Bug#969211: RM: redmine/4.0.7-1

Dear Pirate, On 29-08-2020 12:54, Pirate Praveen wrote: > redmine is not compatible with rails 6 (#969206). This is blocking > migration of rails 6 to testing. Please remove redmine from testing to > allow rails 6 to migrate to testing. That redmine bug was filed just before you requested the rem

Bug#969172: buster-pu: package asterisk/1:16.2.1~dfsg-1+deb10u2

Hi, >>> Please go ahead. >> >> Thanks, upload has been ACCEPTED and built on all architectures. > > I think there may be some confusion. The new upload hasn't been built > on any architecture yet, as it's still in the stable-new queue awaiting > final review and acceptance: Err right, I mixed th

Bug#969172: buster-pu: package asterisk/1:16.2.1~dfsg-1+deb10u2

On Tue, 2020-09-01 at 15:14 +0200, Bernhard Schmidt wrote: > Dear Adam, > > On Fri, 2020-08-28 at 16:56 +0200, Bernhard Schmidt wrote: > > > I would like to make a stable-update for asterisk. > > > > > > It fixes three minor CVEs (marked no-dsa) > > > > > > #940060 CVE-2019-15297: AST-2019-00

Bug#969172: buster-pu: package asterisk/1:16.2.1~dfsg-1+deb10u2

Dear Adam, > On Fri, 2020-08-28 at 16:56 +0200, Bernhard Schmidt wrote: >> I would like to make a stable-update for asterisk. >> >> It fixes three minor CVEs (marked no-dsa) >> >> #940060CVE-2019-15297: AST-2019-004: Crash when negotiating >> for T.38 with a declined stream >> #947377 CVE

Bug#969158: expeyes: maybe a false positive generated by mail_autoremovals.pl?

(note: this mail represents my opinions as an ordinary dd, I am not a member of the release team) due to the fact that it is supposed to (build-)depend on binutils-avr, which FTBFS. As I understand it "(build-)depends" should be interpreted as "depends or build-depends" The source package e

Bug#969369: buster-pu: package node-elliptic/6.4.1_dfsg-1+deb10u1

Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu [ Reason ] node-elliptic allows ECDSA signature maleability via variations in encoding, leading '\0' bytes, or integer overflows (CVE-2020-13822). [ Impact ] This could conceivably

Bug#969366: buster-pu: package node-url-parse/1.2.0-2+deb10u1

Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu [ Reason ] Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks. [ Impact ]