Your message dated Sat, 22 May 2021 06:48:27 +
with message-id
and subject line Bug#988603: fixed in libxml2 2.9.10+dfsg-6.7
has caused the Debian Bug report #988603,
regarding libxml2: CVE-2021-3541: Exponential entity expansion attack bypasses
all existing protection mechanisms
to be marked
Control: tags 988603 + patch
Dear maintainer,
I've prepared an NMU for libxml2 (versioned as 2.9.10+dfsg-6.7). The diff
is attached to this message.
Merge Request is as well at
https://salsa.debian.org/xml-sgml-team/libxml2/-/merge_requests/7 .
Regards,
Salvatore
diff -Nru libxml2-2.9.10+dfsg/d
Processing control commands:
> tags 988603 + patch
Bug #988603 [src:libxml2] libxml2: CVE-2021-3541: Exponential entity expansion
attack bypasses all existing protection mechanisms
Added tag(s) patch.
--
988603: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988603
Debian Bug Tracking System
Processing commands for cont...@bugs.debian.org:
> severity 988603 grave
Bug #988603 [src:libxml2] libxml2: CVE-2021-3541: Exponential entity expansion
attack bypasses all existing protection mechanisms
Severity set to 'grave' from 'important'
> thanks
Stopping processing here.
Please contact me
Package: kdenlive
Version: 20.12.3-1
Severity: grave
Justification: renders package unusable
X-Debbugs-Cc: mar...@kucharczyk.im
Hi,
When I try to start Kdenlive it welcome screen appears for a few seconds
and then crashes:
$ kdenlive
Invalid metadata for "telecide"
Failed to parse "telecide"
Inv
Control: tag -1 pending
Hello,
Bug #988217 in u-boot reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
https://salsa.debian.org/debian/u-boot/-/commit/3f9f5486a74cb783f631f95320316fd5dd82
Processing control commands:
> tag -1 pending
Bug #988217 [u-boot-sunxi] bootefi causes boot failure with boot.scr
Added tag(s) pending.
--
988217: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988217
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Processing commands for cont...@bugs.debian.org:
> severity 988027 important
Bug #988027 [libklibc-dev] klibc: sigsetjmp ignores second argument, siglongjmp
always restores signals
Severity set to 'important' from 'serious'
> tags 988027 + upstream
Bug #988027 [libklibc-dev] klibc: sigsetjmp igno
Hello Ben,
any chance to upload at least the patch for s390x?
This affects a release architrecture, so I’d NMU this if
necessary, so we have it fixed in bullseye.
Thanks,
//mirabilos
--
“Having a smoking section in a restaurant is like having
a peeing section in a swimming pool.”
Processing control commands:
> tag -1 + unreproducible
Bug #987816 [src:dask.distributed] dask.distributed: FTBFS due to a build-time
test failure
Added tag(s) unreproducible.
> forwarded -1 https://github.com/dask/distributed/issues/4839
Bug #987816 [src:dask.distributed] dask.distributed: FTBFS
Control: tag -1 + unreproducible
Control: forwarded -1 https://github.com/dask/distributed/issues/4839
Hi Andrej (2021.04.30_05:27:41_-0400)
> While rebuilding your package for Apertis, I found that it fails to
> build because a few of the build-time tests fail. I rebuilt the package
> in Debian a
Processing commands for cont...@bugs.debian.org:
> tags 988942 + upstream
Bug #988942 [golang-github-containers-image] CVE-2021-20291
Added tag(s) upstream.
> tags 988943 + upstream
Bug #988943 [src:golang-github-gin-gonic-gin] CVE-2020-28483
Added tag(s) upstream.
> forwarded 988943 https://githu
Your message dated Fri, 21 May 2021 21:04:23 +
with message-id
and subject line Bug#988102: fixed in python-libnacl 1.7.2-3
has caused the Debian Bug report #988102,
regarding python-libnacl: failing in tests on 32 bit systems
to be marked as done.
This means that you claim that the problem h
Processing control commands:
> tag -1 pending
Bug #988102 [python-libnacl] python-libnacl: failing in tests on 32 bit systems
Added tag(s) pending.
--
988102: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988102
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Control: tag -1 pending
Hello,
Bug #988102 in python-libnacl reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
https://salsa.debian.org/python-team/packages/python-libnacl/-/commit/85f334
Your message dated Fri, 21 May 2021 20:21:01 +
with message-id
and subject line Bug#988480: fixed in pydantic 1.7.4-1
has caused the Debian Bug report #988480,
regarding pydantic: CVE-2021-29510
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is n
Processing commands for cont...@bugs.debian.org:
> severity 987686 important
Bug #987686 [src:balsa] balsa autopkgtest fails with xdg-desktop-portal-gtk
Severity set to 'important' from 'serious'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
987686: https://bugs
Processing control commands:
> tags -1 important
Unknown tag/s: important.
Recognized are: patch wontfix moreinfo unreproducible help security upstream
pending confirmed ipv6 lfs d-i l10n newcomer a11y ftbfs fixed-upstream fixed
fixed-in-experimental sid experimental potato woody sarge sarge-ign
Control: tags -1 important
Control: retitle -1 balsa autopkgtest fails with xdg-desktop-portal-gtk
Hi
On 21-05-2021 21:43, Alberto Garcia wrote:
> In any case I would definitely reduce the severity of the bug, I just
> didn't want to do it on behalf of the original reporter :)
Oh, with the curre
Source: golang-github-nats-io-jwt
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team
https://advisories.nats.io/CVE/CVE-2020-26892.txt
https://advisories.nats.io/CVE/CVE-2020-26521.txt
Cheers,
Moritz
On Fri, May 21, 2021 at 09:28:02PM +0200, Paul Gevers wrote:
> > In webkit2gtk 2.32.1-1 the dependency on xdg-desktop-portal-gtk was
> > downgraded to a recommendation so the test no longer fails.
>
> balsa is close to autoremoval from bullseye because of this issue.
> Should xdg-desktop-portal-gt
Source: rust-http
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team
CVE-2019-25009:
https://rustsec.org/advisories/RUSTSEC-2019-0034.html
https://github.com/hyperium/http/commit/82d53dbdfdb1ffbeb0323200a0bbd30b5f895fa7
https://github.com/hyperium/http/commit/8ffe094df1431321d45086
Source: google-oauth-client-java
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team
CVE-2020-7692:
https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEOAUTHCLIENT-575276
https://github.com/googleapis/google-oauth-java-client/issues/469
https://github.com/googleapis/google-oauth-java-client/com
Control: tags 987547 + pending
Dear maintainer,
I've prepared an NMU for debspawn (versioned as 0.4.1-1.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.
Regards.
SR
diff -Nru debspawn-0.4.1/debian/changelog debspawn-0.4.1/debian/changelog
--- debspawn-0.
Processing control commands:
> tags 987547 + pending
Bug #987547 [debspawn] missing dependency on dpkg-dev
Added tag(s) pending.
--
987547: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987547
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Hi Alberto,
On 11-05-2021 21:03, Alberto Garcia wrote:
> On Tue, Apr 27, 2021 at 11:27:32PM +0200, Alberto Garcia wrote:
>
>> Nothing to do with webkit actually. The test launches Balsa, waits
>> for two seconds and then takes a screenshot of the window. The bug
>> happens because when xdg-deskto
Your message dated Fri, 21 May 2021 19:18:29 +
with message-id
and subject line Bug#987646: fixed in eclipse-titan 7.2.0-1.1
has caused the Debian Bug report #987646,
regarding eclipse-titan: Frequent parallel FTBFS
to be marked as done.
This means that you claim that the problem has been dea
Package: gnome-shell-extension-redshift
Version: 3.20.1-2.1
Severity: serious
https://extensions.gnome.org/extension/685/redshift/
Deprecation notice: As of GNOME 3.24, there is native support for night light
mode in your display settings. This extension is not required or reccomended
anymore.
Processing commands for cont...@bugs.debian.org:
> severity 986603 important
Bug #986603 [courier-mlm] courier-MLM : it runs as root ? or we must manually
set up as coureir user?
Severity set to 'important' from 'grave'
> thanks
Stopping processing here.
Please contact me if you need assistance.
Control: tags 987646 + patch
Dear maintainer,
I've prepared an NMU for eclipse-titan (versioned as 7.2.0-1.1). The diff
is attached to this message.
Regards.
SR
diff -Nru eclipse-titan-7.2.0/debian/changelog eclipse-titan-7.2.0/debian/changelog
--- eclipse-titan-7.2.0/debian/changelog 2021-02-1
Processing control commands:
> tags 987646 + patch
Bug #987646 [src:eclipse-titan] eclipse-titan: Frequent parallel FTBFS
Added tag(s) patch.
--
987646: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987646
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Your message dated Fri, 21 May 2021 18:48:33 +
with message-id
and subject line Bug#978166: fixed in whipper 0.9.0-7
has caused the Debian Bug report #978166,
regarding whipper: Missing dependency on flac
to be marked as done.
This means that you claim that the problem has been dealt with.
If
Hi eloy (2021.05.08_05:58:59_-0400)
> There's updated package released in salsa.debian.org
> https://salsa.debian.org/debian/whipper/-/tree/debian/0.9.0-7 but I
> have problems with uploading it into ftp debian.org. Until I resolve
> problems with uploading someone can take build from there and upl
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: a...@debian.org
Hello Stable release team,
I would like to update mqtt-client in buster for fixing CVE-2019-0222.
It is fixed in stretch, bullseye and sid. Right now
Your message dated Fri, 21 May 2021 17:18:32 +
with message-id
and subject line Bug#988141: fixed in impacket 0.9.22-2
has caused the Debian Bug report #988141,
regarding impacket: CVE-2021-31800
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is
Your message dated Fri, 21 May 2021 17:18:40 +
with message-id
and subject line Bug#986514: fixed in mercurial 5.6.1-3
has caused the Debian Bug report #986514,
regarding test-archive.t fails in the autopkg tests
to be marked as done.
This means that you claim that the problem has been dealt
Hello! Thank you for pointing out these CVEs.
I investigated deeper into the issues and reviewed the code as of
0.1+dfsg-1 version of the package. Luckily, most of these issues are not
related to rlottie as currently packaged in Debian.
Below are some of my notes. They do not imply 100% guarantee
Processing control commands:
> tag -1 pending
Bug #988141 [src:impacket] impacket: CVE-2021-31800
Added tag(s) pending.
--
988141: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988141
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Control: tag -1 pending
Hello,
Bug #988141 in impacket reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
https://salsa.debian.org/python-team/packages/impacket/-/commit/9c3b727071485625cc
Your message dated Fri, 21 May 2021 17:03:25 +
with message-id
and subject line Bug#988853: fixed in spip 3.2.11-3
has caused the Debian Bug report #988853,
regarding spip: broken symlink: /usr/share/spip/prive/javascript/js.cookie.js
-> ../../../../lib/nodejs/js-cookie/src/js.cookie.js
to be
Control: tag -1 pending
Hello,
Bug #986514 in mercurial reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
https://salsa.debian.org/python-team/packages/mercurial/-/commit/b94b1fcb3b4cbb5c
Processing control commands:
> tag -1 pending
Bug #986514 [src:mercurial] mercurial: FTBFS: dh_auto_test: error: make -j4
check PYTHON=python3.9 "TESTFLAGS=--verbose --timeout 1440 --jobs 4 --blacklist
/<>/debian/mercurial.test_blacklist" returned exit code 2
Bug #984490 [src:mercurial] test-arc
Package: jverein
Version: 2.8.18+git20200921.6212a59+dfsg-3
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package ships (or creates)
a broken symlink.
>From the attached log (scroll to the bottom...):
1m38.1s ERROR: FAIL: Br
Processing commands for cont...@bugs.debian.org:
> forcemerge 986514 984490
Bug #986514 [src:mercurial] mercurial: FTBFS: dh_auto_test: error: make -j4
check PYTHON=python3.9 "TESTFLAGS=--verbose --timeout 1440 --jobs 4 --blacklist
/<>/debian/mercurial.test_blacklist" returned exit code 2
Bug #9
Your message dated Fri, 21 May 2021 15:43:47 +
with message-id
and subject line Bug#966233: fixed in pyyaml 5.3.1-4
has caused the Debian Bug report #966233,
regarding pyyaml: CVE-2020-14343
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not t
Processing control commands:
> tag -1 pending
Bug #966233 [src:pyyaml] pyyaml: CVE-2020-14343
Added tag(s) pending.
--
966233: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966233
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Control: tag -1 pending
Hello,
Bug #966233 in pyyaml reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
https://salsa.debian.org/python-team/packages/pyyaml/-/commit/a44d77fa7260cc1fb293fa
Processing commands for cont...@bugs.debian.org:
> reopen 988763
Bug #988763 {Done: Ryan Kavanagh } [rxvt-unicode]
rxvt-unicode: CVE-2021-33477: (potential remote) code execution via ESC G Q
Bug reopened
Ignoring request to alter fixed versions of bug #988763 to the same values
previously set
>
Processing commands for cont...@bugs.debian.org:
> limit source spip
Limiting to bugs with field 'source' containing at least one of 'spip'
Limit currently set to 'source':'spip'
> tags 988853 + pending
Bug #988853 [spip] spip: broken symlink:
/usr/share/spip/prive/javascript/js.cookie.js ->
..
Your message dated Fri, 21 May 2021 14:47:09 +
with message-id
and subject line Bug#985220: fixed in velocity 1.7-5+deb10u1
has caused the Debian Bug report #985220,
regarding velocity: CVE-2020-13936
to be marked as done.
This means that you claim that the problem has been dealt with.
If thi
Your message dated Fri, 21 May 2021 14:47:09 +
with message-id
and subject line Bug#964274: fixed in ruby-websocket-extensions 0.1.2-1+deb10u1
has caused the Debian Bug report #964274,
regarding ruby-websocket-extensions: CVE-2020-7663
to be marked as done.
This means that you claim that the
Dear Ryan,
I just wrote:
Curious that you do not consider this a bug: similar things were fixed
in other terminal emulators like xterm, so people could "safely" view
(i.e. cat or grep) any files, e.g. root perusing syslog.
I guess I should have given examples or references. Some that come
Processing commands for cont...@bugs.debian.org:
> severity 987856 serious
Bug #987856 {Done: Nobuhiro Iwamatsu } [src:lz4] lz4:
CVE-2021-3520
Severity set to 'serious' from 'important'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
987856: https://bugs.debian.o
Your message dated Fri, 21 May 2021 12:33:25 +
with message-id
and subject line Bug#981876: fixed in gdpc 2.2.5-14
has caused the Debian Bug report #981876,
regarding gdpc: flaky autopkgtest on ppc64el
to be marked as done.
This means that you claim that the problem has been dealt with.
If th
Source: pg-partman
Version: 4.4.1-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for pg-partman.
CVE-2021-33204[0]:
| In the pg_partman (aka PG Partition Manager) extension before 4.5.1
| for PostgreS
Dear Ryan,
Curious that you do not consider this a bug: similar things were fixed
in other terminal emulators like xterm, so people could "safely" view
(i.e. cat or grep) any files, e.g. root perusing syslog.
Looking at the further message on FullDisclosure:
https://seclists.org/fulldisclosure/
Processing commands for cont...@bugs.debian.org:
> severity 988874 normal
Bug #988874 {Done: David Bremner } [darktable] darktable:
broken symlinks: /usr/share/darktable/js/*.js -> ../../javascript/*/*.js
Severity set to 'normal' from 'serious'
> thanks
Stopping processing here.
Please contact m
Hi Michael,
Michael Meskes wrote:
> I'm with Daniel on this one as I cannot reproduce it either:
>
> Preparing to unpack .../webext-browserpass_3.7.2-1+b1_amd64.deb ...
> Unpacking webext-browserpass (3.7.2-1+b1) over (2.0.22-2) ...
Indeed. Using a clean Sid chroot, installing webext-browserpass
Your message dated Fri, 21 May 2021 10:05:02 +
with message-id
and subject line Bug#91: fixed in r-cran-rcdklibs 2.3+dfsg-8
has caused the Debian Bug report #91,
regarding r-cran-rcdklibs: broken symlinks:
/usr/lib/R/site-library/rcdklibs/cont/{gettext,libintl}.jar
to be marked as don
Processing control commands:
> reassign -1 fwupd-amd64-signed
Bug #988816 [fwupd] fwupd: cannot install with fwupd-amd64-signed
Bug reassigned from package 'fwupd' to 'fwupd-amd64-signed'.
No longer marked as found in versions fwupd/1.5.7-3.
Ignoring request to alter fixed versions of bug #988816
Source: lintian-brush
Version: 0.99
Severity: serious
Tags: ftbfs
X-Debbugs-CC: debian...@lists.debian.org
User: debian...@lists.debian.org
Usertags: needs-update
Hi Maintainer
Sometime between 2021-03-30 and 2021-04-06, lintian-brush's
autopkgtests started to fail in testing [1]. I've copied wh
Processing control commands:
> tags -1 + patch
Bug #976146 [pipx] pipx broken with python 3.9
Added tag(s) patch.
--
976146: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976146
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Control: tags -1 + patch
I was just pointed at this issue , didn't realize the compatibility with Python
3.9.
I updated to the current upstream version, which seems to work fine with 3.9.
Packaging proposal at
https://launchpad.net/ubuntu/+source/python-pipx/0.16.2.1-0ubuntu3
This also drops th
Hi all,
> Preparing to unpack .../370-webext-browserpass_3.7.2-1+b1_amd64.deb ...
> Unpacking webext-browserpass (3.7.2-1+b1) over (2.0.22-2) ...
> dpkg: error processing archive
> /tmp/apt-dpkg-install-VKYulC/370-webext-browserpass_3.7.2-1+b1_amd64.deb
> (--unpack):
>unable to open
>
64 matches
Mail list logo
