uot;);
die("Error 403: ForbiddenError 403You are not authorized to view this page ($ecran_securite_raison)");
}
@@ -598,5 +606,6 @@ if (
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
header("Content-Type: text/html"
Control: tags -1 -moreinfo
Hi Paul,
Thank you for your reply.
Le 02/04/2021 à 16:41, Paul Gevers a écrit :
On 26-03-2021 20:53, David Prévot wrote:
Please unblock package spip
This package does have a bit of a track record for security issues.
Indeed. Since 3.3 will soon be released, the
Control: tags -1 -moreinfo
Control: retitle -1 unblock: spip/3.2.11-2
Hi Ivo,
Le 13/04/2021 à 10:52, Ivo De Decker a écrit :
I'm leaning towards accepting it. I suggest you upload it to unstable, and
we'll leave it there for a while.
Uploaded three weeks ago.
If issues show up (either in u
phpunit-bridge description
+
+ -- David Prévot Thu, 13 May 2021 05:33:42 -0400
+
symfony (4.4.19+dfsg-1) unstable; urgency=medium
[ Fabien Potencier ]
diff --git a/debian/control b/debian/control
index c5df2fc3cc..d19d505d56 100644
--- a/debian/control
+++ b/debian/control
@@ -765,7 +765,7
Hi,
Le 10/11/2021 à 05:16, Sebastian Ramacher a écrit :
On 2021-09-05 19:26:39, Ondřej Surý wrote:
Hi Sebastian,
the PHP 8.1 RC1 was released, so I think it would be better to skip php8.0
[…]
I’ll update this issue when I am ready.
It seems that php-defaults (85) was uploaded to unstable,
Hi Ondřej,
Le 19/11/2021 à 16:41, Ondřej Surý a écrit :
I disagree, but I uploaded reverted package.
Thank you for your quick action. However, php-defaults 86 as just
uploaded reverted the default PHP version to 8.0, de facto starting a
transition you wanted to skip (and still making it impo
Hi Ondřej,
Le 19/11/2021 à 16:41, Ondřej Surý a écrit :
I disagree, but I uploaded reverted package.
Unfortunately, you also need to bump binary packages version. This
revert got rejected:
$ ssh coccia.debian.org cat
/srv/ftp-master.debian.org/queue/reject/php-defaults_87_all-buildd.change
Le 22/11/2021 à 08:45, Ondřej Surý a écrit :
> Or we could stop delaying the inevitable[1] and instead of bumping
> epoch just go ahead with the transition.
You don’t need to bump epoch (especially on source package and every
binary ones) just to temporarily bump version of one binary package.
[ Ondřej, your last mail didn’t make it to the transition bug report,
neither did the previous one. FWIW, I can only see a blank one from your
“Apple Mail” MUA. ]
[ Here is a copy of the sources of your email. I reply after this copy
to try not to add more confusion. ]
Le 22/11/2021 à 10:26,
Hi Ondřej,
Le 22/11/2021 à 09:15, David Prévot a écrit :
Le 22/11/2021 à 08:45, Ondřej Surý a écrit :
> Or we could stop delaying the inevitable[1] and instead of bumping
> epoch just go ahead with the transition.
You don’t need to bump epoch
Please find attached a short debdif
Hi,
Le 23/11/2021 à 15:57, Paul Gevers a écrit :
On 23-11-2021 11:52, Ondřej Surý wrote:
On 22. 11. 2021, at 22:28, David Prévot wrote:
I’ve just uploaded a version with your fix.
Thanks a lot.
+1.
David, can we now agree on a timeframe when we start the transition?
[…] it'
[CVE-2021-41270]
+
+ -- David Prévot Wed, 24 Nov 2021 06:07:00 -0400
+
symfony (4.4.19+dfsg-2) unstable; urgency=medium
* Prevent user enumeration via response content [CVE-2021-21424]
diff --git a/debian/patches/Use-single-quote-to-escape-formulas.patch b/debian/patches/Use-single-quote-to-e
Hi,
Le 23/11/2021 à 15:57, Paul Gevers a écrit :> On 23-11-2021 11:52,
Ondřej Surý wrote:
[…]
Experimental is the ideal place to find that out. I does require
somebody to go through the regressions and file bug though, this doesn't
happen magically. I think David offered help there.
I’ve ch
Hi Adam,
Le 04/12/2021 à 13:13, Adam D. Barratt a écrit :
On Fri, 2021-11-26 at 07:40 -0400, David Prévot wrote:
[…]
+symfony (4.4.19+dfsg-2+deb11u1) stable; urgency=medium
We generally prefer using codenames (so "bullseye")
Sorry, I used to know that…
Please go ahead.
Thanks
Le Sat, Dec 04, 2021 at 04:12:01PM -0400, David Prévot a écrit :
[…]
> Thanks, uploaded (with changelog updated).
Really uploaded now, seems like i failed to actually upload two weeks
ago, sorry about that.
Regards
David
signature.asc
Description: PGP signature
Hi,
Le 08/01/2022 à 17:38, Paul Gevers a écrit :
On 01-01-2022 14:20, Ondřej Surý wrote:
[…]
I also see some autopkgtest regressions which have this (eg. [1, 2]):
"""
PHPUnit requires the "dom" extension.
"""
where should that get fixed?
There are several php7.4-* packages pulled in those lo
Hi,
Le 09/01/2022 à 14:37, Paul Gevers a écrit :
[…]
On 08-01-2022 23:09, David Prévot wrote:
[…]
PHPUnit requires the "dom" extension.
"""
where should that get fixed?
There are several php7.4-* packages pulled in those logs, so it’s not
really a surprise that do
Le 10/01/2022 à 16:44, Paul Gevers a écrit :
On 10-01-2022 21:13, Ondřej Surý wrote:
I thought I filled RM bugs for all of them, but I found only #1003055
for php-apcu-bc, something must went wrong.
Neither of these support PHP 8.x, and those packages should be removed.
Seems like that need
Hi Paul,
Le 11/01/2022 à 15:52, Paul Gevers a écrit :
On 10-01-2022 23:43, David Prévot wrote:
Le 10/01/2022 à 16:44, Paul Gevers a écrit :
On 10-01-2022 21:13, Ondřej Surý wrote:
I thought I filled RM bugs for all of them, but I found only
#1003055 for php-apcu-bc, something must went wrong
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
Hi,
[ Reason ]
Two security issues (XSS) have been fixed in the latest upstream
version. As agreed with the security team, those are not worth a DSA.
[ Impact ]
Without these fix
@@ -1,7 +1,17 @@
+spip (3.2.4-1+deb10u6) buster; urgency=medium
+
+ * Document CVE fixed previously
+ * Backport security fixes (XSS) from 3.2.13
+
+ -- David Prévot Sat, 05 Feb 2022 09:21:02 -0400
+
spip (3.2.4-1+deb10u5) buster-security; urgency=high
* Backport security fixes from 3.2.12
Le 09/02/2022 à 03:04, David Prévot a écrit :
[x] attach debdiff against the package in (old)stable
For real now…diff --git a/debian/changelog b/debian/changelog
index 5e67ca4afb..1b1f5f6fa7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,18 @@
+spip (3.2.11-3+deb11u2
/Http] Remove CSRF tokens from storage on successful login
+ [CVE-2022-24895]
+
+ -- David Prévot Wed, 01 Feb 2023 19:38:41 +0100
+
symfony (4.4.19+dfsg-2+deb11u1) bullseye; urgency=medium
* Prevent CSV injection via formulas [CVE-2021-41270]
diff -Nru symfony-4.4.19+dfsg/debian/patches
Le 08/02/2023 à 13:53, David Prévot a écrit :
Package: release.debian.org
Severity: normal
Tags: bullseye
[…]
[ Tests ]
I didn’t test it thoroughly (I doubt to have much time for at least
another week), but it passes
… its (updated upstream) testsuite at buildtime, which is the same as
the
Hi Paul,
Le 26/02/2023 à 21:54, Paul Gevers a écrit :
On 08-02-2023 13:53, David Prévot wrote:
[ Tests ]
I didn’t test it thoroughly (I doubt to have much time for at least
another week), but it passes
There are issues with the installability of src:symfony packages as can
be seen from the
Hi,
Le 27/02/2023 à 08:18, David Prévot a écrit :
Le 26/02/2023 à 21:54, Paul Gevers a écrit :
On 08-02-2023 13:53, David Prévot wrote:
[ Tests ]
I didn’t test it thoroughly (I doubt to have much time for at least
another week), but it passes
There are issues with the installability of
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: pkg-php-p...@lists.alioth.debian.org
[ Reason ]
The security team asked me to address #1008236 [CVE-2022-24775] via a
point release, so here I am.
[ Tests ]
I did no
/changelog
@@ -1,3 +1,11 @@
+php-guzzlehttp-psr7 (1.4.2-0.1+deb10u1) buster; urgency=medium
+
+ * Track Buster
+ * Backport fixes for improper header parsing [CVE-2022-24775]
+(Closes: #1008236)
+
+ -- David Prévot Fri, 27 May 2022 13:33:28 +0200
+
php-guzzlehttp-psr7 (1.4.2-0.1) unstable
Hi,
Le 27/05/2022 à 14:19, David Prévot a écrit :
[…]
[x] attach debdiff against the package in (old)stable
lalaladiff --git a/debian/changelog b/debian/changelog
index f3eb5e4..8635876 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+php-guzzlehttp-psr7 (1.7.0-1
Hi,
Le 28/05/2022 à 20:49, Adam D. Barratt a écrit :
On Fri, 2022-05-27 at 14:19 +0200, David Prévot wrote:
The security team asked me to address #1008236 [CVE-2022-24775] via a
point release, so here I am.
Please go ahead.
Uploaded, thanks.
Regards
David
-2+deb11u1) bullseye; urgency=medium
+
+ * Fix code injection vulnerability [CVE-2022-24828] (Closes: #1009960)
+ * Update GitHub token pattern (Closes: #989315)
+ * Checkout ProcessExecutorMock.php needed for updated tests
+
+ -- David Prévot Sun, 29 May 2022 11:55:56 +0200
+
composer (2.0.9-2
pattern (Closes: #989315)
+ * Use Authorization header instead of deprecated access_token query param
+(Closes: #955485)
+
+ -- David Prévot Sat, 28 May 2022 18:18:24 +0200
+
composer (1.8.4-1+deb10u1) buster-security; urgency=high
* Use debian/buster branch
diff --git a/debian/patches/0006
Hi Ondřej, Mike and Horde team, PHP PEAR and Composer team, and Release
team.
Le 21/07/2022 à 13:22, David Prévot a écrit :
Le 14/07/2022 à 15:23, Paul Gevers a écrit :
Control: forwarded -1
https://release.debian.org/transitions/html/php8.2.html
[…]
php-defaults was updated in experimental
Hi Ondřej,
Le Tue, Dec 08, 2020 at 09:28:38AM +0100, Ondřej Surý a écrit :
> I would like to transition the PHP to version 8.0;
The timing of this request makes me uneasy: php8.0 has been in Debian
for less than a week, and we are a month away from the transition
freeze.
> it's not such a huge
Hi,
Le Fri, Dec 11, 2020 at 12:38:01PM -0400, David Prévot a écrit :
> Le Tue, Dec 08, 2020 at 09:28:38AM +0100, Ondřej Surý a écrit :
>
> > I would like to transition the PHP to version 8.0;
>
> The timing of this request makes me uneasy […]
>
> > it's not suc
Hi Mike,
Le 30/12/2020 à 04:03, Mike Gabriel a écrit :
So, bullseye will be shipped with PHP 8.0?
That’s the maintainer preference. The release team may not proceed
according to their doubts during the last meeting [1]. I believe the
related issues are worth investigating anyway: easy fixex
Package: debci
Severity: normal
X-Debbugs-Cc: Debian Release Team
Hi,
I recently added an autopkgtest to a package, and the autopkgtest failed
on all suites. I’m surprised to see that failure considered as a
regression (#983211), so I believe there is a mistake somewhere (maybe
that’s just me no
Le 21/02/2021 à 16:02, Paul Gevers a écrit :
Control: tags -1 moreinfo
Hi David,
On 21-02-2021 12:53, David Prévot wrote:
I recently added an autopkgtest to a package, and the autopkgtest failed
on all suites. I’m surprised to see that failure considered as a
regression (#983211)
[…]
We
H,
Le 20/02/2016 10:25, Julien Cristau a écrit :
> Control: tags -1 moreinfo
[…]
>> symfony (2.3.21+dfsg-4+deb8u3) jessie; urgency=medium
>>
>> [ Daniel Beyer ]
>> * Backport a security fix from 2.3.37
>> - SecureRandom's fallback not secure when OpenSSL fails [CVE-2016-1902]
[…]
> Why hav
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
Hi,
As agreed with the security team (see #813849), can you please remove
this security-flawed leaf package from Jessie?
Thanks in advance
Regards
David
signature.asc
Description: PGP signa
Le 18/03/2016 18:06, Josh Triplett a écrit :
> I would suggest that Firefox addon packages should depend on "firefox |
> firefox-esr"
Most of those packages are mozilla-devscripts for the build and just
need to be rebuilt to get fixed. Even if our infrastructure has all the
needed tools to binNMU
Hi,
On Tue, Mar 22, 2016 at 08:45:02PM -0700, Sean Whitton wrote:
> The version of mozilla-devscripts currently in Jessie generates
> references to the iceweasel and icedove packages. But iceweasel is to
> be replaced with firefox-esr, and icedove is probably going to be
> replaced with thunderb
Hi,
Le 24/03/2016 15:13, Adam D. Barratt a écrit :
> Thanks for the review and the examples. Please feel free to upload.
Uploaded and accepted, thanks.
Regards
David
signature.asc
Description: OpenPGP digital signature
Hi,
> Assuming that the resulting package has been tested on wheezy, please go
> ahead.
It just got accepted into oldstable-proposed-updates->oldstable-new,
thanks (and yes, I do use it in some boxes).
Regards
David
Hi,
Le 27/05/2016 à 15:46, Julien Cristau a écrit :
> On Thu, Mar 31, 2016 at 23:43:03 +0200, Daniel Beyer wrote:
>> Can you give a short update regarding the proposed
>> symfony/2.3.21+dfsg-4+deb8u3, fixing CVE-2016-1902?
FYI, it should be dealt with via DSA with other issues soon, we should
cl
Hi,
Le 15/06/2016 à 03:56, Ondřej Surý a écrit :
> - php-guzzle - seems fixed to me, but dak still wants to remove the
> package
Code is PHP5-specific, it’s superseded by php-guzzlehttp. None of them
should be released in Stretch, so it’s perfectly fine to see it go away.
Regards
David
signa
with recent Firefox in Jessie (Closes: #828622)
+
+ -- David Prévot Sat, 16 Jul 2016 08:54:01 -0400
+
greasemonkey (3.8-1) unstable; urgency=medium
* Team upload, to unstable since it’s a stable release
signature.asc
Description: OpenPGP digital signature
recent Firefox in Jessie (Closes: #826896)
+
+ -- David Prévot Mon, 15 Aug 2016 16:45:33 -1000
+
mozilla-noscript (2.9.0.11-1) unstable; urgency=medium
* Drop Iceape and Iceweasel from description
signature.asc
Description: OpenPGP digital signature
~deb8u1) jessie; urgency=medium
+
+ * Upload compatible version with recent Firefox in Jessie (Closes: #829267)
+
+ -- David Prévot Mon, 15 Aug 2016 16:53:49 -1000
+
adblock-plus (2.7.3+dfsg-1) unstable; urgency=medium
[ Wladimir Palant ]
signature.asc
Description: OpenPGP digital signature
/changelog
@@ -1,3 +1,9 @@
+tabmixplus (0.5.0.0-1~deb8u1) jessie; urgency=medium
+
+ * Upload compatible version with recent Firefox in Jessie (Closes: #826995)
+
+ -- David Prévot Mon, 15 Aug 2016 16:34:54 -1000
+
tabmixplus (0.5.0.0-1) unstable; urgency=medium
* Upload stable version to unstable
..cf52cbf 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+firegestures (1.10.9-1~deb8u1) jessie; urgency=medium
+
+ * Upload compatible version with recent Firefox in Jessie (Closes: #827277)
+
+ -- David Prévot Mon, 15 Aug 2016 18:49:34 -1000
+
firegestures (1.10.9-1) unstable
Hi,
Le 28/08/2016 à 04:09, Adam D. Barratt a écrit :
> Control; tags -1 + confirmed
[…]
> Oh, how I've missed Firefox plugin updates. :-|
Same here :/
> Please go ahead.
Thanks, all uploaded.
Regards
David
signature.asc
Description: OpenPGP digital signature
-9997] [CVE-2016-9998] (Closes: #848641)
- Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php
[CVE-2016-9152] (Closes: #847156)
* Backport security fix from 3.0.25
- Execution of arbitrary PHP code
-- David Prévot Wed, 26 Apr 2017 18:02:00 -1000
I’ve just deployed
Hi,
Le 17/09/2018 à 01:09, Adam Borowski a écrit :
> The updated package is 100% identical to the version in unstable, only the
> version number differs (+deb9u1).
Please, use ~deb9u1 instead: you don’t want to push a higher version
than in unstable.
Regards
David
signature.asc
Description:
+ * Upload previous fix to Stretch
+
+ -- David Prévot Wed, 28 Jun 2017 17:03:35 -1000
+
+phpunit (5.4.6-2) unstable; urgency=high
+
+ * Team upload
+ * Fix arbitrary PHP code execution via HTTP POST [CVE-2017-9841]
+(Closes: #866200)
+
+ -- David Prévot Wed, 28 Jun 2017 16:43:26 -1000
Hi Cyril,
Le 30/06/2017 à 14:36, Cyril Brulebois a écrit :
> Control: retitle -1 stretch-pu: package phpunit/5.4.6-2~deb9u1
> Control: tag -1 moreinfo
> David Prévot (2017-06-28):
>> Please, allow this patched version of phpunit, built and tested in a
>> Stretch environment
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: Michael Schutte
Hi,
The latest iceweasel coming from security.d.o is breaking
xul-ext-requestpolicy (#786565). Upstream recently made a targeted
release to fix it, pr
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu
Hi,
The latest iceweasel major update in stable broke tabmixplus (#795361).
The more recent version of tabmixplus (0.4.1.8) is known to work with
it, and has been in Sid and Stretch
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
Please, remove php-zend-xml from Jessie (it’s not in Wheezy). It’s
affected by CVE-2015-5161. Even if of low impact in Jessie (since PHP is
already fixed), there is little point in keeping this u
..de87854 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+mozilla-noscript (2.6.8.19-1~deb7u2) wheezy; urgency=medium
+
+ [ David Prévot ]
+ * Track Wheezy
+
+ [ Kalle Olavi Niemitalo ]
+ * Temporarily allow scripts with recent iceweasel
+(Closes: #797043)
+
+ -- David
Le 27/08/2015 16:13, Adam D. Barratt a écrit :
> On Thu, 2015-08-27 at 12:57 -0400, David Prévot wrote:
>> Please, accept a one-liner fix (with a bunch of metadata)
> Please go ahead.
Uploaded (with the improved changelog and metadata suggested by Kalle),
thanks.
Re
Hi,
On Sat, Aug 29, 2015 at 03:24:57PM +0100, Adam D. Barratt wrote:
> On Sun, 2015-08-16 at 13:45 +0200, David Prévot wrote:
> > The latest iceweasel major update in stable broke xul-ext-pdf.js.
> Please go ahead.
Uploaded, thanks.
Regards
David
signature.asc
Description: Digital signature
Hi,
Le 29/08/2015 10:09, Julien Cristau a écrit :
> On Wed, Aug 12, 2015 at 14:55:39 +0200, David Prévot wrote:
>> The latest iceweasel coming from security.d.o is breaking
>> xul-ext-requestpolicy (#786565).
> Feel free to upload to jessie.
Uploaded, thanks.
Regards
Davi
Hi,
Le 29/08/2015 10:20, Adam D. Barratt a écrit :
> On Fri, 2015-08-14 at 18:02 +0200, David Prévot wrote:
>> The latest iceweasel major update in stable broke tabmixplus (#795361).
> +tabmixplus (0.4.1.8-1~deb8u1) Jessie; urgency=medium
>
> I'm not sure that the capita
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
Hi,
As per #783552, “xul-ext-fullscreen 1.0.4 is unusable with
Iceweasel 32.x”. It has already been removed from testing, and there is
no point shipping it any more in stable now that Icewease
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu
Hi,
As already discussed with the security team, please accept the fix for
CVE-2015-4715 in php-dropbox. Source debdiff attached.
As noted in the ownCloud tracker, the issue is onl
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu
Hi,
As already discussed with the security team, please accept the fixes for
CVE-2015-{471{6..8},6670} in owncloud. Source debdiff attached.
As noted in the ownCloud tracker, CVE-2
Le 13/09/2015 17:56, Adam D. Barratt a écrit :
> On Sun, 2015-09-13 at 16:37 -0400, David Prévot wrote:
>> As already discussed with the security team, please accept the fix for
>> CVE-2015-4715 in php-dropbox. Source debdiff attached.
> Please go ahead.
Package accepted, thank
Le 13/09/2015 17:55, Adam D. Barratt a écrit :
> On Sun, 2015-09-13 at 16:56 -0400, David Prévot wrote:
>> As already discussed with the security team, please accept the fixes for
>> CVE-2015-{471{6..8},6670} in owncloud.
> Please go ahead.
Package accepted, thank
Le 13/09/2015 17:59, Adam D. Barratt a écrit :
> On Sun, 2015-09-13 at 16:26 -0400, David Prévot wrote:
>> As already discussed with the security team [1], please accept the fixes
>> for CVE-2015-5723 in doctrine and
>> php-doctrine-{annotations,cache,common}.
> Pl
) wheezy; urgency=medium
* Upload compatible version with recent Iceweasel in Wheezy
-- David Prévot Fri, 09 Oct 2015 13:32:44 -0400
Thanks in advance for considering it.
Regards
David
signature.asc
Description: OpenPGP digital signature
+++ spip-3.0.17/debian/changelog 2015-11-01 15:34:31.0 -0400
@@ -1,3 +1,10 @@
+spip (3.0.17-2+deb8u1) jessie; urgency=medium
+
+ * Track Jessie
+ * Backport XSS fixes in private content from 3.0.21
+
+ -- David Prévot Sun, 01 Nov 2015 15:34:00 -0400
+
spip (3.0.17-2) unstable; urgency
/advisory/ZF2015-09
+
+ -- David Prévot Tue, 24 Nov 2015 18:21:26 -0400
+
zendframework (1.12.9+dfsg-2+deb8u4) jessie-security; urgency=high
* Backport security fixes from 1.12.16:
diff --git a/debian/patches/0008-ZF2015-09-Fixed-entropy-issue-in-word-CAPTCHA.patch b/debian/patches/0008-ZF2015
+deb7u5) wheezy; urgency=medium
+
+ * Backport security fix from 1.12.17
+- ZF2015-09: Fixed entropy issue in word CAPTCHA
+ http://framework.zend.com/security/advisory/ZF2015-09
+
+ -- David Prévot Tue, 24 Nov 2015 18:28:53 -0400
+
zendframework (1.11.13-1.1+deb7u4) wheezy-security; urgency
Le 26/11/2015 17:22, Adam D. Barratt a écrit :
> On Tue, 2015-11-24 at 19:12 -0400, David Prévot wrote:
>> As agreed with the security team, this update aims to fix a security
>> issue in zendframework
> Please go ahead.
Uploaded and accepted, thanks.
Regards
David
signatu
Le 26/11/2015 17:21, Adam D. Barratt a écrit :
> On Thu, 2015-11-05 at 14:10 -0400, David Prévot wrote:
>> As agreed with the security team, the two XSS fixes from the latest
>> upstream version do not deserve a DSA, yet I’d like to fix them via pu
> Please go ahead; s
Le 26/11/2015 17:23, Adam D. Barratt a écrit :
> On Tue, 2015-11-24 at 19:16 -0400, David Prévot wrote:
>> As per #806165 (Jessie pu request), this update aims to fix a security
>> issue in zendframework:
> Please go ahead.
Uploaded and accepted, thanks.
Regards
Davi
Hi,
Le 01/01/2016 14:30, Adam D. Barratt a écrit :
> On Fri, 2015-10-09 at 13:53 -0400, David Prévot wrote:
>> We’ve just noticed that xul-ext-firebug is totally broken in Wheezy
> Please go ahead.
Uploaded and accepted, thanks.
Regards
David
signature.asc
Description: Ope
re through error message
+ [oc-sa-2016-004] [CVE-2016-1501]
+
+ -- David Prévot Tue, 05 Jan 2016 22:24:31 -0400
+
owncloud (7.0.4+dfsg-4~deb8u3) jessie-security; urgency=high
* Backport security fixes from 7.0.5, 7.0.7, 8.0.6, and 7.0.9:
diff --git a/debian/patches/0027-Use-XMLWriter-t
Hi,
> Control: tags -1 + confirmed
[
]
> Please go ahead.
Accepted in -new, thanks.
Regards
David
), sorry about that. Thanks in advance
for considering it.
symfony (2.3.21+dfsg-4+deb8u3) jessie; urgency=medium
[ Daniel Beyer ]
* Backport a security fix from 2.3.37
- SecureRandom's fallback not secure when OpenSSL fails [CVE-2016-1902]
[ David Prévot ]
* Add copyright entry for em
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package update-manager
Hi,
update-manager 0.200.5 is a translation update that has been lead and
uploaded to Sid before the Deep Freeze announce, but the unblock request
ha
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Le 16/01/2011 11:06, Julien Cristau a écrit :
> On Mon, Jan 10, 2011 at 20:54:17 -0400, David Prévot wrote:
>
>> Package: release.debian.org
>> Severity: normal
>> User: release.debian@packages.debian.org
>>
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu
Hi,
The last installation-guide upload that was targeted for Squeeze didn't
make it because the unblock request was unfortunately forgotten. Today's
stable updates announcement made me think tha
stable; urgency=low
+
+ * Fix typo in Polish translation of deborphan(1) (Robert Luberda) Closes:
+#610804
+ * Fix typo in French --show-size short option help.
+ * Change maintainer address.
+
+ [ New documentation translation ]
+ * Portuguese (Américo Monteiro). Closes: #607315
+
+ [ New
2.20.1-5.3) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Ship the /var/lib/libuuid/ directory in the package instead of creating it
+in postinst. Closes: #694898
+
+ -- David Prévot Sun, 09 Dec 2012 12:46:41 -0400
+
util-linux (2.20.1-5.2) unstable; urgency=low
* Non-maint
Le 25/01/2013 21:19, Daniel Pocock a écrit :
> On 26/01/13 02:10, Jonathan Wiltshire wrote:
[ Diff adding a mailing list as Maintainer and dropping the Uploaders ]
>> No chance.
>> http://www.debian.org/doc/debian-policy/ch-controlfields.html#s-f-Maintainer
>
> Can you please clarify?
5.6.3 Up
Hi,
Le 28/01/2013 18:42, Simon Paillard a écrit :
> "Filtered diff", ignoring:
[…]
I was preparing the same request in the mean time, and filtered even
more material: the English part of the documentation is identical to the
one you already reviewed and accepted in the manpages/3.44-1 unblock
re
Hi,
Le 06/02/2013 13:56, Michael Stapelberg a écrit :
> I would like to upload lcdf-typetools/2.92+dfsg1-1.1 to
> testing-proposed-updates to fix #694352 in wheezy. At the moment,
> 2.92-1+b1 is in testing and 2.92-2 is in unstable.
Is there any reason not to push this version directly in unstab
/debian/changelog
--- debian-edu-doc-1.4~20120925~6.0.6+r0/debian/changelog 2012-09-25 17:17:01.0 -0400
+++ debian-edu-doc-1.5~20130215~7.0/debian/changelog 2013-02-15 22:44:35.0 -0400
@@ -1,3 +1,30 @@
+debian-edu-doc (1.5~20130215~7.0) unstable; urgency=low
+
+ [ David Prévot ]
+
cb.3
+ + X509_STORE_set_verify_cb_func.3
+ + X509_verify_cert.3
+Thanks to Étienne Gilli, Stéphane Blondon, Jean Paul Guilloneau, Baptiste
+and Jean-Baka Domelevo Entfellner for their proofread.
+ * sysvinit: Sync with version 2.88dsf-41
+ * tar: Sync with version 1.26+dfsg-0.1
+ * util-lin
Control: retitle -1 unblock: debian-edu-doc/1.5~20130228~7.0
Le 16/02/2013 20:31, David Prévot a écrit :
> Dear release team
>
> Please unblock package debian-edu-doc, the version currently in Wheezy
> contains only the Squeeze-related doc, and we believe it's important to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
Le 01/03/2013 12:54, Moritz Mühlenhoff a écrit :
> I'm skeptical that owncloud should be shipped in Wheezy. It has
> frequent security issues and the initial maintainers appear to
> be inactive, all updates after October have been NMUs...
Incl
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi Thomas,
Le 01/03/2013 16:06, Thomas Müller a écrit :
> Am Freitag, dem 01.03.2013 um 20:12 schrieb David Prévot:
> Le 01/03/2013 12:54, Moritz Mühlenhoff a écrit :
>>>> I'm skeptical that owncloud should be sh
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Le 16/03/2013 18:01, Michael Gilbert a écrit :
> There are good 3 reasons to do this: #703094, #703084, and #692627.
#703084 is a BTS abuse, almost as impolite as this removal request you
didn’t even X-Debbugs-CC the maintainers of. Any chance you
0200
@@ -1,3 +1,12 @@
+debian-edu-doc (1.4~20120925~6.0.6+r0) unstable; urgency=low
+
+ * debian/debian-edu-doc-{es,fr,it}.preinst: Remove previous images symlinks
+on Squeeze → Wheezy upgrade (other languages are not affected).
+Closes: #688707
+ * Update manuals and images from the wiki.
+
+ --
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package nova, it's just a debconf translation update
(that will make Spanish a step closer to be complete on Wheezy).
unblock nova/2012.1.1-10
Thanks in advance, regards.
D
1,27 @@
+mathematica-fonts (15) unstable; urgency=low
+
+ * This version was completely owing to the contribution of David Prévot
+. Thanks to David.
+ * Review templates and package description by the debian-l10n-english team.
+(Closes: #686260)
+
+ [ Debconf translations ]
+ * Czech, Ma
120508/debian/changelog 2012-09-26 15:46:19.0 -0400
@@ -1,3 +1,11 @@
+minbif (1:1.0.5+git20120508-2.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * debian/minbif.postinst: Fix directory to symlink upgrade in postinst.
+ (Closes: #687660)
+
+ -- David Prévot Wed, 26 Sep 2012 15:46:1
/changelog 2012-09-26 17:19:34.0 -0400
@@ -1,3 +1,11 @@
+freedink (1.08.20120427-2.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * debian/freedink{,-engine-dbg}.postinst: Fix directory to symlink upgrade
+in postinst (Closes: #687860, #687851)
+
+ -- David Prévot Wed
1 - 100 of 380 matches
Mail list logo
