Source: gitlab
Version: 10.6.2+dfsg-1
Severity: grave
Tags: security upstream
Justification: user security hole
Control: clone -1 -2 -3
Control: retitle -1 gitlab: Confidential issue comments in Slack, Mattermost,
and webhook integrations
Control: retitle -2 gitlab: Persistent XSS in milestones da
Control: retitle -1 gitlab: CVE-2018-8801 CVE-2018-8971
Hi
On Fri, Mar 23, 2018 at 06:22:47PM +0100, Moritz Muehlenhoff wrote:
> Package: gitlab
> Severity: grave
> Tags: security
>
> Please see
> https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/
The
Source: ruby-sanitize
Version: 2.1.0-1
Severity: important
Tags: patch security upstream
Forwarded: https://github.com/rgrove/sanitize/issues/176
Hi,
the following vulnerability was published for ruby-sanitize.
CVE-2018-3740[0]:
Sanitize HTML injection vulnerability
Code has changed quite a bit
Source: ruby-loofah
Version: 2.0.3-2
Severity: important
Tags: patch security upstream
Forwarded: https://github.com/flavorjones/loofah/issues/144
Hi,
the following vulnerability was published for ruby-loofah.
CVE-2018-8048[0]:
XSS vulnerability
The issue is actually raised by an underlying iss
Source: ruby-rack-protection
Version: 1.5.2-1
Severity: grave
Tags: patch security upstream
Hi,
the following vulnerability was published for ruby-rack-protection.
CVE-2018-1000119[0]:
Timing attack in authenticity_token.rb
If you fix the vulnerability please also make sure to include the
CVE (
Source: ruby-doorkeeper
Version: 4.2.0-3
Severity: important
Tags: patch security upstream
Forwarded: https://github.com/doorkeeper-gem/doorkeeper/issues/969
Hi,
the following vulnerability was published for ruby-doorkeeper.
CVE-2018-188[0]:
Stored XSS vulnerability
If you fix the vulnerabi
Source: ruby-omniauth
Version: 1.2.1-1
Severity: important
Tags: security upstream fixed-upstream
Forwarded: https://github.com/omniauth/omniauth/pull/867
Control: fixed -1 1.6.1-1
For tracking this security issue in ruby-omniauth:
> Request phase of omniauth store request.params in session which
Source: gitlab
Version: 8.13.11+dfsg1-12
Severity: grave
Tags: upstream security
Hi
See
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
for which several go back to 8.9.0 versions.
There are three CVEs out of
https://security-tracker.debian.org/tracker/source-package/gitlab
Source: redmine
Version: 3.3.1-1
Severity: important
Tags: security upstream
Forwarded: https://www.redmine.org/issues/27516
Hi,
the following vulnerability was published for redmine.
CVE-2017-18026[0]:
| Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does
| not block the --con
Source: ruby-net-ldap
Version: 0.12.1-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/ruby-ldap/ruby-net-ldap/issues/258
Hi,
the following vulnerability was published for ruby-net-ldap.
CVE-2017-17718[0]:
| The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has M
Source: passenger
Version: 5.0.30-1
Severity: important
Tags: patch security upstream fixed-upstrream
Hi,
the following vulnerability was published for passenger.
CVE-2017-16355[0]:
| In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed
| in Passenger Open Source 5.1.11 and Pas
Hi Cédric,
On Fri, Dec 01, 2017 at 10:44:22PM +0100, Cédric Boutillier wrote:
> Hi,
>
> I have prepared a patch for Debian bug #882034 (CVE-2017-1000248) from
> by adapting the upstream patch from
>
> https://github.com/redis-store/redis-store/pull/290
>
> (which should be applied after
> https
Source: redmine
Version: 3.3.1-4
Severity: important
Tags: patch security upstream
Forwarded: https://www.redmine.org/issues/27186
Hi,
the following vulnerability was published for redmine.
CVE-2017-15570[0]:
| In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3,
| XSS exists in
Source: redmine
Version: 3.3.1-4
Severity: important
Tags: patch security upstream
Forwarded: https://www.redmine.org/issues/27186
Hi,
the following vulnerability was published for redmine.
CVE-2017-15571[0]:
| In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3,
| XSS exists in
Source: redmine
Version: 3.3.1-4
Severity: important
Tags: patch security upstream
Forwarded: https://www.redmine.org/issues/27186
Hi,
the following vulnerability was published for redmine.
CVE-2017-15569[0]:
| In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3,
| XSS exists in
Source: redmine
Version: 3.3.1-4
Severity: important
Tags: patch security upstream
Forwarded: https://www.redmine.org/issues/27186
Hi,
the following vulnerability was published for redmine.
CVE-2017-15568[0]:
| In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3,
| XSS exists in
Source: ruby-redis-store
Version: 1.1.6-1
Severity: grave
Tags: patch security upstream
Forwarded: https://github.com/redis-store/redis-store/issues/289
Control: found -1 1.3.0-1
Hi,
the following vulnerability was published for ruby-redis-store.
CVE-2017-1000248[0]:
| Redis-store <=v1.3.0 allow
Source: ruby-ox
Version: 2.1.1-2
Severity: grave
Tags: security upstream
Forwarded: https://github.com/ohler55/ox/issues/194
Hi,
the following vulnerability was published for ruby-ox.
Rationale for RC severity: think the issue warrants to be adressed for
the next stable release. The issue itself
Hi Chris!
On Wed, Nov 08, 2017 at 11:37:07AM +0100, Chris Hofstaedtler wrote:
> * Salvatore Bonaccorso [171108 07:45]:
> > Dear maintainer,
> >
> > I've prepared an NMU for ruby-yajl (versioned as 1.2.0-3.1) and
> > uploaded it to DELAYED/5. Please feel free to
JSON file allows to crash ruby process with a
+SIGABRT in the yajl_string_decode function (Closes: #880691)
+
+ -- Salvatore Bonaccorso Wed, 08 Nov 2017 07:31:37 +0100
+
ruby-yajl (1.2.0-3) unstable; urgency=medium
[ Balasankar C ]
diff -Nru ruby-yajl-1.2.0/debian/patches/Don-t-advance-ou
Source: ruby-yajl
Severity: normal
Hi
ruby-yajl embedds a copy of yajl, which is packaged for Debian.
src:yajl is packaged in Debian.
It might need first investigation, but if possible please consider
switching to the system library for ruby-yajl instead of the embeeded
copy.
Regards,
Salvatore
Source: ruby-yajl
Severity: wishlist
Hi
There is a new upstream version (1.3.1) ruby-yajl available. Can you
package it for unstable?
Regards,
Salvatore
___
Pkg-ruby-extras-maintainers mailing list
Pkg-ruby-extras-maintainers@lists.alioth.debian.org
h
Source: ruby-yajl
Version: 1.2.0-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/brianmario/yajl-ruby/issues/176
Hi,
the following vulnerability was published for ruby-yajl.
CVE-2017-16516[0]:
| In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is
| suppli
Control: severity -1 minor
On Thu, Aug 17, 2017 at 06:24:43PM +0530, Pirate Praveen wrote:
> On Tue, 15 Aug 2017 07:40:59 +0200 Salvatore Bonaccorso
> wrote:> If you fix the vulnerability please also
> make sure to include the
> > CVE (Common Vulnerabilities & Exposures
Source: gitlab
Version: 8.13.11+dfsg1-8
Severity: grave
Tags: security upstream
Forwarded: https://gitlab.com/gitlab-org/gitlab-ce/issues/35212
Hi,
the following vulnerability was published for gitlab.
CVE-2017-12426[0]:
| GitLab Community Edition (CE) and Enterprise Edition (EE) before
| 8.17.8
Source: rubocop
Version: 0.48.1+dfsg-1
Severity: grave
Tags: patch security upstream
Forwarded: https://github.com/bbatsov/rubocop/issues/4336
Hi,
the following vulnerability was published for rubocop.
CVE-2017-8418[0]:
| RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing
| local
Source: rbenv
Version: 1.0.0-1
Severity: normal
Tags: upstream security
Forwarded: https://github.com/rbenv/rbenv/issues/977
Hi,
the following vulnerability was published for rbenv.
CVE-2017-147[0]:
| rbenv (all current versions) is vulnerable to Directory Traversal in
| the specification of
Source: ruby-mixlib-archive
Version: 0.2.0-1
Severity: important
Tags: upstream patch security fixed-upstream
Forwarded: https://github.com/chef/mixlib-archive/pull/6
Hi,
the following vulnerability was published for ruby-mixlib-archive.
CVE-2017-126[0]:
| Chef Software's mixlib-archive vers
Source: gitlab
Version: 8.13.11+dfsg1-3
Severity: grave
Tags: upstream security
Forwarded: https://gitlab.com/gitlab-org/gitlab-ce/issues/27471
Hi,
the following vulnerability was published for gitlab. Please note I
was not able to verfy that affects back 8.13.11, and the merge request
has restri
Source: gitlab
Version: 8.13.11+dfsg-2
Severity: grave
Tags: patch upstream security fixed-upstream
Control: fixed -1 8.13.11+dfsg-7
Hi,
the following vulnerability was published for gitlab.
CVE-2017-0882[0]:
Information Disclosure in Issue and Merge Request Trackers
If you fix the vulnerabilit
Control: reassign -1 src:ruby-zip
Control: forcemerge 856269 -1
Hi
On Fri, Mar 03, 2017 at 02:13:43PM -0600, Phillip Prescher wrote:
> Package: ruby-zip
> Version: 1.1.6-1
>
> Please see CVE-2017-5946. This version of the ruby-zip package is
> vulnerable to directory traversal attacks. Please up
Hi Antonio,
On Tue, Feb 28, 2017 at 08:21:23AM -0300, Antonio Terceiro wrote:
> On Tue, Feb 28, 2017 at 08:08:21AM +0100, Salvatore Bonaccorso wrote:
> > Control: tags 856269 + pending
> >
> > Dear maintainer,
> >
> > I've prepared an NMU for ruby-zip (ve
Hi Antonio!
On Tue, Feb 28, 2017 at 08:21:23AM -0300, Antonio Terceiro wrote:
> On Tue, Feb 28, 2017 at 08:08:21AM +0100, Salvatore Bonaccorso wrote:
> > Control: tags 856269 + pending
> >
> > Dear maintainer,
> >
> > I've prepared an NMU for ruby-zip (ve
:File component
+(Closes: #856269)
+
+ -- Salvatore Bonaccorso Mon, 27 Feb 2017 17:38:59 +0100
+
ruby-zip (1.2.0-1) unstable; urgency=medium
* Team upload.
diff -Nru ruby-zip-1.2.0/debian/patches/CVE-2017-5946.patch ruby-zip-1.2.0/debian/patches/CVE-2017-5946.patch
--- ruby-zip-1.2.0/d
Source: ruby-zip
Version: 1.1.6-1
Severity: grave
Tags: upstream patch security
Forwarded: https://github.com/rubyzip/rubyzip/issues/315
Hi,
the following vulnerability was published for ruby-zip.
CVE-2017-5946[0]:
| The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a
| direct
Hi Markus,
On Mon, Jan 30, 2017 at 09:28:35AM +0100, Markus Frosch wrote:
> On 30.01.2017 07:08, Salvatore Bonaccorso wrote:
> > I've prepared an NMU for ruby-minitar (versioned as 0.5.4-3.1) and
> > uploaded it to DELAYED/5. Please feel free to tell me if I
> &
ersal vulnerability (Closes: #853075)
+
+ -- Salvatore Bonaccorso Mon, 30 Jan 2017 07:00:07 +0100
+
ruby-minitar (0.5.4-3) unstable; urgency=medium
* [817a137] Move VCS to pkg-ruby-extras
diff -Nru ruby-minitar-0.5.4/debian/patches/CVE-2016-10173.patch ruby-minitar-0.5.4/debian/patches/CVE-2016-10173.
Source: ruby-minitar
Version: 0.5.4-3
Severity: grave
Tags: security upstream patch
Forwarded: https://github.com/halostatue/minitar/issues/16
Hi,
the following vulnerability was published for ruby-minitar.
CVE-2016-10173[0]:
directory traversal vulnerability
There is an upstream bug for it at
Source: ruby-minitar
Version: 0.5.4-3
Severity: normal
Hi
/usr/bin/minitar as shipped in ruby-minitar is not working. Trying to
extract a tar.gz with it raises:
$ minitar extract test.tar.gz
/usr/bin/minitar:19:in `': undefined method `require_gem' for main:Object
(NoMethodError)
Did you mean?
Source: gitlab
Version: 8.13.3+dfsg1-2
Severity: grave
Tags: security upstream
Hi,
the following vulnerability was published for gitlab.
CVE-2016-9469[0]:
|Denial-of-Service and Data Corruption Vulnerability in Issue and Merge
|Request Trackers
If you fix the vulnerability please also make sure
Source: gitlab
Version: 8.10.5+dfsg-3
Severity: grave
Tags: security upstream
Justification: user security hole
Hi,
the following vulnerability was published for gitlab.
CVE-2016-9086[0]:
| GitLab versions 8.9.x and above contain a critical security flaw in the
| "import/export project" feature
Package: bundler
Version: 1.7.4-1
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for bundler.
CVE-2016-7954[0]:
code execution via gem name collission in bundler
Please correct me if I'm wrong. As far I understand, this issue cannot
be fixed within the
Hi!
On Sat, Aug 27, 2016 at 02:58:13PM +0530, Pirate Praveen wrote:
> On Thu, 25 Aug 2016 21:44:23 +0200 Salvatore Bonaccorso
> wrote:
> > Control: fixed -1 4.2.0-1
> > Hi
> >
> > This seems to have been addressed in 4.2.0 upstream (which was
> > uploa
Control: fixed -1 4.2.0-1
Hi
This seems to have been addressed in 4.2.0 upstream (which was
uploaded to experimental), but the debian/changelog does not mention
the bug closer nor the CVE id; any reason for that or just an
oversight?
Regards,
Salvatore
___
Source: ruby-doorkeeper
Version: 3.1.0-1
Severity: grave
Tags: security upstream patch
Forwarded: https://github.com/doorkeeper-gem/doorkeeper/issues/875
Hi,
the following vulnerability was published for ruby-doorkeeper.
CVE-2016-6582[0]:
Doorkeeper does not revoke tokens and wrong auth/auth met
Source: rails
Version: 2:4.1.8-1
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for rails.
CVE-2016-6316[0]:
Possible XSS Vulnerability in Action View
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities &
Source: rails
Version: 2:4.2.6-2
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for rails.
CVE-2016-6317[0]:
unsafe query generation in Active Record
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposu
Source: ruby-saml
Version: 1.1.2-1
Severity: grave
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for ruby-saml.
CVE-2016-5697[0]:
signature wrapping attack vulnerability
If you fix the vulnerability please also make sure to include the
CVE (Common Vu
Source: chef
Version: 12.3.0-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/chef/chef/issues/3871
Hi,
the following vulnerability was published for chef.
CVE-2015-8559[0]:
knife bootstrap leaks validator privkey into system logs
AFAICS no fix is yet available upstre
Source: passenger
Version: 5.0.7-3
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for passenger.
CVE-2015-7519[0]:
Header overwriting issue
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures)
Control: retitle ruby-devise-two-factor: CVE-2015-7225: TOTP Replay Attack
Hi,
On Wed, Sep 09, 2015 at 07:10:29PM +0200, Moritz Muehlenhoff wrote:
> Package: ruby-devise-two-factor
> Severity: grave
> Tags: security
> Justification: user security hole
>
> Hi,
> please see http://www.openwall.com
Hi,
On Thu, Jul 30, 2015 at 09:58:27PM +0200, Salvatore Bonaccorso wrote:
> The targetting distribution was still set to 'unstable'. I have fixed
> that in the attached debdiffs and added the patch for jessie-security
> (can you import them in your VCS please?). I have upl
Hi,
(Adding Antonio to the loop who did the previous uploads)
On Thu, Jul 30, 2015 at 06:36:56PM +0900, Youhei SASAKI wrote:
> Hi,
>
> Thanks your review.
>
> On Thu, 30 Jul 2015 04:49:12 +0900,
> Salvatore Bonaccorso wrote:
> > >
> > > # BTW, due to the un
Hi,
Thanks for working on this issue!
On Wed, Jul 29, 2015 at 05:30:34PM +0900, Youhei SASAKI wrote:
> Dear Debian Security Team
>
> I'v created patche in order to fix CVE-2015-3225 for wheezy, jessie.
>
> #789311 (CVE-2015-3225)
>
> Please consider to update stable version of ruby-rack with
Source: rails
Version: 2:4.1.8-1
Severity: important
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for rails.
CVE-2015-3227[0]:
Denial of Service
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposure
Source: rails
Version: 2:4.1.8-1
Severity: important
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for rails.
CVE-2015-3226[0]:
XSS Vulnerability in ActiveSupport::JSON.encode
If you fix the vulnerability please also make sure to include the
CVE (Com
Source: ruby-jquery-rails
Version: 3.1.2-6
Severity: important
Tags: security upstream fixed-upstream
Hi,
the following vulnerability was published for ruby-jquery-rails,
filling for reference as well in the BTS.
CVE-2015-1840[0]:
CSRF vulnerability in jquery-rails
If you fix the vulnerability
Source: ruby-bson
Version: 1.10.0-1
Severity: important
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for ruby-bson.
CVE-2015-4410[0]:
DoS and possible injection
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabil
Source: rails-3.2
Severity: grave
Tags: security upstream fixed-upstream
Justification: user security hole
Hi,
the following vulnerability was published for rails-3.2.
CVE-2014-0130[0]:
Directory Traversal Vulnerability With Certain Route Configurations
If you fix the vulnerability please also
Source: rails-4.0
Severity: grave
Tags: security upstream fixed-upstream
Hi,
the following vulnerability was published for rails-4.0.
CVE-2014-0130[0]:
Directory Traversal Vulnerability With Certain Route Configurations
If you fix the vulnerability please also make sure to include the
CVE (Comm
Hi Jonas, hi Moritz,
On Fri, Mar 28, 2014 at 07:49:18PM +0100, Jonas Genannt wrote:
> Hello Moritz,
>
> thanks for your report. I have checked the version in Debian, and I think
> they are not
> affected by this SSHA salt problem:
>
>
> http://anonscm.debian.org/gitweb/?p=pkg-ruby-extras/ruby-
Package: ruby-will-paginate
Severity: important
Tags: security upstream fixed-upstream
Hi,
the following vulnerability was published for ruby-will-paginate.
CVE-2013-6459[0]:
XSS vulnerabilities
It is fixed in a new upstream version 3.0.5[1].
If you fix the vulnerability please also make sure
Hi Per,
On Mon, Nov 25, 2013 at 01:20:42AM +0100, Per Andersson wrote:
> On Sun, Nov 10, 2013 at 8:58 PM, Salvatore Bonaccorso
> wrote:
> > Hi Per,
> >
> > Did you had time to prepare the fixes for unstable?
>
> Still working with the latest upstream release. Hop
Control: retitle -1 sup-mail: CVE-2013-4478 and CVE-2013-4479
Actually I was not correct, there should be two issues:
CVE-2013-4478: For the issue specifically covered in
http://seclists.org/fulldisclosure/2013/Oct/att-272/whatsup.txt which
is
https://github.com/sup-heliotrope/sup/commit/8b46cdbf
Control: retitle -1 sup-mail: CVE-2013-4478: remote command injection in
content_type
Control: user debian-secur...@lists.debian.org
Control: usertags -1 + tracked
Hi
CVE-2013-4478 was now assigned to this issue.
Regards,
Salvatore
___
Pkg-ruby-extra
Package: sup-mail
Severity: grave
Tags: security upstream patch fixed-upstream
Hi
A remote command injection in sup-mail was reported, see [0] and [1]
for more details. Upstream also released new versions fixing this
issue, see [3] for the diff between 0.13.2 and 0.13.2.1.
[0] http://rubyforge.
Hi
Please see also the followups
http://article.gmane.org/gmane.comp.security.oss.general/11137
Regards,
Salvatore
___
Pkg-ruby-extras-maintainers mailing list
Pkg-ruby-extras-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin
Hi Cédric
On Tue, May 07, 2013 at 10:51:20AM +0200, Cédric Boutillier wrote:
> Dear PET developpers,
>
> We've noticed that the PET service for the Ruby Team
> http://pet.debian.net/pkg-ruby-extras/pet.cgi
> has not been receiving updates from the repos for at least a few days.
>
> I've tried to
Control: retitle -1 Update libextlib-ruby / ruby-extlib for vulnerabilities
(Re: CVE-2013-1802)
Hi
A separate CVE was assigned to this vulerability: CVE-2013-1802
Regards,
Salvatore
___
Pkg-ruby-extras-maintainers mailing list
Pkg-ruby-extras-mainta
Control: clone -1 -2
Control: retitle -1 ruby-rack: CVE-2013-0262: Path sanitization information
disclosure
Control: retitle -2 ruby-rack: CVE-2013-0263: Timing attack in cookie sessions
Hi
On Sun, Feb 10, 2013 at 11:14:50AM +0900, Satoru KURASHIKI wrote:
> hi,
>
> > For further information see
Source: ruby-rack
Severity: grave
Tags: security
Hi,
the following vulnerabilities were published for ruby-rack.
CVE-2013-0262[0]:
Path sanitization information disclosure
CVE-2013-0263[1]:
Timing attack in cookie sessions
If you fix the vulnerabilities please also make sure to include the
CVE
Package: rails
Severity: grave
Tags: security
Justification: user security hole
Hi
The following advisory was made for rails:
[1] http://weblog.rubyonrails.org/
[2]:
https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo
Disclaimer: I have not checked which vers
l and yaml coercion from the XML
parser
+ (Closes: #697895) (LP: #1098357)
+
+ -- Salvatore Bonaccorso Fri, 11 Jan 2013 20:52:05 +0100
+
libextlib-ruby (0.9.13-2) unstable; urgency=low
* std-ver -> 3.8.4. No changes needed.
only in patch2:
unchanged:
--- libextlib-ruby-0.9.
yaml coercion from the
+XML parser. (Closes: #697895) (LP: #1098357)
+
+ -- Salvatore Bonaccorso Fri, 11 Jan 2013 21:14:26 +0100
+
ruby-extlib (0.9.15-2) unstable; urgency=low
* Add full text of the Ruby licence.
@@ -49 +56,0 @@
-
only in patch2:
unchanged:
--- ruby-extlib-0.9.15.orig
.13/debian/changelog
--- libextlib-ruby-0.9.13/debian/changelog
+++ libextlib-ruby-0.9.13/debian/changelog
@@ -1,3 +1,11 @@
+libextlib-ruby (0.9.13-2+squeeze1) stable-security; urgency=high
+
+ * Non-maintainer upload.
+ * [SECURITY] CVE-2013-0156: Remove symbol and yaml coercion from the XML
parser
+
Hi Paul
On Fri, Sep 28, 2012 at 05:12:51PM +0200, Paul van Tilburg wrote:
> Package: camping
> Version: 2.1.498-3
> Severity: grave
> Tags: patch upstream
> Justification: renders package unusable
>
> Hi,
>
> Currently, it is not possible in Debian to use the Camping framework to
> write/create
Subject: rttool: Manpage for rt2 contains subversion $Id$ marker
Source: rttool
Version: 1.0.3.0-2
Severity: minor
Hi
The manpage /usr/share/man/man1/rt2.1.gz still contains the $Id$
subversion marker.
Regards,
Salvatore
Hi Ruby-Extra Maintainers!
On Tue, Jun 12, 2012 at 01:11:57AM +0900, Youhei SASAKI wrote:
> Hi,
>
> I am an upstream maintainer of rdtool.
>
> At Tue, 05 Jun 2012 07:39:14 +0200,
> Salvatore Bonaccorso wrote:
> >
> > This for example affects vim-addon-mana
Source: rdtool
Version: 0.6.34-3
Severity: normal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi
This for example affects vim-addon-manager which was build with newer
rdtool's rd2. rd2 -r rd/rd2man-lib does not seem to correctly generate
the manpages, quoting sections with [".
Here is an ex
79 matches
Mail list logo
