (lintian). Checksums-Sha1: f24942d12e39811c440f9b8e52fa04ae707972b5 2096 pmacct_1.7.8-1.dsc 3e0e77d5bef95f645ac5a6601962221c600abd6b 2175335 pmacct_1.7.8.orig.tar.gz 03e63bb2bc8cf8c34ed3bc428661d0345da60923 13288 pmacct_1.7.8-1.debian.tar.xz 3a593c51cd8f3db9263af51c6c3a5804797a59d2 8492 pmacct_1.7.8-1_amd64.buildinfo Checksums-Sha256: 85ea8eaa87d471f741ed489ec9cf0176963b72b8414024f6c550c309f0f90228 2096 pmacct_1.7.8-1.dsc 4df50a3c6c7bdace3345bbf3bd4f6fa7a6722ec1fb45dfd266ad956b327da98a 2175335 pmacct_1.7.8.orig.tar.gz 69bf8bb591b14e00c8c205457c1dc3d7e9b0edbc52ee00876fa45412b5f330a5 13288 pmacct_1.7.8-1.debian.tar.xz d827b5be2edfdb87583eb68996d1663318f54212a621ec8ebfd9b51c53f58e84 8492 pmacct_1.7.8-1_amd64.buildinfo Files: 6e7d74ea6ba53498a56a16f1b7d5f332 2096 net optional pmacct_1.7.8-1.dsc 35a1de30d9f089bf260b9704ab383666 2175335 net optional pmacct_1.7.8.orig.tar.gz 2a8c4c4d835fddf30d04f809e06d70da 13288 net optional pmacct_1.7.8-1.debian.tar.xz 41640c1cee7d530a2fd689d934c2c0d8 8492 net optional pmacct_1.7.8-1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEfncpR22H1vEdkazLwpPntGGCWs4FAmWIZ0UACgkQwpPntGGC Ws4MzA//d9Psg1EfBljmpmJ+MJZaato4FshvY9CL4+BSUjYElGPE75aBnZds+stF CYxtpNXQ541jBhATvQow2GSD2i70YMKgAn0AcukVjx9rWsDJAHDb7cqkTVldAuIP jvxRsC6JMXr81Eo0OqD5H5qyRAFhg5AklXMW4ywKa86fvN9Jxj4af4rjcpGGn1TK vA/fD0wo1QTeXuDH2KwoXuimxHWKBIi4A4Oem0zOdd2RjtAQ1+qYTi+umpkLkTD7 uOh8Vc6a9Hfh+xO9i7CH3MyTLz+bVV7yFYd+J+O5V0KkUX/TILlPquYtUwgMXqW7 lNbpGdkFyUBJrDyfSXlJ6ca7Z/zvmzFTmXwGsYxtn52jhDu2u4IHDsqbm1W4NxK3 idEGHRRnt0uLCO/Ve+pff82e7OxJYhgiu2w2YNxq6mt+NclW2B+B6FmwpHubbaNO NEE9uruDWMNVtjpTI8LGiWHZ3tiCEDcGbpKpX5AwKgFApN640X25nBPbVxj61jpo 9twRih9ysRamBKAUNu7wUpJx6g1lF7SZ9pc8dkCRlE7CQV1fZL7vohoM5X5ESiEr ijTfWu0shrrcYmVVvMqaltwfgVmCFVD7sKT7GsUri4yBaiI6PrSusw/8mmA2J5W6 oTnSq2eNSjqXcNp5YDgK/MbuVnin7CSVcFGeDUEpvA2luR0T9Jc= =AJu0 -END PGP SIGNATURE-
