CCing the Security Team as well
On Fri, Jun 21, 2019 at 01:15:23PM +0200, Piotr Ożarowski wrote:
> Hi Andreas,
>
> > > Please see https://bugzilla.redhat.com/show_bug.cgi?id=1718212
> > >
> > > Patch is at
> > > https://gist.github.com/dhondta/f71ae7e5c4234f8edfd2f12503a5dcc7
> >
> > I know yo
On Wed, 10 Jul 2019, Gianfranco Costamagna wrote:
I'm uploading this fix in deferred/10, please Thorsten let me know if I can
speed it up!
yes, please do as fast as you want to.
I also rebased the patch and forwarded it upstream, since nobody did it so far.
Thanks a lot.
Thorsten
Your message dated Wed, 10 Jul 2019 22:49:51 +0300
with message-id
and subject line Re: Bug#931750: telegram-desktop: Packace uninstallable due to
alleged lack of dependency
has caused the Debian Bug report #931750,
regarding telegram-desktop: Packace uninstallable due to alleged lack of
depende
Processing control commands:
> severity -1 serious
Bug #795897 [src:pound] pound: please make the build reproducible
Severity set to 'serious' from 'wishlist'
--
795897: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795897
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problem
This is most certainly not a grave bug, but rather a design decision that
Firefox made a long time ago (all private mode sites share state).
For your use case you should probably look into multi-account containers (
https://support.mozilla.org/en-US/kb/containers).
David
signature.asc
Descript
Thank you very much for your answer.
It helps to understand the current situation.
(There was no way to tell if discussions happened somewhere else than here,
and/or if there were more details to how and when people are affected, how
frequent, etc. And some maintainers are quite lazy with closi
Hi Moritz,
> > > redis: CVE-2019-10192 CVE-2019-10193
> >
> > These has been fixed everywhere apart from stretch and buster. Would
> > you like uploads for these distributions?
>
> Yes, please, we should fix these via -security.
Done via:
* redis_3.2.6-3+deb9u3_amd64.changes
* redis_5.0.3-
I can confirm that amarok 2.9.0-1 builds fine on buster without any changes.
On 2019, ജൂലൈ 10 8:40:21 PM IST, Xavier wrote:
>Le 10/07/2019 à 14:40, Pirate Praveen a écrit :
>> Package: pkg-js-autopkgtest
>> version: 0.8
>> severity: serious
>>
>> autopkgtest_rollup_src.js → autopkgtest_rollup_dest.js...
>> (!) Generated an empty bundle
>> (!) Unresolved dependencies
>>
Package: gnome-shell-extension-multi-monitors
Version: 16-1
Severity: grave
Tags: upstream
Justification: renders package unusable
Dear Maintainer,
After installing the following package, Itry to enable the extension in Gnome
Tweaks. The tab "Multi monitors add-on" was grayed out and had a triang
Package: comix
Version: 4.0.4-4
Severity: grave
Tags: patch
Justification: renders package unusable
Dear Maintainer,
Issue appear into both comix versions 4.0.4-3 and 4.0.4-4.
python-pil:amd64 5.4.1-2 -> 6.1.0-1 upgrade have introduce this:
# VERSION was removed in Pillow 6.0.0.
# PILLOW_VERSI
Your message dated Wed, 10 Jul 2019 16:09:58 +
with message-id
and subject line Bug#931791: fixed in node-terser 4.1.0-2
has caused the Debian Bug report #931791,
regarding Tighten binary package interdependencies so matching versions of
node-terser and libjs-terser are used in uglifyjs.terse
On Wed, Jul 10, 2019 at 04:36:26PM +0200, Anon Nymous wrote:
> I want to avoid spamming this, but please someone make clarity.
>
>
> Debian Buster got released now, here is a critical bug in a very common
> software, and apparently nobody cared about closing/postponing for several
> months.
> W
Processing control commands:
> forwarded -1 https://jira.mariadb.org/browse/MDEV-19490
Bug #931801 [mariadb-server-core-10.3] mariadb-server-core-10.3: mysqld
segfaults when database `information_schema` is accessed
Set Bug forwarded-to-address to 'https://jira.mariadb.org/browse/MDEV-19490'.
--
Control: forwarded -1 https://jira.mariadb.org/browse/MDEV-19490
Hi Roman,
Thank you for your report. This is a known bug and it's going to be
resolved in 10.3.16 version.
https://jira.mariadb.org/browse/MDEV-19490
Regards,
Faustin
signature.asc
Description: PGP signature
Processing control commands:
> tag -1 pending
Bug #931791 [uglifyjs.terser] Tighten binary package interdependencies so
matching versions of node-terser and libjs-terser are used in uglifyjs.terser
Added tag(s) pending.
--
931791: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931791
Debian
Control: tag -1 pending
Hello,
Bug #931791 in node-terser reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
https://salsa.debian.org/js-team/node-terser/commit/9e58f6a8694f3566cbcae8840e6
Le 10/07/2019 à 14:40, Pirate Praveen a écrit :
> Package: pkg-js-autopkgtest
> version: 0.8
> severity: serious
>
> autopkgtest_rollup_src.js → autopkgtest_rollup_dest.js...
> (!) Generated an empty bundle
> (!) Unresolved dependencies
> https://github.com/rollup/rollup/wiki/Troubleshooting#treat
Package: mariadb-server-core-10.3
Version: 1:10.3.15-1
Severity: critical
Justification: causes serious data loss
-- System Information:
Debian Release: 10.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-5-amd64 (SMP w/2 CPU cores)
Locale:
Processing commands for cont...@bugs.debian.org:
> severity 927921 critical
Bug #927921 [src:linux] Modeset: Invalid argument. No GUI.
Severity set to 'critical' from 'important'
>
End of message, stopping processing here.
Please contact me if you need assistance.
--
927921: https://bugs.debian.
Hi,
it was asked already some months ago, but please:
Is this somthing a normal admin needs to worry about when upgrading? Should I
hold upgrades back?
I want to avoid spamming this, but please someone make clarity.
Debian Buster got released now, here is a critical bug in a very common
software, and apparently nobody cared about closing/postponing for several
months.
While I understand that many a volunteers and so on, for a Debian "stable" t
I want to avoid spamming this, but please someone make clarity.
Debian Buster got released now, here is a critical bug in a very common software, and apparently nobody cared about closing/postponing for several months.
While I understand that many a volunteers and so on, for a Debian "stabl
Processing control commands:
> notforwarded -1
Bug #931795 [src:sbcl] sbcl: FTBFS with gcc-9, uses deprecated armv5 target on
armhf
Unset Bug forwarded-to-address
--
931795: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931795
Debian Bug Tracking System
Contact ow...@bugs.debian.org with pr
Control: notforwarded -1
Dear Gianfranco,
Le mercredi 10 juillet 2019 à 15:43 +0200, Gianfranco Costamagna a écrit :
> Source: sbcl
> Version: 2:1.5.4-1
> Severity: serious
> Justification: uses non-optimized code
> Tags: patch
> Forwarded:
> https://github.com/sbcl/sbcl/pull/34
Thanks for the
Hi,
it was asked already some months ago, but please:
Is this somthing a normal admin needs to worry about when upgrading? Should I hold upgrades back?
Processing commands for cont...@bugs.debian.org:
> affects 931795 - 2:1.4.16-2
Bug #931795 [src:sbcl] sbcl: FTBFS with gcc-9, uses deprecated armv5 target on
armhf
Removed indication that 931795 affects 2:1.4.16-2
> found 931795 2:1.4.16-2
Bug #931795 [src:sbcl] sbcl: FTBFS with gcc-9, uses depre
Processing commands for cont...@bugs.debian.org:
> affects 931795 2:1.4.16-2
Bug #931795 [src:sbcl] sbcl: FTBFS with gcc-9, uses deprecated armv5 target on
armhf
Added indication that 931795 affects 2:1.4.16-2
> tags 931795 + bullseye sid
Bug #931795 [src:sbcl] sbcl: FTBFS with gcc-9, uses deprec
[Adding t...@security.debian.org to CC]
Hi,
> redis: CVE-2019-10192 CVE-2019-10193
These has been fixed everywhere apart from stretch and buster. Would
you like uploads for these distributions?
(CVE-2019-10193 is not vulnerable in stretch, but is in buster.)
Regards,
--
,''`.
: :
On Wed, Jul 10, 2019 at 10:52:11AM -0300, Chris Lamb wrote:
> [Adding t...@security.debian.org to CC]
>
> Hi,
>
> > redis: CVE-2019-10192 CVE-2019-10193
>
> These has been fixed everywhere apart from stretch and buster. Would
> you like uploads for these distributions?
Yes, please, we should fi
Source: sbcl
Version: 2:1.5.4-1
Severity: serious
Justification: uses non-optimized code
Tags: patch
Forwarded: https://github.com/sbcl/sbcl/pull/34
cat debian/patches/default-arm.patch
Description: Default on armv7 for Ubuntu, since gcc-9 deprecates armv5
Author: Gianfranco Costamagna
Forwarded
Thanks for the reply.
I realized the error as soon as I sent the error report. Digging a bit
more in aptitude's options I managed to downgrade the required libraries and
install Telegram. Thanks.
Still, I don't understand why it's requiring a specific version of
libqt. Shouldn't a
Package: uglifyjs.terser
Version: 4.1.0-1
Severity: serious
justification: insufficient minimum version breaks the package
If uglify.terser is updated to 4.1.0, node-terser and libjs-terser is
not updated along with it, causing the following error.
uglifyjs.terser dist/d3-zoom.js -o dist/d3-zoo
Package: pkg-js-autopkgtest
version: 0.8
severity: serious
autopkgtest_rollup_src.js → autopkgtest_rollup_dest.js...
(!) Generated an empty bundle
(!) Unresolved dependencies
https://github.com/rollup/rollup/wiki/Troubleshooting#treating-module-as-external-dependency
d3-zoom (imported by autopkgte
Processing control commands:
> severity -1 serious
Bug #928885 [src:rdiff-backup] FTBFS with librsync 2
Severity set to 'serious' from 'normal'
> block 776246 by -1
Bug #776246 [librsync1] MD4 collision/preimage attacks (CVE-2014-8242)
776246 was not blocked by any bugs.
776246 was not blocking an
Processing control commands:
> tag -1 pending
Bug #919058 [itstool] its-tools: crashes when freeing xmlDocs
Added tag(s) pending.
--
919058: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919058
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Control: tag -1 pending
Hello,
Bug #919058 in mate-utils reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
https://salsa.debian.org/debian-mate-team/mate-utils/commit/1423f526f4196d32f848
Package: rsync
Version: 3.1.3-6
Severity: critical
Justification: breaks unrelated software
-- System Information:
Debian Release: 10.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_C
On Tue, 9 Jul 2019 at 16:56, Andreas Tille wrote:
>
> Hi Carnė,
>
> On Tue, Jul 09, 2019 at 04:53:31PM +0100, Carnė Draug wrote:
> > On Tue, 9 Jul 2019 at 10:33, Andreas Tille wrote:
> > >
> > > https://tests.reproducible-builds.org/debian/rbuild/unstable/amd64/gbrowse_2.56+dfsg-4.rbuild.log.gz
>
On Wed, Jul 10, 2019 at 11:45:53AM +0200, Laurent Bigonville wrote:
> Now that buster has been released, do you think we could move forward with
> uploading the last version of librsync in unstable?
Yes, I plan to proceed with this soon.
> I tried to rebuild duplicity and it's building fine.
I tri
On Tue, Jul 09, 2019 at 06:52:58PM +0200, Julien Cristau wrote:
> I think overall what you're trying to do here (the whole "notify the
> user they're out of date" thing) does not belong in apt. IMO it belongs
> in higher level tools that are going to heavily depend on the use case
> and so there's
Hey,
Now that buster has been released, do you think we could move forward
with uploading the last version of librsync in unstable?
I tried to rebuild duplicity and it's building fine.
Note that autoremoval of librsync is scheduled for August 6th, might be
good to have this fixed before.
K
Your message dated Wed, 10 Jul 2019 08:47:23 +
with message-id
and subject line Bug#931104: fixed in openvswitch
2.10.0+2018.08.28+git.8ca7c82b7d+ds1-13
has caused the Debian Bug report #931104,
regarding openvswitch-common: Wrong dependency on python-six
to be marked as done.
This means tha
Processing commands for cont...@bugs.debian.org:
> tags 907348 patch pending
Bug #907348 [src:dateutils] dateutils FTBFS on 32bit: test failures
Added tag(s) pending.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
907348: https://bugs.debian.org/cgi-bin/bugreport
Processing control commands:
> forwarded -1 https://github.com/hroptatyr/dateutils/pull/103
Bug #907348 [src:dateutils] dateutils FTBFS on 32bit: test failures
Set Bug forwarded-to-address to
'https://github.com/hroptatyr/dateutils/pull/103'.
--
907348: https://bugs.debian.org/cgi-bin/bugreport
control: forwarded -1 https://github.com/hroptatyr/dateutils/pull/103
On Wed, 8 May 2019 01:01:24 +0200 =?UTF-8?Q?Bernhard_=c3=9cbelacker?=
wrote:
> Control: tags 907348 + patch upstream
>
>
> Dear Maintainer,
> I tried to have a look and tracked it down into the file
> lib/leap-seconds.def whi
Processing control commands:
> tag -1 pending
Bug #931104 [openvswitch-common] openvswitch-common: Wrong dependency on
python-six
Added tag(s) pending.
--
931104: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931104
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Processing control commands:
> tag -1 pending
Bug #931104 [openvswitch-common] openvswitch-common: Wrong dependency on
python-six
Ignoring request to alter tags of bug #931104 to the same tags previously set
--
931104: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931104
Debian Bug Tracking
Control: tag -1 pending
Hello,
Bug #931104 in openvswitch reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
https://salsa.debian.org/openstack-team/third-party/openvswitch/commit/1c99397d
Hi,
The problem was solved after delete ~/.config/ directory.
Best regards,
Charles
Le 07/07/2019 à 10:39, Debian Bug Tracking System a écrit :
> Thank you for filing a new Bug report with Debian.
>
> You can follow progress on this Bug here: 931529:
> https://bugs.debian.org/cgi-bin/bugreport
Control: tag -1 pending
Hello,
Bug #931104 in openvswitch reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
https://salsa.debian.org/openstack-team/third-party/openvswitch/commit/1c99397d
51 matches
Mail list logo
