Guy Durrieu writes:
>
> [ 0.117782] Kernel panic — not syncing: timer doesn’t work through
> Interrupt-
> remapped I0-APIC
> [ 0.117848] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.1.0-7-and64 #1
> Debian
> 6.1.20-1
> [ 0.117913] Hardware name: Gigabyte Technology Co., Ltd. ABS50M-Gaming
>
Package: watchdog
Version: N/A
Severity: wishlist
Tags: l10n, patch
Dear Maintainer,
Please find attached the Romanian translation of the «watchdog» file.
Thanks,
Remus-Gabriel
watchdog_debconf_ro.po
Description: Binary data
Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
X-Debbugs-Cc: Debian Security Team
Control: clone -1 -2 -3 -4 -5 -6 -7 -8 -9 -10
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2023-0184,
Source: libmath-bigint-gmp-perl
Version: 1.6011-2
Severity: serious
Tags: ftbfs, patch
Dear Maintainer,
yesterday I uploaded libmath-bigint-perl 1.999838-1, which fixes RC
bugs.
Bug with this version of libmath-bigint-perl now
libmath-bigint-gmp-perl fails to build, since two test cases in
t/mbim
Hello,
Thanks for your answer !
Before receiving it I tried to update my BIOS to the last available
version (F51h). Without any effect.
I am not sure I understand everything that is said in your link, except
I must wait for the next updates... Right ?
Best regards.
-- Guy
Le 01/04/2023 à
Source: irssi
Version: 1.4.3-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for irssi.
CVE-2023-29132[0]:
| Irssi SA-2023-03 / Use after free in printing routine
If you fix the vulnerability please a
On Saturday, 1 April 2023 10:09:09 CEST Guy Durrieu wrote:
> Le 01/04/2023 à 09:25, Bjørn Mork a écrit :
> > Guy Durrieu writes:
> >>
> >> [ 0.117782] Kernel panic — not syncing: timer doesn’t work through
> >> Interrupt-
> >> remapped I0-APIC
> >> [ 0.117848] CPU: 0 PID: 0 Comm: swapper/0 No
Package: wdm
Version: N/A
Severity: wishlist
Tags: l10n, patch
Dear Maintainer,
Please find attached the Romanian translation of the «wdm» file.
Thanks,
Remus-Gabriel
wdm_debconf_ro.po
Description: Binary data
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: python-selen...@packages.debian.org
Control: affects -1 + src:python-selenium
Please unblock package python-selenium
[ Reason ]
There was another micro update of python-seleni
Package: php-symfony-cache
Version: 5.4.21+dfsg-1
Severity: important
X-Debbugs-Cc: b...@securemyvpn.com
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
* What exactly did you do (or not do) that was effective
Control: tags -1 + moreinfo
Hi Guy,
On Sat, Apr 01, 2023 at 10:09:09AM +0200, Guy Durrieu wrote:
> Hello,
>
> Thanks for your answer !
>
> Before receiving it I tried to update my BIOS to the last available version
> (F51h). Without any effect.
>
> I am not sure I understand everything that is
Since this upload triggers a regression in the testsuite of
libmath-bigint-gmp-perl (see #1033784), I just uploaded
libmath-bigint-gmp-perl 1.6011-3, which fixes the testsuite.
signature.asc
Description: PGP signature
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: verila...@packages.debian.org
Control: affects -1 + src:verilator
Please unblock package verilator
[ Reason ]
Dimitry Shachnev reported a RC issue (#1033667) against the veril
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: l...@packages.debian.org, car...@debian.org
Control: affects -1 + src:lnav
Hi Release team,
Please unblock package lnav
[ Reason ]
This update hotfixes an issue in the testsu
Hello,
This is something I have never done, but I can try.
However some time ago, for solving a previous issue, a guy from Debian
compiled for me an unofficial release including the patch to be tested,
along with some credentials. I know this is not the recommended
procedure :) but it worked.
Package: monitoring-plugins-contrib
Version: 42.20230308
Severity: normal
Hi!
check_running_kernel fails on my arm64 system:
Linux nautilus 6.1.0-7-arm64 #1 SMP Debian 6.1.20-1 (2023-03-19) aarch64
GNU/Linux
root@nautilus:~# /usr/lib/nagios/plugins/check_running_kernel
WARNING: Running kernel
Control: -1 unreproducible
Hi,
Thank you for your interest in reporting a bug.
Le 01/04/2023 à 11:01, DorianCoding a écrit :
Package: php-symfony-cache
Version: 5.4.21+dfsg-1
[…]
*** Reporter, please consider answering these questions, where appropriate ***
It would have been nice to actua
On Sat, 01 Apr 2023, Peter Palfrader wrote:
> --- /usr/lib/nagios/plugins/check_running_kernel2023-03-08
> 11:28:49.0 +0100
> +++ ./check_running_kernel 2023-04-01 11:35:33.643925332 +0200
> @@ -164,6 +164,8 @@
> cat_vmlinux "$image" "\x89\x4c\x5a\x4f\x00\x0d\x0a\x1a"
Hi Phil,
On Sat, 01 Apr 2023 02:41:05 +0200,
Phil Gruber wrote:
>
> Thanks for getting back to me.
>
> Here's what this looks like for me:
>
> > $ /usr/sbin/sogod
> > /usr/sbin/sogod: error while loading shared libraries:
> > libgnustep-base.so.1.24: cannot open shared object file: No such file o
Control: tags -1 +patch
I have noticed that besides mid: (Message-ID) protocol more URI schemes
supported by thunderbird are missed in the .desktop file. It can open
e.g. .ics files from https://, but I do not think it should be added.
For symmetry I have added x-/non-x- counterparts to text/
X-Debbugs-Cc: Marco d'Itri
I cannot reproduce this here. BTW: That stack backtrace is missing
the actual error message which I need.
The offending line in mediastreamer2 would be this:
s->dev = ms_strdup(card_data->pa_id_sink);
In GDB, could you try running these commands after triggeri
X-Debbugs-CC: Daniel Kahn Gillmor
On Wed, Mar 29, 2023 at 08:47:45AM +0900, Daniel Kahn Gillmor wrote:
> Thanks for this fix! I notice that the text says:
>
> >>> To enable it restart the program with the variable
> >>> LINPHONE_DO_APPIMAGE_DOWNLOAD set to "y" in the environment.
>
> but the act
Control: tags -1 + fixed-upstream
Applied as
https://git.kernel.org/pub/scm/utils/kernel/kexec/kexec-tools.git/commit/?id=29fe5067ed07452bcbbbe5fcd0b4e4215f598014
наб
signature.asc
Description: PGP signature
Package: wireshark
Version: N/A
Severity: wishlist
Tags: l10n, patch
Dear Maintainer,
Please find attached the Romanian translation of the «wireshark» file.
Thanks,
Remus-Gabriel
wireshark_debconf_ro.po
Description: Binary data
Salvatore Bonaccorso writes:
> AFAIK there is no commit upstream with fixes tag on that commit. But
> Bjorn suspects that might be the suspicious commit introducing the
> issue.
Yes, I noticed that, so I could very well be wrong...
But it stood out as the only change to any x86 IOAPIC stuff
sin
Hey,
I can confirm that 2.2.0-7 works, installed on two systems and both works
as intended!
Control: retitle -1 O: aufs -- driver for a union mount for Linux filesystems
The aufs package is going nowhere.
In my opinion it should be removed.
As a first step, orphan it.
X-Debbugs-Cc: sergior...@potatobeans.id
Hi Sergio,
On Fri, 17 Mar 2023 00:55:16 +0700 Sergio Ryan
wrote:
Tell me how can I start. I can adopt this package and maintain it as I
still use it everyday.
Thanks for your offer. You should have a look at the New Maintainer's Guide:
https://www.deb
Package: wnpp
As noted in #963191, the aufs package is unmaintained.
So I orphan aufs-tools as well, which did not make it to bullseye nor bookworm.
Package maintenance need time and skills.
In my opinion, the package should be removed.
If you want to revive it in Debian please consider adopting
Source: profile-sync-daemon
Severity: important
I intend to salvage the profile-sync-daemon package in order to orphan it.
The last maintainer upload was in 2019 and there were two NMUs since.
Package: acpi
Version: 1.7-1.2
Followup-For: Bug #1018981
X-Debbugs-Cc: genteboapesso...@gmail.com
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
* What exactly did you do (or not do) that was effective (or
Source: mesa
Version: 22.3.6-1+deb12u1
Followup-For: Bug #640128
X-Debbugs-Cc: genteboapesso...@gmail.com
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
* What exactly did you do (or not do) that was effective
Hi,
On Sat, Apr 01, 2023 at 11:51:38AM +0200, Guy Durrieu wrote:
> Hello,
>
> This is something I have never done, but I can try.
>
> However some time ago, for solving a previous issue, a guy from Debian
> compiled for me an unofficial release including the patch to be tested,
> along with some
Dear Maintainer, I just installed the system, I don't know what causes the
bug to happen, it must be acpi sgx x509 incompatibility Reverse engineering
would be the solution, the bug happens all the time at boot, and in every
kernel I've ever used. -- System information: Debian version: 12.0 APT
pre
Dear Maintainer,
I just installed the system and updated.
60 fps is not fixed.
The monitor is not fully recognized at 60hz, it stays at 59.97
Solution would be better driver, for better support for everything, 4k60fps
etc
Improve PC hardware recognition
My pc is a Lenovo Ideapad 330-15IGM 81FN
Package: spamassassin
Version: 4.0.0-4
Severity: important
X-Debbugs-Cc: elaw...@grizzy.com
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
* What exactly did you do (or not do) that was effective (or
inef
Package: libregexp-pattern-license-perl
Version: v3.10.0
This package (as distributed on CPAN) will fail tests on Perl 5.37.10. The
code exploits historically undefined behavior which has become defined in
5.37.10.
Historically perl would "accumulate" capture buffer data in a quantified
subgroup
Bump to avoid auto removal while the fixed version ages in unstable.
Package: saods9
Version: 8.4.1+repack-1
Severity: important
With the current version, the connection from IRAF to saods9 fails,
because ds9 does not create the UNIX socket /tmp/.IMT%d.
The severity is set to "important" because interaction with IRAF is the
main use case for saods9.
Thanks for your help !
There is something not clear for me in the section 4.2.2. Simple
patching and building...
I ran apt-get install devscripts but I can't find any debian directory
nor patches. Is it sufficient to apply the patch given by Diederik de Haas ?
Regards.
-- Guy
Le 01/04/202
On Sat, Apr 01, 2023 at 10:36:56AM +0200, Salvatore Bonaccorso wrote:
> Source: irssi
> Version: 1.4.3-1
> Severity: grave
> Tags: security upstream
> X-Debbugs-Cc: car...@debian.org, Debian Security Team
>
>
> Hi,
>
> The following vulnerability was published for irssi.
>
> CVE-2023-29132[0]:
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package lazarus
Lazarus is an IDE and a library for rapid application development using Free
Pascal Compiler.
[ Reason ]
New upstream maintenance release.
[ Impact ]
Severa
Package: pasystray
Version: 0.7.1-1+b1
Severity: normal
https://github.com/christophgysin/pasystray/pull/166 got merged a
couple weeks ago, fixing serious issues making pasystray unusable with
wireplumber and bluetooth headphones.
These fixes got released in
https://github.com/christophgysin/p
Hi
I've created a merge request [1] on devscript to fix this issue
All the best
[1] https://salsa.debian.org/debian/devscripts/-/merge_requests/343
On April 1, 2023 4:31:49 PM GMT+02:00, Guy Durrieu
wrote:
>Thanks for your help !
>
>There is something not clear for me in the section 4.2.2. Simple patching and
>building...
>
>I ran apt-get install devscripts but I can't find any debian directory nor
>patches. Is it sufficient to apply th
I experimented with the package a bit and was successful in building it,
including running all the tests.
My current fix for the model path issue is not very good, though:
I simply patched out the relative path so it would work with the local
package build directory, but it's probably better if
Package: xawtv
Version: N/A
Severity: wishlist
Tags: l10n, patch
Dear Maintainer,
Please find attached the Romanian translation of the «xawtv» file.
Thanks,
Remus-Gabriel
xawtv_debconf_ro.po
Description: Binary data
I am in trouble... I first did "Obtaining the kernel source", and at the
end I got a /root/linux-source-6.1/ directory.
Then I did "Rebuilding official Debian kernel packages" and
"Preparation", and then I got among others a
/root/linux-source-6.1/linux-6.1.20 the content of which is simila
Control: tags -1 patch
On 29/01/2023 at 17:27, I wrote:
Observed behaviour:
- When looking for a loose firmware file, check-missing-firmware calls
"mountmedia" which returns after mounting the first device which can be
mounted.
- When looking for a firmware package, check-missing-firmware ca
On Thu, 5 Nov 2020 19:37:39 +0100 Philipp Kern
wrote:
> On 05.11.20 17:41, David Heidelberg wrote:
> > Package: wnpp
> > Severity: wishlist
> > Owner: David Heidelberg
> > X-Debbugs-Cc: debian-de...@lists.debian.org
> >
> > * Package name : dosbox-staging
> > Version : 0.76
> > Up
Package: libqt6core5compat6-dev
Severity: important
X-Debbugs-Cc: jeanmichael.celer...@gmail.com
Dear Maintainer,
When I try to install the package with apt I get:
libqt6core5compat6-dev : Depends: libqt6core5compat6 (= 6.3.1-2~bpo11+1) but
6.4.2-1~bpo11+1 is to be installed
It can be reproduce
Package: dropbear-initramfs
Severity: important
I am trying to sort out this bug, but the machine is blocked in an endless loop
It does /scripts/init-bottom
And then the monitor displays in an endless loop:
/scripts/init-premount/dropbear: line 339: sleep: not found
/scripts/init-premount/dropb
On Sat, Apr 01, 2023 at 09:53:06AM -0400, Ed Lawson wrote:
> Spamassassin does not start and is not functional. I have two computers
> running Debian Sid and spamassissin is not working on either. When I
> run systemctl status spamassassin it reports "Units spamassassin.service
> could not be foun
On Saturday, 1 April 2023 17:44:21 CEST Guy Durrieu wrote:
> I am in trouble... I first did "Obtaining the kernel source", and at the
> end I got a /root/linux-source-6.1/ directory.
>
> Then I did "Rebuilding official Debian kernel packages" and
> "Preparation", and then I got among others a
> /
I have another laptop that works perfectly with the same external
screen. Also Bookworm, both up to date, same configurations for
Plymouth, initramfs and grub. I checked the initramfs content and
couldn't detect a difference related to the display.
The laptop with the issue is a Thinkpad X1 ge
Package: xfonts-traditional
Version: N/A
Severity: wishlist
Tags: l10n, patch
Dear Maintainer,
Please find attached the Romanian translation of the «xfonts-traditional» file.
Thanks,
Remus-Gabriel
xfonts-traditional_debconf_ro.po
Description: Binary data
I just realized that it also doesn't report the Architecture field, so
it's impossible to tell if a given package is Architecture:all or not.
This info is there in /var/lib/apt/lists, so it's available to the tool.
Can we please make "apt info PACKAGE" and "apt show PACKAGE" report
these fields?
Thanks for your help !
That was more or less my conclusion, but it would indeed be useful to
clarify that 4.1 and 4.21. are mutually exclusive.
And I must admit that the # vs $ steps had escaped me :(
Best regards.
-- Guy
Le 01/04/2023 à 18:56, Diederik de Haas a écrit :
On Saturday, 1 Apr
Thanks for your help !
That was more or less my conclusion, but it would indeed be useful to
clarify that 4.1 and 4.21. are mutually exclusive.
And I must admit that the # vs $ steps had escaped me :(
Best regards.
-- Guy
Le 01/04/2023 à 18:56, Diederik de Haas a écrit :
On Saturday, 1 Apr
Control: severity -1 serious
Control: tags -1 bookworm-ignore
Hi,
On Tue, 21 Feb 2023 21:01:51 +0100 =?utf-8?Q?=C3=89tienne?= Mollier
wrote:
This looks to affect autopkgtest as well
on occasions[1], so can be annoying during testing migrations.
I ran into this issue today. Normally I file b
Hi Grzegorz, H.-Dirk
On 01-04-2023 19:54, Debian Bug Tracking System wrote:
This means that you claim that the problem has been dealt with.
I have uploaded a new upstream version that includes the fix for this
issue, as well as fixes for some more crashes. I would appreciate it a
lot if you
Re-checked on a new installed bookworm system:
type=PROCTITLE msg=audit(01/04/23 19:09:55.035:61) :
proctitle=restorecon -vv -R -F -n -T 0 /
type=PATH msg=audit(01/04/23 19:09:55.035:61) : item=0
name=/proc/sys/vm/overcommit_memory inode=14256 dev=00:14
mode=file,644 ouid=root ogid=root rdev=00:0
On Mon, 25 Oct 2021 15:08:31 -0400
=?utf-8?b?4LKa4LK/4LKw4LK+4LKX4LONIOCyqOCyn+CysOCyvuCynOCzjQ==?=
wrote:
> Package: grub2-common
> Version: 2.04-20
> Severity: normal
> X-Debbugs-Cc: debb...@chiraag.me
>
> Dear Maintainer,
>
> My setup is as follows. I have 2 storage disks, one SATA HDD and o
Control: retitle -1 ITP: tagainijisho -- Japanese dictionary and learning
assistant
X-Debbugs-Cc: b...@khumba.net
On Fri, 31 Mar 2023 21:15:12 -0700 Bryan Gardiner wrote:
I have updated the old 1.0.2-2 packaging for the latest release, and
uploaded a source package to mentors.debian.net. I ha
package release.debian.org
tags 1033157 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: debian-archive-keyring
Versi
Control: tags -1 moreinfo
On 27-03-2023 18:15, Eberhard Beilharz wrote:
While keyman has autopkgtests and so would qualify for automatic migration, the
tests are skipped on s390x.
Ack.
Included are only small changes: one is a small fix in the postinst script,
-set -e
+# Don't call `set -
package release.debian.org
tags 1033669 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: libdatetime-timezone-perl
Ve
On Wed, 29 Mar 2023 14:25:23 -0300 Antonio Terceiro wrote:
> On Wed, Mar 29, 2023 at 03:40:21AM +0200, Vincent Lefevre wrote:
> > On 2023-03-28 20:37:56 -0300, Antonio Terceiro wrote:
> > > Still, I see no evidence that this is caused by the Ruby interpreter.
> > > For example apt-listbugs uses a
Package: cruft-ng
Version: 0.9.54
Dear Alexandre,
a couple of false-positive reports from a fresh bookworm installation.
Using the recent daily script of chkrootkit result in the following
files reported:
/var/log/chkrootkit/chkrootkit-daily.log
/var/log/chkrootkit/log.expected
/var/log/chkro
Control: tags -1 + moreinfo
On Sat, 2023-04-01 at 07:32 +0400, Yadd wrote:
> debian/copyright was incomplete
>
The debdiff and package version both appear to be for unstable, not
bullseye.
In general, an update purely to licensing information isn't sufficient
to justify a rebuild and update for
Control: tags -1 + confirmed
On Sat, 2023-04-01 at 08:32 +0400, Yadd wrote:
> apache2 silently reenable apache2-doc.conf despite having been
> disabled
> (#1018718)
>
> [ Impact ]
> This behavior overwrites local changes on upgrade, which is a
> release-critical bug as it’s a Policy violation
>
Am Sat, Apr 01, 2023 at 08:32:55AM +0400 schrieb Yadd:
> Package: release.debian.org
> Severity: normal
> Tags: bullseye
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: apac...@packages.debian.org
> Control: affects -1 + src:apache2
>
> [ Reason ]
> apache2 silently r
Control: tags -1 + confirmed
On Sun, 2023-03-26 at 14:23 +0200, Rene Engelhard wrote:
> This fixes "CVE-2022-38745. Empty entry in Java class path risks
> arbitrary code execution" just disclosed by Apache OpenOffice.
>
Please go ahead.
Regards,
Adam
Control: tags -1 + confirmed
On Mon, 2023-03-27 at 19:42 +0200, Helmut Grohne wrote:
> Fix no-dsa security vulnerability CVE-2022-21797.
>
> [ Impact ]
>
> The n_jobs parameter of the parallel_backend, which used to be a
> string
> containing a Python expression, becomes restricted to fairly bas
Hi,
Steve McIntyre wrote (Sun, 26 Mar 2023 22:41:10 +0100):
> On Sun, Mar 26, 2023 at 11:06:56PM +0200, Holger Wansing wrote:
> >
> >
> >Am 26. März 2023 19:48:09 MESZ schrieb Steve McIntyre :
> >>If anybody *does* want to keep the rest of the text, please put it in
> >>an appendix called "extra
Control: tags -1 + confirmed
On Fri, 2023-03-31 at 22:28 +, Thorsten Alteholz wrote:
> The attached debdiff for duktape fixes CVE-2021-46322 in Bullseye.
>
Please go ahead.
Regards,
Adam
It seems that this bug is still present in current testing with
pipewire 0.3.65-3:
root@orion:~# grep pulse /var/log/syslog
2023-04-01T11:23:24.547424-03:00 orion systemd[1086]: Listening on
pipewire-pulse.socket - PipeWire PulseAudio.
2023-04-01T11:23:24.641238-03:00 orion systemd[1086]: Started
Control: tags -1 + confirmed
On Tue, 2023-03-14 at 08:01 +0400, Yadd wrote:
> node-webpack is vulnerable to cross-realm object access
> (#1032904, CVE-2023-28154)
>
Please go ahead.
Regards,
Adam
Control: tags -1 + confirmed
On Sat, 2023-03-18 at 16:20 +, Simon McVittie wrote:
> CVE-2023-28101: A malicious Flatpak app could prevent the flatpak(1)
> CLI
> from displaying its permissions as intended, by having crafted
> permissions
> or other metadata containing terminal escape sequences
Control: tags -1 + confirmed
On Fri, 2023-03-03 at 08:57 +, Bastien Roucariès wrote:
> CVE-2022-21222/CVE-2021-33587 The package css-what before 2.1.3 are
> vulnerable
> to Regular Expression Denial of Service (ReDoS) due to the usage of
> insecure
> regular expression in the re_attr variable
Control: tags -1 + moreinfo
On Thu, 2023-03-02 at 15:33 +0800, Aron Xu wrote:
> I would like to apply a few patches to address some stability issues
> in the
> zfs-linux package in bullseye. All the patches are cherry-picked from
> upstream
>
> 2.0.x and 2.1.x stable branches.
>
+This change re
Hi,
according to the source code, the option parser for -a tries to resolve
a symlink using a function disk_name(), the result is something like
sda, sdb sdc. This function requires the full pathname including /dev.
The code handling the spindown timer then uses this short name (sda,
sdb, sdc) f
Control: tags -1 + confirmed
On Tue, 2023-02-28 at 18:00 +0400, Yadd wrote:
> node-cookiejar is vulnerable to ReDoS (CVE-2022-25901).
>
Please go ahead.
Regards,
Adam
Control: tags -1 + confirmed
On Sat, 2023-02-25 at 21:16 +0100, Tobias Frost wrote:
> After fixing CVE-2023-22742 for LTS and ELTS, I'd like to see
> this CVE also fixed in stable, for consistency.
>
> The CVE is an inproper ssh certificate validation vulnerabilty,
> which allows man-in-the-middl
Am Mon, Mar 27, 2023 at 16:54:04 +0200 schrieb Tino Mettler:
[...]
> So yes, this is indeed inconsistent and confusing. Furthermore, the
> device name lookup for -a does not report any errors when the device is
> not found.
One addition: the fact that nothing is logged to /var/log/hd-idle.log
m
Control: tag -1 wontfix
On Sat, Apr 01, 2023 at 10:38:05AM -0700, Dima Kogan wrote:
> I just realized that it also doesn't report the Architecture field, so
> it's impossible to tell if a given package is Architecture:all or not.
> This info is there in /var/lib/apt/lists, so it's available to the
Control: tags -1 + confirmed
On Wed, 2023-02-22 at 13:48 -0500, Daniel Kahn Gillmor wrote:
> Please consider an update to publicsuffix in debian bullseye.
>
> This package reflects the state of the network, and keeping it
> current
> is useful for all the packages that depend on it.
>
Please go
Control: tags -1 + confirmed
On Sat, 2023-02-25 at 12:05 +, Simon McVittie wrote:
> User request via #1020937: make it possible to run GTK 3 apps in
> native
> Wayland on some proprietary GLES-only graphics drivers (Raspberry Pi
> video core, iMX/Vivante).
>
Please go ahead, sorry for the de
Control: tags -1 + confirmed
On Sun, 2023-02-12 at 00:06 +0200, Faidon Liambotis wrote:
> A no-dsa security vulnerability, CVE-2022-27650:
> https://security-tracker.debian.org/tracker/CVE-2022-27650
>
> [ Impact ]
> Copying from the CVE:
>
> "A flaw was found in crun where containers were incor
Control: tags -1 + confirmed
On Thu, 2023-02-16 at 19:38 +0100, Bas Couwenberg wrote:
> As reported in #1031392, postgis 3.1.1 has an important issue with
> polar
> stereographic projections which was resolved in 3.1.2.
>
> [ Impact ]
> Unusable coordinates from transformations.
>
Please go ahe
Control: tags -1 + confirmed
On Sun, 2023-02-19 at 22:56 +0800, Shengjing Zhu wrote:
> Backport patches for 2 CVE:
>
> * CVE-2023-25153: OCI image importer memory exhaustion
> * CVE-2023-25173: Supplementary groups are not set up properly
>
Please go ahead; sorry for the delay.
Regards,
Adam
Control: tags -1 + confirmed
On Sat, 2023-02-11 at 19:03 +0100, Reinhard Tartler wrote:
> conmon 2.0.25 contains a bug where the container will hang when there
> is lots of terminal output. You can easily reproduce like so:
>
> podman run -it --rm debian:latest
> find /
>
Please go ahead; sorry
On 2023-03-13 19:00:22 +0100, Sebastian Ramacher wrote:
> On 2023-03-13 13:28:47 -0400, Sanford Rockowitz wrote:
> > On 3/13/23 07:42, Sebastian Ramacher wrote:
> > > On 2023-03-13 07:25:41 -0400, Sanford Rockowitz wrote:
> > > > On 3/13/23 05:33, Sebastian Ramacher wrote:
> > > > > On 2023-03-11 0
Hi Sebastian,
On Fri, 24 Mar 2023 18:33:28 +0100 =?UTF-8?Q?Sebastian_H=c3=b6rberg?=
wrote:
> Package: micro
> Version: 2.0.11-1+b1
> Severity: normal
> The static binary from upstream's github works as expected.
>
> Could the debian package be missing the resource files?
I have tried to fix t
Control: tags -1 + confirmed
On Wed, 2023-03-29 at 16:26 +0400, Yadd wrote:
> lemonldap-ng is vulnarable to a second factor bypass when used with
> an
> "AuthBasic handler" (generally used for non-browser apps).
>
[...]
> I didn't pushed yet the already accepted patch for deb11u3
> (#1030598).
>
Control: retitle -1 unblock: lazarus/2.2.6+dfsg1-2
Another bug was fixed in order to allow building Lazarus for armel architecture.
This bug is just disabling a compilation switch in a source file.
The removed compilation switch forces to disable the FPU emulation, which does
not have any sense o
Control: tags -1 + moreinfo
On Wed, 2023-01-18 at 15:13 +0100, Andreas Rönnquist wrote:
> The clutter library is buggy, to the extent that geeqie might crash
> if
> not ran without it. This fix simply removes the libchamplain
> dependency
> (which in it's turn depends on clutter). This makes it po
Control: tags -1 + moreinfo
On Wed, 2022-12-28 at 22:40 -0500, Reinhard Tartler wrote:
> Backport for CVE-2022-1227, taken from
> https://github.com/containers/psgo/pull/92
>
> This prevents an exploit when running 'podman top'
>
Apologies for the delay in getting back to you regarding this.
Control: tags -1 + moreinfo
Apologies for the delay in getting back to you on this.
On Wed, 2022-12-28 at 22:26 -0500, Reinhard Tartler wrote:
> In order to fix CVE-2022-1227, an update to golang-github-containers-
> psgo
> is needed, more specifically,
> https://github.com/containers/psgo/pull/
Package: opendmarc
Version: 1.4.0~beta1+dfsg-6+deb11u1
Severity: serious
Tags: upstream patch
Justification: Maintainer designation
Currently opendmarc in Stable, Testing, and Unstable will crash if they
key used in an ARC header field is 3072 bit RSA or longer. This really
needs to be fixed prio
1 - 100 of 134 matches
Mail list logo
