Hi Release Team,
There's a problem with SQLite3 3.7.0 in Squeeze.
The version in testing (3.6.23.1-4) was suitable to release. Next major
upstream version (3.7.0) was released, which was uploaded to unstable.
Then freeze happened. The latest release came with problems, like slow
song change with B
On Wed, 2010-08-18 at 16:53 +0200, Mehdi Dogguy wrote:
> On 08/18/2010 04:34 PM, Julien Cristau wrote:
> > Sounds like we should go back to 3.6.x in testing and sid.
>
> If we go that way, we will have to rebuild some packages [1] (red ones).
I think we should run forward and ship the upcoming v3
Hi Salvatore,
On Wed, 2010-08-25 at 23:30 +0200, Salvatore Bonaccorso wrote:
> Are there plans to the 3.7.2 to be in squeeze?
Definitely. Version 3.7.2 fixes a database corruption, v3.7.1 fixes a
regression issue and v3.7.0.1 fixes another database corruption.
Thus hereby I ask the release team t
Hi Julien,
On Mon, 2010-08-30 at 11:00 +0200, Julien Cristau wrote:
> On Thu, Aug 26, 2010 at 00:21:14 +0200, Laszlo Boszormenyi wrote:
> > Please note that upstream recently fixed a segfault bug[2] and when the
> > former bug[1] will be fixed, I'll ask for its freeze exceptio
Hi Release Team!
There's a bug, #608791 [1] in syslog-ng, which I'd like to fix for
Squeeze. If you ask for automated directory creation then its uid and
gid settings are not working, but set to root:root. The problem is, the
corresponding capabilities are not set for the process before fchown()
c
On Sun, 2011-01-30 at 19:53 +0100, Julien Cristau wrote:
> On Sat, Jan 29, 2011 at 18:28:53 +0100, Laszlo Boszormenyi wrote:
> > There's a bug, #608791 [1] in syslog-ng, which I'd like to fix for
> > Squeeze. If you ask for automated directory creation then its uid and
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi,
Please unblock syslog-ng 3.1.3-3 which fixes a grave bug with created
directory and unix stream uid/gid are not set correctly. The patches are
created by Zbigniew Krzystolik for PLD Lin
Hi Release Team,
For a long time, sqlite is not maintained by upstream. It is not even
buildable anymore[1]. I don't want to carry it anymore.
The following packages depends on it:
kolab-webclient
sympa
serendipity
roundcube-sqlite
qsf
phpbb3
pdns-backend-sqlite
movabletype-opensou
On Tue, 2011-03-15 at 21:17 +0100, Julien Cristau wrote:
> On Tue, Mar 15, 2011 at 20:28:57 +0100, Laszlo Boszormenyi wrote:
> > I need to investigate each package, but first I need the approval
> > of the Release Team.
> I'm not following. Why would we need to be involved
Hi Adam,
On Mon, 2011-06-13 at 20:48 +0100, Adam D. Barratt wrote:
> On Sun, 2011-06-12 at 20:09 +0200, Andreas Barth wrote:
> > some programms make rdesktop to fail to keep up the directory
> > forwarding to an win 2k8-server. Please see
> > http://sourceforge.net/tracker/?func=detail&aid=2812158
Hi Release Team,
Please hint sqlite3 3.5.9-6 into Lenny. The only change is below, fixes
#502370 [1], which was filed as serious. The fix is uploaded on January
21st. Fixes the upgrade problem which may happen if a newer sqlite3
binary would use an old and incompatible version of its library.
---
Hi Release Team,
I have uploaded gradm2 2.1.9-3, which turns debconf messages to
README.Debian and NEWS.Debian . Well, just realised that NEWS.Debian is
not installed; but would it be acceptable for Etch? I would like to
upload -4 ofcourse which fixes the NEWS.Debian problem - maybe I should
ask
On Wed, 2007-03-21 at 00:46 -0700, Steve Langasek wrote:
> $ grep-excuses openoffice.org
> openoffice.org (2.0.4.dfsg.2-5 to 2.0.4.dfsg.2-6)
> Maintainer: Debian OpenOffice Team
> Too young, only 0 of 2 days old
> Not touching package, as requested by freeze (contact debian-release if
Hi Release-Team!
Both transition is big because a lot of packages use them, so they may
not be carried out for Lenny.
About SQLite2, it is rarely supported, but its transition would require
porting packages depending on it to SQLite3. I don't know yet if it's
easy or not, upstreams plan to do it
Hi Steve,
On Tue, 2007-04-24 at 15:14 -0700, Steve Langasek wrote:
> AFAIK, changing the maintainer field as part of an upload to stable or
> oldstable should be acceptable -- [...]
Moritz seconded this, thanks.
> but libx11-6 1.0.3-7 isn't part of sarge,
> so probably no upload to oldstable is
Hi Raphael,
On Thu, 2007-04-26 at 15:21 +0200, Raphael Hertzog wrote:
> http://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=rdesktop;dist=stable
> with #418098 and following, rdesktop doesn't work on etch.
Yes, I know this, may not work for Sarge even when the same security
fix is released for it.
Hi Release Team!
Unfortunately a fix didn't make it to Etch, I even missed it when
looking over my packages. It's bug #413194 [1], which is an upstream
typo, makes Kerberos authentication fail. It hurts several users, and as
the fix is an one liner, I hope it can be accepted to Etch r1. The diff:
Hi,
Please schedule a binNMU for cryptmount on PowerPC. It failed due to a
binutils bug, #421455 .
Thanks,
Laszlo/GCS
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Hi Martin,
On Sat, 2007-06-09 at 17:50 +0200, Martin Zobel-Helas wrote:
> On Mon Jun 04, 2007 at 18:29:42 +0100, R.Penney wrote:
> > All of these changes represent very minor corrections to the
> > source-code, but will remove some significant weaknesses in the current
> > release.
> Could y
Hi Martin,
On Thu, 2007-06-21 at 15:14 +0200, Martin Zobel-Helas wrote:
> i will most probably not accept any further packages[1] for Debian Etch r1
> after todays^Wtonights dinstall run, unless someone really convinces me
> there is something very important missing. Exception are granted for
> p
Hi,
As cdw 0.3.1-2 is in the archive since 27 days, but can't enter into
testing due to removed binaries, please hint it for transition.
Removed binaries are gcdw as the GTK+ frontend removed and thus I didn't
want to keep cdw-common either.
Thanks,
Laszlo/GCS
--
To UNSUBSCRIBE, email to [EMA
Hi all who involved,
As Neon 0.27.2 was accepted to the archives, I would like to urge
everyone to use this version instead of the now unsupported 0.25.x and
0.26.y versions.
The biggest targets are OpenOffice.org, which has a RFH (#419523 [1])
filed as Rene is its only real maintainer and Subvers
Hi all,
With the upload of sqlite3 3.5.4 to experimental, I would like to ask
everyone who build
depend on SQLite3, please test it as its inner is changed a lot. Should
be fine for the outer
side, but please read the details[1]. I could compile several packages
against it, but not
being user of th
Hi Steve,
On Tue, 2007-12-25 at 20:16 -0800, Steve Langasek wrote:
> On Tue, Dec 25, 2007 at 05:50:08PM +0100, Laszlo Boszormenyi wrote:
> Then you should be addressing debian-devel, not debian-release.
Thought that devel has big volume and some may miss it or don't even on
deve
Hi,
Please hint vice 1.22-2 into testing, it's blocked by s390 and sparc. As
none of them in the
archs field for now, it is ready for migration.
Thanks,
Laszlo/GCS
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Hi Steve,
On Sat, 2008-01-12 at 13:30 -0800, Steve Langasek wrote:
> On Sat, Jan 12, 2008 at 09:26:59PM +0100, Laszlo Boszormenyi wrote:
> That's not how hinting works.
Thought so, but couldn't get porters to remove the false dependency.
> But that seems unlikely to happen, s
Hi all involved,
On Sun, 2008-01-13 at 12:54 +0100, Philipp Kern wrote:
> Please contact d-release next time to get the issue resolved.
Will do.
> Not arch:all (architecture independent) but arch:any (as it's
> architecture dependent), but yes. The s390 porter noted to remove the
> not-for-us.
Hi Release Team,
I intend to hijack GnuPG[1], but as it builds an udeb and has priority
important, I ask if the Release Team allow it.
James seems to be MIA more than six months ago:
activity-pgp:[Mon, 22 Oct 2007 23:02:33] "9BF0 93BC 475B ABF8 B6AE A5F6 D7C3
F131 AB2A 91F5" "<[EMAIL PROTECTED]>
Hi,
Upstream source changed from time to time and I still missed to
re-enable load extension support. It is not part of the core/public API,
still some package may use it. Currently two bugs filed against it, the
severity of the former[1] is serious, the latter[2] shows the diff to
enable it again
Hi Release Team,
Please do unblock neon27 0.28.2-4 , it fixes a security issue,
CVE-2008-3746 . It contains other backported fixes from upstream 0.28.3:
- fix ne_set_progress(, NULL, ) to match pre-0.27 behaviour (and not
crash);
- distinguish the error message for an SSL handshake which fails a
Dear Release-Team,
Hereby I'm asking for unblock request for rdesktop 1.6.0-2 and
linux-patch-grsecurity2 2.1.12+2.6.26.2+200808091136-1 .
The rdesktop package is now compiled with IPv6 support which would be
very good to have for reaching Vista boxes and other IPv6 hosts. Its in
Sid for two week
Hi,
Please unblock sqlite3 3.5.9-5 . This fixes two RC bugs, #488864 [1]
and #500792 [2]. The former is NaN handling on i386, causing divisions
returning incorrect results. The latter is a bug in distinct usage on
indexes.
Regards,
Laszlo/GCS
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=4
Hi Release Team,
I have four questions:
- gradm2, contains a wrapper shell script update, to use absolute
paths instead of relative ones (#307293); can it be pushed into
Sarge now or when it is ten days old?
- neon, I was asked to remove Siggy from Uploaders (#298370) by
Jeroen van Wolffela
Hi,
The tla package maintainer is a bit hanging with maintaining it. Can
someone follow on it and contact [EMAIL PROTECTED] ? I mean the
following bugs: #247673 and #308104 (policy issue), #289402 (missing
dependency), #289692 (FTBFS on amd64 with gcc-4.0), #292087 (FTBFS
because missing build de
Hi,
The mrtg and related packages seems to be orphaned. Shiju p. Nair is
last done an upload at 2004 April the 6th. Since then, there are only
NMUs, like it was NMUed constantly since 2002. The package is a bit
bad shape, would be good if someone look into them; there are even
seven years old bugs
Hi,
I need an update for kernel-patch-grsecurity2 (in Sarge currently).
The update would be for the new (security related) kernel versions, as
upstream updated the grsecurity2 patch for that, no other changes done.
Would it be accepted for Sarge?
Also I am not sure how the update should be done i
Hi Vorlon,
On Sat, 2005-05-14 at 15:59 -0700, Steve Langasek wrote:
> > The update would be for the new (security related) kernel versions, as
> > upstream updated the grsecurity2 patch for that, no other changes done.
> > Would it be accepted for Sarge?
>
> What new kernel versions are you refer
Dear RMs,
There are some package that need attention:
1) Please remove metalog from Sarge; I am the
maintaner of it, and do not feel that it is
mature enough for the release.
2) Please let neon enter Sarge as it contains only
changes to control, copyright and changelog expect
an one li
Dear RMs,
Please hint metalog for removal, as me, its maintainer in Debian
thinks it's in a bad state:
1) has bad configuration for real use (#284557);
2) logdirs created with wrong user/group/permissions (#303033).
Thus it is not good for users, anyone would like to use it has to
correct the lo
Hi release team,
There's an ongoing neon 0.24.x to 0.25.x transition in Sid. Most of the
packages are updated. There are some drawbacks at the moment:
1) Subversion is hold in the NEW queue since two weeks due to a binary
package rename.
2) Thus even if the rapidsvn transition in done, its upload
On Wed, 2006-03-08 at 22:13 +0100, Rene Engelhard wrote:
> And you completely didn't inform your fellow maintainers about the plan, [...]
Not all of you, I really missed OOo. My fault, I have no excuse.
Others were informed, also checked local that they are buildable with
neon 0.25.x .
Regards,
L
On Thu, 2006-03-09 at 08:56 +1100, Aníbal Monsalve Salazar wrote:
> What about all the other packages involved in this transition?
[...]
> libsvn0
> subversion
Done, but waiting in NEW.
> rapidsvn
Informed, done, but upload is waiting on Subversion.
> openoffice.org-core
Missed, but Re
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock neon27 , which fixes #480041 [1] , an SSL cert failure
with the patch that got accepted upstream. It's simple, it repeats
GnuTLS handshake while it needs to be retried:
--- a/
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi,
Please unblock syslog-ng 3.1.2-2 , which fixes an initscript bug[1] on
reload. The diff is small:
--- debian/syslog-ng.init 2010-08-04 21:12:39.0 +0200
+++ debian/syslog-n
Hi Release Team,
syslog-ng upstream,
There are some critical bugfixes released as syslog-ng v3.1.3 from
upstream. None of them are reported to our BTS, but the changelog
follows:
test_csvparser: added testcase to cover empty values
LogWriter: set msg_context to NULL in case of the failure path
fix
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi,
Please unblock syslog-ng 3.1.3-1 to Squeeze. It's an important bugfix
only release from upstream. Fixes #603617 which make it able to parse
the configuration file version correctly. Inc
Hi Adam,
On Mon, 2010-12-13 at 21:30 +, Adam D. Barratt wrote:
> I noticed that you've recently uploaded new upstream versions of sqlite3
> and neon27 to unstable. Were either of these uploads targetted at
> Squeeze?
Yes, both. The easiest is neon27, which is a clean upload of the
previous o
Hi Adam,
On Thu, 2010-12-16 at 19:21 +, Adam D. Barratt wrote:
> On Mon, 2010-12-13 at 22:48 +0100, Laszlo Boszormenyi wrote:
[ about neon27 packages ]
> It doesn't *just* contain the fixes which were previously backported
> though, there are code changes included which were
Hi Adam,
On Fri, 2010-12-17 at 20:10 +, Adam D. Barratt wrote:
> The package descriptions of libneon27{,-gnutls} say "WARNING: THE NEON
> API IS NOT YET STABLE" so removing the versioning entirely might not be
> a good idea; on the basis that there don't appear to have been any
> obvious API c
On Fri, 2010-12-17 at 22:58 +, Adam D. Barratt wrote:
> Or I might just have confused myself instead *sigh* If you were
> suggesting uploading 0.29.5-2 with the shlibs change to use 0.29.3 and
> then leaving it in unstable and 0.29.3 in squeeze then yes, that would
> be fine.
Please give a qu
Hi,
This bug is open for almost two months. As Mozilla version 1.7.13 fixes
several security bugs, please package it. If you don't have time, can I
NMU it?
Thanks,
Laszlo/GCS
signature.asc
Description: This is a digitally signed message part
Hi,
On Sat, 2006-08-19 at 15:53 +0200, Ondrej Sury wrote:
> I was trying to prepare security update of php5 and php4 [...]
> apache-dev depends on libbdb4.4-dev
> apache2-prefork-dev depends on libbdb4.3-dev
> libbdb4.4-dev conflicts with libbdb4.3-dev
>
> This means that we are not able to uplo
Hi Release Team,
I ask for a standpoint for #400140 [1] which asks for put back
library .la files into libneon26{,-gnutls-}-dev . They were removed due
to #386652 [2], where the Subversion packaging team asked for their
removal. But #400140 [1] says the upstream Subversion source can not be
compi
Hi Release Team,
I ask for permission to upload the current CVS snapshot of rdesktop to
Sid. Upstream says it is fairly stable, customers already using it
without problems. Also it corrects the sound problems described in
#396339 [1]. There's no other changes expect smartcard support merged
in, b
On Sat, 2007-01-06 at 01:42 +0100, Marc 'HE' Brockschmidt wrote:
> "Steinar H. Gunderson" <[EMAIL PROTECTED]> writes:
> > +neon26 (0.26.2-3.1) unstable; urgency=high
>
> Unblocked.
Well, wanted to discuss this fix with upstream. Don't know if its ok to
reblock it, say until tuesday which is the d
On Sun, 2007-01-07 at 11:32 +0100, Marc 'HE' Brockschmidt wrote:
> Laszlo Boszormenyi <[EMAIL PROTECTED]> writes:
> > Well, wanted to discuss this fix with upstream. Don't know if its ok to
> > reblock it, say until tuesday which is the deadline of response fro
Hi,
I would like to upload sqlite3 3.3.10 to unstable, which is available as
dget http://www.lsc.hu/gcs/deb/sqlite3_3.3.10-1.dsc
Yes, the diff is a bit big as it contains a new API[1]; but fixes a
database corruption issue and contains other important bugfixes. Version
3.3.10 contains even more bu
Hi,
The diff between 0.26.2-3 and 0.26.2-4 [1] is that a security fix is
applied (accepted the NMU) and the fix of #400140 , which adds .la files
again, but corrected with the power of sed. The latter would make neon26
dependant upstream sources compilable again; fix was proposed by
upstream.
Chec
On Mon, 2007-01-22 at 00:01 +0100, Marc 'HE' Brockschmidt wrote:
> Steve Langasek <[EMAIL PROTECTED]> writes:
> > On Sun, Jan 21, 2007 at 11:21:40PM +0100, Marc 'HE' Brockschmidt wrote:
> >> Well, .la needs to die, but I have to admit that breaking the .la
> >> interface this late in the release cy
Hi Release Team,
Please let kernel-patch-grsecurity2 to testing. It's a new upstream
release (add support of 2.6.19.2 and 2.4.32), but fixes CVE-2007-0257.
I think adding such a kernel patchset won't instabilize Etch in any way.
Thanks,
Laszlo/GCS
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
Hi Release Team,
Please let sqlite into Etch, it contains only debconf changes; already
survived ten days in Sid.
Thanks,
Laszlo/GCS
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Hi Release Team!
I got a bugreport against SQLite3 Tcl bindings that it can't be loaded,
see #650961 [1]. Indeed, the line which loads it is missing from its
pkgIndex.tcl file. I've checked and it's missing on all archs, including
kfreebsd-* ones. I've no idea how this happened, but a simple rebui
On Wed, 2011-12-07 at 09:29 +0100, Julien Cristau wrote:
> On Wed, Dec 7, 2011 at 07:19:54 +0100, Laszlo Boszormenyi wrote:
> > I got a bugreport against SQLite3 Tcl bindings that it can't be loaded,
> > see #650961 [1]. Indeed, the line which loads it is missing from its
&
Hi Julien,
On Sun, 2012-04-29 at 19:05 +0200, Julien Cristau wrote:
> On Wed, Apr 11, 2012 at 08:07:54 +0200, Tobias Frost wrote:
> > seems that bogofilter can be fixed soon, it seems that Steven found an
> > workaround in the sqlite3 library. (See #665363)
> What's up with that?
The "bug" lies i
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
I'd like to update libcrypto++ from 5.6.4 to 5.6.5; which is a
semi-transition. Packages I've tried works with both version,
however without binNMUs those will print this:
Symbol `_ZTVN8C
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu
Hi,
I ask for binNMU of syslog-ng to build with PIE with the new
toolchain. Currently it prevents fixing of syslog-ng-incubator[1] as
it can't link with one of its libraries.
Thanks,
Laszlo
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
Dear Release Team,
Mini transition of ntfs-3g which changed the library name from
libntfs-3g871 to libntfs-3g872 . These are co-installable and the
new version is in experimental, built
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
Dear Release Team,
Small transition of gflags which changed the library name from
libgflags2v5 to libgflags2.2 . These are co-installable and the
new version is in experimental, built on
ackage for proper Python2 compatibility
+(closes: #852245).
+
+ -- Laszlo Boszormenyi (GCS) Tue, 31 Jan 2017 16:56:26 +
+
+pyro4 (4.53-2) unstable; urgency=medium
+
+ * Rework Python version detection.
+ * Remove requires.txt from the installed files.
+
+ [ Marcin Kulisz ]
+ * F
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
A small transition of libpgm, its soname changed from 5.1 to 5.2 which
is already in experimental.
Affected packages are:
libxs
zeromq
zeromq3
Library packages are co-installable and ca
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
I don't know if the Release Team follows JavaScript library
transitions or not. But I think it's better to be aware of
angular.js (libjs-angularjs) 1.3 (in Sid) to 1.5 (in experimental)
t
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
ICU has a new major upstream release, supporting several new things
that I would like to see in Stretch:
- CLDR[1] 28 [2] and 29 [3] support,
- Unicode 8.0.0 [4] support.
As it affects t
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
I'd like to do the libcrypto++ 5.6.1 to 5.6.3 transition. The latter is
already in experimental. Affected package maintainers are noted,
waiting for feedback. For the time being, I've reb
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
ntfs-3g previously used a virtual library[1] that caused problems with
packages depending on it. I've created a normal, binNMU safe library
package which currently sits in experimental.
T
2) jessie; urgency=medium
+
+ * Fix CVE-2016-6153 , Tempdir Selection Vulnerability.
+ * Backport fix for segfault following heavy SAVEPOINT usage
+(closes: #835205).
+
+ -- Laszlo Boszormenyi (GCS) Thu, 25 Aug 2016 16:10:24 +
+
sqlite3 (3.8.7.1-1+deb8u1) jessie-security; urgency=high
f log directory to ovirtagent in postinst (closes: #811481).
+
+ -- Laszlo Boszormenyi (GCS) Sat, 20 Aug 2016 10:34:30 +
+
ovirt-guest-agent (1.0.10.2.dfsg-2) unstable; urgency=low
* Rework useradd logic not to fail if gid 175 already present
diff -Nru ovirt-guest-agent-1.0.10.2.dfsg/d
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu
Hi,
odb depends on GCC plugin loading. Uploaded a new package version,
which started to use GCC 6.2 as it's being the default compiler.
Previously it used GCC 5.1 and to prevent any problems
; urgency=medium
+
+ * Backport fix 'prevent infinite loop in readObject() function' to prevent
+DoS from upstream Git tree.
+
+ -- Laszlo Boszormenyi (GCS) Mon, 05 Sep 2016 17:46:41 +
+
pypdf2 (1.23+git20141008-1) unstable; urgency=low
* Upstream snapshot with various bug fixes.
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
Hi RMs,
I'd like to upload ICU 63.1 which was recently released for Buster.
The packaging already bootstrapped with icu-le-hb (Layout Engine using
the HarfBuzz library) in experimental.
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
Hi RMs,
It's a small transition with only three packages: biboumi,
libqtshadowsocks and qtcreator. All three build fine with
this botan release as well.
It is also needed for proper upst
++ sqlite3-3.16.2/debian/changelog 2017-10-03 16:13:44.0 +
@@ -1,3 +1,10 @@
+sqlite3 (3.16.2-5+deb9u1) stretch; urgency=medium
+
+ * Fix CVE-2017-10989 , heap-based buffer over-read via undersized RTree
+blobs (closes: #867618).
+
+ -- Laszlo Boszormenyi (GCS) Tue, 03 Oct 2017 16:1
++ sqlite3-3.8.7.1/debian/changelog 2017-10-03 16:13:42.0 +
@@ -1,3 +1,10 @@
+sqlite3 (3.8.7.1-1+deb8u3) jessie; urgency=medium
+
+ * Fix CVE-2017-10989 , heap-based buffer over-read via undersized RTree
+blobs (closes: #867618).
+
+ -- Laszlo Boszormenyi (GCS) Tue, 03 Oct 2017 16:1
+ [ Luca Boccassi ]
+ * Fix GSSAPI support build (closes: #925914).
+
+ -- Laszlo Boszormenyi (GCS) Thu, 28 Mar 2019 16:37:09 +
+
zeromq3 (4.3.1-3) unstable; urgency=medium
[ Luca Boccassi ]
diff -Nru zeromq3-4.3.1/debian/patches/gssapi_pkgconfig.patch zeromq3-4.3.1/debi
(2.40.1-6) unstable; urgency=high
+
+ * Fix CVE-2018-10196: NULL pointer dereference in rebuild_vlists()
+(closes: #898841).
+
+ -- Laszlo Boszormenyi (GCS) Mon, 08 Apr 2019 15:51:00 +
+
graphviz (2.40.1-5) unstable; urgency=medium
* Patch upstream _gv.so symlink creation (closes
18-1000156: arbitrary command execution in ed-style patches
+(closes: #894993).
+
+ -- Laszlo Boszormenyi (GCS) Mon, 16 Apr 2018 20:48:14 +
+
patch (2.7.5-1) unstable; urgency=medium
* New upstream release.
diff -Nru patch-2.7.5/debian/control patch-2.7.5/debian/control
--- patch-2.
x CVE-2018-1000156: arbitrary command execution in ed-style patches
+(closes: #894993).
+
+ -- Laszlo Boszormenyi (GCS) Mon, 16 Apr 2018 20:48:43 +
+
patch (2.7.5-1) unstable; urgency=medium
* New upstream release.
diff -Nru patch-2.7.5/debian/patches/Fix_arbitrary_command_execu
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
Dear Release Team,
A small, incremental transition of botan 2.4 -> 2.6 as the dependent
packages are only biboumi and qtcreator. Both build fine with it.
Two things to note. For sixteen
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
Mini-transition of libcutl. It has 1.8 soname in Sid and 1.9 in
experimental, but I plan to upload soname 1.10 version. May I upload
it directly to Sid or should I target experimental fir
Hi Adam,
On Wed, 2012-12-19 at 19:55 +, Adam D. Barratt wrote:
> On Sat, 2012-11-24 at 13:34 +, Adam D. Barratt wrote:
> > On Fri, 2012-11-09 at 23:08 +0100, Jelmer Vernooij wrote:
> > > On Fri, 2012-11-09 at 06:08 +, Adam D. Barratt wrote:
> > > > It also itself FTBFS on a few archite
Hi Nikolaus,
On Sun, 2013-02-24 at 18:41 -0800, Nikolaus Rath wrote:
> I'd like to upload a new version of S3QL to testing-proposed-updates to
> fix bug #701350. Unstable already contains a newer upstream release
> (1.12), so I cannot upload there.
[...]
> The necessary patch is one line (adding f
es, that code is not
+needed anymore.
+ * Use the standard /var/log/mail.{info,err,warn} location for the various
+mail-related logs (closes: #692056).
+ * Use /dev/ttyva on kFreeBSD as the target of the d_console_all
+ destination (closes: #697042).
+
+ [ Laszlo Boszormenyi (GCS) ]
+ * Fix
On Tue, 2013-03-05 at 21:05 +0100, Michael Biebl wrote:
> On 03.03.2013 22:53, Michael Biebl wrote:
> >
> > Seeing the poor handling of symlinked conffiles, I'm wondering if we
> > should also remove them for the other affected packages, which do that:
[...]
> After a closer look, all those packag
On Wed, 2013-03-06 at 13:17 +0100, Michael Biebl wrote:
> 1/ as you no longer mark the symlinks as conffiles, the cleanup in
> syslog-ng-core.postrm is not necessary.
Removed.
> 2/ you need to remove the existing conffile symlinks in
> syslog-ng-core.preinst so dpkg converts it to non-conffiles o
On Mon, 2012-10-08 at 14:02 +0200, Mehdi Dogguy wrote:
> On 13/09/2012 14:42, Mehdi Dogguy wrote:
> > On 25/08/12 16:34, Laszlo Boszormenyi (GCS) wrote:
> >> I plan to take over of python-eventlet . It has a FTBFS bug[1] in Wheezy
> >> due to the bug in python-greenle
On Thu, 2012-09-13 at 14:42 +0200, Mehdi Dogguy wrote:
> On 25/08/12 16:34, Laszlo Boszormenyi (GCS) wrote:
> > I plan to take over of python-eventlet . It has a FTBFS bug[1] in Wheezy
> > due to the bug in python-greenlet [2]. It is fixed, but not migrated to
> > testing due
On Thu, 2012-10-11 at 23:18 +0200, Julien Cristau wrote:
[ about CouchDB storing its PID file as root ]
> Ping. Is this getting fixed?
Upstream knows about this issue, promised a fix which won't be easy as
I can remember. Now they are busy with releasing 1.3.0 and a bugfix
branch of 1.2.0 . Don't
On Mon, 2012-11-12 at 21:28 +, Adam D. Barratt wrote:
> On Fri, 2012-10-12 at 05:22 +0000, Laszlo Boszormenyi (GCS) wrote:
> > On Thu, 2012-10-11 at 23:18 +0200, Julien Cristau wrote:
> > [ about CouchDB storing its PID file as root ]
> > > Ping. Is this getting fi
On Mon, 2012-11-19 at 01:56 +0100, Michael Biebl wrote:
> On 18.11.2012 21:42, Laszlo Boszormenyi (GCS) wrote:
> > Fixes four RC bugs. The first one is that couchdb needs some time to
> > stop. Added three seconds wait time to stop in initscript and to postrm
> > (the lat
On Mon, 2012-11-19 at 11:07 +0100, Julien Cristau wrote:
> On Mon, Nov 19, 2012 at 01:18:34 +0000, Laszlo Boszormenyi (GCS) wrote:
> > Agree. That's an other thing upstream should fix. However I don't think
> > that would happen soon, at least not for Wheezy. I'l
On Wed, 2012-11-21 at 19:36 +0100, Julien Cristau wrote:
> On Tue, Nov 20, 2012 at 21:17:21 +0000, Laszlo Boszormenyi (GCS) wrote:
> Thanks, I think that should be acceptable.
OK, -3 will be uploaded if you nod on the s/couchdb/$COUCHDB/ change.
See below.
> > - logrotate will prop
1 - 100 of 134 matches
Mail list logo
