Package: firefox-esr
Version: 102.3.0esr-1
Severity: serious
Tags: bookworm sid
X-Debbugs-Cc: Carsten Schoenert ,
debian-release@lists.debian.org, t...@security.debian.org,
debian-...@lists.debian.org
[ various potentially interested parties are Cc'ed ]
4 GB address space for one process is an
Hi,
On 2022-10-14 11:58, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Sat, 2022-10-08 at 11:30 +0200, Aurelien Jarno wrote:
> > The glibc/2.31-13+deb11u4 update introduced a regression (bug
> > #1019855) on some early Intel Haswell processors which expose the
> > AVX2 instructions
Processing changes file: debmirror_2.35+deb11u1_all-buildd.changes
ACCEPT
Processing changes file: libconfuse_3.3-2+deb11u1_all-buildd.changes
ACCEPT
Processing changes file: libconfuse_3.3-2+deb11u1_amd64-buildd.changes
ACCEPT
Processing changes file: libconfuse_3.3-2+deb11u1_arm64-buildd.ch
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: debian-p...@lists.debian.org
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
I've uploaded libdatetime-timezone-perl/1:2.47-1+2022e to bullseye,
with the changes fro
* Adam D. Barratt [2022-10-14 13:04]:
Assuming the diff would be similar to that initially proposed, you can
simply prepare and upload 1.0.0+dfsg-1+deb11u1 and we can sort things
out from there.
It is, so I uploaded the correct version now.
Sorry for the screw-up, I should have noticed that bef
* Adam D. Barratt [2022-10-14 12:53]:
On Fri, 2022-10-14 at 11:53 +0100, Adam D. Barratt wrote:
Control: tags -1 + confirmed
On Sun, 2022-10-02 at 19:38 +0200, Timo Röhling wrote:
> The update fixes two vulnerabilities with low priority, i.e.
> the security team has decided not to issue a DSA.
On Fri, 2022-10-14 at 13:58 +0200, Timo Röhling wrote:
> * Adam D. Barratt [2022-10-14 12:53]:
> > On Fri, 2022-10-14 at 11:53 +0100, Adam D. Barratt wrote:
> > > Control: tags -1 + confirmed
> > >
> > > On Sun, 2022-10-02 at 19:38 +0200, Timo Röhling wrote:
> > > > The update fixes two vulnerabi
On Fri, 2022-10-14 at 11:53 +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Sun, 2022-10-02 at 19:38 +0200, Timo Röhling wrote:
> > The update fixes two vulnerabilities with low priority, i.e.
> > the security team has decided not to issue a DSA.
> >
> > [ Impact ]
> > CVE-202
Processing changes file: chromium_106.0.5249.119-1~deb11u1_source.changes
ACCEPT
Processing changes file: chromium_106.0.5249.119-1~deb11u1_all-buildd.changes
ACCEPT
Processing changes file: chromium_106.0.5249.119-1~deb11u1_amd64-buildd.changes
ACCEPT
Processing changes file: chromium_106.0.
Your message dated Fri, 14 Oct 2022 12:07:21 +0100
with message-id
and subject line Re: Bug#1010203: bullseye-pu: package bind9/1:9.16.28-1~deb11u1
has caused the Debian Bug report #1010203,
regarding bullseye-pu: package bind9/1:9.16.28-1~deb11u1
to be marked as done.
This means that you claim
Processing commands for cont...@bugs.debian.org:
> package release.debian.org
Limiting to bugs with field 'package' containing at least one of
'release.debian.org'
Limit currently set to 'package':'release.debian.org'
> tags 1021172 = bullseye pending
Bug #1021172 [release.debian.org] bullseye-p
Processing commands for cont...@bugs.debian.org:
> package release.debian.org
Limiting to bugs with field 'package' containing at least one of
'release.debian.org'
Limit currently set to 'package':'release.debian.org'
> tags 1021214 = bullseye pending
Bug #1021214 [release.debian.org] bullseye-p
Processing commands for cont...@bugs.debian.org:
> package release.debian.org
Limiting to bugs with field 'package' containing at least one of
'release.debian.org'
Limit currently set to 'package':'release.debian.org'
> tags 1021186 = bullseye pending
Bug #1021186 [release.debian.org] bullseye-p
package release.debian.org
tags 1021214 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: libconfuse
Version: 3.3-2+de
package release.debian.org
tags 1021186 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: debmirror
Version: 2.35+deb1
package release.debian.org
tags 1021172 = bullseye pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into
the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
==
Package: x2gothinclient
Version: 1.5.
Control: tags -1 + confirmed
On Wed, 2022-10-12 at 09:14 +0200, Yadd wrote:
> node-xmldom is vulnerable to prototype pollution
>
>
Please go ahead.
Regards,
Adam
Processing control commands:
> tags -1 + confirmed
Bug #1021647 [release.debian.org] bullseye-pu: package
node-xmldom/0.5.0-1+deb11u1
Added tag(s) confirmed.
--
1021647: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021647
Debian Bug Tracking System
Contact ow...@bugs.debian.org with probl
Processing control commands:
> tags -1 + confirmed
Bug #1021426 [release.debian.org] bullseye-pu: package glibc/2.31-13+deb11u5
Added tag(s) confirmed.
--
1021426: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021426
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Control: tags -1 + confirmed
On Sat, 2022-10-08 at 11:30 +0200, Aurelien Jarno wrote:
> The glibc/2.31-13+deb11u4 update introduced a regression (bug
> #1019855) on some early Intel Haswell processors which expose the
> AVX2 instructions, but lack the BMI2 instructions. On such systems
> the memch
Processing control commands:
> tags -1 + confirmed
Bug #1021130 [release.debian.org] bullseye-pu: package
tinyexr/1.0.1+dfsg-1+deb11u1
Added tag(s) confirmed.
--
1021130: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021130
Debian Bug Tracking System
Contact ow...@bugs.debian.org with prob
Control: tags -1 + confirmed
On Sun, 2022-10-02 at 19:38 +0200, Timo Röhling wrote:
> The update fixes two vulnerabilities with low priority, i.e.
> the security team has decided not to issue a DSA.
>
> [ Impact ]
> CVE-2022-34300: Heap overflow in DecodePixelData
> CVE-2022-38529: Heap overflow
Processing control commands:
> tags -1 + confirmed
Bug #1020596 [release.debian.org] bullseye-pu: mod-wsgi/4.7.1-3+deb11u1
Added tag(s) confirmed.
--
1020596: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020596
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Control: tags -1 + confirmed
On Fri, 2022-09-23 at 22:59 +, Thorsten Alteholz wrote:
> The attached debdiff for mod-wsgi fixes CVE-2022-2255 in Bullseye.
> This
> CVE has been marked as no-dsa by the security team.
>
Please go ahead.
Regards,
Adam
Control: tags -1 + confirmed
On Fri, 2022-09-16 at 10:46 +0200, Yadd wrote:
> dojo is vulnerable to prototype pollution (#1014785, CVE-2021-23450)
>
Please go ahead.
Regards,
Adam
Processing control commands:
> tags -1 + confirmed
Bug #1019915 [release.debian.org] bullseye-pu: package
dojo/1.15.4+dfsg1-1+deb11u1
Added tag(s) confirmed.
--
1019915: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019915
Debian Bug Tracking System
Contact ow...@bugs.debian.org with probl
Processing control commands:
> tags -1 + confirmed
Bug #1019539 [release.debian.org] bullseye-pu: package
lemonldap-ng/2.0.11+ds-4+deb11u2
Added tag(s) confirmed.
--
1019539: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019539
Debian Bug Tracking System
Contact ow...@bugs.debian.org with
Control: tags -1 + confirmed
On Sun, 2022-09-11 at 15:13 +0200, Yadd wrote:
> lemonldap-ng before version 2.0.15 has an issue that may maintain
> a session active on a Lemonldap::NG's handler if user has a
> continuous
> activity on this handler after session expiration or deletion
> (CVE-2022-371
28 matches
Mail list logo
