Source: ogmrip
Version: 1.0.1-4
Severity: serious
gpac is unsupportable and thus orphaned and not in stable.
It should be removed, but ogmrip depends on it. From a
quick glance ogmrip also supports mencoder, so possibly
that dependency could simply get removed?
Cheers,
Moritz
Source: ccextractor
Version: 0.94+ds1-3
Severity: serious
gpac is unsupportable, thus orphaned and not in Bookworm. It should
be removed, but ccextractor build depends on it. From a quick glance
is also has some build flags for ffmpeg, so maybe that's an alternative?
Cheers,
Moritz
On Fri, Jun 14, 2024 at 07:30:46AM +0200, Florian Ernst wrote:
> On Thu, Jun 13, 2024 at 08:17:41PM +0200, Moritz Muehlenhoff wrote:
> > Thanks, these look good! Please upload to security-master, I'll take care
> > of the DSA over the weekend.
>
> Thanks for verify
Hi Florian,
> Please give those packages an additional check, and feel free to just
> upload them when they indeed meet your requirements, or briefly ping me
> back for me to upload them / possibly apply further changes, whatever
> suits you best.
Thanks, these look good! Please upload to securit
Hi Florian,
On Mon, Jun 10, 2024 at 08:41:27AM +0200, Florian Ernst wrote:
> Dear Security Team,
>
> On Sat, Jun 01, 2024 at 04:57:53PM +0200, Salvatore Bonaccorso wrote:
> > [...]
> > [0] https://security-tracker.debian.org/tracker/CVE-2024-5564
> > https://www.cve.org/CVERecord?id=CVE-2024-
On Tue, May 28, 2024 at 09:06:51AM +0200, Thomas Goirand wrote:
> On 5/22/24 17:08, Moritz Mühlenhoff wrote:
> > The following vulnerability was published for python-pymysql.
> >
> > We should also fix this in a DSA, could you prepare debdiffs for
> > bookworm-security and bullseye-security?
> >
On Wed, May 22, 2024 at 02:42:58PM -0300, Leandro Cunha wrote:
> Hi everyone,
>
> On Wed, May 22, 2024 at 12:39 PM Moritz Mühlenhoff wrote:
> >
> > Am Wed, Mar 06, 2024 at 06:39:01AM -0300 schrieb Leandro Cunha:
> > > Hi Christoph Berg,
> > >
> > > On Wed, Mar 6, 2024 at 5:42 AM Christoph Berg w
On Thu, Apr 25, 2024 at 08:37:14AM +0200, Chris Hofstaedtler wrote:
> Hi Moritz,
>
> could we once again use the upstream release for stable?
> debdiff 4.8.7-1 -> 4.8.8-1 is attached.
Ack. Following the 4.8 releases has served us well. debdiff looks fine,
please build with -sa and upload to secur
On Sun, Apr 21, 2024 at 07:35:43PM +, Victor Seva wrote:
> Hi,
>
>
> I've just uploaded sngrep 1.8.1-1 to sid and prepared 1.6.0-1+deb12u1 for
> bookworms-security [0].
>
> Attached debdiff file.
>
> Waiting for you reply,
> Victor
>
> [0]
> https://salsa.debian.org/pkg-voip-team/sngrep/
On Fri, Apr 05, 2024 at 08:16:43AM +0400, Yadd wrote:
> On 4/4/24 22:51, Moritz Mühlenhoff wrote:
> > Source: apache2
> > X-Debbugs-CC: t...@security.debian.org
> > Severity: grave
> > Tags: security
> >
> > Hi,
> >
> > The following vulnerabilities were published for apache2.
> >
> > CVE-2024-2
Hi Adrian,
> >...
> > > debdiffs contain only changes to debian/
> >
> > The bookworm/bullseye debdiffs looks good, please upload to
> > security-master, thanks!
>
> both are now uploaded.
DSA has been released, thanks!
> > Note that both need -sa, but dak needs some special attention when
>
Source: gtkwave
Version: 3.3.116-1
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team
A very thorough security audit of gtkwave unveiled a total of 82 security
issues in gtkwave, all fixed in 3.3.118:
CVE-2023-32650 CVE-2023-34087 CVE-2023-34436 CVE-2023-35004
CVE-2023-35057 CVE-2
On Wed, Dec 20, 2023 at 11:43:11AM +0900, Mike Hommey wrote:
> Version: 2:3.95-1
>
> On Tue, Dec 19, 2023 at 10:21:27PM +0100, Moritz Mühlenhoff wrote:
> > Source: nss
> > X-Debbugs-CC: t...@security.debian.org
> > Severity: grave
> > Tags: security
> >
> > Hi,
> >
> > The following vulnerabilit
On Tue, Oct 31, 2023 at 10:29:55AM +0100, Bernd Zeimetz wrote:
>
> Both uploaded!
DSA has been released, thanks!
Cheers,
Moritz
On Mon, Oct 30, 2023 at 07:09:53PM +0100, Bernd Zeimetz wrote:
> Hi Moritz,
>
> as usual, stable/oldstable updates prepared, diffs are attached to this
> mail as salsa seems to have some issues right now.
>
> https://salsa.debian.org/vmware-packaging-team/pkg-open-vm-tools/ -
> bookworm/bullseye
Source: kino
Version: 1.3.4+dfsg0-1.1
Severity: serious
Your package came up as a candidate for removal from Debian:
- Dead upstream for a decade
- FTBFS with ffmpeg 5 since 1.5 years (Debian is at ffmpeg 6 by now)
- Depends on various legacy libs (GTK2, Glade)
If you disagree and want to continu
On Thu, Sep 07, 2023 at 11:43:27AM +0200, Bernd Zeimetz wrote:
> Hi Moritz,
>
> > Ack, that's perfectly fine!
> >
>
> Thanks!
>
> Here are the current diffs:
>
> bullseye:
> https://salsa.debian.org/vmware-packaging-team/pkg-open-vm-tools/-/compare/15b2b38edd7834b7ad93ae25831fc7ef2bf7ce28...bu
On Wed, Jun 07, 2023 at 01:43:26PM +0530, Utkarsh Gupta wrote:
> Hi Chris,
>
> On Wed, Jun 7, 2023 at 12:56 PM Salvatore Bonaccorso
> wrote:
> > Can you please have a look, as this seems to be caused by the DLA
> > issued as DLA-3447-1.
>
> This has been caused by the ruby2.5 update.
It's defi
On Wed, May 31, 2023 at 09:28:02AM +0300, Timo Aaltonen wrote:
> Moritz Muehlenhoff kirjoitti 3.5.2023 klo 20.44:
> > Source: libdmx
> > Version: 1:1.1.4-2
> > Severity: serious
> >
> > The Xorg folks mentioned at
> > https://www.openwall.com/lists/oss-se
On Fri, May 26, 2023 at 12:10:18AM +0200, Markus Koschany wrote:
> First of all trapperkeeper-webserver-jetty9-clojure should add a build-
> dependency on logback to detect such regressions in advance.
>
> #1036250 is mainly a logback problem, not a tomcat problem. I still would like
> to hear Emm
Source: dokuwiki
Version: 0.0.20220731.a-1
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team
No CVE yet:
https://huntr.dev/bounties/c6119106-1a5c-464c-94dd-ee7c5d0bece0/
https://github.com/dokuwiki/dokuwiki/pull/3967
https://www.github.com/splitbrain/dokuwiki/commit/53df38b0e44658
Source: libdmx
Version: 1:1.1.4-2
Severity: serious
The Xorg folks mentioned at
https://www.openwall.com/lists/oss-security/2023/05/02/3:
| We have also announced that we plan to retire the following packages soon
| and while their gitlab repos are not yet archived, we expect they will be
| arch
Package: gpac
Version: 2.0.0+dfsg1-2+b1
Severity: serious
In some discussion between Reinhard, Sebastian and the Security team we've come
to the
conclusion that gpac isn't suitable to be included in a stable release. The
massive
influx of security issues makes that untenable (and there's no suit
Source: rust-const-cstr
Version: 0.3.0-1
Severity: serious
Hi,
there is https://rustsec.org/advisories/RUSTSEC-2023-0020.html which flags
that rust-const-cstr is unmaintained. Since there are no reverse deps in the
archive, let's exclude it from bookworm (or rather remove rightaway)?
Cheers,
Source: rust-boxfnonce
Version: 0.1.1-2
Severity: serious
Per https://rustsec.org/advisories/RUSTSEC-2019-0040.html rust-boxfnonce is
obsolete,
let's keep it out of bookworm (and remove from the archive).
Cheers,
Moritz
Source: rust-encoding
Version: 0.2.33-1
Severity: serious
Hi,
there is https://rustsec.org/advisories/RUSTSEC-2021-0153.html which flags
that rust-encoding is unmaintained. Since there are no reverse deps in the
archive, let's exclude it from bookworm (or rather remove rightaway)?
Cheers,
On Wed, Mar 08, 2023 at 07:09:20AM +0400, Yadd wrote:
> On 3/7/23 23:46, Salvatore Bonaccorso wrote:
> > Source: apache2
> > Version: 2.4.55-1
> > Severity: grave
> > Tags: security upstream
> > X-Debbugs-Cc: car...@debian.org, Debian Security Team
> >
> >
> > Hi,
> >
> > The following vulnerab
On Wed, Mar 08, 2023 at 02:20:25PM +0100, Marco d'Itri wrote:
0;115;0c> On Feb 14, Moritz Muehlenhoff wrote:
>
> > > > Varnish should only be included in Bookworm with a reliable commitment
> > > > by the maintainers to backport/test security fixes across
Source: golang-github-labstack-echo.v3
Version: 3.3.10-2
Severity: serious
This is an older version of src:golang-github-labstack-echo. None of the
reverse deps are currently in bookworm, so golang-github-labstack-echo.v3
should be dropped as well (and post freeze the reverse deps fixed and
the pa
Source: golang-github-labstack-echo.v2
Version: 2.2.0-3
Severity: serious
This is an older version of src:golang-github-labstack-echo. None of the
reverse deps are currently in bookworm, so golang-github-labstack-echo.v2
should be dropped as well (and post freeze the reverse deps fixed and
the pac
On Sat, Feb 18, 2023 at 12:04:27PM +0100, Gabriel Corona wrote:
> I believe obtaining a CVE ID would be beneficial so that this issue may be
> tracked by downstream projects/distributions.
All those distros were notified via your post to oss-security. You can
try cveform, if there's no assignment
On Tue, Feb 14, 2023 at 02:48:43AM +0100, Marco d'Itri wrote:
> On Feb 02, Moritz Muehlenhoff wrote:
>
> > Varnish should only be included in Bookworm with a reliable commitment
> > by the maintainers to backport/test security fixes across the typical
> > three
Source: asterisk
Version: 1:20.1.0~dfsg+~cs6.12.40431414-1
Severity: serious
Asterisk should only be included in Bookworm with a reliable commitment
by the maintainers to backport/test security fixes across the typical
three year life cycle (two years of stable-security and one year of
oldstable-s
Source: varnish
Version: 7.1.1-1.1
Severity: serious
Varnish should only be included in Bookworm with a reliable commitment
by the maintainers to backport/test security fixes across the typical
three year life cycle (two years of stable-security and one year of
oldstable-security).
Especially sin
On Sat, Jan 21, 2023 at 10:53:24PM +0100, Markus Koschany wrote:
> Hi Javier,
>
> Am Freitag, dem 20.01.2023 um 22:23 +0100 schrieb Javier Fernandez-Sanguino:
> > Dear Markus,
> >
> > Thank you for preparing. Could you please share the patch you are working
> > on?
> > Snort is available in Sals
Source: salt
Severity: serious
salt is currently RC-buggy and not in testing, but regardless of
the remaining RC bugs getting fixed it should only get re-included
with a reliable commitment to backport/test security-updates across
the typical three year life cycle (two years of stable-security
and
On Fri, Jan 06, 2023 at 08:41:50AM +0100, Paul Gevers wrote:
> Dear Chromium team, Security team,
>
> On 27-01-2022 17:15, Moritz Muehlenhoff wrote:
> > On Wed, Jan 26, 2022 at 09:38:42PM +0100, Paul Gevers wrote:
> > > > So, I'm proposing the following: we unblo
Source: puppetdb
Version: 7.11.2-3
Severity: grave
Thanks for all the great work on Puppetdb!
I was trying to setup a test environment with Puppetdb 7.11.2 from current
testing and I noticed that it's using openjdk-11-jre-headless.
While openjdk-11 is currently still in testing, Bookworm will on
Source: netatalk
Version: 3.1.13~ds-2
Severity: serious
netatalk should not enter bookworm unless it gets adopted and
actively maintained.
Cheers,
Moritz
Source: maradns
Version: 2.0.13-1.4
Severity: serious
The last maintainer upload was in 2015 and the version currently in the
archive is way behind current upstream releases (which is at 3.4.07),
we have plenty of maintained DNS servers, keep it out of testing (
and if noone picks it up, remove it
Source: wolfssl
Version: 5.2.0-2
Severity: serious
wolfssl has no active maintainer, plenty of open security issues and we already
have too many TLS libraries in our releases. Keep it out of testing. I'm going
to file bugs against the handful of reverse deps.
Cheers,
Moritz
Source: viewmol
Version: 2.4.1-26
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2 (which will soon be removed)
- Dead upstream
- Dropped from testing for over two years
If you disagree and want to continue to maintain this package,
pleas
Source: fbpanel
Version: 7.0-4.3
Severity: serious
Your package came up as a candidate for removal from Debian:
- Depends on Python 2, which will soon be removed
- Last maintainer upload five years ago
- Dead upstream
If you disagree and want to continue to maintain this package,
please just clos
Hi Clément,
> Sadly, upstream rectified and confirms it affects 2.2 [0], and has been
> tested and reproduced on Bullseye. We do need to fix it. Upstream has a few
> suggestions, but I guess our choices are either uploading 2.5 to stable, if
> that's possible. python-stem at least will need to be
On Tue, Oct 18, 2022 at 06:09:42PM -0300, Antonio Terceiro wrote:
> Hi,
>
> On Thu, Oct 13, 2022 at 09:13:18PM +0200, Moritz Mühlenhoff wrote:
> > Source: lava
> > X-Debbugs-CC: t...@security.debian.org
> > Severity: grave
> > Tags: security
> >
> > Hi,
> >
> > The following vulnerability was pu
On Sat, Oct 15, 2022 at 09:27:33AM +0300, Adrian Bunk wrote:
> Package: firefox-esr
> Version: 102.3.0esr-1
> Severity: serious
> Tags: bookworm sid
> X-Debbugs-Cc: Carsten Schoenert ,
> debian-rele...@lists.debian.org, t...@security.debian.org,
> debian-...@lists.debian.org
>
> [ various potent
Source: snort
Version: 2.9.15.1-6
Severity: serious
Per https://blog.snort.org/2021/07/29150-has-reached-its-end-of-life.html
the version currently in sid is EOLed and no longer compatible with
current rule updates.
In general snort seems unsuitable for standard stable given that the
engine needs
Source: freeciv
Version: 2.6.6-1
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team
Quoting from the announcement posted to oss-security (no CVE is
available):
--
Just released freeciv-2.6.7 & freeciv-3.0.3 fix b
Source: kross
Version: 5.96.0-1
Severity: serious
See #1017061, kross isn't useful without interpreters.
Cheers,
Moritz
Source: kross-interpreters
Version: 4:21.12.3-1
Severity: serious
Your package came up as a candidate for removal from Debian. On
IRC Sune mentioned that libkross is most probably unused these
days and on the KF6 removal list. And the Python bindings still
depend on Python 2 (without porting activ
On Thu, Aug 11, 2022 at 11:08:49PM +0200, Evangelos Ribeiro Tzaras wrote:
> Hi Moritz,
>
> On Wed, 2022-08-10 at 22:08 +0200, Moritz Mühlenhoff wrote:
> > Source: sofia-sip
> > X-Debbugs-CC: t...@security.debian.org
> > Severity: grave
> > Tags: security
> >
> > Hi,
> >
> > The following vulnera
Source: pd-py
Version: 0.2.2+git20170625.1.88fc77a-2
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2, which is finally being removed in Bookworm
- Last upload in 2018
If you disagree and want to continue to maintain this package,
please j
Source: k3d
Version: 0.8.0.6-8
Severity: serious
Your package came up as a candidate for removal from Debian:
- Python 2 will finally be removed in Bookworm and there's no
upstream porting activity
- Last upload four years ago
- Multiple other FTBFS issue
If you disagree and want to continue to
On Wed, Aug 10, 2022 at 05:05:12PM +1000, Craig Small wrote:
> > Do you have capacity to prepare updates for bullseye?
> >
> Yes, see attached debdiff for review. It's just those two patches.
Looks good, thanks! Please upload to security-master.
Cheers,
Moritz
Source: caldav-tester
Version: 7.0+20190225-4
Severity: serious
Your package came up as a candidate for removal from Debian:
The plan is to remove Python 2 in Bookworm and there's no
porting activity towards Python 3.
If you disagree and want to continue to maintain this package,
please just clos
Source: pd-aubio
Version: 0.4-1
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2
- Last upload in 2014
If you disagree and want to continue to maintain this package,
please just close this bug (and fix the open issues).
If you agree with
Source: grokmirror
Version: 1.0.0-1.1
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2
- Last maintainer upload in 2016
If you disagree and want to continue to maintain this package,
please just close this bug (and fix the open issues).
I
Source: python-unshare
Version: 0.2-1
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2
- Last upload in 2016
If you disagree and want to continue to maintain this package,
please just close this bug (and fix the open issues).
If you agree
Source: falcon
Version: 1.8.8-1
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2
- Dropped from testing in 2018
- Last upload in 2017
If you disagree and want to continue to maintain this package,
please just close this bug (and fix the op
Source: vland
Version: 0.8-1
Severity: serious
Your package came up as a candidate for removal from Debian,
it's one of the few remaining packages still depending on
Python 2 and there're no visible upstream activity to port
it to vland?
If you disagree and want to continue to maintain this packa
Source: vmm
Version: 0.6.2-2
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2
- Last upload in 2017, removed from testing since 2019
If you disagree and want to continue to maintain this package,
please just close this bug (and fix the ope
Source: python-neuroshare
Version: 0.9.2-1
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2
- Last upload in 2014
- Dead upstream (last commits from 2016)
If you disagree and want to continue to maintain this package,
please just close thi
Source: gnat-gps
Version: 19.2-3
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2
- Removed from testing since 2019
If you disagree and want to continue to maintain this package,
please just close this bug (and fix the open issues).
If yo
Source: xdeb
Version: 0.6.7
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2
- No upload since five years
If you disagree and want to continue to maintain this package,
please just close this bug (and fix the open issues).
If you agree w
On Wed, Jun 08, 2022 at 07:51:28PM +0200, Yadd wrote:
> Hi,
>
> those CVEs are tagged low/moderate by upstream, why did you tag this bug as
> grave ?
Anything moderate or above should get fixed by the next Debian release IOW RC
severity.
Cheers,
Moritz
Source: sox
Version: 14.4.2+git20190427-3
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1434
The report states that upstream was notified, but we need to figure out
whether this was addressed by upstream already o
Source: live-wrapper
Version: 0.10
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2 and thus removed from testing since 2019
- Depends on vmdebootstrap which was removed
- It's not included in Bullseye, but we did release live images so
Source: cinfony
Version: 1.2-4
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2 and thus removed from testing since 2019
- Dead upstream
- No reverse dependencies
If you disagree and want to continue to maintain this package,
please just
Source: python-passfd
Version: 0.2-3
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2 and thus removed from testing since 2020
- No reverse dependencies
- Last upload in 2016
If you disagree and want to continue to maintain this package,
Source: fsl
Version: 5.0.8-6
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2 and thus removed from testing since two years
- Also FTBFSes with GCC 10
- Last upload in 2019
If you disagree and want to continue to maintain this package,
pl
Source: python-keepkey
Version: 0.7.3-1
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2 and thus removed from testing since 2019
- Last upload back in 2016
If you disagree and want to continue to maintain this package,
please just close
Source: sphinx-patchqueue
Version: 0.5.0-2
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2 and thus removed from testing since 2019
- No remaining reverse dependencies
- Last upload in 2015
If you disagree and want to continue to maintai
Source: vmtk
Version: 1.3+dfsg-2.3
Severity: serious
Your package came up as a candidate for removal from Debian:
- Depends on Python 2 and thus removed from testing since 2019 (current
upstream 1.4 is fixed, though)
- Last maintainer upload in 2016
If you disagree and want to continue to maint
Source: googlefontdirectory-tools
Version: 20120309.1-1.1
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2 and thus removed from testing since 2019
- Last maintainer upload in 2015
If you disagree and want to continue to maintain this pac
Source: astk
Version: 1.13.1-2.1
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2 and thus removed from testing since 2019
- Last maintainer upload in 2014
If you disagree and want to continue to maintain this package,
please just close t
Source: sortsmill-tools
Version: 0.4-2
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python and thus removed from testing since 2019
- Last upload in 2013
If you disagree and want to continue to maintain this package,
please just close this bug
Source: ketchup
Version: 1.0.1+git20111228+e1c62066-2
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2 and thus removed from testing since 2019
- Last upload in 2017
- Seems dead upstream (last commit from eight years ago)
- Per #946203 do
Source: broctl
Version: 1.4-1
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still uses Python 2.7 and thus removed from testing since 2019
- Last upload in 2015
If you disagree and want to continue to maintain this package,
please just close this bug (and fix t
Source: geda-gaf
Version: 1:1.8.2-11
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2 and thus removed from testing since 2019
- Also uses outdated Guile
- Last upload in 2018
If you disagree and want to continue to maintain this package,
Source: undertaker
Version: 1.6.1-4.2
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2 and thus removed from testing since 2019
- Last maintainer upload in 2016
If you disagree and want to continue to maintain this package,
please just cl
Source: neard
Version: 0.16-0.1
Severity: serious
Your package came up as a candidate for removal from Debian:
- Last maintainer upload in 2013
- Depends on Python 2 and thus removed from testing since 2019
If you disagree and want to continue to maintain this package,
please just close this bug
Source: hgsubversion
Version: 1.9.3+git20190419+6a6ce-5
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2 and removed from testing since 2020
- Dead upstream (no commits after 2019)
If you disagree and want to continue to maintain this pac
Source: zorp
Version: 7.0.1~alpha2-3
Severity: serious
Your package came up as a candidate for removal from Debian:
- Last upload in 2019, removed from testing since 2017
- Still depends on Python 2.7 and thus RC-buggy
If you disagree and want to continue to maintain this package,
please just cl
Source: nglister
Version: 1.0.2
Severity: serious
Your package came up as a candidate for removal from Debian:
- Last upload in 2016
- Removed from testing since 2019
- Multiple RC bugs
If you disagree and want to continue to maintain this package,
please just close this bug (and f
Source: sandsifter
Version: 1.04-1
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still uses Python 2.7 and thus RC buggy
- Last upload in 2019 and not in testing since 2019
If you disagree and want to continue to maintain this package,
please just close this bu
Source: python-nemu
Version: 0.3.1-1
Severity: serious
Your package came up as a candidate for removal from Debian:
- Last upload in 2016 and dropped from testing in 2019
- Still uses Python 2.7 and not fixed upstream either
If you disagree and want to continue to maintain this package,
please j
Source: postnews
Version: 0.7-1
Severity: serious
Your package came up as a candidate for removal from Debian:
- Removed from testing for ~ two years, no followup to RC bugs
- Also no changes upstream since 2017
If you disagree and want to continue to maintain this package,
please just close thi
Source: arriero
Version: 0.6-1
Severity: serious
Your package came up as a candidate for removal from Debian:
- Last upload in 2017
- Still uses Python 2.7 and thus RC buggy
- Missed the last two stable releases and removed from testing since 2018
If you disagree and want to continue to maintain
Source: zlib
Version: 1:1.2.11.dfsg-2
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team
This was assigned CVE-2018-25032:
https://www.openwall.com/lists/oss-security/2022/03/24/1
https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
Cheers,
Moritz
Source: pluxml
Version: 5.6-1
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team
CVE-2022-25020:
https://github.com/MoritzHuppert/CVE-2022-25020/blob/main/CVE-2022-25020.pdf
CVE-2022-25018:
https://github.com/MoritzHuppert/CVE-2022-25018/blob/main/CVE-2022-25018.pdf
CVE-2022-2458
On Fri, Feb 18, 2022 at 02:41:57PM -0800, Bill Poser wrote:
> I am the developer of redet. I don't understand this bug report. redet does
> not use anything called dpatch so far as I know. Is this something added in
> the Debianization of redet downstream from me?
Yes, exactly. It's a legacy mecha
Source: dpatch
Version: 2.0.41
Severity: serious
dpatch has been obsoleted by source format 3.0 (quilt), there's only
19 reverse dependencies in the archive (5 of them in testing), for
which bugs have been filed.
Cheers,
Moritz
Source: mgetty
Version: 1.2.1-1.1
Severity: serious
dpatch is deprecated and will be removed before the bookworm release.
Please migrate to source format 3.0 (quilt) instead.
Source: dvbsnoop
Version: 1.4.50-5
Severity: serious
dpatch is deprecated and will be removed before the bookworm release.
Please migrate to source format 3.0 (quilt) instead.
Source: scim-skk
Version: 0.5.2-7.2
Severity: serious
dpatch is deprecated and will be removed before the bookworm release.
Please migrate to source format 3.0 (quilt) instead.
Source: scim-canna
Version: 1.0.0-4.3
Severity: serious
dpatch is deprecated and will be removed before the bookworm release.
Please migrate to source format 3.0 (quilt) instead.
Source: myspell
Version: 1:3.0+pre3.1-24.2
Severity: serious
dpatch is deprecated and will be removed before the bookworm release.
Please migrate to source format 3.0 (quilt) instead.
Source: redet
Version: 8.26-1.4
Severity: serious
dpatch is deprecated and will be removed before the bookworm release.
Please migrate to source format 3.0 (quilt) instead.
Source: elscreen
Version: 1.4.6-5.3
Severity: serious
dpatch is deprecated and will be removed before the bookworm release.
Please migrate to source format 3.0 (quilt) instead.
Source: syrep
Version: 0.9-4.3
Severity: serious
dpatch is deprecated and will be removed before the bookworm release.
Please migrate to source format 3.0 (quilt) instead.
1 - 100 of 1001 matches
Mail list logo
