Bug#1069330: Control: retitle 1069330 ITP: apt-transport-oci -- OCI transport plugin for apt-get

Control: retitle 1069330 ITP: apt-transport-oci -- OCI transport plugin for apt-get

Bug#1061515: transition: ace

Control: tags -1 confirmed On 2024-01-25 19:47:27 +, Sudip Mukherjee wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: transition > X-Debbugs-Cc: sudipm.mukher...@gmail.com > Control: affects -1 + src:ace > > > Hi, > > Small t

Bug#1059706: epics-base.pc is still broken

Hi, On Wed, 10 Apr 2024 16:31:03 +0300 Andrius Merkys wrote: > control: reopen -1 > control: found -1 7.0.8+dfsg1-1 > > Hello, > > As epics-base.pc still contains incorrect paths, I am reopening this > bug. Maybe FINAL_LOCATION=/usr must be specified in debian/rules. override_dh_auto_build:

Bug#1070348: pipewire: pipewire-pulse: warningin syslog every second for snap_get_audio_permissions

Hello Sergio and Jeremy, Le sam. 4 mai 2024 à 05:48, Michael Welsh Duggan a écrit : After updating my linux kernel to 6.7.12-1, I keep getting the following message in my syslog, once a second: pipewire-pulse[]: default: snap_get_audio_permissions: kernel lacks 'fine grained unix mediation';

Bug#1005961: nq,fq: trying to overwrite '/usr/bin/fq', which is also in package nq 0.3.1-4

Control: found -1 fq/0.9.0-2 Control: found -1 nq/0.3.1-4 On 18.02.2022 08:39, Axel Beckert wrote: Hello, Trying to install fq fails for me as follows: Preparing to unpack .../archives/fq_0.0.4-2_amd64.deb ... Unpacking fq (0.0.4-2) ... dpkg: error processing archive /var/cache/apt/archives/f

Bug#1070312: O: zdbsp -- node builder library for OpenGL-based Doom-style games

retitle 1070312 ITA: zdbsp -- node builder library for OpenGL-based Doom-style games owner 1070312 j...@debian.org thanks On Fri May 3, 2024 at 4:18 PM BST, Bastian Germann wrote: > Jonathan Dowland has essentially orphaned zdbsp with > https://salsa.debian.org/debian/zdbsp/-/commit/b37655b0ffeab

Bug#1070352: rust-err-derive: fails to build from source on all architectures

Source: rust-err-derive Version: 0.3.1-1 Severity: serious Tags: ftbfs Justification: fails to build from source (but built successfully in the past) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 The package fails to build from source om all architectures. -BEGIN PGP SIGNATURE- iQIzBA

Bug#1069755: libntlm0: broken symlink: README -> README.md

On Fri, 2024-05-03 at 13:35 +0200, Simon Josefsson wrote: > I wonder why no QA tool reported this? As implied by the usertags I used, the adequate tool found it: http://bonedaddy.net/pabs3/log/2013/02/23/inadequate-software/ In addition, piuparts has a test for broken symlinks too, and as well

Bug#1050536: vis: please upgrade to v0.9

Source: vis Version: 0.8-1 Followup-For: Bug #1050536 -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Control: retitle -1 vis: please upgrade to v0.9 New upstream version v0.9 has been released, which includes some support for LSP, as tracked here: https://github.com/martanne/vis/issues/853 Kin

Bug#1070217: chromium: Symbol lookup error with libsnappy1v5>=1.2.0

Martin Steigerwald - 02.05.24, 16:43:28 CEST: > Work-around for affected users: Of course this work-around is no longer necessary. Thank you for the quick fix, Laszlo. I appreciate it. -- Martin

Bug#1070300: pmix_psquash_base_select failed during MPI_INIT on 32bit architectures

Samuel Thibault, le ven. 03 mai 2024 19:00:22 +0200, a ecrit: > This has been posing migration issues for quite some time, I have > uploaded the attached fix to delayed/0. Some of the components depend on libmca_common_libdstore which also needs to be installed, otherwise openmpi emits some text o

Bug#1012752: unattended-upgrades: regularly stuck in loop, eating CPU

Hi, as this is regularly leaving systems unresponsible or at least in a state where its basically making a hot air dryer out of servers, I'm raising the severity. Its not an option to have a datacenter running amok. Bernd -- Bernd ZeimetzDebian GNU/Linux Developer

Bug#1059223: src:meson: fails to migrate to testing for too long: fails autopkgtest on arm64 and i386

On Fri, 3 May 2024 at 06:42, Shmerl wrote: > If real solution for this requires upstream involvement, may be it's worth > disabling > these tests, until upstream is actually not broken? That would at least move > things > forward, otherwise it might be stuck for who knows how long? I am the up

Bug#1070057: mutter: Severe keyboard input lag/pauses

Indeed, the update to mutter 46.1 solved the problem. Many thanks! Florian

Bug#1070190: sendmail-bin: CVE-2023-51765 SMTP smuggling with NUL followup

On 01/05/2024 16.14, Bastien Roucariès wrote: Dear Maintainer, unfortunately sendmail is orphaned ... CVE-2023-51765 is not fully fixed at least for forwarding bad mail. We must reject NUL including mail as a stop gap method. I have patched sendmail in order to enable O RejectNUL=True dire

Bug#1059668: nmu FTBFS

Hi, I upload this to allow new paramiko to migrate. Greetings tchet@quieter:~/deb/python-icecream$ cat debian/patches/python3.12 Forwarded: https://github.com/gruns/icecream/pull/147/files --- a/tests/test_icecream.py +++ b/tests/test_icecream.py @@ -570,7 +570,7 @@ list(ra

Bug#1069825: [Pkg-clamav-devel] Bug#1069825: clamav-daemon stops working with LibClamAV Error: cl_engine_addref: engine == NULL

On 2024-04-25 13:38:51 [+0200], Michael Braun wrote: > Hi, Hi, > I'm scanning incoming mails using clamav-daemon and clamav-milter. > From time to time, my mailserver stops working due to clamav-daemon locking > up. > > The clamav logs read: > >6889 Apr 25 11:28:12 gate clamd[939931]: Thu

Bug#1070353: linux-image-6.7.12-amd64: No WiFi

Package: src:linux X-Debbugs-Cc: yahweh19...@hailmail.net Version: 6.7.12-1 Severity: important Dear Maintainer, * What led up to the situation? Booting with the linux-image-6.7.12-amd64 kernel results in Wi-Fi not working and Wi-Fi isn't even an option under network-manager. This issue also m

Bug#1059874: libuhd4.6.0: Segfault in gqrx related to libuhd 4.6.0

Hello, I am not the maintainer of libuhd, just tried to get some more information from the provided dmesg Code lines. These end in some boost::asio functions: boost::asio::detail::scheduler::concurrency_hint() const at /usr/include/boost/asio/detail/scheduler.hpp:142 Unfortunately this allows

Bug#1059874: libuhd4.6.0: Segfault in gqrx related to libuhd 4.6.0

Am 04.05.24 um 13:46 schrieb Bernhard Übelacker: These end in some boost::asio functions:   boost::asio::detail::scheduler::concurrency_hint() const at /usr/include/boost/asio/detail/scheduler.hpp:142 Forgot to attach how I got there: debugging.txt And for reference the upstream ticket:

Bug#1027978: micro-httpd: sends invalid HTTP when listing unreadable directories

On Mon, 29 Apr 2024 at 20:12, Martin-Éric Racine wrote: > > ma 29. huhtik. 2024 klo 20.59 Sudip Mukherjee > (sudipm.mukher...@gmail.com) kirjoitti: > > > > On Mon, 29 Apr 2024 at 09:00, Martin-Éric Racine > > wrote: > > > > > > On Thu, 05 Jan 2023 13:08:45 + Vincent Duvert > > > wrote: > >

Bug#1070354: lvm2: fsck'ing a snapshot (like e2scrub does) of a cached volume can destroy the filesystem

Package: lvm2 Version: 2.03.22-1+b1 Severity: normal Dear Maintainer, snapshots of cached volumes seem to be seriously broken (maybe it's fixed in the latest upstream version, I'm not sure). To see the issue, try the following: * create a cached volume, make a ext4 filesystem in it, mount it, a

Bug#1070355: python-memcache: please use this fixed watchfile and update to 1.62

Source: python-memcache Version: 1.59-8 Severity: normal Dear Maintainer, I noticed that the existing watch file does not work as expected. Please make the regexp a bit looser. The new tarball does not need python3-six anymore, it can be removed from both Depends: & Build-Depends: . Greetings

Bug#924132: runit: Add support for runit in init-system-helpers

Package: init-system-helpers Version: 1.66 Followup-For: Bug #924132 Dear Maintainer, Kindly ask if is there any progress of this bug. It will be very grateful for adding support of runit in init-system-helpers as it will make use runit as system init a bit easier. I just start to use runit, so

Bug#1070356: Ydotool out of date

Package: ydotool Version: 0.1.8-3 As per https://github.com/ReimuNotMoe/ydotool/issues/233#issuecomment-2094063802 Debian ydotool is five years old.

Bug#1065309: transition: gnat (12 -> 13 + time_t64)

Package: release.debian.org Followup-For: Bug #1065309 Hello. For some reason, some rebuilds succeeded without a +b1 version. Their reverse dependencies is dep-waiting on the +b1 version. Please cancel three dep-wait restrictions. gb libgnatcoll-db_23.0.0-6 . armel powerpc . -o gb libgnatc

Bug#1070331: RFS: nq/0.5-0.1 [NMU] -- Lightweight queue system

Control: block -1 by 1005961 On 03.05.2024 23:45, Christoph Biedl wrote: Hi, That would be necessary - although I don't know how to solve this in a sensible way. Sorry for disturbing your best intentions to bring nq back in shape - but this problem will not disappear by ignoring it. Complet

Bug#1034878: #1034878 meld gives python traceback if run as root

Bug #1034878 - meld gives python traceback if run as root is caused by the call to Gtk.Settings.get_default() in settings.py at about line 56. This code still exists in the

Bug#1070190: sendmail-bin: CVE-2023-51765 SMTP smuggling with NUL followup

On 04/05/2024 13.02, Andreas Beckmann wrote: I have patched sendmail in order to enable O RejectNUL=True directive, but I do not achieved the fact to enable it by default. Andreas could you get a glimpse at how to render  RejectNUL a default ? Second attempt. Completely untested. This should

Bug#1067763: interimap fails on 32-bit arches with 64-bit time_t

Control: tag -1 pending Hi, On Tue, 26 Mar 2024 at 13:44:28 +0100, Simon Chopin wrote: > interimap is packing structs that are sensible to the time_t transition. > Please see the attached debdiff as a *very* crude attempt to fix it in > Ubuntu. I'm hoping it'll be possible to come up with a neate

Bug#1070357: bookworm-pu: package tcl-unix-sockets/0.5-1

Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu Hi, please reject that package from p-u NEW. I'm sorry for the faulty upload, this one should've targeted unstable. Sven

Bug#1059041: Xorg segfault when unlocking from Xscreensaver while video playback

On Tue, 19 Dec 2023 20:22:43 +0100 Eduard Bloch wrote: #7 0x7fb14945a510 __restore_rt (libc.so.6 + 0x3c510) #8 0x7fb149186702 n/a (amdgpu_drv.so + 0x16702) #9 0x7fb149186c96 n/a (amdgpu_drv.so + 0x16c96) #10 0x55

Bug#1016957: remove kbd-chooser from the archive?

Hi, Paul Gevers wrote (Sat, 4 May 2024 07:46:45 +0200): > Hi Bastian, > > On Sat, 9 Sep 2023 19:03:07 +0200 Bastian Germann wrote: > > Control: severity -1 serious > > Can you please elaborate? I'm not seeing anything serious in this bug > report. I think Bastian's approach is, to remove kbd

Bug#1070358: clang-16: -fsanitize=fuzzer not working on trixie (but working on bookworm)

Package: clang-16 Version: 1:16.0.6-26 Severity: normal Dear Maintainer, I was trying to track down a regression reported by the ClusterFuzz service, and when I try to build the fuzzing reproducer on trixie, it fails. However, it works on Bookworm. So while I can work around the problem by usin

Bug#1059706: epics-base.pc is still broken

Control: tags -1 patch I've attached PoC patches which are based on https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059706#33 Before: $ pkg-config --cflags epics-base -I/build/reproducible-path/epics-base-7.0.8+dfsg1/include -I/build/reproducible-path/epics-base-7.0.8+dfsg1/include/os/Linux

Bug#1068610: dico: binary-all FTBFS

Followup-For: Bug #1068610 Control: tag -1 pending Hi, I've taken Holgers patch and imported it into the git repository on salsa and uploaded it to DELAYED/2 to make progress with the t64 transition. Please let me know if I should delay it longer. I've also fixed building the package twice in a r

Bug#1057172: baloo-kf5: Baloo Service Crashes After Enabling 'Index File Contents' Option

On Fri, 1 Dec 2023 00:26:27 +0100 Lucy wrote: #3 0x7fbe9c25afd0 __restore_rt (libc.so.6 + 0x3bfd0) #4 0x557d83358770 n/a (baloo_file + 0x13770) #5 0x557d8335885d n/a (baloo_file + 0x1385d) #6 0x557d83365bf1 n/a (baloo_file + 0x20bf1) #7 0x7fbe9cadd6f0 _ZN7QObject5eventEP6QEv

Bug#1068583: libgav1: FTBFS on s390x: test failures

Adding architecture-is-little-endian to build dependency is not a good solution as this blocks building glibc on big endian targets: https://buildd.debian.org/status/package.php?p=glibc&suite=sid Regards, Dave Anglin -- John David Anglin dave.ang...@bell.net

Bug#1070304: util-linux: Please build and provide the cal binary

> The example was to show how people could achieve using ncal to get > cal, if the > ncal package would not ship a cal binary. Sure, but the only reason for the cal binary as it is, is to have the original cal available. All new and extended features are in ncal and are explicitly deactivated whe

Bug#1070359: tabulate: too old for pandas 2.2

Package: python3-tabulate Version: 0.8.10-1 Severity: wishlist Control: block 1069792 by -1 (Not actually a hard block as it's not a hard Depends, but I'd prefer not to lose the functionality that does require it.) I would like to upgrade pandas to 2.2.x, but this will only use tabulate if it

Bug#1068422: can't import dask.dataframe - TypeError: descriptor '__call__' for 'type' objects doesn't apply to a 'property' object

Control: forwarded -1 https://github.com/dask/dask/pull/11035 Control: tags -1 fixed-upstream patch Thanks and probably yes (but I haven't tested that fix myself), as while it didn't happen in 3.11.8, it *does* happen in 3.11.9: https://ci.debian.net/packages/d/dask/unstable/amd64/46185892/

Bug#1069984: alire: Build-depends on NBS package libgnatcoll21-dev

Source: alire Followup-For: Bug #1069984 Hello. This bug is already fixed in 1.2.1-1.1. The ideal way to close a bug is usually in debian/changelog, but this bug was open after its fix has been uploaded to experimental, so you should probably close it as described at https://www.debian.org/Bugs/D

Bug#1070360: bottleneck: too old for pandas 2.2

Package: python3-bottleneck Version: 1.3.5+ds1-3 Severity: wishlist Control: block 1069792 by -1 (Not actually a hard block as it's not a hard Depends, but I'd prefer not to lose the functionality that does require it.) I would like to upgrade pandas to 2.2.x, but this will only use bottleneck

Bug#1070361: blosc: too old for pandas

Package: python3-blosc Version: 1.11.1+ds1-2 Severity: wishlist Control: affects -1 python3-pandas Some pandas functionality is currently unavailable because Debian blosc is too old; it requires >= 1.21.

Bug#1070362: libcoap3: CVE-2024-31031

Source: libcoap3 Version: 4.3.1-1 Severity: important Tags: security upstream Forwarded: https://github.com/obgm/libcoap/issues/1351 X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for libcoap3. CVE-2024-31031[0]: | An issue in `coap_pdu.c` in

Bug#1070363: openmolcas: please drop the obsolete python3-six dependency

Source: openmolcas Version: 23.10-1 Severity: normal Dear Maintainer, python3-six was once usefull during the Python2->3 migration but should now be removed. Upstream has already moved away, please update debian/control. Greetings Alexandre https://wiki.debian.org/Python3-six-removal tchet@

Bug#1070364: python-aiohttp: CVE-2024-30251

Source: python-aiohttp Version: 3.9.1-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for python-aiohttp. CVE-2024-30251[0]: | aiohttp is an asynchronous HTTP client/server framework for asyncio |

Bug#885414: base-files: lack of quoting in shell variable expansions in /etc/profile

Package: base-files Version: 13.2 Followup-For: Bug #885414 Dear Maintainer, I'd like to point out that the "fix" doesn't actually fix the reported problem. Variables that must be quoted in order to have a well-defined behavior are still not quoted, namely the "$i" is not quoted. See the very fir

Bug#1070365: lyskom-elisp-client: FTBFS: tries to write to /usr/local

Source: lyskom-elisp-client Version: 0.48+git.20231226.364902c3-2 Severity: serious Tags: ftbfs Justification: fails to build from source Hi, lyskom-elisp-client FTBFS in the minimal chroots used by the buildds: https://buildd.debian.org/status/package.php?p=lyskom-elisp-client ... cp lyskom-0.

Bug#1070366: sagenb-export: please package v3.4 and drop python3-six dependency

Source: sagenb-export Version: 3.2-4 Severity: normal Dear Maintainers, please package v3.4 and drop python3-six dependency https://github.com/vbraun/ExportSageNB/pull/20 https://wiki.debian.org/Python3-six-removal Greetings

Bug#1070368: python-pymbar: please package v4.0.3 and remove the python3-six dependecy

Source: python-pymbar Version: 3.1.0-4 Severity: normal Dear Maintainer, Usage of six is gone upstream https://wiki.debian.org/Python3-six-removal Greetings

Bug#1070367: linux-image-6.7.12-amd64: No WiFi

Package: src:linux X-Debbugs-Cc: yahweh19...@hailmail.net Version: 6.7.12-1 Severity: important Dear Maintainer, * What led up to the situation? Booting with the linux-image-6.7.12-amd64 kernel results in Wi-Fi not working and Wi-Fi isn't even an option under network-manager. This issue also m

Bug#1070369: sssd: CVE-2023-3758

Source: sssd Version: 2.9.4-2 Severity: grave Tags: security upstream Forwarded: https://github.com/SSSD/sssd/pull/7302 X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for sssd. CVE-2023-3758[0]: | A race condition flaw was found in sssd where

Bug#885414: base-files: lack of quoting in shell variable expansions in /etc/profile

El 4/5/24 a las 16:48, ca...@allfreemail.net escribió: Package: base-files Version: 13.2 Followup-For: Bug #885414 Dear Maintainer, I'd like to point out that the "fix" doesn't actually fix the reported problem. Variables that must be quoted in order to have a well-defined behavior are still no

Bug#1070334: libnet-frame-device-perl needs network access during build

Control: tags -1 + patch Étienne Mollier, on 2024-05-03: > Has someone an idea of better approach? Answering to myself, the test suite does not actually attempt to access the Internet, but it does attempt to access the device on the build machine that can route by default to 1.1.1.1. This is not

Bug#1003300: kxl: New upstream project and versions

The diff between old & new repos is very conservative; only autohell files

Bug#1070270: riseup-vpn: client no longer works due to cert verification problem

Hi Matt, Quoting Matt Taggart: > Package: riseup-vpn > Version: 0.21.11+ds1-5+b1 > Severity: grave > > When attempting to run the bookworm riseup-vpn package, it fails to > connect to riseup's servers and gives the following output: > > 2024/05/01 18:21:23 Error fetching eip v3 > json

Bug#755434: pmount: please support exfat filesystem (via fuse)

* Vincent Danjean , 2016-12-25 23:36: ++{ "exfat", "nosuid,nodev,user,quiet,nonempty", 1, "077", ",iocharset=%s",",fmask=%04o,dmask=%04o"}, This doesn't work for me. In dmesg I see: exfat: Unknown parameter 'quiet' -- Jakub Wilk

Bug#1034878: #1034878 meld gives python traceback if run as root

Control: forwarded -1 https://gitlab.gnome.org/GNOME/meld/-/issues/846 Control: severity -1 minor On Sat, May 4, 2024 at 8:42 AM wrote: > Bug #1034878 - meld gives python traceback if run as root is caused by the > call to Gtk.Settings.get_default() in settings.py at about line 56. In general,

Bug#1070299: Acknowledgement (gcc-14: Wrong vectorized code generated with -O3, ok without -O.)

This issue turned out to not be an gcc issue, but a badly declared flexible / 'zero-length array' at the end of the structure, which then relied on undefined behaviour. The declared size (here [4]) was then apparently taken into account in the code generation. I do not know of a way to dia

Bug#1053128: smbclient: "smbtree -N" causes a segfault when "server min protocol = NT1"

Hello, I am not a samba maintainer, just trying to collect some more information. As far as I see the crash happens because "cli_credentials_get_password(creds)" in line 62 returns a null pointer, which gets forwarded to the call to strlcpy without further check. Kind regards, Bernhard (rr) r

Bug#1067320: topal: FTBFS: debian/rules: debian_packaging.mk: No such file or directory

Source: topal Followup-For: Bug #1067320 Control: tag -1 + patch Hello. Attachment 002 below fixes this bug. Would you be OK with a non maintainer upload? The other attachments are unrelated sugestions. Would you be OK with a salsa.debian.org/debian/topal git repository? PATH 1/10 updates the

Bug#1070304: util-linux: Please build and provide the cal binary

On Sat, May 04, 2024 at 04:13:37PM +0200, Michael Meskes wrote: > > The example was to show how people could achieve using ncal to get > > cal, if the > > ncal package would not ship a cal binary. > > Sure, but the only reason for the cal binary as it is, is to have the > original cal available. A

Bug#1070370: dmitry: CVE-2017-7938 CVE-2020-14931 CVE-2024-31837

Source: dmitry X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerabilities were published for dmitry. CVE-2017-7938[0]: | Stack-based buffer overflow in DMitry (Deepmagic Information | Gathering Tool) version 1.3a (Unix) allows attackers to cause a

Bug#1070371: ofono: CVE-2023-4232 CVE-2023-4233 CVE-2023-4234 CVE-2023-4235

Source: ofono X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerabilities were published for ofono. It's not clear whether they were actually reported upstream or only submitted to Red Hat Bugzilla: CVE-2023-4232[0]: | A flaw was found in ofono, a

Bug#1070372: tqdm: CVE-2024-34062

Source: tqdm X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for tqdm. CVE-2024-34062[0]: | tqdm is an open source progress bar for Python and CLI. Any optional | non-boolean CLI arguments (e.g. `--delim`, `--buf-size`, | `-

Bug#1070374: social-auth-app-django: CVE-2024-32879

Source: social-auth-app-django X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for social-auth-app-django. CVE-2024-32879[0]: | Python Social Auth is a social authentication/registration | mechanism. Prior to version 5.4.1,

Bug#1070373: quickjs: CVE-2024-33263

Source: quickjs X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for quickjs. CVE-2024-33263[0]: | QuickJS commit 3b45d15 was discovered to contain an Assertion | Failure via JS_FreeRuntime(JSRuntime *) at quickjs.c. https:/

Bug#1070375: python-jose: CVE-2024-33663 CVE-2024-33664

Source: python-jose X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerabilities were published for python-jose. CVE-2024-33663[0]: | python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA | keys and other key formats. This is similar

Bug#1070376: uriparser: CVE-2024-34402 CVE-2024-34403

Source: uriparser X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerabilities were published for uriparser. CVE-2024-34402[0]: | An issue was discovered in uriparser through 0.9.7. | ComposeQueryEngine in UriQuery.c has an integer overflow via long

Bug#1069377: scipy: FTBFS on arm64: make[1]: *** [debian/rules:161: execute_after_dh_auto_install] Error 1

Source: scipy Followup-For: Bug #1069377 Control: tags -1 ftbfs This is an odd error. Looks as if the behaviour changed in respect to which exception gets emitted. There's a new release needing to get packaged. Likely it resolves the issue.

Bug#1070377: frr: CVE-2024-34088

Source: frr X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for frr. CVE-2024-34088[0]: | In FRRouting (FRR) through 9.1, it is possible for the get_edge() | function in ospf_te.c in the OSPF daemon to return a NULL pointer.

Bug#1070378: docker.io: CVE-2024-32473

Source: docker.io X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for docker.io. CVE-2024-32473[0]: | Moby is an open source container framework that is a key component | of Docker Engine, Docker Desktop, and other distribut

Bug#1070379: pytorch: CVE-2024-31580 CVE-2024-31583 CVE-2024-31584

Source: pytorch X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerabilities were published for pytorch. CVE-2024-31580[0]: | PyTorch before v2.2.0 was discovered to contain a heap buffer | overflow vulnerability in the component | /runtime/vararg_f

Bug#1070380: llvm-toolchain-18: CVE-2024-31852

Source: llvm-toolchain-18 X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for llvm-toolchain-18. CVE-2024-31852[0]: | LLVM before 18.1.3 generates code in which the LR register can be | overwritten without data being saved t

Bug#1070381: llvm-toolchain-17: CVE-2024-31852

Source: llvm-toolchain-17 X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for llvm-toolchain-17. CVE-2024-31852[0]: | LLVM before 18.1.3 generates code in which the LR register can be | overwritten without data being saved t

Bug#1070382: llvm-toolchain-16: CVE-2024-31852

Source: llvm-toolchain-16 X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for llvm-toolchain-16. CVE-2024-31852[0]: | LLVM before 18.1.3 generates code in which the LR register can be | overwritten without data being saved t

Bug#1070343: openfortivpn: stopped working after today's upgrade in Debian testing

Control: severity -1 important Control: retitle -1 please warn users about the option --pppd-accept-remote needed for ppp >= 2.5.0 On Sat, 04 May 2024 00:23:32 +0200 Francesco Poli (wintermute) wrote: [...] > Peer refused to agree to his IP address [...] I tried to downgrade ppp to version 2

Bug#1070383: llvm-toolchain-15: CVE-2024-31852

Source: llvm-toolchain-15 X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for llvm-toolchain-15. CVE-2024-31852[0]: | LLVM before 18.1.3 generates code in which the LR register can be | overwritten without data being saved t

Bug#1070384: llvm-toolchain-14: CVE-2024-31852

Source: llvm-toolchain-14 X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for llvm-toolchain-14. CVE-2024-31852[0]: | LLVM before 18.1.3 generates code in which the LR register can be | overwritten without data being saved t

Bug#1070385: obs-studio: Plugin fails to load libobs.so because it doesn't exist

Package: obs-studio Version: 30.1.2+dfsg-1 Severity: normal Dear Maintainer, I installed the following obs plugin in my home directory: https://github.com/LiveSplit/obs-livesplit-one Upon starting obs, the plugin did not load and the logs told me libobs.so was not found Typing $ dpkg -L libobs0

Bug#1069693: network-manager-fortisslvpn: upgrading the stack from network-manager-fortisslvpn-gnome to ppp broke a current working VPN configuration

Package: network-manager-fortisslvpn Followup-For: Bug #1069693 Hi, Issue #1070343 seems to be related to this issue. But I did not find a way to modify the affected VPN config (GNOME) and add the option (--pppd-accept-remote). Editing /etc/openfortivpn/config file has no (global) effect in this

Bug#1068583: libgav1: FTBFS on s390x: test failures

On 2024-05-04 10:02:38 -0400, John David Anglin wrote: > Adding architecture-is-little-endian to build dependency is not a good > solution as this blocks building glibc > on big endian targets: > https://buildd.debian.org/status/package.php?p=glibc&suite=sid libavif will also need to drop support

Bug#1070386: ITP: pass-import - MediaWiki API client in Python

Package: wnpp Severity: wishlist Owner: Hans-Christoph Steiner * Package name: remarkable Version : 1.87+git20240504.e8cc99d Upstream Author : Jamie McGowan * URL : https://github.com/roddhjav/pass-import * License : BSD-2 GPL-2+ LGPL-2.1+ MIT Programming L

Bug#1016957: remove kbd-chooser from the archive?

Hi On 04-05-2024 3:36 p.m., Holger Wansing wrote: I think Bastian's approach is, to remove kbd-chooser from the archive, since it was stated (see below) that it's no longer in use. It might be that udd assumes all packages that build a udeb are used. d-i has switched away from it to console-

Bug#1053995: Info received (ITP: fastfetch -- like neofetch, but much faster because written in C)

Hello, On Wed, Nov 15, 2023 at 02:12:00AM +, Li Carter wrote: > Friendly ping > As discussed on https://github.com/fastfetch-cli/fastfetch/issues/533#issuecomment-2094282467 I will be taking this bug to work on it. > > 2023年10月16日 14:39，Debian Bug Tracking System 写道： > > > > Thank you fo

Bug#1070387: gdcm: CVE-2024-25569 CVE-2024-22373 CVE-2024-22391

Source: gdcm X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for gdcm. These are fixed in 3.0.24: CVE-2024-25569[0]: | An out-of-bounds read vulnerability exists in the | RAWCodec::DecodeBytes functionality of Mathieu Malate

Bug#1070388: jupyterhub: CVE-2024-28233

Source: jupyterhub X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for jupyterhub. CVE-2024-28233[0]: | JupyterHub is an open source multi-user server for Jupyter | notebooks. By tricking a user into visiting a malicious subdoma

Bug#1070390: opendmarc: CVE-2024-25768

Source: opendmarc X-Debbugs-CC: t...@security.debian.org Severity: normal Tags: security Hi, The following vulnerability was published for opendmarc. It's unclear whether this is actually a security issue, it doesn't appear to have been reported upstream... CVE-2024-25768[0]: | OpenDMARC 1.4.2 c

Bug#1070391: wiki.debian.org: spelling error: This command backup all height key-slots

Package: wiki.debian.org Severity: minor Dear Maintainer, on page https://wiki.debian.org/LVM it says "This command backup all height key-slots" I'd like to suggest that the text is changed to: "This command backs up all eight key-slots"

Bug#1059223: src:meson: fails to migrate to testing for too long: fails autopkgtest on arm64 and i386

On Sat, 4 May 2024 at 13:27, Jussi Pakkanen wrote: > Disabling tests is also not a great because it just hides the bug. > Thus other packages that actually use this functionality are going to > hit this eventually and file more bugs on Meson. That is a waste of > everybody's time and energy. I m

Bug#1016957: remove kbd-chooser from the archive?

Paul Gevers (2024-05-04): > If you're sure it's not used, I can work around udd and have it at least > removed from testing. I think a bug retitle (or separate bug) would have > been better. The current bug isn't RC. If it's certain that package isn't used/useful anymore, the correct thing to do

Bug#1070393: gobgp: CVE-2023-46565

Source: gobgp X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for gobgp. CVE-2023-46565[0]: | Buffer Overflow vulnerability in osrg gobgp commit | 419c50dfac578daa4d11256904d0dc182f1a9b22 allows a remote attacker to | cause

Bug#1070392: exiv2: CVE-2024-24826 CVE-2024-25112

Source: exiv2 X-Debbugs-CC: t...@security.debian.org Severity: normal Tags: security Hi, The following vulnerabilities were published for exiv2. The advisories are a little misleading, they mention it as new in v0.28.0, but that only applies to the "main" branch, where it was removed and later r

Bug#1070394: libstb: CVE-2023-47212

Source: libstb X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for libstb. CVE-2023-47212[0]: | A heap-based buffer overflow vulnerability exists in the comment | functionality of stb _vorbis.c v1.22. A specially crafted .og

Bug#1070395: tinyproxy: CVE-2023-40533 CVE-2023-49606

Source: tinyproxy X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for tinyproxy. CVE-2023-40533[0]: | An uninitialized memory use vulnerability exists in Tinyproxy 1.11.1 | while parsing HTTP requests. In certain configuratio

Bug#979188: Maintaining git-subrepo in Debian?

On Mon, Apr 01, 2024 at 11:07:50PM +0200, Daniel Gröber wrote: > I wish we could use a rebase workflow with gbp but I haven't found a way to > do it yet. At least not with gbp import-ref as-is. We could work on a patch > for it I suppose ;) Looking at git-debrebase (https://www.youtube.com/watch?v

Bug#979188: Maintaining git-subrepo in Debian?

Hi Samo, On Tue, Mar 19, 2024 at 10:00:44PM +0100, Samo Pogačnik wrote: > > We can also do a call to figure out where you're at and what info you need > > because the huge scope of the general packaging related documentation can > > be a bit overwhelming and confusing, even if what you need to kno

Bug#979188: Maintaining git-subrepo in Debian?

Hi Daniel, Dne 31.03.2024 (ned) ob 16:01 +0200 je Daniel Gröber napisal(a): > > You removed the (Closes Bug#) ITP reference from d/changelog. It's policy > to close that but with the first upload, so you have to keep it. > Fixed (even salsa pipeline is happy:). > Workflow wise I don't see why y

Bug#979188: Maintaining git-subrepo in Debian?

Hi Daniel, just a quick update. Dne 01.04.2024 (pon) ob 23:07 +0200 je Daniel Gröber napisal(a): > > Anyway gbp has reasonably good documentation, maybe you haven't seen it yet: > http://honk.sigxcpu.org/projects/git-buildpackage/manual-html/gbp.intro.html > (note the navigation buttons in the t

  1   2   >