gency=medium
+
+ * Integer Underflow in raptor_uri_normalize_path() (CVE-2024-57823)
+(Closes: #1067896)
+ * Heap read buffer overflow in ntriples bnode (CVE-2024-57822)
+(Closes: #1067896)
+ * Tests for Github issue 70
+
+ -- Salvatore Bonaccorso Sat, 29 Mar 2025 20:42:36 +0100
+
ra
Source: pagure
Version: 5.11.3+dfsg-4
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 5.11.3+dfsg-2.1
Control: found -1 5.11.3+dfsg-1
Hi,
The following vulnerability was published for pagure.
CVE-2024-47515[0]:
| A vulnerability wa
Hi,
On Mon, Sep 23, 2024 at 05:51:34AM -, Helmut Grohne wrote:
> Source: syncmaildir
> Severity: important
> User: helm...@debian.org
> Usertags: sidremove
>
> Dear maintainer,
>
> I suggest removing syncmaildir from Debian for the following reasons:
> * It accumulated one RC-bug:
>+ #1
Package: release.debian.org
Severity: normal
X-Debbugs-Cc: inipar...@packages.debian.org, cava-a...@packages.debian.org,
libapache2-mod-t...@packages.debian.org, mtd-ut...@packages.debian.org,
nd...@packages.debian.org, ukui-interf...@packages.debian.org, car...@debian.org
Control: affects -1 + s
Source: gpac
Version: 2.2.1+dfsg1-3.1
Severity: important
Tags: security upstream
Forwarded: https://github.com/gpac/gpac/issues/2713
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for gpac.
CVE-2024-22749[0]:
| GPAC v2.3 was detected to cont
Source: mathtex
Version: 1.03-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for mathtex.
CVE-2023-51885[0]:
| Buffer Overflow vulnerability in Mathtex v.1.05 and before allows a
| remote attac
Source: gpac
Version: 2.2.1+dfsg1-3
Severity: important
Tags: security upstream
Forwarded: https://github.com/gpac/gpac/issues/2662
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for gpac.
CVE-2023-46929[0]:
| An issue discovered in GPAC 2.3-
Source: sendmail
Version: 8.17.2-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for sendmail.
CVE-2023-51765[0]:
| sendmail through at least 8.14.7 allows SMTP smuggling in certain
| configuration
Source: gpac
Version: 2.2.1+dfsg1-3
Severity: important
Tags: security upstream
Forwarded: https://github.com/gpac/gpac/issues/2633
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for gpac.
CVE-2023-5595[0]:
| Denial of Service in GitHub repos
Source: gpac
Version: 2.2.1+dfsg1-3
Severity: important
Tags: security upstream
Forwarded: https://github.com/gpac/gpac/issues/2632
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for gpac.
CVE-2023-5586[0]:
| NULL Pointer Dereference in GitHu
Source: gpac
Version: 2.2.1+dfsg1-3
Severity: important
Tags: security upstream
Forwarded: https://github.com/gpac/gpac/issues/2606
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for gpac.
CVE-2023-5377[0]:
| Out-of-bounds Read in GitHub repo
=medium
+
+ * Non-maintainer upload.
+ * Copy pcx buffer overrun fix from devices/gdevpcx.c (CVE-2023-38559)
+(Closes: #1043033)
+ * IJS device - try and secure the IJS server startup (CVE-2023-43115)
+
+ -- Salvatore Bonaccorso Fri, 29 Sep 2023 14:24:57 +0200
+
ghostscript (9.53.3~dfsg-7
=medium
+
+ * Non-maintainer upload.
+ * Copy pcx buffer overrun fix from devices/gdevpcx.c (CVE-2023-38559)
+(Closes: #1043033)
+ * IJS device - try and secure the IJS server startup (CVE-2023-43115)
+
+ -- Salvatore Bonaccorso Fri, 29 Sep 2023 14:33:30 +0200
+
ghostscript (10.0.0~dfsg-11
Hi,
On Wed, Sep 27, 2023 at 01:19:31PM +0300, Jani Nikula wrote:
> Package: unadf
> Version: 0.7.11a-5
> Severity: grave
> Tags: security
> Justification: user security hole
> X-Debbugs-Cc: Debian Security Team
>
> Dear Maintainer,
>
> See upstream ADFLib commit 8e973d7b8945 ("Fix unsafe extrac
Source: gpac
Version: 2.2.1+dfsg1-3
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/gpac/gpac/issues/2550
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for gpac.
CVE-2023-41000[0]:
| GP
Source: ghostscript
Source-Version: 10.02.0~dfsg-1
On Wed, Sep 13, 2023 at 09:21:09PM +, Debian FTP Masters wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Format: 1.8
> Date: Wed, 13 Sep 2023 20:18:16 +0200
> Source: ghostscript
> Architecture: source
> Version: 10.02.0~dfsg-1
Source: gpac
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi
Some of the CVEs in #1033116 seems to not have been addressed (and in
part were addressed in a DSA already). Here a fresh bug for the
remaining ones.
H
Source: ghostscript
Version: 10.01.2~dfsg-1
Severity: important
Tags: security upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=706897
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 10.0.0~dfsg-11+deb12u1
Control: found -1 10.0.0~dfsg-11
Control: found -1 9
Source: ghostscript
Version: 10.0.0~dfsg-11
Severity: serious
Justification: commitment for maintenance
X-Debbugs-Cc: car...@debian.org, t...@security.debian.org
Hi
ghostscript is orphaned and unter the Debian QA group. ghostscript
beeing a package with recurring need of maintenance and in partic
Source: ghostscript
Version: 10.0.0~dfsg-9
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=706494
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for ghostscript.
Source: a2ps
Version: 1:4.14-7
Severity: wishlist
X-Debbugs-Cc: car...@debian.org
Hi
Not in time for the Debian bookworm release, but please package
afterwards the new a2ps upstream version:
https://lists.gnu.org/archive/html/info-gnu/2023-03/msg2.html
Regards,
Salvatore
Hi,
On Fri, Dec 30, 2022 at 05:32:49PM +0100, Tobias Frost wrote:
> Source: libapreq2
> Severity: serious
> Justification: possibly not suitable for a stable release
> X-Debbugs-Cc: Debian Security Team , Salvatore
> Bonaccorso
> Control: affects -1 lua-apr
> Contro
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: cake...@packages.debian.org, t...@security.debian.org,
car...@debian.org
Control: affects -1 + src:cakephp
Hi
cakephp has no reverse dependencies, and the currently QA maintained
bran
site scripting (CVE-2022-46391) (Closes: #1025410)
+
+ -- Salvatore Bonaccorso Wed, 07 Dec 2022 21:47:25 +0100
+
awstats (7.8-2) unstable; urgency=high
* QA upload.
diff -Nru awstats-7.8/debian/patches/fix-cross-site-scripting.patch
awstats-7.8/debian/patches/fix-cross-site-scripting.
Source: awstats
Version: 7.8-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/eldy/AWStats/pull/226
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for awstats.
CVE-2022-46391[0]:
| AWStats 7.x through 7.8 allows XSS
Hi all,
An update for expat (landed in unstable earlier) and now as DSA 5085-2
for buster and bullseye as well is released which relaxes the fix for
CVE-2022-25236 with regard to RFC 3986 URI characters.
So there is no immediate action for updating the affected packages
from regressions ins buste
Source: plib
Version: 1.8.5-8
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://sourceforge.net/p/plib/bugs/55/
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for plib.
CVE-2021-38714[0]:
| In Plib t
Source: jhead
Version: 1:3.04-5
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/Matthias-Wandel/jhead/issues/33
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for jhead.
CVE-2021-3496[0]
Source: ircii
Version: 20190117-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: clone -1 -2
Control: reassign -2 src:scrollz 2.2.3-1
Control: retitle -2 scrollz: CVE-2021-29376
The following vulnerability was published for ircii.
CVE-2021-
Hi Carsten, hi Christoph,
On Thu, Jan 28, 2021 at 05:15:46PM +0100, Carsten Schoenert wrote:
> retitle -1 ITA: picking up maintenance of libpam-radius-auth
>
> Hello Salvatore,
>
> Am Fri, Feb 21, 2020 at 03:03:12PM +0100 schrieb Salvatore Bonaccorso:
> > Source: libpam-ra
Control: severity -1 serious
On Sat, Dec 12, 2020 at 10:18:21AM +0100, Salvatore Bonaccorso wrote:
> Source: awstats
> Version: 7.8-1
> Severity: important
> Tags: security upstream
> Forwarded: https://github.com/eldy/awstats/issues/195
> X-Debbugs-Cc: car...@debian.org, De
Control: reopen -1
On Thu, Jul 19, 2018 at 11:37:29PM +0200, Moritz Muehlenhoff wrote:
> Source: giflib
> Severity: important
> Tags: security
>
> https://sourceforge.net/p/giflib/bugs/112/
Looks the wrong bug was closed here? CVE-2018-11490 was sf#113, while
this one is CVE-2018-11489, sf#112,
Source: awstats
Version: 7.8-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/eldy/awstats/issues/195
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for awstats, which is a
followup to CVE-2020-29600 (incomplete fix
Hi Baptiste,
On Tue, Aug 18, 2020 at 06:49:47PM +0200, Baptiste DETUNE wrote:
> Hi guys,
>
> Under Debian Buster, the link to visit the project page related to ekg2
> package pointing on http://ekg2.org is wrong and must be censored because
> of sexual content.
While I do agree the wrong homepag
Source: golang-github-unknwon-cae
Version: 0.0~git20160715.0.c6aac99-4
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for golang-github-unknwon-cae.
CVE-2020-7668[0]:
|
Source: golang-github-unknwon-cae
Version: 0.0~git20160715.0.c6aac99-4
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for golang-github-unknwon-cae.
CVE-2020-7664[0]:
|
Hi,
On Fri, May 15, 2020 at 10:19:42PM +0200, Salvatore Bonaccorso wrote:
> Hi,
>
> On Mon, May 11, 2020 at 09:55:12PM +0200, Salvatore Bonaccorso wrote:
> > Source: json-c
> > Version: 0.13.1+dfsg-7
> > Severity: important
> > Tags: security upstream
> &g
Hi,
On Mon, May 11, 2020 at 09:55:12PM +0200, Salvatore Bonaccorso wrote:
> Source: json-c
> Version: 0.13.1+dfsg-7
> Severity: important
> Tags: security upstream
> Forwarded: https://github.com/json-c/json-c/pull/592
>
> Hi,
>
> The following vulnerability was pub
Source: json-c
Version: 0.13.1+dfsg-7
Severity: important
Tags: security upstream
Forwarded: https://github.com/json-c/json-c/pull/592
Hi,
The following vulnerability was published for json-c.
CVE-2020-12762[0]:
| json-c through 0.14 has an integer overflow and out-of-bounds write
| via a large
Source: libpam-radius-auth
Version: 1.4.0-3
Severity: serious
Justification: should not be released in bullseye without active maintainer
libpam-radius-auth has been orphaned in Debian since several years and
QA maintained. It did had at least the CVE-2015-9542 security issue.
There are no packag
Hi,
FTR, whilst one can argue the issue is not that severe to warrant a RC
severity, I'm raising it here since libpam-radius-auth is orphaned now
since some years.
If there is still interest in this pam module it likely needs a
maintainer otherwise we should not release bullseye with
libpam-radiu
Source: libpam-radius-auth
Version: 1.4.0-2
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for libpam-radius-auth.
CVE-2015-9542[0]:
|buffer overflow in password field
If you fix the vulnerability please also make sure to include the
CVE (Common Vulner
Source: lout
Version: 3.39-3
Severity: grave
Tags: security upstream
Justification: user security hole
Hi,
The following vulnerabilities were published for lout.
CVE-2019-19917[0]:
| Lout 3.40 has a buffer overflow in the StringQuotedWord() function in
| z39.c.
CVE-2019-19918[1]:
| Lout 3.40 h
Source: cflow
Version: 1:1.6-4
Severity: important
Tags: security upstream
Forwarded: https://lists.gnu.org/archive/html/bug-cflow/2019-04/msg0.html
Control: found -1 1:1.6-1
Hi,
The following vulnerability was published for cflow.
CVE-2019-16166[0]:
| GNU cflow through 1.6 has a heap-based
Source: cflow
Version: 1:1.6-4
Severity: important
Tags: security upstream
Forwarded: https://lists.gnu.org/archive/html/bug-cflow/2019-04/msg1.html
Control: found -1 1:1.6-1
Hi,
The following vulnerability was published for cflow.
CVE-2019-16165[0]:
| GNU cflow through 1.6 has a use-after-f
Source: zipios++
Version: 0.1.5.9+cvs.2007.04.28-10
Severity: important
Tags: security upstream
Control: found -1 0.1.5.9+cvs.2007.04.28-6
Hi,
The following vulnerability was published for zipios++.
CVE-2019-13453[0]:
| Zipios before 0.1.7 does not properly handle certain malformed zip
| archive
Source: lighttpd
Version: 1.4.53-3
Severity: grave
Tags: security upstream
Forwarded: https://redmine.lighttpd.net/issues/2945
Hi,
The following vulnerability was published for lighttpd.
CVE-2019-11072[0]:
| lighttpd before 1.4.54 has a signed integer overflow, which might
| allow remote attacke
Hi Jeremy,
On Mon, Mar 12, 2018 at 10:07:05PM +0100, Salvatore Bonaccorso wrote:
> Jeremy,
>
> On Sun, Mar 11, 2018 at 08:45:42AM -0400, Jeremy Bicha wrote:
> > On Sun, Mar 11, 2018 at 8:40 AM, Salvatore Bonaccorso
> > wrote:
> > > Is abiword upstream still active
Source: tcpdf
Version: 6.2.13+dfsg-1
Severity: serious
Justification: unfit for buster release
Hi
I'm raising this bug at RC severity for the following concerns: tcpdf
lacks several new upstream versions behind, is QA maintained after the
former maintainer orphaned it (he was maintaining it due t
Source: lighttpd
Version: 1.4.49-1.1
Severity: important
Tags: security upstream
Control: found -1 1.4.45-1
Hi,
The following vulnerability was published for lighttpd.
CVE-2018-19052[0]:
| An issue was discovered in mod_alias_physical_handler in mod_alias.c in
| lighttpd before 1.4.50. There is
Source: autofs
Severity: wishlist
Hi
There was a new autofs version released (5.1.5) upstream, could it be
packaged for Debian?
Regards,
Salvatore
Source: tcpdf
Version: 6.2.13+dfsg-1
Severity: grave
Tags: patch security upstream
Hi,
The following vulnerability was published for tcpdf.
CVE-2018-17057[0]:
| An issue was discovered in TCPDF before 6.2.22. Attackers can trigger
| deserialization of arbitrary data via the phar:// wrapper.
If
Hi
I re-uploaded a version adding the patch.
Regards,
Salvatore
Hi
As spotted by Marc Deslauriers, the patch was dropped again in the
5.1.4-0.4 reopening the issue. Looking at the source, the patch is not
applied to 5.1.4 upstream source.
Cc'ing Paolo four douple check/confirming.
Regards,
Salvatore
-By: Salvatore Bonaccorso
Closes: 893132
Description:
libvorbisidec-dev - Integer-only Ogg Vorbis decoder, AKA "tremor" (Development
Files)
libvorbisidec1 - Integer-only Ogg Vorbis decoder, AKA "tremor"
Changes:
libvorbisidec (1.0.2+svn18153-1~deb8u2) jessie-security; urge
-By: Salvatore Bonaccorso
Closes: 893132
Description:
libvorbisidec-dev - Integer-only Ogg Vorbis decoder, AKA "tremor" (Development
Files)
libvorbisidec1 - Integer-only Ogg Vorbis decoder, AKA "tremor"
Changes:
libvorbisidec (1.0.2+svn18153-1+deb9u1) stretch-security; urge
-By: Salvatore Bonaccorso
Closes: 893132
Description:
libvorbisidec-dev - Integer-only Ogg Vorbis decoder, AKA "tremor" (Development
Files)
libvorbisidec1 - Integer-only Ogg Vorbis decoder, AKA "tremor"
Changes:
libvorbisidec (1.0.2+svn18153-1~deb8u2) jessie-security; urge
Source: libvorbisidec
Version: 1.0.2+svn18153-0.2
Severity: grave
Tags: patch security upstream
Hi,
the following vulnerability was published for libvorbisidec.
CVE-2018-5147[0]:
out-of-bounds memory write
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabili
Jeremy,
On Sun, Mar 11, 2018 at 08:45:42AM -0400, Jeremy Bicha wrote:
> On Sun, Mar 11, 2018 at 8:40 AM, Salvatore Bonaccorso
> wrote:
> > Is abiword upstream still active?
>
> Yes.
>
> https://bugzilla.abisource.com/
>
> Here's a git mirror of their svn
Hi Jeremy,
On Sun, Mar 11, 2018 at 07:52:13AM -0400, Jeremy Bicha wrote:
> Control: reopen -1
> Control: tags -1 moreinfo
>
> On Thu, Dec 21, 2017 at 7:55 AM, Salvatore Bonaccorso
> wrote:
> > Source: abiword
> > Version: 3.0.2-5
> > Severity: normal
>
Hi!
On Tue, Feb 27, 2018 at 12:34:58PM -0500, Rocky Bernstein wrote:
> In https://security-tracker.debian.org/tracker/CVE-2017-18201 it claims
> 0.83 is vulnerable, but I don't believe that this the case.
>
> I think that bug was introduced in version 0.92. There was a major change
> in 0.90 as
Source: libcdio
Version: 1.0.0-1
Severity: important
Tags: security upstream
Control: fixed -1 2.0.0-1
Hi,
the following vulnerability was published for libcdio.
CVE-2017-18201[0]:
| An issue was discovered in GNU libcdio before 2.0.0. There is a double
| free in get_cdtext_generic() in lib/driv
Source: abiword
Version: 3.0.2-5
Severity: normal
Tags: security upstream
Hi,
the following vulnerability was published for abiword.
CVE-2017-17529[0]:
| af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings
| before launching the program specified by the BROWSER environment
| v
Control: severity -1 serious
Rationale: The package is currently without maintainer (QA
maintained) and has this open for several years. Thus either for
buster the issue is fixed or not included.
Alternatively, but has still high popcon, remove zoo from the archive?
Regards,
Salvatore
Control: clone -1 -2
Control: retitle -2 virglrenderer: CVE-2017-6386
Hi
There was an upload to unstable (0.6.0-1). Out of the CVEs one was not
yet fixed: CVE-2017-6386. Cloning to record that one separately.
Regards,
Salvatore
Source: libytnef
Version: 1.9.2-2
Severity: important
Tags: upstream security
Forwarded: https://github.com/Yeraze/ytnef/issues/49
Hi,
the following vulnerability was published for libytnef.
CVE-2017-12142[0]:
| In ytnef 1.9.2, an invalid memory read vulnerability was found in the
| function Swa
Source: libytnef
Version: 1.9.2-2
Severity: normal
Tags: security upstream
Forwarded: https://github.com/Yeraze/ytnef/issues/51
Hi,
the following vulnerability was published for libytnef.
CVE-2017-12144[0]:
| In ytnef 1.9.2, an allocation failure was found in the function
| TNEFFillMapi in ytnef
Source: libytnef
Version: 1.9.2-2
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/Yeraze/ytnef/issues/50
Hi,
the following vulnerability was published for libytnef.
CVE-2017-12141[0]:
| In ytnef 1.9.2, a heap-based buffer overflow vulnerabi
Source: libytnef
Version: 1.9.2-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/Yeraze/ytnef/issues/42
Hi,
the following vulnerability was published for libytnef.
CVE-2017-9473[0]:
| In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote
| attackers to
Source: libytnef
Version: 1.9.2-2
Severity: important
Tags: upstream security
Forwarded: https://github.com/Yeraze/ytnef/issues/37
Hi,
the following vulnerability was published for libytnef.
CVE-2017-9470[0]:
| In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote
| attackers to ca
Source: libytnef
Version: 1.9.2-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/Yeraze/ytnef/issues/39
Hi,
the following vulnerability was published for libytnef.
CVE-2017-9471[0]:
| In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote
| attackers to cau
Source: libytnef
Version: 1.9.2-2
Severity: important
Tags: upstream security
Forwarded: https://github.com/Yeraze/ytnef/issues/40
Hi,
the following vulnerability was published for libytnef.
CVE-2017-9474[0]:
| In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote
| attackers t
Source: libytnef
Version: 1.9.2-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/Yeraze/ytnef/issues/41
Hi,
the following vulnerability was published for libytnef.
CVE-2017-9472[0]:
| In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote
| attackers to ca
Source: php-cas
Version: 1.3.3-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/Jasig/phpCAS/issues/228
Hi,
the following vulnerability was published for php-cas.
CVE-2017-171[0]:
| Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass
| in the valid
Source: virglrenderer
Version: 0.5.0-1
Severity: important
Tags: upstream security
Hi,
the following vulnerability was published for virglrenderer.
CVE-2017-5580[0]:
OOB access while parsing texture instruction
If you fix the vulnerability please also make sure to include the
CVE (Common Vulner
Source: virglrenderer
Version: 0.5.0-1
Severity: important
Tags: upstream security patch
Hi,
the following vulnerability was published for virglrenderer.
CVE-2016-10163[0]:
host memory leakage when creating decode context
If you fix the vulnerability please also make sure to include the
CVE (Co
Hi!
On Fri, Dec 09, 2016 at 09:01:57AM +0100, BERTRAND Joël wrote:
> Salvatore Bonaccorso a écrit :
> >Hi
> >
> >On Thu, Dec 08, 2016 at 08:33:24PM +0100, BERTRAND Joël wrote:
> >>Package: sendmail
> >>Version: 8.15.2-7
> >>Severity: normal
&g
Hi
On Thu, Dec 08, 2016 at 08:33:24PM +0100, BERTRAND Joël wrote:
> Package: sendmail
> Version: 8.15.2-7
> Severity: normal
>
> Dear Maintainer,
>
> I have upgraded sendmail/testing and now every 20 minutes, cron sends mail
> with
> following object :
>
> Cron test -x /etc/init.d/sendmail &
Source: quagga
Version: 0.99.23.1-1
Severity: grave
Tags: security upstream patch
Hi,
the following vulnerability was published for quagga.
CVE-2016-1245[0]:
zebra: stack overrun in IPv6 RA receive code
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilitie
Source: openslp-dfsg
Version: 1.2.1-1
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for openslp-dfsg.
CVE-2015-5155[0]:
Packet with crafted "nextoffset" and "extid" values causes DoS
If you fix the vulnerability please also make sure to include the
CV
Source: libmimedir
Version: 0.5.1-1
Severity: grave
Tags: security upstream
Hi,
the following vulnerability was published for libmimedir.
CVE-2015-3205[0]:
| libmimedir allows remote attackers to execute arbitrary code via a VCF
| file with two NULL bytes at the end of the file, related to "free
Source: freeimage
Version: 3.15.1-1
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for freeimage.
CVE-2015-3885[0]:
| Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier
| allows remote attackers to cause a denial of service (crash) v
Control: retitle -1 paxtar: directory traversal vulnerabilities (CVE-2015-1193
CVE-2015-1194)
Hi,
According to MITRE the following two CVEs were assigned for pax:
> Use CVE-2015-1193 for the .. path traversal (CWE-22).
>
> Use CVE-2015-1194 for the symlink following, which can allow access out
Control: retitle -1 ppmd: CVE-2015-1199: directory traversal
Hi,
This has been assigned CVE-2015-1199 by MITRE.
Regards,
Salvatore
--
To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: htt
Source: dhcpcd5
Version: 6.0.5-2
Severity: important
Justification: fails to build from source (but built successfully in the past)
Hi
dhcpcd5 build previously also on kfreebsd-amd64 and kfreebsd-i386 but
the last upload failed to build, which I have not further
investigated. Logs can be found:
Package: chrony
Severity: important
Hi,
the following vulnerabilities were published for chrony.
CVE-2012-4502[0]:
Buffer overflow when processing crafted command packets
CVE-2012-4503[1]:
Uninitialized data in command replies
Upstream commits fixing these issues are at [2] and [3]. See also [
Control: tags -1 + unreproducible
Hi!
I tried to reproduce this FTBFS. Both with sbuild (wheezy and
unstable) and pbuilder chroots (wheezy and unstable, building twice in
a row).
I cannot reproduce this, in all cases the package builded fine.
Regards,
Salvatore
signature.asc
Description: Digi
Hi
On Fri, Nov 18, 2011 at 02:45:08PM +0200, Niko Tyni wrote:
> On Thu, Nov 17, 2011 at 09:40:26AM +0100, Julien Cristau wrote:
> > Package: libtokyocabinet-perl
> > Version: 1.34-1
> > Severity: serious
> > Justification: fails to build from source (but built successfully in the
> > past)
> >
>
Hi Erik
Many thanks for your updated translation. I integrate it after
deadline for submissions of debconf translations for esmtp.
Bests
Salvatore
signature.asc
Description: Digital signature
Hi Yuri
Many thanks for your updated translation. it will be integrated after
deadline for updating debconf translation request.
Bests
Salvatore
signature.asc
Description: Digital signature
Hi Hideki
Many thanks for the updated debconf translations for esmtp. I will add
them to an updated package after deadline for translation request.
Bests
Salvatore
signature.asc
Description: Digital signature
Hi Martin
Many thanks for the updated debconf translations for esmtp. I will add
them to an updated package after deadline for translation request.
Bests
Salvatore
signature.asc
Description: Digital signature
Hi Martin
Many thanks for the updated debconf translations for esmtp. I will add
them to an updated package after deadline for translation request.
Bests
Salvatore
signature.asc
Description: Digital signature
Hi Christian
Many thanks for the updated debconf translations for esmtp. I will add
them to an updated package after deadline for translation request.
Bests
Salvatore
signature.asc
Description: Digital signature
# Automatically generated email from bts, devscripts version 2.10.35lenny7
# works here both with empty or set subject and only bcc field filled
tags 338488 + moreinfo unreproducible
notfound 338488 0.6.0-1
notfound 33488 1.2-1
--
To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debia
Hei Rueben
On Mon, Dec 28, 2009 at 04:21:45PM +, Reuben Thomas wrote:
> I don't use esmtp any more, so I suggest that if it works for you
> that's good enough. Looking back at the bug report, did you notice
> that the problem was also with the Subject: header (or absence of
> Subject header)?
Hi Reuben
Can you please test if this still happens with the current version in
stable (0.6.0-1) or even in unstable (1.2-1)? I tried to reproduce
this, but sending an Email only with Bcc adresses worked here (MUA:
mutt).
Bests
Salvatore
signature.asc
Description: Digital signature
97 matches
Mail list logo
