Adrian Bunk pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ab198829 by Adrian Bunk at 2025-01-17T15:20:16+02:00
dla: take dcmtk
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
data/dla-needed.txt
Package: paraview
Version: 5.13.2+dfsg-1
Severity: serious
X-Debbugs-Cc: debian-python@lists.debian.org
Control: affects -1 python3-paraview
https://tracker.debian.org/pkg/paraview
Issues preventing migration:
∙ ∙ autopkgtest for paraview/5.13.2+dfsg-1: amd64: Regression or new test ♻
(reference
Package: paraview
Version: 5.13.2+dfsg-1
Severity: serious
X-Debbugs-Cc: debian-pyt...@lists.debian.org
Control: affects -1 python3-paraview
https://tracker.debian.org/pkg/paraview
Issues preventing migration:
∙ ∙ autopkgtest for paraview/5.13.2+dfsg-1: amd64: Regression or new test ♻
(reference
Package: paraview
Version: 5.13.2+dfsg-1
Severity: serious
X-Debbugs-Cc: debian-pyt...@lists.debian.org
Control: affects -1 python3-paraview
https://tracker.debian.org/pkg/paraview
Issues preventing migration:
∙ ∙ autopkgtest for paraview/5.13.2+dfsg-1: amd64: Regression or new test ♻
(reference
Package: paraview
Version: 5.13.2+dfsg-1
Severity: serious
X-Debbugs-Cc: debian-pyt...@lists.debian.org
Control: affects -1 python3-paraview
https://tracker.debian.org/pkg/paraview
Issues preventing migration:
∙ ∙ autopkgtest for paraview/5.13.2+dfsg-1: amd64: Regression or new test ♻
(reference
On Wed, Jan 15, 2025 at 07:21:02PM +, Debian Bug Tracking System wrote:
>...
> Version: 14.2.0-14
>
> On 15.01.25 19:31, Andrey Rakhmatullin wrote:
> > Package: libn32gcc-14-dev
> > Version: 14.2.0-13
> >
> > Unless I'm very confused, libn32gcc-14-dev is not installable on mips64el
> > and th
On Fri, Jan 17, 2025 at 12:07:55AM +, Simon McVittie wrote:
> On Fri, 17 Jan 2025 at 01:12:41 +0200, Adrian Bunk wrote:
> > There is recently a general instability/race in mips64el Rust/Go/Erlang
> > builds, the most common pattern is that the build often (but not always)
>
On Fri, Jan 17, 2025 at 12:07:55AM +, Simon McVittie wrote:
> On Fri, 17 Jan 2025 at 01:12:41 +0200, Adrian Bunk wrote:
> > There is recently a general instability/race in mips64el Rust/Go/Erlang
> > builds, the most common pattern is that the build often (but not always)
>
On Wed, Jan 15, 2025 at 07:21:02PM +, Debian Bug Tracking System wrote:
>...
> Version: 14.2.0-14
>
> On 15.01.25 19:31, Andrey Rakhmatullin wrote:
> > Package: libn32gcc-14-dev
> > Version: 14.2.0-13
> >
> > Unless I'm very confused, libn32gcc-14-dev is not installable on mips64el
> > and th
On Wed, Jan 15, 2025 at 07:21:02PM +, Debian Bug Tracking System wrote:
>...
> Version: 14.2.0-14
>
> On 15.01.25 19:31, Andrey Rakhmatullin wrote:
> > Package: libn32gcc-14-dev
> > Version: 14.2.0-13
> >
> > Unless I'm very confused, libn32gcc-14-dev is not installable on mips64el
> > and th
On Wed, Jan 15, 2025 at 07:21:02PM +, Debian Bug Tracking System wrote:
>...
> Version: 14.2.0-14
>
> On 15.01.25 19:31, Andrey Rakhmatullin wrote:
> > Package: libn32gcc-14-dev
> > Version: 14.2.0-13
> >
> > Unless I'm very confused, libn32gcc-14-dev is not installable on mips64el
> > and th
Hi,
likely due to the ongoing OpenLDAP transition, dependency resolution
currently fails for most packages in experimental.
Example:
https://buildd.debian.org/status/logs.php?pkg=tree-sitter&arch=ppc64el
The following packages have unmet dependencies:
python3 : PreDepends: python3-minimal (= 3
On Thu, Jan 16, 2025 at 11:22:11PM +0100, Aurelien Jarno wrote:
> On 2025-01-16 18:27, Aurelien Jarno wrote:
> > Hi,
> >
> > On 2025-01-16 11:02, Simon McVittie wrote:
> > > Control: found -1 2.58.93+dfsg-2
> > >
> > > On Thu, 16 Jan 2025 at 10:45:28 +, Simon McVittie wrote:
> > > > librsvg/2
Hi,
it's not a big issue, but slightly weird that since the upgrade of wuiet
to bookworm on Saturday the buildd tail of failed builds is HTML escaped.
Example:
https://buildd.debian.org/status/package.php?p=libselinux
...
error: command '/usr/bin/x86_64-linux-gnu-gcc' failed with exit code 1
ma
On Thu, Jan 16, 2025 at 11:22:11PM +0100, Aurelien Jarno wrote:
> On 2025-01-16 18:27, Aurelien Jarno wrote:
> > Hi,
> >
> > On 2025-01-16 11:02, Simon McVittie wrote:
> > > Control: found -1 2.58.93+dfsg-2
> > >
> > > On Thu, 16 Jan 2025 at 10:45:28 +, Simon McVittie wrote:
> > > > librsvg/2
On Thu, Jan 16, 2025 at 11:22:11PM +0100, Aurelien Jarno wrote:
> On 2025-01-16 18:27, Aurelien Jarno wrote:
> > Hi,
> >
> > On 2025-01-16 11:02, Simon McVittie wrote:
> > > Control: found -1 2.58.93+dfsg-2
> > >
> > > On Thu, 16 Jan 2025 at 10:45:28 +, Simon McVittie wrote:
> > > > librsvg/2
On Thu, Jan 16, 2025 at 11:22:11PM +0100, Aurelien Jarno wrote:
> On 2025-01-16 18:27, Aurelien Jarno wrote:
> > Hi,
> >
> > On 2025-01-16 11:02, Simon McVittie wrote:
> > > Control: found -1 2.58.93+dfsg-2
> > >
> > > On Thu, 16 Jan 2025 at 10:45:28 +, Simon McVittie wrote:
> > > > librsvg/2
On Thu, Jan 16, 2025 at 11:22:11PM +0100, Aurelien Jarno wrote:
> On 2025-01-16 18:27, Aurelien Jarno wrote:
> > Hi,
> >
> > On 2025-01-16 11:02, Simon McVittie wrote:
> > > Control: found -1 2.58.93+dfsg-2
> > >
> > > On Thu, 16 Jan 2025 at 10:45:28 +, Simon McVittie wrote:
> > > > librsvg/2
On Mon, Jan 13, 2025 at 03:01:15PM +0100, Niels Thykier wrote:
> Control: tags -1 patch
>
> Niels Thykier:
>...
> > That said, the simplest solution is to set `Rules-Requires-Root: binary-
> > targets`, which will push krb5 back to the previous default. So if you
> > are pressed for time/spoons, t
On Mon, Jan 13, 2025 at 03:01:15PM +0100, Niels Thykier wrote:
> Control: tags -1 patch
>
> Niels Thykier:
>...
> > That said, the simplest solution is to set `Rules-Requires-Root: binary-
> > targets`, which will push krb5 back to the previous default. So if you
> > are pressed for time/spoons, t
Package: python3-sphere
Version: 3.3~a1-6
Severity: serious
$ python3
Python 3.13.1 (main, Jan 3 2025, 10:26:34) [GCC 14.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import sphere
Traceback (most recent call last):
File "", line 1, in
import sphe
Package: python3-sphere
Version: 3.3~a1-6
Severity: serious
$ python3
Python 3.13.1 (main, Jan 3 2025, 10:26:34) [GCC 14.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import sphere
Traceback (most recent call last):
File "", line 1, in
import sphe
Package: python3-sphere
Version: 3.3~a1-6
Severity: serious
$ python3
Python 3.13.1 (main, Jan 3 2025, 10:26:34) [GCC 14.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import sphere
Traceback (most recent call last):
File "", line 1, in
import sphe
Source: lomiri-clock-app
Version: 4.1.0-2
Severity: serious
https://ci.debian.net/packages/l/lomiri-clock-app/testing/amd64/56206725/
...
142s autopkgtest [16:34:13]: test make-test: [---
142s make: *** No rule to make target 'test'. Stop.
143s autopkgtest [16:34:14]: test ma
Source: lomiri-clock-app
Version: 4.1.0-2
Severity: serious
https://ci.debian.net/packages/l/lomiri-clock-app/testing/amd64/56206725/
...
142s autopkgtest [16:34:13]: test make-test: [---
142s make: *** No rule to make target 'test'. Stop.
143s autopkgtest [16:34:14]: test ma
On Tue, Jan 14, 2025 at 10:19:44AM -0500, Boyuan Yang wrote:
> Hi,
Hi Boyuan,
> 在 1/14/2025 9:54 AM, Adrian Bunk 写道:
>...
> It is indeed unfortunate that this version is not compatible with
> taglib-2, which can only been told by a full upload (since the amd64
> local rebuild i
On Tue, Jan 14, 2025 at 10:19:44AM -0500, Boyuan Yang wrote:
> Hi,
Hi Boyuan,
> 在 1/14/2025 9:54 AM, Adrian Bunk 写道:
>...
> It is indeed unfortunate that this version is not compatible with
> taglib-2, which can only been told by a full upload (since the amd64
> local rebuild i
Source: music
Version: 1.2.1-0.6
Severity: serious
Tags: ftbfs
X-Debbugs-Cc: Boyuan Yang ,
music (1.2.1-0.6) unstable; urgency=medium
* Non-maintainer upload.
* Do not enable openmpi support for 32-bit package building.
Openmpi package in Debian is no longer providing support on
32-bi
Source: music
Version: 1.2.1-0.6
Severity: serious
Tags: ftbfs
X-Debbugs-Cc: Boyuan Yang ,
music (1.2.1-0.6) unstable; urgency=medium
* Non-maintainer upload.
* Do not enable openmpi support for 32-bit package building.
Openmpi package in Debian is no longer providing support on
32-bi
Source: cppad
Version: 2025.00.00.0-1
Severity: serious
Tags: ftbfs
Forwarded: https://github.com/coin-or/CppAD/issues/221
https://buildd.debian.org/status/logs.php?pkg=cppad&ver=2025.00.00.0-1
...
In file included from
/build/reproducible-path/cppad-2025.00.00.0/include/cppad/core/ad.hpp:17,
Source: cppad
Version: 2025.00.00.0-1
Severity: serious
Tags: ftbfs
Forwarded: https://github.com/coin-or/CppAD/issues/221
https://buildd.debian.org/status/logs.php?pkg=cppad&ver=2025.00.00.0-1
...
In file included from
/build/reproducible-path/cppad-2025.00.00.0/include/cppad/core/ad.hpp:17,
Source: cppad
Version: 2025.00.00.0-1
Severity: serious
Tags: ftbfs
Forwarded: https://github.com/coin-or/CppAD/issues/221
https://buildd.debian.org/status/logs.php?pkg=cppad&ver=2025.00.00.0-1
...
In file included from
/build/reproducible-path/cppad-2025.00.00.0/include/cppad/core/ad.hpp:17,
match: using a Makefile.in.in from gettext
version 0.22 but the autoconf macros are from gettext version 0.20
Attached is a patch that replaces by fixing the root cause,
now autopoint will regenerate the gettext files during the build.
Description: Make autopoint regenerate gettext files
Autho
match: using a Makefile.in.in from gettext
version 0.22 but the autoconf macros are from gettext version 0.20
Attached is a patch that replaces by fixing the root cause,
now autopoint will regenerate the gettext files during the build.
Description: Make autopoint regenerate gettext files
Autho
Source: tulip
Version: 5.4.0+dfsg-3.1
Severity: serious
Tags: ftbfs
https://buildd.debian.org/status/fetch.php?pkg=tulip&arch=amd64&ver=5.4.0%2Bdfsg-3.1%2Bb1&stamp=1736684695&raw=0
...
/build/reproducible-path/tulip-5.4.0+dfsg/library/tulip-python/src/PythonInterpreter.cpp:
In destructor ‘virtua
Source: tulip
Version: 5.4.0+dfsg-3.1
Severity: serious
Tags: ftbfs
https://buildd.debian.org/status/fetch.php?pkg=tulip&arch=amd64&ver=5.4.0%2Bdfsg-3.1%2Bb1&stamp=1736684695&raw=0
...
/build/reproducible-path/tulip-5.4.0+dfsg/library/tulip-python/src/PythonInterpreter.cpp:
In destructor ‘virtua
Source: tulip
Version: 5.4.0+dfsg-3.1
Severity: serious
Tags: ftbfs
https://buildd.debian.org/status/fetch.php?pkg=tulip&arch=amd64&ver=5.4.0%2Bdfsg-3.1%2Bb1&stamp=1736684695&raw=0
...
/build/reproducible-path/tulip-5.4.0+dfsg/library/tulip-python/src/PythonInterpreter.cpp:
In destructor ‘virtua
Adrian Bunk pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
abe8a94f by Adrian Bunk at 2025-01-14T00:20:53+02:00
dla: retake
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
data/dla-needed.txt
Adrian Bunk pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
abfa8ec8 by Adrian Bunk at 2025-01-12T12:55:57+02:00
dla: take suricata
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
data/dla-needed.txt
Package: libtag-dev
Version: 2.0.2-1
Severity: serious
Tags: ftbfs
Control: affects -1 src:strawberry src:kid3
https://buildd.debian.org/status/logs.php?pkg=strawberry&ver=1.2.3-1%2Bb1
...
CMake Error at /usr/lib/x86_64-linux-gnu/cmake/taglib/taglib-targets.cmake:100
(message):
The imported ta
Package: libtag-dev
Version: 2.0.2-1
Severity: serious
Tags: ftbfs
Control: affects -1 src:strawberry src:kid3
https://buildd.debian.org/status/logs.php?pkg=strawberry&ver=1.2.3-1%2Bb1
...
CMake Error at /usr/lib/x86_64-linux-gnu/cmake/taglib/taglib-targets.cmake:100
(message):
The imported ta
Package: libtag-dev
Version: 2.0.2-1
Severity: serious
Tags: ftbfs
Control: affects -1 src:strawberry src:kid3
https://buildd.debian.org/status/logs.php?pkg=strawberry&ver=1.2.3-1%2Bb1
...
CMake Error at /usr/lib/x86_64-linux-gnu/cmake/taglib/taglib-targets.cmake:100
(message):
The imported ta
Adrian Bunk pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
abbacd35 by Adrian Bunk at 2025-01-11T04:14:16+02:00
dla: take libtar
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
data/dla-needed.txt
Control: reassign -1 src:linux
Control: forcemerge 1087900 -1
Control: affects -1 src:dracut
On Thu, Jan 09, 2025 at 06:17:44PM +, Luca Boccassi wrote:
> Source: dracut
> Version: 105-3
> User: debian...@lists.debian.org
> Usertags: flaky
> Severity: grave
> Justification: blocks other package
Control: reassign -1 src:linux
Control: forcemerge 1087900 -1
Control: affects -1 src:dracut
On Thu, Jan 09, 2025 at 06:17:44PM +, Luca Boccassi wrote:
> Source: dracut
> Version: 105-3
> User: debian...@lists.debian.org
> Usertags: flaky
> Severity: grave
> Justification: blocks other package
ainst liblog4cplus-2.0.5t64.
+ -- Adrian Bunk Thu, 09 Jan 2025 14:39:36 +0200
- -- Julian Andres Klode Mon, 08 Apr 2024 17:01:08 +0200
-
-openvdb (10.0.1-2.1build3) noble; urgency=medium
-
- * No-change rebuild for CVE-2024-3094
-
- -- Steve Langasek Sun, 31 Mar 2024 06:42:31 +
-
-openvdb (1
ainst liblog4cplus-2.0.5t64.
+ -- Adrian Bunk Thu, 09 Jan 2025 14:39:36 +0200
- -- Julian Andres Klode Mon, 08 Apr 2024 17:01:08 +0200
-
-openvdb (10.0.1-2.1build3) noble; urgency=medium
-
- * No-change rebuild for CVE-2024-3094
-
- -- Steve Langasek Sun, 31 Mar 2024 06:42:31 +
-
-openvdb (1
ainst liblog4cplus-2.0.5t64.
+ -- Adrian Bunk Thu, 09 Jan 2025 14:39:36 +0200
- -- Julian Andres Klode Mon, 08 Apr 2024 17:01:08 +0200
-
-openvdb (10.0.1-2.1build3) noble; urgency=medium
-
- * No-change rebuild for CVE-2024-3094
-
- -- Steve Langasek Sun, 31 Mar 2024 06:42:31 +
-
-openvdb (1
Package: librust-clap-complete-nushell-dev
Version: 4.5.4-1
Severity: serious
The following packages have unmet dependencies:
librust-clap-complete-nushell-dev : Depends:
librust-completest-0.4+default-dev but it is not installable
Depends:
librust-completes
Package: librust-clap-complete-nushell-dev
Version: 4.5.4-1
Severity: serious
The following packages have unmet dependencies:
librust-clap-complete-nushell-dev : Depends:
librust-completest-0.4+default-dev but it is not installable
Depends:
librust-completes
On Sat, Jan 04, 2025 at 12:03:24PM +0100, Matthias Klose wrote:
> Package: src:persalys
> Version: 16.1+ds-1
> Severity: serious
> Tags: sid trixie
> User: debian-pyt...@lists.debian.org
> Usertags: python3.13
>
> persalys ftbfs with Python 3.13 as the default
What is the error message?
> pretty
On Sat, Jan 04, 2025 at 12:03:24PM +0100, Matthias Klose wrote:
> Package: src:persalys
> Version: 16.1+ds-1
> Severity: serious
> Tags: sid trixie
> User: debian-pyt...@lists.debian.org
> Usertags: python3.13
>
> persalys ftbfs with Python 3.13 as the default
What is the error message?
> pretty
On Sat, Jan 04, 2025 at 12:03:24PM +0100, Matthias Klose wrote:
> Package: src:persalys
> Version: 16.1+ds-1
> Severity: serious
> Tags: sid trixie
> User: debian-pyt...@lists.debian.org
> Usertags: python3.13
>
> persalys ftbfs with Python 3.13 as the default
What is the error message?
> pretty
Source: python-demgengeo
Version: 1.4-6
Severity: serious
Tags: ftbfs
https://buildd.debian.org/status/logs.php?pkg=python-demgengeo&ver=1.4-6%2Bb1
...
src/InsertGenerator3D.cc: In constructor
'InsertGenerator3D::InsertGenerator3D(double, double, int, int, double, bool)':
src/InsertGenerator3D.c
Source: python-demgengeo
Version: 1.4-6
Severity: serious
Tags: ftbfs
https://buildd.debian.org/status/logs.php?pkg=python-demgengeo&ver=1.4-6%2Bb1
...
src/InsertGenerator3D.cc: In constructor
'InsertGenerator3D::InsertGenerator3D(double, double, int, int, double, bool)':
src/InsertGenerator3D.c
Source: python-demgengeo
Version: 1.4-6
Severity: serious
Tags: ftbfs
https://buildd.debian.org/status/logs.php?pkg=python-demgengeo&ver=1.4-6%2Bb1
...
src/InsertGenerator3D.cc: In constructor
'InsertGenerator3D::InsertGenerator3D(double, double, int, int, double, bool)':
src/InsertGenerator3D.c
Adrian Bunk pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ab0f14f1 by Adrian Bunk at 2025-01-06T18:43:22+02:00
dla: retake
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
data/dla-needed.txt
Source: nvidia-cuda-toolkit
Version: 12.2.1-1
Severity: serious
Tags: ftbfs
https://buildd.debian.org/status/logs.php?pkg=nvidia-cuda-toolkit&ver=12.2.1-1&arch=amd64
...
The following packages have unmet dependencies:
liboss4-salsa-asound2 : Conflicts: libasound2
Conflic
Source: nvidia-cuda-toolkit
Version: 12.2.1-1
Severity: serious
Tags: ftbfs
https://buildd.debian.org/status/logs.php?pkg=nvidia-cuda-toolkit&ver=12.2.1-1&arch=amd64
...
The following packages have unmet dependencies:
liboss4-salsa-asound2 : Conflicts: libasound2
Conflic
Adrian Bunk pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ab10cd9d by Adrian Bunk at 2025-01-06T15:56:12+02:00
dla: take jinja2
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
data/dla-needed.txt
Source: wfview
Version: 2.03-1
Severity: serious
Tags: ftbfs
https://buildd.debian.org/status/logs.php?pkg=wfview&ver=2.03-1
...
debian/rules override_dh_auto_configure
make[1]: Entering directory '/build/reproducible-path/wfview-2.03'
dh_auto_configure --builddir=build-wfview -- ../wfview.pro
Source: wfview
Version: 2.03-1
Severity: serious
Tags: ftbfs
https://buildd.debian.org/status/logs.php?pkg=wfview&ver=2.03-1
...
debian/rules override_dh_auto_configure
make[1]: Entering directory '/build/reproducible-path/wfview-2.03'
dh_auto_configure --builddir=build-wfview -- ../wfview.pro
Control: tags -1 - moreinfo
On Fri, Dec 20, 2024 at 07:33:42AM +0100, Salvatore Bonaccorso wrote:
> Hi Adrian,
Hi Salvatore,
> On Thu, Dec 19, 2024 at 09:24:22AM +0200, Adrian Bunk wrote:
>...
> > * Fix browsing when invalid services present.
> > See https://git
Control: tags -1 - moreinfo
On Fri, Dec 20, 2024 at 07:33:42AM +0100, Salvatore Bonaccorso wrote:
> Hi Adrian,
Hi Salvatore,
> On Thu, Dec 19, 2024 at 09:24:22AM +0200, Adrian Bunk wrote:
>...
> > * Fix browsing when invalid services present.
> > See https://git
Adrian Bunk pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ab7f2e18 by Adrian Bunk at 2024-12-30T09:51:39+02:00
dla: add note
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
data/dla-needed.txt
Adrian Bunk pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ab556afb by Adrian Bunk at 2024-12-24T00:24:43+02:00
dla: retake
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
data/dla-needed.txt
Hi,
could someone with more knowledge about PHP look at the following:
https://security-tracker.debian.org/tracker/CVE-2024-22640
https://github.com/zunak/CVE-2024-22640
https://security-tracker.debian.org/tracker/CVE-2024-22641
https://github.com/zunak/CVE-2024-22641
Changing the PoCs to
requ
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-3996-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
December 20, 2024
-1135: HTTP Request Smuggling (Closes: #1069126)
+
+ -- Adrian Bunk Fri, 20 Dec 2024 05:42:55 +0200
+
gunicorn (20.1.0-6) unstable; urgency=medium
[ Debian Janitor ]
diff -Nru
gunicorn-20.1.0/debian/patches/0001-fail-safe-on-unsupported-request-framing.patch
gunicorn-20.1.0/debian/patches
-1135: HTTP Request Smuggling (Closes: #1069126)
+
+ -- Adrian Bunk Fri, 20 Dec 2024 05:42:55 +0200
+
gunicorn (20.1.0-6) unstable; urgency=medium
[ Debian Janitor ]
diff -Nru
gunicorn-20.1.0/debian/patches/0001-fail-safe-on-unsupported-request-framing.patch
gunicorn-20.1.0/debian/patches
Adrian Bunk pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
97658a9e by Adrian Bunk at 2024-12-20T06:21:21+02:00
Reserve DLA-3996-1 for gunicorn
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes
On Thu, Dec 19, 2024 at 05:19:57PM +0100, Santiago Vila wrote:
> El 19/12/24 a las 17:05, Adrian Bunk escribió:
> > If a QA environment differs significantly from the buildds where the
> > package is usually built, then this might be considered a bug in the
> > QA environment
On Thu, Dec 14, 2023 at 06:09:55PM +0100, Santiago Vila wrote:
>...
> that would be a problem for us, because that would force
> to do our QA work differently, just for a single package.
>...
If a QA environment differs significantly from the buildds where the
package is usually built, then this
On Thu, Dec 19, 2024 at 12:53:28PM +0100, Santiago Vila wrote:
> reopen 1042029
> thanks
>
> El 19/12/24 a las 5:12, Adrian Bunk escribió:
> > Please fix this regression you introduced.
>
> We'll try, but given the long build times, we should think
> carefully b
/lathiat/avahi/issues/212
+
+ -- Adrian Bunk Thu, 19 Dec 2024 09:01:14 +0200
+
avahi (0.8-10) unstable; urgency=medium
[ Felix Geyer ]
diff -Nru
avahi-0.8/debian/patches/common-derive-alternative-host-name-from-its-unescaped-ve.patch
avahi-0.8/debian/patches/common-derive-alternative-host-name
/lathiat/avahi/issues/212
+
+ -- Adrian Bunk Thu, 19 Dec 2024 09:01:14 +0200
+
avahi (0.8-10) unstable; urgency=medium
[ Felix Geyer ]
diff -Nru
avahi-0.8/debian/patches/common-derive-alternative-host-name-from-its-unescaped-ve.patch
avahi-0.8/debian/patches/common-derive-alternative-host-name
/lathiat/avahi/issues/212
+
+ -- Adrian Bunk Thu, 19 Dec 2024 09:01:14 +0200
+
avahi (0.8-10) unstable; urgency=medium
[ Felix Geyer ]
diff -Nru
avahi-0.8/debian/patches/common-derive-alternative-host-name-from-its-unescaped-ve.patch
avahi-0.8/debian/patches/common-derive-alternative-host-name
On Sun, Oct 08, 2023 at 10:02:34PM +0200, Santiago Vila wrote:
>...
> For example, configure.ac unconditionally adds -O3 to CXXFLAGS.
> This is already a bug, because packages should honor whatever comes
> from dpkg-buildflags (usually -O2).
>...
For the record, this is not considered to be be a b
/debian/changelog 2024-12-18 21:11:06.0 +0200
@@ -1,3 +1,11 @@
+libpgjava (42.5.5-0+deb12u1) bookworm; urgency=medium
+
+ * Non-maintainer upload.
+ * New upstream release.
+- CVE-2024-1597: SQL Injection via line comment generation
+
+ -- Adrian Bunk Wed, 18 Dec 2024 21:11:06 +0200
/debian/changelog 2024-12-18 21:11:06.0 +0200
@@ -1,3 +1,11 @@
+libpgjava (42.5.5-0+deb12u1) bookworm; urgency=medium
+
+ * Non-maintainer upload.
+ * New upstream release.
+- CVE-2024-1597: SQL Injection via line comment generation
+
+ -- Adrian Bunk Wed, 18 Dec 2024 21:11:06 +0200
/debian/changelog 2024-12-18 21:11:06.0 +0200
@@ -1,3 +1,11 @@
+libpgjava (42.5.5-0+deb12u1) bookworm; urgency=medium
+
+ * Non-maintainer upload.
+ * New upstream release.
+- CVE-2024-1597: SQL Injection via line comment generation
+
+ -- Adrian Bunk Wed, 18 Dec 2024 21:11:06 +0200
Adrian Bunk pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ab2cd1c0 by Adrian Bunk at 2024-12-18T07:37:19+02:00
dla: take gst-plugins-good1.0
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
data/dla
Adrian Bunk pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ab5e74aa by Adrian Bunk at 2024-12-17T13:10:03+02:00
dla: take gunicorn
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
data/dla-needed.txt
Source: python-ewoksppf
Version: 0.4.0-2
Severity: serious
Tags: ftbfs
X-Debbugs-Cc: Roland Mas
https://buildd.debian.org/status/package.php?p=python-ewoksppf
python-ewoksppf build-depends on missing:
- python3-pypushflow:amd64
Source: python-ewoksppf
Version: 0.4.0-2
Severity: serious
Tags: ftbfs
X-Debbugs-Cc: Roland Mas
https://buildd.debian.org/status/package.php?p=python-ewoksppf
python-ewoksppf build-depends on missing:
- python3-pypushflow:amd64
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-3995-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
December 16, 2024
Adrian Bunk pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
af2921ff by Adrian Bunk at 2024-12-16T11:06:24+02:00
Reserve DLA-3995-1 for libpgjava
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes
Source: rust-rebuildctl
Version: 0.20.0-1
Severity: serious
Tags: ftbfs
The following packages have unmet dependencies:
builddeps:rust-rebuildctl : Depends:
librust-rebuilderd-common-0.20.0+default-dev but it is not installable
Source: rust-rebuildctl
Version: 0.20.0-1
Severity: serious
Tags: ftbfs
The following packages have unmet dependencies:
builddeps:rust-rebuildctl : Depends:
librust-rebuilderd-common-0.20.0+default-dev but it is not installable
Package: apt
Version: 2.9.17
Severity: normal
$ apt show :
/usr/include/c++/14/bits/basic_string.h:1269:
std::__cxx11::basic_string<_CharT, _Traits, _Alloc>::reference
std::__cxx11::basic_string<_CharT, _Traits, _Alloc>::operator[](size_type)
[with _CharT = char; _Traits = std::char_traits; _Al
Package: librust-card-backend-pcsc-dev
Version: 0.5.0-1
Severity: serious
Tags: ftbfs
X-Debbugs-Cc: Philip Rinn
Control: affects -1 src:rust-sequoia-keystore-server
The following packages have unmet dependencies:
librust-card-backend-pcsc-dev : Depends: librust-pcsc-2+default-dev (>=
2.7-~~) bu
Package: librust-card-backend-pcsc-dev
Version: 0.5.0-1
Severity: serious
Tags: ftbfs
X-Debbugs-Cc: Philip Rinn
Control: affects -1 src:rust-sequoia-keystore-server
The following packages have unmet dependencies:
librust-card-backend-pcsc-dev : Depends: librust-pcsc-2+default-dev (>=
2.7-~~) bu
Package: librust-heapless-dev
Version: 0.8.0-2
Severity: serious
Tags: ftbfs
X-Debbugs-Cc: Philip Rinn
Control: affects -1 src:rustup src:rust-trawld src:rust-tealdeer
src:rust-hypothesis src:rust-magic-wormhole-cli src:rust-ntpd
src:rust-numbat-cli src:rust-openpgp-card-state src:rust-repro-env
Package: librust-heapless-dev
Version: 0.8.0-2
Severity: serious
Tags: ftbfs
X-Debbugs-Cc: Philip Rinn
Control: affects -1 src:rustup src:rust-trawld src:rust-tealdeer
src:rust-hypothesis src:rust-magic-wormhole-cli src:rust-ntpd
src:rust-numbat-cli src:rust-openpgp-card-state src:rust-repro-env
Source: rust-auth-git2
Version: 0.5.5-2
Severity: serious
Tags: ftbfs
https://buildd.debian.org/status/package.php?p=rust-auth-git2
rust-auth-git2 build-depends on missing:
- librust-git2-19-dev:amd64
For getting consistent results, the buildds are only considering
the first alternative (backpo
Source: rust-virtiofsd
Version: 1.10.1-1
Severity: serious
Tags: ftbfs
The following packages have unmet dependencies:
builddeps:rust-virtiofsd : Depends: librust-vhost-0.10+default-dev but it is
not installable
Depends:
librust-vhost-user-backend-0.13+default-dev (>
Source: rust-virtiofsd
Version: 1.10.1-1
Severity: serious
Tags: ftbfs
The following packages have unmet dependencies:
builddeps:rust-virtiofsd : Depends: librust-vhost-0.10+default-dev but it is
not installable
Depends:
librust-vhost-user-backend-0.13+default-dev (>
Source: rust-auth-git2
Version: 0.5.5-2
Severity: serious
Tags: ftbfs
https://buildd.debian.org/status/package.php?p=rust-auth-git2
rust-auth-git2 build-depends on missing:
- librust-git2-19-dev:amd64
For getting consistent results, the buildds are only considering
the first alternative (backpo
Source: parolottero
Version: 2.3-2
Severity: serious
Tags: ftbfs
https://buildd.debian.org/status/logs.php?pkg=parolottero&ver=2.3-2
...
/usr/lib/qt6/libexec/rcc -name qml qml.qrc -o qrc_qml.cpp
/usr/lib/qt6/bin/lrelease parolottero_it_IT.ts -qm .qm/parolottero_it_IT.qm
make[1]: /usr/lib/qt6/bin/
Source: parolottero
Version: 2.3-2
Severity: serious
Tags: ftbfs
https://buildd.debian.org/status/logs.php?pkg=parolottero&ver=2.3-2
...
/usr/lib/qt6/libexec/rcc -name qml qml.qrc -o qrc_qml.cpp
/usr/lib/qt6/bin/lrelease parolottero_it_IT.ts -qm .qm/parolottero_it_IT.qm
make[1]: /usr/lib/qt6/bin/
1 - 100 of 2691 matches
Mail list logo
