Package: wnpp
Severity: wishlist
Owner: Josenilson Ferreira da Silva
X-Debbugs-Cc: debian-devel@lists.debian.org, nilsonfsi...@hotmail.com
* Package name: python-naked
Version : 0.1.32
Upstream Contact: Christopher Simpkins
* URL : https://github.com/chrissimpkins/na
On Mon, 2024-03-25 at 18:17 +, Julian Gilbey wrote:
>
>
> So this is a plea for anyone looking for something really helpful to
> do: it would be great to have a group of developers finally package
> this! There was some initial work done (see the RFP bug report for
> details: https://bugs.de
Hi,
Am 25.03.24 um 19:17 schrieb Julian Gilbey:
* Reading and writing file formats (like CSV, Apache ORC, and Apache
Parquet)
liborcus supports this (Apache Parquet) if built with Apache Arrow. And
thus makes LibreOffice being able to handle it.
I didn't invest any time in Apache Ar
Hi there,
This is quite actively discussed on Fedora lists.
https://www.openwall.com/lists/oss-security/2024/
https://www.openwall.com/lists/oss-security/2024/03/29/4
Worth taking a look if action need to be taken on Debian.
--
Kind regards,
/S
xz-utils (5.6.1+really5.4.5-1) unstable; urgency=critical
* Non-maintainer upload by the Security Team.
* Revert back to the 5.4.5-0.2 version
-- Salvatore Bonaccorso Thu, 28 Mar 2024 15:59:38
+0100
Le ven. 29 mars 2024 à 21:17, Sirius a écrit :
> Hi there,
>
> This is quite active
Sirius writes:
> This is quite actively discussed on Fedora lists.
> https://www.openwall.com/lists/oss-security/2024/
> https://www.openwall.com/lists/oss-security/2024/03/29/4
> Worth taking a look if action need to be taken on Debian.
The version of xz-utils was reverted to 5.4.5 in unstable
On Fri, Mar 29, 2024 at 09:09:45PM +0100, Sirius wrote:
> Hi there,
>
> This is quite actively discussed on Fedora lists.
> https://www.openwall.com/lists/oss-security/2024/
> https://www.openwall.com/lists/oss-security/2024/03/29/4
>
> Worth taking a look if action need to be taken on Debian.
>
Russ Allbery writes:
> Sirius writes:
>> This is quite actively discussed on Fedora lists.
>> https://www.openwall.com/lists/oss-security/2024/
>> https://www.openwall.com/lists/oss-security/2024/03/29/4
>> Worth taking a look if action need to be taken on Debian.
> The version of xz-utils was
Russ Allbery wrote:
> I think this question can only be answered with reverse-engineering of the
> backdoors, and I personally don't have the skills to do that.
In the pre-disclosure discussion permission was asked to share the payload
with a company specialising in such reverse engineering. If t
Moritz Mühlenhoff writes:
> Russ Allbery wrote:
>> I think this question can only be answered with reverse-engineering of
>> the backdoors, and I personally don't have the skills to do that.
> In the pre-disclosure discussion permission was asked to share the
> payload with a company specialisi
Hello everyone,
As I'm sure we're all aware of at this point, Debian has been a victim
of a relatively sophisticated first-party attack whereby a backdoor
of the XZ package was smuggled into sshd via a systemd dependency.
This backdoor, at a minimum, attacked key verification. As far as I
understa
Package: wnpp
Severity: normal
Owner: Zachary Liebl
X-Debbugs-Cc: debian-devel@lists.debian.org, deb...@zachliebl.com
Package name: gnu-which
Version : 2.21+dfsg-2
Upstream Contact: Carlo Wood
URL : https://savannah.gnu.org/projects/which
License : GPL-3
Hi!
On Fri, 2024-03-29 at 18:21:27 -0600, Antonio Russo wrote:
> This is a vector I've been somewhat paranoid about myself, and I
> typically check the difference between git archive $TAG and the downloaded
> tar, whenever I package things. Obviously a backdoor could have been
> inserted into the
On 2024-03-29 22:41, Guillem Jover wrote:
> Hi!
>
> On Fri, 2024-03-29 at 18:21:27 -0600, Antonio Russo wrote:
>> This is a vector I've been somewhat paranoid about myself, and I
>> typically check the difference between git archive $TAG and the downloaded
>> tar, whenever I package things. Obvio
Antonio Russo writes:
> The way I see it, there are two options in handling a buildable package:
> 1. That file would have been considered a build artifact, consequently
> removed and then regenerated. No backdoor.
> 2. The file would not have been scrubbed, and a difference between the
> git
15 matches
Mail list logo
