Hi Ervin,
[CC to security team alias to document the questions]
On Wed, Aug 06, 2025 at 09:02:00PM +0200, Ervin Hegedüs wrote:
> Hi Salvatore,
>
>
> On Wed, Aug 06, 2025 at 08:17:02PM +0200, Salvatore Bonaccorso wrote:
> > Source: modsecurity-apache
> > Versio
Source: mupdf
Version: 1.25.1+ds1-6
Severity: important
Tags: security upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=708521
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for mupdf.
CVE-2025-46206[0]:
| An issue in Artifex
Source: r-cran-gh
Version: 1.4.1-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/r-lib/gh/issues/222
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for r-cran-gh.
CVE-2025-54956[0]:
| The gh package before 1.5.0 fo
Source: modsecurity-apache
Version: 2.9.11-1
Severity: important
Tags: upstream
Forwarded: https://github.com/owasp-modsecurity/ModSecurity/issues/2514
X-Debbugs-Cc: car...@debian.org
Hi,
The following vulnerability was published for modsecurity-apache.
CVE-2025-54571[0]:
| ModSecurity is an ope
- Forwarded message from "matta...@gmail.com" -
I had to reinstall the system. Despite this:
The motherboard doesn't wake up properly from sleep mode - I've tried every
possible combination in the hardware.
There's a problem with USB support - I have the impression that the
motherboard is
Source: libphp-adodb
Version: 5.22.9-0.1
Severity: grave
Tags: security upstream
Forwarded: https://github.com/ADOdb/ADOdb/issues/1083
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libphp-adodb.
CVE-2025-54119[0]:
| ADOdb is a PHP databa
Source: poppler
Version: 25.03.0-5
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for poppler.
CVE-2025-50420[0]:
| An issue in the pdfseparate utility of freedesktop poppler v25.04.0
| allows attac
Source: openjpeg2
Version: 2.5.3-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/uclouvain/openjpeg/pull/1573
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for openjpeg2.
CVE-2025-54874[0]:
| OpenJPEG is an open-s
Control: tags -1 + moreinfo
On Mon, Aug 04, 2025 at 11:36:06AM +0200, Mattai wrote:
> Package: src:linux
> Version: 6.1.140-1
> Severity: minor
> X-Debbugs-Cc: - Debian has random problems with PCI-E 4/5 support, - Debian
> has problems with motherboard support (APM, etc.), - Debian occasionally
Hi,
On Mon, Aug 04, 2025 at 09:11:11PM -0700, Alison Chaiken wrote:
> Package: linux-amd-64
>
> Version: 6.12.35-1
>
> Severity: important
>
> X-Debbugs-Cc: ali...@she-devel.com
>
> Dear Maintainer,
>
> Thanks for your hard work in maintaining Debian.
>
>* What led up to the situation?
>
Source: docker.io
Version: 26.1.5+dfsg1-9
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for docker.io.
CVE-2025-54410[0]:
| Moby is an open source container framework developed by Docker Inc.
| tha
Source: hplip
Version: 3.22.10+dfsg0-8.1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for hplip.
CVE-2025-43023[0]:
| A potential security vulnerability has been identified in the HP
| Linux Imagi
Control: reassign -1 src:linux 6.12.38-1
Hi Ricardo,
On Mon, Aug 04, 2025 at 09:06:45AM -0500, Ricardo Muggli wrote:
>
> On 7/31/25 10:41, Pascal Hambourg wrote:
> > On 30/07/2025 at 15:02, Ricardo Muggli wrote:
> > >
> > > When I choose "Debian GNU/Linux, with Linux 6.12.38+deb13-amd64
> > > (
Source: iperf3
Version: 3.18-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for iperf3.
CVE-2025-54349[0]:
| In iperf before 3.19.1, iperf_auth.c has an off-by-one error and
| resultant heap-ba
Hi,
On Sun, Aug 03, 2025 at 07:31:12PM +0200, sk...@anakin.se wrote:
> Perhaps I did something wrong but here is the file
>
> On Sat, 2025-08-02 at 20:24 +0200, Salvatore Bonaccorso wrote:
> > git bisect log
> # bad: [259f4977409c87a980fa2227b7c76a2fe3fb8c2f] Linu
Hi,
On Sun, Aug 03, 2025 at 07:59:32PM +0200, Andrea Pappacoda wrote:
> On Sun Aug 3, 2025 at 7:11 PM CEST, Andrea Pappacoda wrote:
> > After taking a closer look to these CVEs, I found out that
> > CVE-2025-53628's description is completely wrong. In fact, it describes
> > CVE-2025-46728 (I belie
Control: notfound -1 12.5.1.35-1
Control: found -1 12.5.1.31-1
Control: fixed -1 12.5.1.35-1
Hi Richard,
On Sun, Aug 03, 2025 at 01:54:15PM -0400, Richard Fuchs wrote:
> Hi,
>
> On 03/08/2025 03.31, Salvatore Bonaccorso wrote:
> > I could not isolate the commits, but they migh
Hi Jochen,
On Thu, Jul 24, 2025 at 02:25:37PM +0200, Salvatore Bonaccorso wrote:
> Hi Jochen,
>
> On Thu, Jul 24, 2025 at 12:57:16PM +0200, Jochen Becker wrote:
> > HI,
> >
> > yes same Problem with current unstable kernel 6.12.38
> >
> > Boot breaks s
Hi,
On Sun, Aug 03, 2025 at 02:05:33PM +0200, Salvatore Bonaccorso wrote:
> On Sun, Aug 03, 2025 at 01:22:13PM +0200, Bastien Roucaries wrote:
> > Source: pam
> > Version: 1.7.0-5
> > Severity: grave
> > Justification: may breaks the whole system (l
On Sun, Aug 03, 2025 at 01:22:13PM +0200, Bastien Roucaries wrote:
> Source: pam
> Version: 1.7.0-5
> Severity: grave
> Justification: may breaks the whole system (loggin)
> X-Debbugs-CC: t...@release.debian.org
> X-Debbugs-CC: Debian Security Team
>
> Hi,
>
> Following fix of CVE-2024-10041 pa
Source: pyjwt
Version: 2.10.1-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for pyjwt.
CVE-2025-45768[0]:
| pyjwt v2.10.1 was discovered to contain weak encryption.
Unfortunately the reference [
Source: asterisk
Version: 1:22.4.1~dfsg+~cs6.15.60671435-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for asterisk.
CVE-2025-49832[0]:
| Asterisk is an open source
Source: rtpengine
Version: 12.5.1.35-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for rtpengine.
CVE-2025-53399[0]:
| In Sipwise rtpengine before 13.4.1.1, an origin-validation error in
| the en
Hi,
On Sat, Aug 02, 2025 at 10:39:44AM +0200, sk...@anakin.se wrote:
> Noticed, after more testing, that if I put computer to suspend and woke
> it, the sound have issues after woke up on 6.16
Thanks for testing.
Comparing the diff was hot helpful (to me unfortunately, did not spot
something obv
Source: apache-jena
Version: 4.9.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for apache-jena.
CVE-2025-49656[0]:
| Users with administrator access can create databases files outside
| the fil
Source: openexr
Version: 3.1.13-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for openexr.
CVE-2025-48074[0]:
| OpenEXR provides the specification and reference implementation of
| the EXR file f
Source: rust-transpose
Version: 0.2.2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/ejmahler/transpose/issues/11
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for rust-transpose.
CVE-2023-53156[0]:
| The transpo
Control: tags -1 + moreinfo
Hi,
On Sat, Aug 02, 2025 at 07:41:56PM +1000, JoE wrote:
> Package: src:linux
> Version: 6.12.38-1
> Severity: important
> X-Debbugs-Cc: joe2014knowb...@gmail.com
>
> Dear Maintainer,
>
>* What led up to the situation?
>
> I was running ssh, thunderbird, transmi
Hi,
On Wed, Jul 30, 2025 at 06:37:33PM +0200, sk...@anakin.se wrote:
> I've attached two files to this email:
>
> 6.12.35.ok.txt is the one where the audio work
> 6.12.38.NOTok.txt is the one where the audio have issues
Thanks will go through the difference to see if we can spot something.
> If
Control: retitle: -1 uscan: CVE-2025-8454: uscan must not skip OpenPGP check
after failed check in previous run
Hi Uwe,
On Mon, Jul 14, 2025 at 09:52:41AM +0200, Uwe Kleine-König wrote:
> Package: devscripts
> Version: 2.25.15
> Severity: serious
> File: /usr/bin/uscan
> X-Debbugs-Cc: wa...@debi
Hi Henrique,
On Thu, Jul 31, 2025 at 05:48:49PM -0300, Henrique de Moraes Holschuh wrote:
> Hello Salvatore,
>
> I will look into it soon, but I am swamped with work so it could
> take a week or two for me to upload anything .
>
> As far as I know, we cannot update much of the AMD fleet (compute
Hi Jörg,
On Thu, Jul 31, 2025 at 03:32:29PM +0200, Jörg Frings-Fürst wrote:
> Hello Salvatore,
>
> your NMU is ok,
Thanks, so let's see if the SRM agree on having the update for the
next point release.
Regards,
Salvatore
Hi Emilio, hi Adrian,
On Thu, Jul 31, 2025 at 11:35:28AM +0200, Emilio Pozuelo Monfort wrote:
> On 31/07/2025 00:05, Adrian Bunk wrote:
> > Package: release.debian.org
> > Severity: normal
> > X-Debbugs-Cc: openjdk...@packages.debian.org, secur...@debian.org
> > Control: affects -1 + src:openjdk-2
Hi,
On Wed, Jul 30, 2025 at 09:35:01PM +, Debian Bug Tracking System wrote:
> Can you update the info in the security tracker for CVE-2025-7783? This
> version isn't listed as fixing it (probably due to the typo).
That is not directly the reason. I initially marked it as fixed, while
someone
Control: tags -1 + moreinfo
Hi
Thanks for your report.
On Mon, Jul 28, 2025 at 06:53:48PM +0200, magnus wrote:
> Package: src:linux
> Version: 6.12.38-1
> Severity: normal
> X-Debbugs-Cc: deb...@anakin.se
>
> Dear Maintainer,
> the audio stopped playing music after a reboot. Looks like a driver
Hi Henrique,
On Sat, Jul 19, 2025 at 10:59:33PM +0200, Salvatore Bonaccorso wrote:
> Hi Henrique,
>
> On Thu, Jul 10, 2025 at 09:12:23AM +0200, Salvatore Bonaccorso wrote:
> > Source: amd64-microcode
> > Version: 3.20250311.1
> > Severity: grave
> > Tags: securi
Control: tags -1 - moreinfo
Hi Ivo,
On Tue, Jul 29, 2025 at 10:29:14PM +, Ivo De Decker wrote:
> Control: tags -1 confirmed moreinfo
>
> Hi,
>
> On Tue, Jul 29, 2025 at 09:04:04PM +0200, Salvatore Bonaccorso wrote:
> > Dear release team,
> >
> > Pleas
Source: libcrypt-cbc-perl
Version: 3.04-3
Severity: normal
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libcrypt-cbc-perl.
CVE-2025-2814[0]:
| Crypt::CBC versions between 1.21 and 3.05 for Perl may use the
| rand
Control: tags -1 - moreinfo
Control: forcemerge 1109799 1109116
Hi Asho,
On Wed, Jul 30, 2025 at 10:50:48AM +0800, Asho Yeh - 信佑 wrote:
> Hi,
>
> These are git bisect log:
>
> $ git bisect bad
> d42b44736ea29fa6d0c3cb9c75569314134b7732 is the first bad commit
> commit d42b44736ea29fa6d0c3cb9c75
00
@@ -1,3 +1,13 @@
+mailgraph (1.14-20+deb12u1) bookworm; urgency=medium
+
+ * Non-maintainer upload.
+
+ [ Jörg Frings-Fürst ]
+ * Upgrade Parse::Syslog to version 1.11 to support RFC3339 or
+syslog-ng ISO dates (Closes: #1051496, #1089039).
+
+ -- Salvatore Bonaccorso Wed, 30 Jul 202
Hi,
On Tue, Jul 29, 2025 at 10:06:44PM +0200, Bastien Roucaries wrote:
> Le mardi 29 juillet 2025, 10:43:21 heure d’été d’Europe centrale Salvatore
> Bonaccorso a écrit :
> > Package: release.debian.org
> > Severity: normal
> > X-Debbugs-Cc: apac...@packages.debian.org, D
Control: tags -1 + moreinfo
Hi Johannes,
On Sun, Jul 13, 2025 at 05:56:09AM +, Johannes Krottmayer wrote:
> Package: src:linux
> Version: 6.12.35-1
> Severity: normal
> X-Debbugs-Cc: debian-am...@lists.debian.org
> User: debian-am...@lists.debian.org
> Usertags: amd64
>
> Dear Maintainer,
>
Hi Christian,
On Sun, Jul 27, 2025 at 05:05:48PM +0200, Chris Hofstaedtler wrote:
> Control: reassign -1 src:linux
>
> Hi Linux maintainers,
>
> sorry for reassigning bugs to you, but this sounds like a driver
> issue. There's lspci and dmidecode output in the bug.
As the last message of your
:23:08.0 +0100
+++ criu-4.1.1/debian/changelog 2025-07-29 20:37:31.0 +0200
@@ -1,3 +1,11 @@
+criu (4.1.1-1) unstable; urgency=medium
+
+ * New upstream version 4.1.1
+- mount-v2: enter the mount namesapce to propagation properties
+ (Closes: #1110096)
+
+ -- Salvatore Bonac
Source: criu
Version: 4.1-1
Severity: serious
Tags: upstream
Justification: renders package unusable for users restoring container
X-Debbugs-Cc: car...@debian.org
The criu project today released 4.1.1 as bufix release containing one
single fix:
| This release of CRIU (4.1.1) addresses a critical
Hi,
On Tue, Jul 29, 2025 at 11:15:50PM +0800, Asho Yeh - 信佑 wrote:
> Hi,
>
> I made a patch with B580 support.
> Tested with kernel-6.12.35-deb13-amd64 and 6.12.38-deb13-amd64.
>
> I am not drm or gpu expert. Just digged the source code and found some
> differences.
> Hope this can help.
have y
Package: release.debian.org
Severity: normal
X-Debbugs-Cc: apac...@packages.debian.org, Debian Apache Maintainers
, Ondřej Surý , Yadd
, Bastien Roucariès , car...@debian.org,
t...@security.debian.org
Control: affects -1 + src:apache2
User: release.debian@packages.debian.org
Usertags: unbloc
Hi,
On Tue, Jul 29, 2025 at 09:47:51AM +0300, Michael Tokarev wrote:
> On 29.07.2025 01:01, Jonathan Wiltshire wrote:
>
> > | Samba in bookworm, when using the 'ad' idmapping backend, is unable
> > | to act as an Active Directory member server following updates to Windows
> > | Server published b
Hi Jonathan,
On Thu, Jul 17, 2025 at 07:43:47AM +0200, Paul Gevers wrote:
> Hi,
>
> On Tue, 08 Jul 2025 22:23:03 +0200 Salvatore Bonaccorso
> wrote:
> > Jonathan, in the ligth of #1108983, which should have ideally fixes
> > landing in trixie before it's release, w
Source: qemu
Version: 1:10.0.2+ds-2
Severity: important
Tags: security upstream
Forwarded:
https://lore.kernel.org/qemu-devel/20250713-wmask-v1-1-4c744cdb3...@rsg.ci.i.u-tokyo.ac.jp/
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for qemu.
Hi Simon,
On Sat, Jul 26, 2025 at 03:16:59PM +0100, Simon McVittie wrote:
> On Mon, 14 Jul 2025 at 12:15:36 +0100, Simon McVittie wrote:
> > I happened to notice that a buffer overflow was reported and fixed
> > upstream, involving parsing a JPEG file with multiple chunks of embedded
> > ICC colou
Control: tags -1 + moreinfo
Control: found -1 6.12.39-1
Hi,
On Fri, Jul 25, 2025 at 01:59:09PM +0800, Asho Yeh - 信佑 wrote:
> I found that this condition happened from the upstream kernel. I checked
> kernel 6.12.35 ~ 6.12.40, they all had the same issues.
>
> Maybe we can only wait until upstrea
Hi,
On Mon, Jul 21, 2025 at 09:42:23AM +0200, Harald Dunkel wrote:
> > Applied to cgroup/for-6.17.
>
> I would recommend to follow upstream for kernels beyond
> Trixie in this aspect. Debian needs a workaround for kernel
> 6.12 in Trixie, because there are no JDKs fully compatible
> with cgroupv2
Control: tags -1 - moreinfo
On Fri, Jul 25, 2025 at 12:49:44PM +0200, Stéphane Glondu wrote:
> Hi,
>
> Le 24/07/2025 à 18:52, Salvatore Bonaccorso a écrit :
> > > Please enable CONFIG_VIDEO_OV02C10. This module seems to be needed for
> > > my built-in webcam to wor
Source: libssh
Version: 0.11.2-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libssh.
CVE-2025-8114[0]:
| A flaw was found in libssh, a library that implements the SSH
| protocol. When calcula
Source: libhtp
Version: 1:0.5.50-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libhtp.
CVE-2025-53537[0]:
| LibHTP is a security-aware parser for the HTTP protocol and its
| related bits and piec
Control: tags -1 + moreinfo
Hi,
On Thu, Jul 24, 2025 at 10:22:15AM +0200, Stéphane Glondu wrote:
> Package: src:linux
> Version: 6.16~rc7-1~exp1
> Severity: wishlist
>
> Dear Maintainers,
>
> Please enable CONFIG_VIDEO_OV02C10. This module seems to be needed for
> my built-in webcam to work.
H
Hi,
On Thu, Jul 24, 2025 at 03:53:05PM +0100, Colin Watson wrote:
> Control: affects -1 openssh-server
>
> [TL;DR: I think it may not be possible to properly solve this without a
> bookworm update as well as a change to trixie.]
>
> On Thu, Jul 24, 2025 at 01:19:40PM +0100, Colin Watson wrote:
>
Hi
On Wed, Jul 23, 2025 at 11:38:45PM +0200, Salvatore Bonaccorso wrote:
> Control: tags -1 - moreinfo
> Control: forwarded -1
> https://lore.kernel.org/linux-iommu/721d44af820a4feb+722679cb-2226-4287-8835-9251ad69a...@bbaa.fun/T
>
> Hi,
>
> On Wed, Jul 23, 2025 at 08:00
Hi Jochen,
On Thu, Jul 24, 2025 at 12:57:16PM +0200, Jochen Becker wrote:
> HI,
>
> yes same Problem with current unstable kernel 6.12.38
>
> Boot breaks since 6.12.35, and it works with 6.12.33
Thanks for testing that. In this case we have to dive in into the
further debugging as suggested by
Source: pdns-recursor
Version: 5.2.2-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 5.2.2-1
Hi,
The following vulnerability was published for pdns-recursor.
CVE-2025-30192[0]:
| An attacker spoofing answers to ECS enabled re
Source: apache-jena
Version: 4.9.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for apache-jena.
CVE-2025-50151[0]:
| File access paths in configuration files uploaded by users with
| administra
Source: jakarta-mail
Version: 2.0.0-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for jakarta-mail.
CVE-2025-7962[0]:
| In Jakarta Mail 2.2 it is possible to preform a SMTP Injection by
| utilizi
Source: suricata
Version: 1:7.0.10-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for suricata.
CVE-2025-53538[0]:
| Suricata is a network IDS, IPS and NSM engine developed by the OISF
| (Open Inf
Source: starlette
Version: 0.46.1-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for starlette.
CVE-2025-54121[0]:
| Starlette is a lightweight ASGI (Asynchronous Server Gateway
| Interface) frame
Source: glibc
Version: 2.41-10
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 2.36-9+deb12u7
Control: found -1 2.36-9+deb12u10
Control: found -1 2.36-9
Control: forwarded -1 https://sourceware.org/bugzilla/show_bug.cgi?id=33185
Control: tags -1 - moreinfo
Control: forwarded -1
https://lore.kernel.org/linux-iommu/721d44af820a4feb+722679cb-2226-4287-8835-9251ad69a...@bbaa.fun/T
Hi,
On Wed, Jul 23, 2025 at 08:00:57PM +, Jonathan Howard wrote:
> I spent time figuring out from it main patch was initially working.
> Just
Hi,
On Wed, Jul 23, 2025 at 12:49:16PM -0700, Chris Lamb wrote:
> [adding #1107211 to CC]
>
> Paul Gevers wrote:
>
> > With this version, isn't CVE-2025-49112 also fixed?
>
> No, not yet. Or, rather: I'm still either awaiting an upstream "fix"
> and/or waiting for upstream to determine whether
Hi Jonathan,
On Mon, Jul 21, 2025 at 08:42:50PM +0100, Jonathan wrote:
> Package: src:linux
> Version: 6.12.35-1
> Severity: normal
> Tags: upstream
> X-Debbugs-Cc: debian-am...@lists.debian.org, jonat...@unbiased.name
> User: debian-am...@lists.debian.org
> Usertags: amd64
>
> Dear Maintainer,
>
Hi
On Fri, Jul 18, 2025 at 10:33:48AM +0200, Jochen Becker wrote:
> Package: src:linux
> Version: 6.12.35-1
> Followup-For: Bug #1109203
> X-Debbugs-Cc: debian-am...@lists.debian.org, deb...@beckerjochen.de
> User: debian-am...@lists.debian.org
> Usertags: amd64
>
> Dear Maintainer,
>
> *** Repo
Hi,
On Tue, Jul 22, 2025 at 06:41:17PM +0200, Jörn Heissler wrote:
> Source: linux
> Version: 6.1.140-1
> Severity: important
> Tags: upstream
>
> Dear Kernel Team,
>
> since linux 6.1.135-1 (linux-image-6.1.0-34-amd64) my system won't boot
> anymore due to a
> regression in the upstream kernel
Package: release.debian.org
Severity: normal
X-Debbugs-Cc: bi...@packages.debian.org, Ondřej Surý ,
car...@debian.org, t...@security.debian.org
Control: affects -1 + src:bind9
User: release.debian@packages.debian.org
Usertags: unblock
Hi Release team, hi Ondrej,
Approaching you with getting
Hi
Should be notd that in Debian CVE-2025-48964 is not affected because
it exists because of an incomplete fix for CVE-2025-47268. So the goal
is just to make the fixes complete for CVE-2025-47268. The proposed
action to just rebase to 20250605 is sound, but might be defered after
9th of august wh
Hi Ondrej,
On Sun, Jun 22, 2025 at 03:29:36PM +0100, Jonathan Wiltshire wrote:
> Control: tag -1 confirmed
>
> On Wed, Apr 16, 2025 at 03:17:17PM +0200, Ondřej Surý wrote:
> > Control: retitle bookworm-pu: package bind9/1:9.18.36-1~deb12u1
> >
> > 9.18.36 was release today, so I am bumping this.
Hi Bastien,
On Mon, Jul 21, 2025 at 10:49:03PM +0200, Bastien Roucaries wrote:
> Le dimanche 20 juillet 2025, 13:11:26 heure d’été d’Europe centrale Paul
> Gevers a écrit :
> > Control: tags -1 moreinfo
> >
> > Hi Bastien,
> >
> > On 20-07-2025 11:12, Bastien Roucaries wrote:
> >
> > > Note it
Source: ruby-thor
Version: 1.3.2-2.1
Severity: important
Tags: security upstream
Forwarded: https://github.com/rails/thor/pull/897
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for ruby-thor.
CVE-2025-54314[0]:
| Thor before 1.4.0 can constr
Source: wordpress
Version: 6.8.1+dfsg1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for wordpress.
CVE-2025-54352[0]:
| WordPress 3.5 through 6.8.2 allows remote attackers to guess titles
| of p
Hi Sergei,
On Sun, Jul 20, 2025 at 03:49:45PM +0300, Sergei Golovan wrote:
> Hi Salvatore,
>
> On Fri, Jun 27, 2025 at 12:28 AM Salvatore Bonaccorso
> wrote:
> >
> > Hi Sergei,
> >
> > On Thu, Jun 26, 2025 at 01:38:27PM +0300, Sergei Golovan wrote:
>
Hi Paul,
On Thu, Jul 17, 2025 at 07:43:47AM +0200, Paul Gevers wrote:
> Hi,
>
> On Tue, 08 Jul 2025 22:23:03 +0200 Salvatore Bonaccorso
> wrote:
> > Jonathan, in the ligth of #1108983, which should have ideally fixes
> > landing in trixie before it's release, w
Hi Chris,
On Thu, Jul 10, 2025 at 11:59:31AM -0700, Chris Lamb wrote:
> Hello Security Team,
>
> Would you be interested in a bullseye update for redis in order to
> address the two latest CVEs?
>
> That would be:
>
> * CVE-2025-32023 (#1108975)
> * CVE-2025-48367 (#1108981)
>
> I'm prepar
Hi Henrique,
On Thu, Jul 10, 2025 at 09:12:23AM +0200, Salvatore Bonaccorso wrote:
> Source: amd64-microcode
> Version: 3.20250311.1
> Severity: grave
> Tags: security upstream
> X-Debbugs-Cc: car...@debian.org, Debian Security Team
>
> Control: found -1 3.20250311.1~deb
Source: node-form-data
Version: 4.0.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-form-data.
CVE-2025-7783[0]:
| Use of Insufficiently Random Values vulnerability in form-data
| allows
Source: wolfssl
Version: 5.7.2-0.1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for wolfssl.
CVE-2025-7394[0]:
| In the OpenSSL compatibility layer implementation, the function
| RAND_poll() was n
Source: rust-wasmtime
Version: 26.0.1+dfsg-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for rust-wasmtime.
CVE-2025-53901[0]:
| Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4,
|
Source: node-on-headers
Version: 1.0.2-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/jshttp/on-headers/issues/15
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-on-headers.
CVE-2025-7339[0]:
| on-headers
Hi
On Sat, Jul 19, 2025 at 12:15:37PM +0200, Sylvain Beucler wrote:
> Hi,
>
> Looking at https://securitylab.github.com/advisories/GHSL-2025-058_7-Zip/ it
> seems CVE-2025-53816 is affecting [p]7zip-rar.
>
> The analyzed faulty code lies in CPP/7zip/Compress/Rar5Decoder.cpp which is
> excluded f
Source: 7zip
Version: 24.09+dfsg-8
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for 7zip.
CVE-2025-53816[0]:
| 7-Zip is a file archiver with a high compression ratio. Zeroes
| written outside heap
Hi,
On Sat, Jul 19, 2025 at 12:09:37AM +0300, Adrian Bunk wrote:
> Control: reopen -1
>
> On Fri, Jul 04, 2025 at 08:41:31AM +0200, Salvatore Bonaccorso wrote:
> > close 1052668 3.5.28-2
> >...
>
> This seems to be incorrect:
> https://sourceforge.net
Hi Bastian, hi Ian,
On Thu, Jul 17, 2025 at 10:35:39PM +0200, Bastian Blank wrote:
> Control: tags -1 wontfix
> Control: close -1
>
> On Tue, Jul 15, 2025 at 02:36:57PM +0100, Ian Jackson wrote:
> > Note that the previous value was positive, and the new value is
> > negative. In both cases the l
Source: libcatalyst-plugin-session-perl
Version: 0.43-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/perl-catalyst/Catalyst-Plugin-Session/pull/5
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libcatalyst-plugi
Hi
FTR, the patch submitted a while ago
https://lore.kernel.org/linux-iio/20250613124648.14141-1-marek.vasut+bmc...@mailbox.org/
raised some discussion on the proper fix, and AFAIK there was not yet
a conclusion.
Regards,
Salvatore
Source: virtualbox
Source-Version: 7.1.12-dfsg-1
I think this fixes all of the recent CVEs from the Oracle CPU.
Closing the bug manually.
Regards,
Salvatore
On Thu, Jul 17, 2025 at 04:07:41PM +, Debian FTP Masters wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Format: 1.8
>
Source: unbound
Version: 1.22.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1.13.1-1+deb11u4
Control: found -1 1.13.1-1+deb11u2
Control: found -1 1.13.1-1
Hi,
The following vulnerability was published for unbound.
CVE-202
Hi Ian,
On Wed, Jul 16, 2025 at 03:40:09PM +0100, Ian Jackson wrote:
> Salvatore Bonaccorso writes ("Re: Bug#1109344:
> /boot/vmlinuz-6.12.35+deb13-amd64: uevent field
> power_supply/BAT1/uevent:POWER_SUPPLY_CURRENT_NOW now -ve"):
> > Control: tags -1 + moreinfo
>
Source: libauthen-sasl-perl
Version: 2.1700-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/gbarr/perl-authen-sasl/pull/22
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libauthen-sasl-perl.
CVE-2025-40918[0]:
Source: libplack-middleware-session-perl
Version: 0.34-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/plack/Plack-Middleware-Session/pull/52
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libplack-middleware-se
Control: tags -1 + moreinfo
Hi Ian,
On Tue, Jul 15, 2025 at 02:36:57PM +0100, Ian Jackson wrote:
> Package: src:linux
> Version: 6.12.35-1
> Severity: normal
> File: /boot/vmlinuz-6.12.35+deb13-amd64
> X-Debbugs-Cc: debian-am...@lists.debian.org
> User: debian-am...@lists.debian.org
> Usertags: a
Hi Charles,
On Wed, Jul 16, 2025 at 07:51:40AM +0200, rough.rock3...@datachamp.fr wrote:
> Saw that. I will try to provide a reproducible setup with an Ansible
> playbook or something. Give me a few more days for that.
That is perfect!
Regards,
Salvatore
Source: firmware-nonfree
Source-Version: 20250410-2
Hi,
On Sun, Jul 13, 2025 at 04:22:40PM +0300, Ahmad Ismail wrote:
> Package: firmware-amd-graphics
> Followup-For: Bug #1093084
> X-Debbugs-Cc: g0tsbc...@mozmail.com
>
> Dear Maintainer,
>
> No worries, I should have updated this bug. The issu
Source: redis
Source-Version: 5:8.0.2-2
Hi
On Tue, Jul 15, 2025 at 05:27:38PM +0200, Paul Gevers wrote:
> Hi,
>
> On Fri, 30 May 2025 12:10:13 -0700 "Chris Lamb" wrote:
> > This is fixed in Git by updating to the 8.0.2 point release. I will
> > upload once I get clarity on the status of 8.0.x i
1 - 100 of 5620 matches
Mail list logo
