Hi,
Am Sa den 28. Mai 2022 um 19:20 schrieb Mattia Rizzolo:
> > > If it is, then also check that
> > > /usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders.cache contains
> > > the same entry.
> >
> > Nope, that is NOT including a similar section.
> >
> > ~> grep -c svg /usr/lib/x86_64-linux-
Package: sponsorship-requests
Severity: normal
Dear mentors,
I am looking for a sponsor for my package "libcaca":
* Package name : libcaca
Version : 0.99.beta19-3
Upstream Author : Sam Hocevar
* URL : http://caca.zoy.org/wiki/libcaca
* License : [fill in
Control: close -1
On Sat, May 28, 2022 at 08:04:28PM +0100, Klaus Ethgen wrote:
> Am Sa den 28. Mai 2022 um 19:20 schrieb Mattia Rizzolo:
> > I wonder what happened that didn't update that file.
>
> Me too. As the last update was on 2022-05-01 which obviosly did not add
> the svg format.
I can o
Control: tags -1 + confirmed
On Sat, 2022-05-14 at 09:11 +0200, Jan Mojzis wrote:
> fixes ALPACA attack CVE-2021-3618:
> ALPACA is an application layer protocol content confusion attack,
> exploiting TLS servers implementing different protocols but using
> compatible certificates, such as multi-do
Control: tags -1 + confirmed
On Sun, 2022-05-15 at 16:40 +0200, Håvard Flaget Aasen wrote:
> Fixes three CVE's CVE-2022-24191, CVE-2022-27114 and CVE-2022-28085
>
> [ Reason ]
> One minor issue, two unimportant, still nice to have them all fixed
> at
> the same time.
>
> [ Impact ]
> Images is n
Control: tags -1 + confirmed
On Wed, 2022-05-18 at 08:47 +0200, Patrick Matthäi wrote:
> we require a small update for stable of needrestart to fix #1005953
> This update already includes the security update from yesterday (3.5-
> 4+deb11u1),
> to be on the safe side I attached the full debdiff (w
Control: tags -1 + confirmed
On Thu, 2022-05-19 at 12:46 +0200, Andreas Beckmann wrote:
> I'd like to update nvidia-graphics-drivers-legacy-390xx/non-free to a
> new
> upstream release fixing some CVEs.
>
> It comes with the same packaging fixes and improvements that already
> reached stable in
Package: src:yaru-theme
Severity: important
The Yaru theme comes with an application menu icon that uses the
Ubuntu (3-dots-on-a-circle) logo. This is inappropriate for non-Ubuntu
distributions and should be amended for yaru-theme in Debian.
Greets,
Mike
--
DAS-NETZWERKTEAM
c\o Technik- un
Control: tags -1 + moreinfo
On Fri, 2022-05-20 at 09:47 +0200, Yadd wrote:
> node-raw-body embeds a patch that creates a Denial-of-Service
> vulnerability into node-express.
>
> [ Impact ]
> Security issue, a simple request can crash any express application
>
> [ Tests ]
> I added a test that pr
Control: tags -1 + confirmed
On Sun, 2022-05-22 at 16:51 +, Romain Francoise wrote:
> I would like to update the AppArmor profile for tcpdump in bullseye
> to
> match the one in bookworm; the changes don't really qualify for a
> stable
> update per se, but they are trivial and would be importa
Control: tags -1 + confirmed
On Fri, 2022-05-27 at 14:19 +0200, David Prévot wrote:
> The security team asked me to address #1008236 [CVE-2022-24775] via a
> point release, so here I am.
>
Please go ahead.
Regards,
Adam
Hello Barry,
On Sat, May 28, 2022 at 11:34:44AM -0500, Barry Trent wrote:
> Yes! Removing all blank (and "#" comment) lines from disklist solved the
> problem on 3 different machines.
>
> So you've found the issue but, of course, blanks and comments are valid in
> the disklist and are even presen
Source: r8125
Version: 9.007.01-3
Severity: serious
Tags: ftbfs
Justification: fails to build from source
Hi,
since autopkg tests now actually attempt to build kernel modules, we
quickly see that this does not work for Linux 5.17:
https://ci.debian.net/data/autopkgtest/testing/amd64/r/r8125/2217
Source: breezy
Version: 3.3.0~bzr7571-1
Severity: serious
Tags: ftbfs
Justification: fails to build from source (but built successfully in the past)
breezy/experimental did FTBFS on all architectures:
https://buildd.debian.org/status/package.php?p=breezy&suite=experimental
debian/rules clean
dh
Source: libapache-poi-java, octave-io
Control: found -1 libapache-poi-java/4.0.1-4
Control: found -1 octave-io/2.6.4-1
Severity: serious
Tags: sid bookworm
User: debian...@lists.debian.org
Usertags: breaks needs-update
Dear maintainer(s),
With a recent upload of libapache-poi-java the autopkgtes
Control: tags -1 + confirmed
On Fri, 2022-04-15 at 17:12 +0300, Michael Tokarev wrote:
> Here's the proposed samba package update for bullseye.
> I picked up a few patches which were missing when we
> did security updates: we only picked up the security-
> related patches from upstream but missed
Control: tags -1 + confirmed
On Tue, 2022-04-26 at 16:42 +0200, Yadd wrote:
> grunt is vulnerable to path traversal
>
Please go ahead.
Regards,
Adam
Control: tags -1 + confirmed
On Sat, 2022-04-23 at 10:25 +0200, Florian Ernst wrote:
> Clementine fails to start if the package libqt5sql5-sqlite is not
> installed, i.e. clementine is missing a Depends. This was reported in
> #1008312, an identical fix has already been uploaded to Unstable.
>
>
Control: tags -1 + confirmed d-i
On Thu, 2022-04-28 at 22:21 +1000, Hugh McMaster wrote:
> This update fixes three security vulnerabilities in FreeType
> 2.10.4+dfsg-1.
>
> - CVE-2022-27404: heap buffer overflow via invalid integer decrement
> in
> sfnt_init_face() and woff2_open_font().
> - CVE-
Control: tags -1 + confirmed
On Sat, 2022-04-30 at 09:11 +0200, Yadd wrote:
> node-ejs is vulnerable to server-side template injection
> (CVE-2022-29078, #1010359) and probably to prototype pollution.
>
Please go ahead.
Regards,
Adam
Control: tags -1 + confirmed
On Sun, 2022-05-01 at 17:34 +0200, Yadd wrote:
> node-sqlite3 is vulnerable to denian of service (CVE-2022-21227)
>
Please go ahead.
Regards,
Adam
Control: tags -1 + confirmed
On Tue, 2022-05-03 at 20:18 +0200, Roland Gruber wrote:
> Package: release.debian.org
> Severity: important
>
p-u requests are always "normal" severity. (Fixed earlier.)
[...]
> Stored XSS and arbitrary image read vulnerability.
> See
> https://github.com/LDAPAccou
Control: tags -1 + confirmed
On Thu, 2022-05-12 at 02:31 +0900, yokota wrote:
> Fix CVE-2022-30333 and its corresponding RC bug.
>
> [ Impact ]
> CVE-2022-30333 is directory traversal vulnerability.
> It write to files during an extract operation on outside of
> extraction
> directory.
>
Please
Control: tags -1 + confirmed
On Fri, 2022-05-13 at 11:30 +0200, Yadd wrote:
> node-eventsource is vulnerable to sensible headers exposure
> (CVE-2022-1650)
>
FWIW, you mean sensitive. :-)
Please go ahead.
Regards,
Adam
Hi,
I get the autoremoval notification (see below) for my SubNetCalc
package. SubNetCalc clearly has no dependency on anything related to
NVIDIA drivers. It is a simple shell tool. There is probably something
wrong with the autoremoval script.
Den 26.05.2022 07:57, skrev Debian testing autor
Hi,
I get the autoremoval notification (see below) for my RSPLIB package.
RSPLIB clearly has no dependency on anything related to NVIDIA drivers.
There is probably something wrong with the autoremoval script.
Den 26.05.2022 07:48, skrev Debian testing autoremoval watch:
rsplib 3.4.1-1 is mar
Hi,
I get the autoremoval notification (see below) for my BibTeXConv
package. BibTeXConv clearly has no dependency on anything related to
NVIDIA drivers. It is a set of simple shell tools. There is probably
something wrong with the autoremoval script
Den 26.05.2022 06:40, skrev Debian testin
Hi,
I get the autoremoval notification (see below) for my NetPerfMeter
package. NetPerfMeter clearly has no dependency on anything related to
NVIDIA drivers. It is a set of simple shell tools. There is probably
something wrong with the autoremoval script.
Den 26.05.2022 07:27, skrev Debian t
Hi,
I get the autoremoval notification (see below) for my HiPerConTracer
package. HiPerConTracer clearly has no dependency on anything related to
NVIDIA drivers. It is a set of simple shell tools. There is probably
something wrong with the autoremoval script.
Den 26.05.2022 07:02, skrev Debi
Package: trustedqsl
Version: 2.6.2-1
Severity: normal
Hi, creating this for visibility. Since I'm experiencing the issue, I
will try to resolve it. Also (not related to this bug), I have an
update to upstream 2.6.3 ready to upload. I am planning to wait until the
auto-openssl transition complet
Thanks for this bug report and for the patch, Nicolas.
I integrated your commits into the Git repository of the dh-package at
Salsa, on a side branch called bug-1011556 [1].
I had to make a series of adjustments to your code, in order to have it
working correctly, namely :
* buildsystem.pm
Control: tags -1 + confirmed d-i
On Sat, 2022-04-09 at 23:04 +, Thorsten Alteholz wrote:
>
> The attached debdiff for fribidi fixes CVE-2022-25308, CVE-2022-25309
> and
> CVE-2022-25310 in Bullseye. These CVEs have been marked as no-dsa by
> the
> security team.
This looks OK to me, thanks,
Control: tags -1 + confirmed
On Tue, 2022-04-12 at 06:39 +0200, Yadd wrote:
> node-moment is vulnerable to path traversal (#1009327, CVE-2022-
> 24785)
>
Please go ahead.
Regards,
Adam
Control: tags -1 + confirmed
On Tue, 2022-04-12 at 09:40 -0300, Antonio Terceiro wrote:
> OpenSSH 8.8 disables RSA signatures using the SHA-1 hash algorithm,
> and
> that breaks clients that do not support stronger algorithms, which is
> the case of the ruby-net-ssh version in bullseye.
>
> [ Imp
Control: tags -1 + confirmed
On Wed, 2022-04-13 at 19:46 +0100, Julian Gilbey wrote:
> The bug is reported in https://bugs.debian.org/989660
> I didn't spot it at the time because I'm only an uploader, not the
> named maintainer, and had forgotten to check the BTS. Sorry about
> that. The bug wa
Control: severity -1 serious
Hi,
On Fri, 1 Apr 2022 19:32:34 +0200 Paul Gevers wrote:
On Wed, 2 Feb 2022 22:42:10 +0100 Sebastian Ramacher
wrote:
> The current default version of llvm is llvm-toolchain-13. To reduce the
> number of llvm versions, please consider switchting to llvm-toolchain-
Package: yarnpkg
Version: 1.22.19+~cs24.27.18-1
Severity: serious
Tags: ftbfs
Control: affects -1 + src:greenbone-security-assistant
Hi,
greenbone-security-assistant fails to built on most (all?) architectures
except amd64. There seems to be a segmentation fault during a yarnpkg call:
debian/ru
Control: tags -1 + confirmed
On Wed, 2022-03-23 at 11:14 +0100, Yadd wrote:
> node-node-forge signature verification code is lenient in checking
> the digest
> algorithm structure. This can allow a crafted structure that steals
> padding
> bytes and uses unchecked portion of the PKCS#1 encoded mes
Control: tags -1 + confirmed
On Wed, 2022-03-23 at 12:17 +0100, Andreas Rönnquist wrote:
> I would like to fix a bug in geeqie in bullseye where selecting
> several
> items in a file-list and then trying to deselect one item using
> Ctrl+click doesn't work as it should.
>
Please go ahead; sorry
Control: tags -1 + confirmed
On Wed, 2022-03-23 at 12:36 +0100, Yadd wrote:
> node-minimist is vulnerable to a prototype pollution not totally
> fixed
> by CVE-2020-7598 patch (pushed in 1.2.5-1 and 1.2.0-1+deb10u1)
>
Please go ahead.
Regards,
Adam
Control: tags -1 + confirmed
On Mon, 2022-04-11 at 16:17 +0200, Yadd wrote:
> On 24/03/2022 15:12, Moritz Mühlenhoff wrote:
> > Am Wed, Mar 23, 2022 at 02:25:26PM +0100 schrieb Yadd:
> > > Package: release.debian.org
> > > Severity: normal
> > > Tags: bullseye
> > > User: release.debian@packag
Control: tags -1 + confirmed
On Fri, 2022-03-25 at 19:57 +0100, Joachim Falk wrote:
> This proposed update fixes two regressions:
>
> (i) https://bugs.launchpad.net/ubuntu/+source/tigervnc/+bug/1929790
>
> * TigerVNC 1.11.0 contains a (pixel order) regression that causes
>vncviewer to displ
Control: tags -1 + confirmed
On Mon, 2022-03-28 at 21:51 +, Thorsten Alteholz wrote:
> The attached debdiff for golang-github-russellhaering-goxmldsig fixes
> CVE-2020-7711 in Bullseye. This CVE has been marked as no-dsa by the
> security team.
>
Please go ahead.
Regards,
Adam
Control: tags -1 + confirmed
On Wed, 2022-04-06 at 21:48 +, Thorsten Alteholz wrote:
> The attached debdiff for minidlna fixes CVE-2022-26505 in Bullseye.
> This
> CVE has been marked as no-dsa by the security team.
>
Please go ahead, thanks.
Regards,
Adam
Guido Günther writes ("Re: Bug#1010061: git-buildpackage: FTBFS on bookworm and
sid: multiple issues"):
> Thanks. I did an upload a while back but now dgit's tests fail:
>
>https://tracker.debian.org/pkg/git-buildpackage
>https://ci.debian.net/data/autopkgtest/testing/amd64/d/dgit/2218244
Hi,
Another small patch. :-)
Best Regards,
Zhang BoyangFrom ae763e89f00575e56a7242e27c9b0789c0de411e Mon Sep 17 00:00:00 2001
From: Zhang Boyang
Date: Sun, 29 May 2022 02:45:32 +0800
Subject: [PATCH] Don't call FBIOPAN_DISPLAY when using the vga16fb driver
When using vga16fb, there is no need
in the attached file. I will try to analysis it.
(For size reasons, lines with md5 in it is filtered out by "sed -i -E -e
'/[a-f0-9]{32,32}/d' diff.details.txt")
Best Regards,
Zhang Boyangdiff -r /mnt/.disk/cd_type /groundtruth/.disk/cd_type
1c1
< bluray
---
> full_cd
d
Source: fenics-basix
Version: 0.4.0-1exp1
Severity: serious
Tags: ftbfs
Justification: fails to build from source (but built successfully in the past)
Hi,
fenics-basix/experimental FTBFS while performing a separate binary-indep
build as would be done by the buildds. You can do that manually with
Control: tags -1 + confirmed
On Mon, 2022-03-21 at 14:09 +0100, Yadd wrote:
> node-mermaid is vulnerable to XSS attack (CVE-2021-23648)
>
Please go ahead.
Regards,
Adam
Control: tags -1 - moreinfo
On 28/05/2022 20:53, Adam D. Barratt wrote:
Control: tags -1 + moreinfo
On Fri, 2022-05-20 at 09:47 +0200, Yadd wrote:
node-raw-body embeds a patch that creates a Denial-of-Service
vulnerability into node-express.
[ Impact ]
Security issue, a simple request can cra
Control: tags -1 + confirmed
On Sat, 2022-05-28 at 22:36 +0200, Yadd wrote:
> Control: tags -1 - moreinfo
>
> On 28/05/2022 20:53, Adam D. Barratt wrote:
> > Control: tags -1 + moreinfo
> >
> > On Fri, 2022-05-20 at 09:47 +0200, Yadd wrote:
> > > node-raw-body embeds a patch that creates a Denia
I need to amend my recommendations slightly.
pkg-config _will_ need to remain in Build-Depends due to a very recent
change in groff upstream.
> 2022-05-26 G. Branden Robinson
>
> * bootstrap.conf: Add "pkg-config" to `buildreq`. Not having it
> causes pretty horrible macro expa
I found a matching issue on the Arch Linux forum:
https://bbs.archlinux.org/viewtopic.php?id=276648
Which ultimately links to this discussion on one of the kernel mailing
lists:
https://lore.kernel.org/kvm/ynhalvjww6e94...@google.com/
https://lore.kernel.org/kvm/20220504001219.983513-1-sea...@go
Control: severity -1 normal
Hello,
Salvatore Bonaccorso, le sam. 28 mai 2022 12:56:30 +0200, a ecrit:
> CVE-2022-31783[0]:
> | Liblouis 3.21.0 has an out-of-bounds write in compileRule in
> | compileTranslationTable.c, as demonstrated by lou_trace.
lou_trace takes a braille table as input, which
Paul Gevers writes ("Bug#1005873: [git-buildpackage/master] pq: Check if repo
is clean before importing patches"):
> Control: severity -1 serious
...
> Seems like the autopkgtest of dgit is now blocking progression of
> git-buildpackage related to this change.
Thanks for escalating this. I had
Package: git-buildpackage
Version: 0.9.26
Severity: serious
Hi.
With recent gbp pq (as of 0.9.26), dgit needs to pass new options
(well, actually, it does this via the config file so as to still work
with older gbp). That's #1005873.
dgit 9.16 which I have just uploaded does this (again, sorry
This is a bug introduced in TQSL 2.6.
Patch to correct this attached. This will go out as part of TQSL 2.6.4.
73,
-Rick
On Sat, May 28, 2022 at 4:09 PM tony mancill wrote:
> Package: trustedqsl
> Version: 2.6.2-1
> Severity: normal
>
> Hi, creating this for visibility. Since I'm experienci
Package: nftables
Version: 1.0.2-1
Severity: important
File: nftables.conf
Tags: ipv6
X-Debbugs-Cc: tmcconnell...@gmail.com
Dear Maintainer,
What led up to the situation?
Trying to configure and enable nftables to stop ip6 neighbor discovery packets
from being rejected by VPN
What exactly did yo
i think i know what rhat might be. i flat-out refuse to let a mission critical
piece of software developed by pottering run on systems that i manage,
particularly after seeing the persistent generation of CVEs on mitre.org, and
also in interactions with him where he just does not listen.
(trans
Package: xserver-xorg-core
Version: 2:21.1.3-2+b1
Severity: important
After upgrading to 2:21.1.3-2+b1, X consistently segfaults with the
stacktrage in the attached log. Downgrading selected packages as
follows:
xserver-xorg-input-evdev=1:2.10.6-2
xserver-xorg-input-mouse=1:1.9.3-1
xserver-xorg-v
On Sat, 2022-05-28 at 12:16 +0200, Sebastian Ramacher wrote:
> Control: tags -1 confirmed
>
> On 2022-05-20 10:36:34 -0400, M. Zhou wrote:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian@packages.debian.org
> > Usertags: transition
> >
> > Dear release team,
> >
Package: sponsorship-requests
Severity: important
X-Debbugs-Cc: bruno.naib...@gmail.com
Dear mentors,
I am looking for a sponsor for my package "tcpslice":
* Package name: tcpslice
Version : 1.5-1
Upstream Author : https://github.com/the-tcpdump-group/tcpslice/issues
* URL
Package: sponsorship-requests
Severity: normal
Dear mentors,
I am looking for a sponsor for my package "dirdiff":
* Package name: dirdiff
Version : 2.1-9
Upstream Author : [fill in name and email of upstream]
* URL : https://samba.org/ftp/paulus/
* License
On Sat, 28 May 2022, Jonas Smedegaard wrote:
Control: reassign -1 haskell-devscripts
Control: retitle -1 haskell-devscripts: DEB_ENABLE_TESTS ignored
Control: affects -1 haskell-swish
Quoting Lucas Nussbaum (2022-05-26 21:04:50)
During a rebuild of all packages in sid, [haskell-swish] failed t
Package: sponsorship-requests
Severity: normal
Dear mentors,
I am looking for a sponsor for my package "jimtcl":
* Package name: jimtcl
Version : 0.81+dfsg0-2
Upstream Author : [fill in name and email of upstream]
* URL : http://jim.tcl.tk/
* License : BS
Package: podman
Version: 3.0.1+dfsg1-3+deb11u1
Severity: important
X-Debbugs-Cc: vincent.olivert.ri...@gmail.com
Dear Maintainer,
Podman has stopped working (atleast for me) without having modified anything
from its configuration. I simply try to run 'bash' from a Debian container, and
it crashes
> > Fix CVE-2022-30333 and its corresponding RC bug.
...
> Please go ahead.
Thanks. I was uploaded unrar-nonfree/1:6.0.3-1+deb11u1 to bullseye.
--
YOKOTA Hiroshi
Package: suricata
Version: 1:6.0.5-2
Severity: minor
Tags: ftbfs
User: debian-ri...@lists.debian.org
Usertags: riscv64
X-Debbugs-Cc: debian-ri...@lists.debian.org
Justification: fails on some buildd machines (but built successfully on real
riscv64 machine)
Dear Maintainer,
I am verfiy the sur
Package: fontconfig
Version: 2.13.1-4.4
Severity: important
X-Debbugs-Cc: shbi...@gmail.com
fontconfig does not read user specific configuration files,
only ever `access(2)'es them (revealed by strace(1)) but
unlike system-wide configuration never `openat(2)'s them.
$ strace fc-match monospace
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: Dmitry Baryshkov ,
gnutl...@packages.debian.org
Hello,
as requested in #1011246 I would like fix miscalculation of SHA384 in
the SSA accelarated implementation.
It
Package: dpkg
Version: 1.21.8
Severity: normal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On a host running Testing, I got the message below this morning:
Unpacking dpkg (1.21.8) over (1.21.7) ...
Setting up dpkg (1.21.8) ...
dpkg: warning: unknown dpkg database file /var/lib/dpkg/format is
Package: reprotest
Hello,
I found Salsa CI reprotest on my repo fails when "FAKETIME variation:
faketime = [balabala]" is decided. The relevant output is:
dpkg-source: error: cannot change timestamp for
build-experiment-1/.pc/applied-patches: Invalid argument
Full log is here:
https://sals
This is the v2 patch series. There are some reordering, squashing, and
minor changes compared to previously proposed patch series.
An all-in-one patch for quilt is also attached, which can be directly
applied to the git repo. (Same as the merge request it self)From c8de527c0c0ff5b8e2a3c10c1d26e
101 - 173 of 173 matches
Mail list logo
