Since this upload triggers a regression in the testsuite of
libmath-bigint-gmp-perl (see #1033784), I just uploaded
libmath-bigint-gmp-perl 1.6011-3, which fixes the testsuite.
signature.asc
Description: PGP signature
3e5f970..5130790 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+libmath-bigint-perl (1.999838-1) unstable; urgency=medium
+
+ * New upstream version 1.999838, which fixes infinite recursion in
+bitwise operations (Closes: #1012704, #1017042).
+ * Update d/upstream/metadata
).
+
+ -- Roland Rosenfeld Mon, 07 Nov 2022 13:10:05 +0100
+
xfig (1:3.2.8-3) unstable; urgency=medium
* testsuite: depend on libgs-dev, so the test does no longer randomly
diff -Nru xfig-3.2.8/debian/patches/10_CVE-2021-40241.patch xfig-3.2.8/debian/patches/10_CVE-2021-40241.patch
--- xfig-3.2.8
-37529: Allow long names for non-existing images.
+ * 36_CVE-2021-37530: Avoid a segfault for non-existing image names.
+
+ -- Roland Rosenfeld Fri, 26 Aug 2022 12:30:59 +0200
+
fig2dev (1:3.2.8-3) unstable; urgency=medium
* 30_arrow-poly: Remove arrows from polygon with single point.
diff
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu
nmu mailfromd_8.13-1 . ANY . unstable . -m "Rebuild against libmailutils9
(1:3.15-2)"
There was a bug in mailutils 3.14 (#1009293), that some symbols were
changed but there was no version b
,12 @@
+privoxy (3.0.28-2+deb10u2) buster; urgency=medium
+
+ * 53_CVE-2021-44540: get_url_spec_param(): Free memory of compiled
+pattern spec before bailing (CVE-2021-44540).
+ * 56_CVE-2021-44543: cgi_error_no_template(): Encode the template name
+to prevent XSS (CVE-2021-44543).
+
+ -- R
failing to get the request destination (CVE-2021-44541).
+ * 55_CVE-2021-44542: send_http_request(): Prevent memory leaks when
+handling errors (CVE-2021-44542).
+ * 56_CVE-2021-44543: cgi_error_no_template(): Encode the template name
+to prevent XSS (CVE-2021-44543).
+
+ -- Roland Rose
On Sa, 29 Mai 2021, Adam D. Barratt wrote:
> > I prepared an update for fig2dev 1:3.2.7a-5+deb10u3 to deb10u4, which
> > in the first time fixes CVE-2021-3561 (the security team doesn't
> > intend to create a DSA but redirected me here).
> >
> > Additionally it fixes four other buffer overflows,
lylines.
+ * 46_arrow-poly: Remove arrows from polygon with single point.
+ * 47_trunc-subsuper: Allow truncated sub/superscripts in text.
+ * 48_arrow-point: Omit arrows without points in svg output.
+ * Rebuild testsuite during build and in autopkgtest.
+
+ -- Roland Rosenfeld Sat, 22 May 2021 11
point.
+ * 31_trunc-subsuper: Allow truncated sub/superscripts in text.
+ * 32_arrow-point: Omit arrows without points in svg output.
+ * 33_sanitize-color: Sanitize color definitions.
+
+ -- Roland Rosenfeld Fri, 30 Apr 2021 11:28:30 +0200
+
fig2dev (1:3.2.8-2) unstable; urgency=medium
20275: chunked_body_is_complete(): Prevent invalid read of
+size two (CVE-2021-20275).
+ * 52_CVE-2021-20276: Obsolete pcre: Prevent invalid memory accesses
+(CVE-2021-20276).
+
+ -- Roland Rosenfeld Mon, 08 Mar 2021 13:57:15 +0100
+
privoxy (3.0.28-2) unstable; urgency=medium
* d/tests/pr
(CVE-2021-20214).
+ * 48_CVE-2021-20215: Fixed memory leaks in the show-status CGI handler
+when memory allocations fail (CVE-2021-20215).
+
+ -- Roland Rosenfeld Sat, 06 Feb 2021 20:33:25 +0100
+
privoxy (3.0.28-2) unstable; urgency=medium
* d/tests/privoxy-regression-test: Re
Hi Moritz!
On Do, 04 Feb 2021, Moritz Mühlenhoff wrote:
> Am Tue, Feb 02, 2021 at 07:15:37PM +0100 schrieb Roland Rosenfeld:
> > Package: release.debian.org
> > Severity: normal
> > Tags: buster
> > User: release.debian@packages.debian.org
> > Usertags: pu
&
21-20216: Fix a memory leak (CVE-2021-20216).
+
+ -- Roland Rosenfeld Tue, 02 Feb 2021 18:52:00 +0100
+
privoxy (3.0.26-3) unstable; urgency=medium
* Add da debconf translation. Thanks to Joe Dalton (Closes: #850876).
diff -Nru privoxy-3.0.26/debian/patches/38_CVE-2021-20217.patch privox
21-20216: Fix a memory leak (CVE-2021-20216).
+
+ -- Roland Rosenfeld Tue, 02 Feb 2021 18:03:02 +0100
+
privoxy (3.0.28-2) unstable; urgency=medium
* d/tests/privoxy-regression-test: Remove tmpdir on exit.
diff -Nru privoxy-3.0.28/debian/gitlab-ci.yml privoxy-3.0.28/debian/gitlab-ci.yml
---
Hi Adam!
On Sa, 25 Jan 2020, Adam D. Barratt wrote:
> On Tue, 2020-01-07 at 20:16 +0100, Roland Rosenfeld wrote:
> > While 3.2.7a-5+deb10u2 is currently in proposed-updates I prepared
> > another update (deb10u3) fixing CVE-2019-19746 and CVE-2019-19797 as
> > well as 6 fur
rflow.
+This fixes CVE-2019-19746 (Closes: #946628).
+ * 43_fgets2getline: Replace most calls to fgets() by getline() in
+ read.c. This fixes CVE-2019-19797 and several other segfaults
+ (Closes: #946866).
+
+ -- Roland Rosenfeld Tue, 07 Jan 2020 19:53:09 +0100
+
fig2dev (1:3.2.7a-5+deb10
Hi Adam!
On Mi, 04 Dez 2019, Adam D. Barratt wrote:
> Control: tags -1 + moreinfo
>
> On Wed, 2019-12-04 at 22:50 +0100, Roland Rosenfeld wrote:
> > This fixes CVE-2019-19555 in buster. Since this is tagged
> > "unimportant" by the security team on
> >
00 +0200
+++ fig2dev-3.2.6a/debian/changelog 2019-12-04 22:22:00.0 +0100
@@ -1,3 +1,10 @@
+fig2dev (1:3.2.6a-2+deb9u3) stretch; urgency=medium
+
+ * 41_CVE-2019-19555: Allow Fig v2 text strings ending with multiple ^A.
+This fixes CVE-2019-19555. Closes (#946176).
+
+ -- Roland Rosenfeld
00 +0200
+++ fig2dev-3.2.7a/debian/changelog 2019-12-04 22:12:49.0 +0100
@@ -1,3 +1,10 @@
+fig2dev (1:3.2.7a-5+deb10u2) buster; urgency=medium
+
+ * 41_CVE-2019-19555: Allow Fig v2 text strings ending with multiple ^A.
+This fixes CVE-2019-19555. Closes (#946176).
+
+ -- Roland Rosenfeld
(Closes: #933075).
+ * Adapt salsa CI pipeline to stretch release.
+
+ -- Roland Rosenfeld Sat, 27 Jul 2019 10:22:45 +0200
+
fig2dev (1:3.2.6a-2+deb9u1) stretch; urgency=medium
* CVE-2017-16899: 31_input_sanitizing: Some input sanitizing on FIG
diff -Nru fig2dev-3.2.6a/debian/gitlab-ci.yml f
: Do not segfault on circle/half circle arrowheads
+with a magnification larger 42. This fixes CVE-2019-14275.
+(Closes: #933075).
+ * Adapt salsa CI pipeline to buster release.
+
+ -- Roland Rosenfeld Sat, 27 Jul 2019 09:51:53 +0200
+
fig2dev (1:3.2.7a-5) unstable; urgency=medium
* 38
).
+ * 34_fill-style-overflow: Sanitize input of fill patterns
+(Closes: #881396).
+
+ -- Roland Rosenfeld Thu, 30 Nov 2017 12:17:07 +0100
+
transfig (1:3.2.5.e-4) unstable; urgency=low
* 32_dev_Imake_typo: use gengbx.c instead of gengbx.o in SRCS, otherwise
diff -Nru transfig-3.2.5.e/debian/patches
input of fill patterns
+(Closes: #881396).
+
+ -- Roland Rosenfeld Thu, 30 Nov 2017 12:02:27 +0100
+
fig2dev (1:3.2.6a-2) unstable; urgency=medium
* build-dep on etoolbox required with current texlive (Closes: #852915).
diff -Nru fig2dev-3.2.6a/debian/patches/31_input_sanitizing.patch
gency=medium
+
+ * build-dep on etoolbox required with current texlive (Closes: #852915).
+
+ -- Roland Rosenfeld Sat, 28 Jan 2017 10:30:50 +0100
+
fig2dev (1:3.2.6a-1) unstable; urgency=medium
* New upstream version 3.2.6a.
diff -Nru fig2dev-3.2.6a/debian/control fig2dev-3.2.6a/debian/co
memory leaks in the
+pcrs code.
+ * 39_CVE-2015-1382: invalid read.
+ * These 3 patches Closes: #776490.
+
+ -- Roland Rosenfeld Wed, 28 Jan 2015 19:46:42 +0100
+
privoxy (3.0.21-5) unstable; urgency=low
* 34_CVE-2015-1030: Fix memory leak in rfc2553_connect_to(). CID 66382
diff -Nru
. CID 66394.
+ * 36_CVE-2015-1031-CID66376: pcrs_execute(): Consistently set *result to
+NULL in case of errors. Should make use-after-free in the caller less
+likely. CID 66391, CID 66376.
+ * These 3 patches Closes: #775167.
+
+ -- Roland Rosenfeld Mon, 12 Jan 2015 08:44:23 +0100
On Mon, 14 May 2012, Adam D. Barratt wrote:
> >rancid package is blocked:
> It's being blocked because the out-of-date s390x binaries make dak
> reject the britney import due to the multiple arch:all packages
> breaking the version constraints, which means we can no longer
> update testing. Accor
According to http://qa.debian.org/excuses.php?package=rancid my rancid
package is blocked:
"Not touching package due to block request by adsb (contact
debian-release if update is needed)"
I don't have an idea, why the package was blocked. I think it should
go into wheezy since it doesn't have a
anel so it doesn't
+cover indicator panel under certain circumstances (backported from
+unreleased 3.2.5a by Brian V. Smith) (Closes: #427960).
+ * 24_lp_printer_fixup: Fix printer selection option if lp is used
+(instead of lpr) (Closes: #443832).
+
+ -- Roland Rosenfeld <[EMAIL PR
/debian/changelog
@@ -1,3 +1,11 @@
+rancid (2.3.2~a8-3) unstable; urgency=low
+
+ * 06_tmp_security.dpatch: remove temporary directory recursively. This
+bug was introduced with the previous security fix
+(Closes: #497972, #500025).
+
+ -- Roland Rosenfeld <[EMAIL PROTECTED]> Wed, 24 Se
Hi release managers!
Please unblock post-faq/0.10-17, because its only change is the update
of debconf es.po:
post-faq (0.10-17) unstable; urgency=low
* Update debconf es.po, thanks to Venturi Debian <[EMAIL PROTECTED]>
(Closes: #408740).
-- Roland Rosenfeld <[EMAIL PROTECTED]&
pcre returns an error code that
pcrs didn't expect (Closes: #404284).
-- Roland Rosenfeld <[EMAIL PROTECTED]> Sat, 23 Dec 2006 21:47:12 +0100
I attached the patch to the BTS entry, if you're interested.
Tscho
Roland
--
To UNSUBSCRIBE, email to [EMAIL PROTECT
Hi release managers!
I'd like to upload privoxy 3.0.6 (upstream stable), because we
currently have 3.0.5 (upstream beta) in etch, while 3.0.6 should fix
several bugs reported upstream (but not to the Debian bts) and it
improves the rules files, so I'd like to see it in etch.
I don't expect any RC
34 matches
Mail list logo
