Bug#969349: buster-pu: package chrony/3.4-4+deb10u1

Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, [ Reason ] chrony versions prior to 3.5.1 are vulnerable to a symlink race when creating the PID file. CVE-2020-14367 has been

Bug#969348: buster-pu: package node-bl/1.1.2-1+deb10u1

Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu [ Reason ] node-bl is vunerable to CVE-2020-8244 (#969309): A buffer over-read vulnerability exists which could allow an attacker to supply user input (even typed) that if it ends up

Re: Go issues wrt. Debian infrastructure: moving forward

On 31/08/2020 20:29, Moritz Mühlenhoff wrote: > On Sat, Aug 29, 2020 at 10:18:57PM +0200, Clément Hermann wrote: >> Other than that, I don't think there are, my understanding was that the >> missing orig.tar.gz when dealing with a lot of new packages in the >> security archive was the main blocker

Re: Go issues wrt. Debian infrastructure: moving forward

On Sat, Aug 29, 2020 at 10:18:57PM +0200, Clément Hermann wrote: > Hi, > > On 29/08/2020 20:09, Ansgar wrote: > > Hi, > > > > Clément Hermann writes: > >> The original message on debian-go and debian-release is here: > >> > >> https://lists.debian.org/msgid-search/176455fa-4611-f2c1-9ca1-f855d7d9

Bug#969321: transition: GNOME 3.38 (mutter, evolution-data-server, etc.)

Package: release.debian.org Severity: normal Tags: moreinfo User: release.debian@packages.debian.org Usertags: transition X-Debbugs-Cc: debian-gtk-gn...@lists.debian.org GNOME 3.38 will be released on 2020-09-16, and beta versions of the major packages (versioned 3.37.x) are already making the