Package: debootstrap
Severity: normal
Tags: patch upstream
Dear Maintainer,
The Tanglu distribution has been discontinued since 2017. As such it should be
removed (patch attached).
All the best and happy new year,
Bastien
-- System Information:
Debian Release: 12.8
APT prefers stable-updates
Le vendredi 27 décembre 2024, 15:48:30 UTC Salvatore Bonaccorso a écrit :
> Hi Bastian,
>
> Just a small remark below:
>
> On Thu, Dec 26, 2024 at 09:38:26PM +, Bastien Roucariès wrote:
> > Package: release.debian.org
> > Severity: normal
> > Tags: boo
loop.
+
+ -- Bastien Roucari??s Thu, 26 Dec 2024 21:13:18 +
+
node-postcss (8.4.20+~cs8.0.23-1) unstable; urgency=medium
* Team upload
diff -Nru node-postcss-8.4.20+~cs8.0.23/debian/patches/CVE-2023-44270.patch node-postcss-8.4.20+~cs8.0.23/debian/patches/CVE-2023-44270.patch
--- node
) bookworm; urgency=medium
+
+ * Team upload
+ * Fix CVE-2024-47072: XStream is vulnerable to a
+Denial of Service attack due to stack overflow
+from a manipulated binary input stream.
+(Closes: #1087274)
+
+ -- Bastien Roucari??s Sun, 22 Dec 2024 10:12:11 +
+
libxstream-java (1.4.20
Package: systemd-ukify
Version: 257-2
Severity: important
X-Debbugs-Cc: bast...@gandouet.fr
A call to `ukify genkey` (after having installed `systemd-ukify`) will result
in a Python stacktrace highlighting the fact that the `cryptography` module is
not available
Installing this module to the gl
s various issues: see the postfix bug reports mentioning chroot.
>
> Please disable chroot for all services (upstream's default).
I think we should move to bind mount or something like unshare
Bastien
>
> -- System Information:
> Debian Release: trixie/sid
> APT
control: tags -1 + patch
Hi,
You forget to upgrade the test dependency to newer imagemagick and imagemagick
library
Bastien
signature.asc
Description: This is a digitally signed message part.
Hi,
This kind of error is likely due because you do not use pkg-conf to get the
config flags.
Please use it
Bastien
control: tags -1 + important
Le mardi 29 octobre 2024, 17:18:03 UTC gregor herrmann a écrit :
> On Tue, 29 Oct 2024 16:08:30 +, Niko Tyni wrote:
>
> > This gives a list of thirteen integers on trixie, but
> > just one undef on sid.
> >
> > Is this an intentional API change in ImageMagick 7 t
control: forwarded -1
http://lists.infradead.org/pipermail/linux-arm-kernel/2024-November/976054.html
signature.asc
Description: This is a digitally signed message part.
Le vendredi 1 novembre 2024, 11:57:17 UTC Aurelien Jarno a écrit :
Hi aurelien,
> control: severity -1 wishlist
>
> Hi,
>
> On 2024-10-31 11:24, Bastien Roucariès wrote:
> > Package: libc6-dev
> > Version: 2.40-3
> > Severity: normal
> > Tags: upstream
&
Hi;
In order to be clear the underlying request is to add 32 bit equivalents of 64
bit caps where the feature is actually accessible from 32 bits and make sense
the second wave of crypto instructions (sha3, sha512) was not added to arm32
Bastien
signature.asc
Description: This is a digitally
Source: linux
Severity: wishlist
Tags: upstream
affects: src:isa-support
Dear Maintainer,
HWCAP and HWCAP2 (used by getauxval) are not in sync between 32bits and 64bits
arch for the same processor.
for arm64 for instance see https://docs.kernel.org/arch/arm64/elf_hwcaps.html
they are more hardw
Package: libc6-dev
Version: 2.40-3
Severity: normal
Tags: upstream
Dear Maintainer,
Newer hwcap/hwcap2 are not in sync for arm* particularly arm32 (including crc32
flags)
Can you add it.
Thanks
Bastien
signature.asc
Description: This is a digitally signed message part.
Le mercredi 23 octobre 2024, 12:03:21 UTC Emilio Pozuelo Monfort a écrit :
Hi,
> Control: tags -1 confirmed
>
> On 20/10/2024 11:04, Bastien Roucariès wrote:
> > Le jeudi 17 octobre 2024, 20:02:56 UTC Johannes Schauer Marin Rodrigues a
> > écrit :
> >> Hi,
> >
Le mardi 29 octobre 2024, 16:08:30 UTC Niko Tyni a écrit :
> On Tue, Oct 29, 2024 at 07:59:25AM +0000, Bastien Roucariès wrote:
> > Package: libgd-securityimage-perl
> > Version: 1.75-3
> > Severity: serious
> > Justification: Break transition imagemagick 7
> >
&
Package: libgd-securityimage-perl
Version: 1.75-3
Severity: serious
Justification: Break transition imagemagick 7
Dear Maintainer,
Last autopkgtest for imagemagick7 fail with a lot of message on stderr.
I suppose a depends on fonts is missing:
30s Argument " " isn't numeric in division (/) at
/
Le jeudi 17 octobre 2024, 20:02:56 UTC Johannes Schauer Marin Rodrigues a écrit
:
> Hi,
>
> On Tue, 24 Sep 2024 12:58:48 +0000 Bastien =?ISO-8859-1?Q?Roucari=E8s?=
> wrote:
> > Le mardi 20 août 2024, 07:11:13 UTC Emilio Pozuelo Monfort a écrit :
> > > On 28/07/20
to use last debian version
moreover could you document in the security tracker that you embed for old
version dompurify ?
Bastien
signature.asc
Description: This is a digitally signed message part.
Source: form-history-control
Version: dompurify
Severity: serious
Tags: security
Justification: security
X-Debbugs-Cc: Debian Security Team
Dear Maintainer,
you include a copy a dompurify that seems to be affected by recent CVE
https://sources.debian.org/src/form-history-control/2.5.1.0-1/commo
Docker Engine,
+which could allow an attacker
+to bypass authorization plugins (AuthZ) under specific
+circumstances. The base likelihood of this being exploited is low.
+(Closes: #1084993)
+
+ -- Bastien Roucari??s Sat, 12 Oct 2024 15:19:49 +
+
docker.io (20.10.24+dfsg1-1
Le dimanche 13 octobre 2024, 11:18:12 UTC Moritz Mühlenhoff a écrit :
> On Sat, Oct 12, 2024 at 07:36:46PM +0000, Bastien Roucariès wrote:
> > Package: release.debian.org
> > Severity: normal
> > Tags: bookworm
> > X-Debbugs-Cc: python-report...@packages.debian.org, secu
/changelog 2024-10-12 17:14:35.0 +
@@ -1,3 +1,13 @@
+python-reportlab (3.6.12-1+deb12u1) bookworm-security; urgency=high
+
+ * Team upload
+ * Fix CVE-2023-33733
+Reportlab was vulnerable to Remote Code Execution (RCE)
+via crafted PDF file.
+ * Add SalsaCI
+
+ -- Bastien Roucari??s
Engine v18.09.1 in January 2019, the fix was not carried forward to
later major versions, resulting in a regression. Anyone who depends on
authorization plugins that introspect the request and/or response body to make
access control decisions is potentially impacted.
I plan to prepare a PU
Bastien
"IOhannes m zmölnig (Debian/GNU)" writes:
> since i've upgraded elpa-org to 9.7.11+dfsg-1, I can no longer export my
> presentations to LaTeX/beamer.
Can you report this bug to the Org-mode mailing list using M-x
org-submit-bug-report RET?
Thanks!
--
Bastien
control: tags -1 + moreinfo
According to a quick research:
The solution was to raise the HTTP request header field size with the following
directive:
LimitRequestFieldSize 65536
Have a look at the official Apache HTTPD documentation of this directive:
The LimitRequestFieldSize directive
o make the change you propose if I'm wrong though.
> >
> > Cheers,
>
> Hi Louis-Philippe,
>
> Good question! Presumably people would have hand-modified their code
> to include a symlink to the file in /usr/share/javascript; the
> equivalent file in node-async
Le mardi 20 août 2024, 07:11:13 UTC Emilio Pozuelo Monfort a écrit :
> On 28/07/2024 20:56, Bastien Roucariès wrote:
> > control: tags -1 - moreinfo
> >
> > Hi,
> >
> > Last reverse deps of lib magick pipeline is not really bad
> > https://salsa.debian.or
downgrades install apache2=2.4.61-1~deb12u1
> > > apache2-data=2.4.61-1~deb12u1 apache2-bin=2.4.61-1~deb12u1
> > > apache2-utils=2.4.61-1~deb12u1
> > >
> > > After the downgrade, the RewriteRule with the proxy directive is back to
> > > working as exp
control: tags -1 + upstream
Le vendredi 30 août 2024, 12:59:12 UTC Christian Marillat a écrit :
> On 30 août 2024 12:45, Bastien Roucariès wrote:
>
>
> [...]
>
> >> >> Yes, as Magick++-7.Q16HDRI isn't the expected name.
> >> >
>
Le vendredi 30 août 2024, 12:43:24 UTC Christian Marillat a écrit :
> On 30 août 2024 12:39, Bastien Roucariès wrote:
>
> > Le vendredi 30 août 2024, 12:33:31 UTC Christian Marillat a écrit :
> >> On 30 août 2024 12:23, Bastien Roucariès wrote:
> >>
> >&g
Le vendredi 30 août 2024, 12:33:31 UTC Christian Marillat a écrit :
> On 30 août 2024 12:23, Bastien Roucariès wrote:
>
> > Le vendredi 30 août 2024, 12:12:43 UTC Christian Marillat a écrit :
> >> On 30 août 2024 09:33, Bastien Roucariès wrote:
> >>
> >> [
Le vendredi 30 août 2024, 12:12:43 UTC Christian Marillat a écrit :
> On 30 août 2024 09:33, Bastien Roucariès wrote:
>
>
> [...]
>
> > pkgconf with the HDRI name coded in it should work
> > pkgconf --libs Magick++-7.Q16HDRI
>
> But as I'm saying befo
Le vendredi 30 août 2024, 09:33:29 UTC Bastien Roucariès a écrit :
> Le vendredi 30 août 2024, 09:26:54 UTC Christian Marillat a écrit :
> > On 30 août 2024 08:23, Bastien Roucariès wrote:
> >
> > > control: tags -1 + moreinfo
> > >
> > > Hi,
> >
Le vendredi 30 août 2024, 09:26:54 UTC Christian Marillat a écrit :
> On 30 août 2024 08:23, Bastien Roucariès wrote:
>
> > control: tags -1 + moreinfo
> >
> > Hi,
> >
> > Magick++.pc is the name of the default config that is shipped by the Q16
> &
o use alternative system.
Bastien
signature.asc
Description: This is a digitally signed message part.
-maintainer upload by the LTS Security Team.
+ * Add SALSA-CI.
+ * Backport autopkgtest from trixie.
+
+ -- Bastien Roucari??s Sat, 24 Aug 2024 14:04:49 +
+
cacti (1.2.24+ds1-1+deb12u3) bookworm; urgency=medium
* Non-maintainer upload by the LTS Security Team.
diff -Nru cacti-1.2.24
Le samedi 24 août 2024, 13:35:03 UTC Paul Gevers a écrit :
> Hi Bastien,
>
> On 24-08-2024 15:18, Bastien Roucariès wrote:
> > Le samedi 24 août 2024, 11:03:38 UTC Paul Gevers a écrit :
> >> I'm wondering if you may have hardened cacti and that if fails on that
> &
Le samedi 24 août 2024, 11:03:38 UTC Paul Gevers a écrit :
> Hi,
>
> On 24-08-2024 10:31, Bastien Roucariès wrote:
> > Could you reject the time of investigation ?
>
> I'm wondering if you may have hardened cacti and that if fails on that
> now. If this is to b
Le samedi 24 août 2024, 06:04:39 UTC Paul Gevers a écrit :
> Hi,
>
> On 22-08-2024 17:38, Bastien Roucariès wrote:
> > [ Tests ]
> > Automated test and manual test of the application by myself and others,
> > including users.
>
> Did you run the autopk
Hi,
Le mercredi 21 août 2024, 12:53:39 UTC Bastien Roucariès a écrit :
> Le mardi 20 août 2024, 07:37:46 UTC Bastien Roucariès a écrit :
> > Le mardi 20 août 2024, 07:11:13 UTC Emilio Pozuelo Monfort a écrit :
> > > On 28/07/2024 20:56, Bastien Roucariès wrote:
> > > &g
Source: ruby-mojo-magick
Tags: ftbfs
Control: block 1060103 by -1
Control: tag -1 + sid
Dear Maintainer,
You package FTBFS with newer imagemagick
Could you help the transition
Full log could be found here
https://salsa.debian.org/debian/imagemagick/-/jobs/6167776
Thanks
Rouca
signature.asc
control: tags -1 + moreinfo
We get information that this upgrade may break some unrelated software
Could you wait a little bit ?
Thanks
Bastien
signature.asc
Description: This is a digitally signed message part.
Le jeudi 22 août 2024, 18:01:02 UTC Adam D. Barratt a écrit :
> Control: tags -1 + moreinfo
>
> On Thu, 2024-08-22 at 15:38 +, Bastien Roucariès wrote:
> > [ Reason ]
> > Security upload. Except CVE-2024-27082 that need
> > coordination with other packages.
>
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: ca...@packages.debian.org
Control: affects -1 + src:cacti
User: release.debian@packages.debian.org
Usertags: pu
[ Reason ]
Security upload. Except CVE-2024-27082 that need
coordination with other packages.
[ Impact ]
CV
Source: converseen
Severity: important
Tags: ftbfs
Control: block 1060103 by -1
Control: tag -1 + sid
Dear Maintainer,
You package FTBFS with newer imagemagick
Could you help the transition
Full log could be found here
https://salsa.debian.org/debian/imagemagick/-/jobs/6158068
rouca
signature
Source: lebiniou
Tags: ftbfs
Control: block 1060103 by -1
Control: tag -1 + sid
Dear Maintainer,
You package FTBFS with newer imagemagick
Could you help the transition
Full log could be found here
https://salsa.debian.org/debian/imagemagick/-/jobs/6158076
Thanks
Rouca
signature.asc
Descript
Source: pythonmagick
Severity: important
Tags: ftbfs
Control: block 1060103 by -1
Control: tag -1 + sid
Dear Maintainer,
You package FTBFS with newer imagemagick
Could you help the transition
Full log could be found here
https://salsa.debian.org/debian/imagemagick/-/jobs/6164324
signature.asc
Source: jmagick
Severity: important
Tags: ftbfs
Control: block 1060103 by -1
Control: tag -1 + sid
Dear Maintainer,
You package FTBFS with newer imagemagick
Could you help the transition
Full log could be found here
https://salsa.debian.org/debian/imagemagick/-/jobs/6158077
signature.asc
Descr
Source: ruby-rmagick
Severity: important
Tags: ftbfs
Control: block 1060103 by -1
Control: tag -1 + sid
Dear Maintainer,
You package FTBFS with newer imagemagick
Could you help the transition
Full log could be found here
https://salsa.debian.org/debian/imagemagick/-/jobs/6164327
signature.asc
Source: rss-glx
Severity: important
Tags: ftbfs
Control: block 1060103 by -1
Control: tag -1 + sid
Dear Maintainer,
You package FTBFS with newer imagemagick
Could you help the transition
Full log could be found here
https://salsa.debian.org/debian/imagemagick/-/jobs/6164326
signature.asc
Des
Source: vdr-plugin-skinenigmang
Severity: important
Tags: ftbfs
Control: block 1060103 by -1
Control: tag -1 + sid
Dear Maintainer,
You package FTBFS with newer imagemagick
Could you help the transition
Full log could be found here
https://salsa.debian.org/debian/imagemagick/-/jobs/6164331
si
Source: synfig
Severity: serious
Tags: ftbfs
Justification: ftbfs
Dear Maintainer,
Your package fail to build from source, and seems to be related to ffmpeg
Tested during rebuild for imagemagick could be found here
https://salsa.debian.org/debian/imagemagick/-/jobs/6164328
configure:22159: resu
Source: virtuoso-opensource
Severity: serious
Tags: ftbfs sid
Justification: FTBFS
Dear Maintainer,
Your package FTBFS:
Dksesstr.c: In function 'strdev_free_buf':
Dksesstr.c:152:44: warning: unused parameter 'arg' [-Wunused-parameter]
152 | strdev_free_buf (buffer_elt_t * b, caddr_t arg)
Le jeudi 22 août 2024, 02:43:41 UTC Yadd a écrit :
> On 8/22/24 02:06, Bastien Roucariès wrote:
> > Le mercredi 21 août 2024, 11:07:17 UTC Niels Thykier a écrit :
> >> On Tue, 20 Aug 2024 18:50:20 + Bastien =?ISO-8859-1?Q?Roucari=E8s?=
> >> wrote:
> >>
Le mercredi 21 août 2024, 11:07:17 UTC Niels Thykier a écrit :
> On Tue, 20 Aug 2024 18:50:20 +0000 Bastien =?ISO-8859-1?Q?Roucari=E8s?=
> wrote:
> > Package: devscripts
> > Version: 2.23.7
> > Severity: minor
> >
> > Dear Maintainer,
> >
> &g
Le mardi 20 août 2024, 07:37:46 UTC Bastien Roucariès a écrit :
> Le mardi 20 août 2024, 07:11:13 UTC Emilio Pozuelo Monfort a écrit :
> > On 28/07/2024 20:56, Bastien Roucariès wrote:
> > > control: tags -1 - moreinfo
> > >
> > > Hi,
> > >
> >
Package: apache2
Severity: important
Forwarded: https://github.com/apache/httpd/pull/475
Control: tags -1 + bullseye
Control: tags -1 + bookworm
Control: tags -1 + upstream
Control: tags -1 + security
Dear Maintainer,
A tracking bug for a regression https://github.com/apache/httpd/pull/475
Rouca
plications which contain a %3F
> somewhere in the query string. This commonly happens e.g. for search forms
> (the user may enter a question mark as part of the search query) and for
> scripts that send an URL in a query string (for example
> ?referer=https%3A%2F%2Fexample.com%2F%3Ffoo%3Dbar).
>
> Thanks
Bastien
signature.asc
Description: This is a digitally signed message part.
01060: set r->filename to
>proxy:fcgi://user-php82fpm/path_to_docroot/ja/%E3%82%A2%E3%83%80%E3%83%97%E3%82%BF/index.php
>
>We fixed it with a symlink for now, which isn´t a good solution.
Thanks
Bastien
signature.asc
Description: This is a digitally signed message part.
Package: devscripts
Version: 2.23.7
Severity: minor
Dear Maintainer,
I do not find the syntax of the regex used by Files-Excluded.
I suppose it is POSIX RE.
It should be documented if it is the case
If it is not PCRE could be possible to add a Files-Excluded-PCRE field ? It
will greatly help
/repos/[^/]+/[^/]+/git/refs/tags/@ANY_VERSION@
MR will follow if you agree
Bastien
signature.asc
Description: This is a digitally signed message part.
Le mardi 20 août 2024, 07:11:13 UTC Emilio Pozuelo Monfort a écrit :
> On 28/07/2024 20:56, Bastien Roucariès wrote:
> > control: tags -1 - moreinfo
> >
> > Hi,
> >
> > Last reverse deps of lib magick pipeline is not really bad
> > https://salsa.debian.or
Le lundi 19 août 2024, 08:00:10 UTC Fabio Fantoni a écrit :
Hi
> Il 27/09/2023 12:04, Bastien Roucariès ha scritto:
> > control: owner -1 !
> > Control: retitle -1 ITP: grub-btrfs -- provides grub entries for btrfs
> > snapshots (boot environments/restore points)
> &
Source: civicrm
Severity: serious
Tags: security
Justification: security problem
X-Debbugs-Cc: Debian Security Team
Dear Maintainer,
You include a sinon in installed package and bundle without source (thus
serious bug).
This a duplication of package but moreover a security problem (even if mino
Le samedi 17 août 2024, 16:38:10 UTC Adam D. Barratt a écrit :
> Control: tags -1 + confirmed
>
> On Mon, 2024-07-29 at 15:32 +, Bastien Roucariès wrote:
> > Security fix CVE-2024-31497
Done
>
> Please go ahead.
>
> Regards,
>
> Adam
>
signature.
Package: wnpp
Severity: wishlist
Owner: Bastien Roucariès
X-Debbugs-Cc: debian-de...@lists.debian.org
* Package name: node-webpack-stream
Version : 7.0.0
Upstream Contact: https://github.com/shama
* URL : https://github.com/shama/webpack-stream
* License
Le mercredi 14 août 2024, 19:54:15 UTC Bastien Roucariès a écrit :
Dear adam
Debdiff joined
> Le mercredi 14 août 2024, 19:53:13 UTC Adam D. Barratt a écrit :
> > COntrol: tags -1 + moreinfo
> >
> > On Mon, 2024-08-05 at 17:56 +, Bastien Roucariès wrote:
control: tags -1 + pending
Le mercredi 14 août 2024, 19:49:55 UTC Adam D. Barratt a écrit :
> Control: tags -1 + confirmed
>
> On Mon, 2024-08-05 at 13:16 +, Bastien Roucariès wrote:
> > [ Reason ]
> > CVE-2022-39369
> >
> > [ Impact ]
> > Service Hostn
Le mercredi 14 août 2024, 19:53:13 UTC Adam D. Barratt a écrit :
> COntrol: tags -1 + moreinfo
>
> On Mon, 2024-08-05 at 17:56 +, Bastien Roucariès wrote:
> > CVE-2022-39369
> >
> > [ Impact ]
> > Service Hostname Discovery Exploitation
>
> diff -
6.79 sys + 7425.94
> cusr 1098.65 csys = 8541.79 CPU)
> | Result: FAIL
> |
> | The test suite ran for 20 minutes and 4 seconds.
> |
> | make[1]: *** [debian/rules:29: override_dh_auto_test] Error 1
> | make[1]: Leaving directory '/<>'
> | make: *** [de
Le mercredi 14 août 2024, 13:42:29 UTC Santiago Ruano Rincón a écrit :
> El 12/08/24 a las 00:15, Bastien Roucariès escribió:
> > Le lundi 12 août 2024, 00:04:15 UTC Henrique de Moraes Holschuh a écrit :
> > > > salsa. Some user used +deb12u1~1
> > > > but it is n
Le mardi 13 août 2024, 11:54:26 UTC Herwin Weststrate a écrit :
> I've found one possibly breaking change between the current 3.2.1 and
> the proposed 3.2.5: the encoding of binary attributes in JSON. This
> might be a fringe issue.
>
> I have used this configuration:
>
> update request {
>
Le mardi 13 août 2024, 03:03:31 UTC Sean Whitton a écrit :
> Hello,
>
> Policy has a fair bit of this already but it's spread out.
> E.g. take a look at 5.6.12.2.
>
> Rather than duplicating, it might be helpful to have a discussion in
> dev-ref that is kind of an index to all these relevant bits
users and contributors since 2009
As comaint of apache2 could you give use reason to use this ?
Bastien
signature.asc
Description: This is a digitally signed message part.
Le lundi 12 août 2024, 00:04:15 UTC Henrique de Moraes Holschuh a écrit :
> > salsa. Some user used +deb12u1~1
> > but it is not safe against +deb12u1~debu11u1 upgrade for instance. So a
> > suffix
> > like ~pre should be used, and should be documented
>
> Maybe we could set aside "~~~" for such
preview suffix for instance for testing under
salsa. Some user used +deb12u1~1
but it is not safe against +deb12u1~debu11u1 upgrade for instance. So a suffix
like ~pre should be used, and should be documented
Bastien
signature.asc
Description: This is a digitally signed message part.
Le vendredi 9 août 2024, 09:29:44 UTC Bernhard Schmidt a écrit :
>
> >> Another story is bullseye, that one is affected as well but a backport
> >> there is even harder. For now I have marked it as well no-dsa in the
> >> security-tracker, but maybe it should be with mentioning
> >> that backport
agree
for bookworm.
Bastien
signature.asc
Description: This is a digitally signed message part.
Package: bugs.debian.org
Severity: wishlist
Dear Maintainer,
Can we have a salsa field like forwarded to mark bugs that have for example a
MR implemented.
Ideally a automatic tools will mark the bug as pending when the MR is merged
Bastein
control: tags -1 + patch
Please found merge request here
https://salsa.debian.org/debian/freeradius/-/merge_requests/12
signature.asc
Description: This is a digitally signed message part.
reaking change in php-cas.
+
+ [ Bastien Roucaries ]
+ * Update version constraint on php-cas to require fixed version.
+ * Fix vendored php-cas
+
+ -- Bastien Roucari??s Mon, 05 Aug 2024 14:11:17 +
+
ocsinventory-server (2.8.1+dfsg1-1) unstable; urgency=medium
* Removes reference to an
Package: systemd
Version: 247.3-7+deb11u5
Severity: important
Tags: patch upstream jessie stretch buster bullseye
Forwarded: https://github.com/systemd/systemd/commit/b2c7d1bbc2
Dear Maintainer,
Without this commit autopkgtest on salsa are broken.
See for instance
https://salsa.debian.org/apache
* Non-maintainer upload.
+
+ [ Tobias Frost ]
+ * Backport compatibility with php-cas version addressing CVE 2022-39369.
+
+ [ Abhijith PA ]
+ * Fix CVE-2022-36179, CVE-2022-36180.
+
+ -- Bastien Roucari??s Thu, 11 Jul 2024 18:02:29 +
+
fusiondirectory (1.3-4) unstable; urgency=medium
*
authorized services in the same SSO federation if proper URL service
+validation is applied.
+The fix for this vulnerabilty requires an API breaking change
+in php-cas and will require that software using the library be updated.
+(Closes: #1023571)
+
+ -- Bastien Roucari??s Thu, 11 Jul
mented. I plan to upgrade affected software.
Bastien
Hi
Can this bug could be due to libuv
According to
https://lists.archlinux.org/pipermail/arch-ports/2018-November/000839.html
thread
Did you try to recompile without --shared-libuv ?
Bastien
signature.asc
Description: This is a digitally signed message part.
Package: wnpp
Severity: wishlist
Owner: Bastien Roucariès
X-Debbugs-Cc: debian-de...@lists.debian.org
Package name: node-path-scurry
Version : 1.9.2
Upstream Contact: ttps://github.com/isaacs/path-scurry#readme
URL : https://www.example.org/
License : BlueOak
Bastien
-- System Information:
Debian Release: trixie/sid
APT prefers testing-debug
APT policy: (900, 'testing-debug'), (900, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armel
Kernel: Linux 6.9.10-rt-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel tai
pproximately 60 signatures. In other words, an adversary
+may already have enough signature information to compromise a victim's
+private key, even if there is no further use of vulnerable PuTTY
+ versions.
+
+ -- Bastien Roucari??s Tue, 16 Jul 2024 10:13:59 +
+
putty (0.74
Le lundi 29 juillet 2024, 23:40:28 UTC Axel Beckert a écrit :
> Package: lintian
> Version: 2.117.1
> Severity: serious
>
> Hi Bastien,
>
> Debian FTP Masters wrote:
> > Date: Sat, 27 Jul 2024 21:39:04 +
> > Source: lintian
> > Architecture: sourc
ady have enough signature information to compromise a victim's
+ private key, even if there is no further use of vulnerable PuTTY
+ versions.
+ * Run test/cryptsuite.py during build.
+
+ -- Bastien Roucari??s Tue, 16 Jul 2024 10:44:03 +
+
putty (0.78-2+deb12u1) bookworm-secu
control: tags -1 - moreinfo
Hi,
Last reverse deps of lib magick pipeline is not really bad
https://salsa.debian.org/debian/imagemagick/-/pipelines/708187
A lot of failure are due to broken package or does not use pkgconfig
I suppose we could go to experimental
Bastien
signature.asc
Source: ocsinventory
Version: 2.8.1+dfsg1-1
Severity: important
Tags: patch bullseye
Dear Maintainer,
php-cas support was broken for bullseye
It need
(1)
https://github.com/OCSInventory-NG/OCSInventory-
ocsreports/commit/f8a667f9f19b285799ec6a25a28240165b039dfb
(2)
https://github.com/OCSInventor
control: forcemerge 1076158 -1
signature.asc
Description: This is a digitally signed message part.
+
+ * CVE-2023-34151 fix was incomplete (Closes: #1070340)
+ * Fix variation of CVE-2023-1289 found by testing.
+ * Fix CVE-2021-20312: Fix a divide by zero (Closes: #1013282)
+ * Fix CVE-2021-20313: Fix a divide by zero
+
+ -- Bastien Roucari??s Thu, 11 Jul 2024 16:52:37 +
+
imagemagick (8
+
+ * CVE-2023-34151 fix was incomplete (Closes: #1070340)
+ * Fix variation of CVE-2023-1289 found by testing.
+ * Fix CVE-2021-20312: Fix a divide by zero (Closes: #1013282)
+ * Fix CVE-2021-20313: Fix a divide by zero
+
+ -- Bastien Roucari??s Thu, 11 Jul 2024 16:52:37 +
+
imagemagick (8
.
+
+ -- Bastien Roucari??s Thu, 11 Jul 2024 10:48:47 +
+
imagemagick (8:6.9.11.60+dfsg-1.6+deb12u1) bookworm-security; urgency=high
* Acknowledge NMU
@@ -34,7 +41,7 @@
was found in coders/tiff.c in ImageMagick. This issue
may allow a local attacker to trick the user into opening
a
Le jeudi 4 juillet 2024, 12:51:01 UTC Luca Boccassi a écrit :
Hi,
> Source: isa-support
> Severity: wishlist
> X-Debbugs-Cc: pkg-dpdk-de...@lists.alioth.debian.org
>
> Dear Maintainer(s),
>
> For src:dpdk we would like to depend on a higher arm64 baseline, which
> includes the crc extension. Wou
control: severity -1 important
control: retitle -1 should be split between arch and arch:all
Thanks to Yadd partially solved.
However this package should be split between arch and arch:all part
Bastien
> On 6/28/24 01:04, Bastien Roucariès wrote:
> > Hi,
> >
> > I get
1 - 100 of 2488 matches
Mail list logo
