Control: severity -1 serious
Control: user debian-rele...@lists.debian.org
Control: usertag -1 bsp-2024-05-mdc-ber
Hi,
Thank you Athos for performing all those build and filing the apropriate
bug reports!
Le Mon, May 06, 2024 at 11:31:30AM -0300, Athos Ribeiro a écrit :
> phpunit 11 is out and
+Thanks to Andreas Beckmann (Closes: #1070423)
+
+ -- David Prévot Sun, 05 May 2024 11:08:20 +0200
+
php-composer-pcre (3.1.0-1) unstable; urgency=medium
[ Jordi Boggiano ]
diff -Nru php-composer-pcre-3.1.0/debian/control
php-composer-pcre-3.1.0/debian/control
--- php-composer-pcre-3.1.0/de
Hi Michael,
Le Fri, Dec 15, 2023 at 02:31:23PM +0100, David Prevot a écrit :
> On 2023-12-04 16:59, Michael Banck wrote:
[…]
> > So, what are your plans? I can offer to take over the packaging of
> > check-patroni as part of the Postgres team; I'd move the git to
> > salsa.debian.org/postgresql
Hi Adam,
Le Mon, Mar 25, 2024 at 06:44:54PM +, Adam D. Barratt a écrit :
> On Thu, 2024-02-29 at 11:18 +0100, David Prévot wrote:
> > This is a follow up from composer/DSA-5632-1.
[…]
> + * Track debian/bookworm-security
>
> Even though this update isn't going to the secur
Hi Adam,
Le Mon, Mar 25, 2024 at 06:43:31PM +, Adam D. Barratt a écrit :
> On Thu, 2024-02-29 at 11:10 +0100, David Prévot wrote:
> > [1/9 for bookworm]
> >
> > This is a follow up from composer/DSA-5632-1.
[…]
> All 9 of them. :-/
Yay, sorry about that…
> Pl
Control: affects -1 + src:php-league-uri-interfaces
Le Mon, Mar 25, 2024 at 09:15:11AM +0100, David Prévot a écrit :
[…]
> Hi,
>
> Please remove the
php-league-uri-interfaces source package.
The php-league-uri-interfaces binary package is now built by
php-league-uri-src, so the php-l
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: php-league-...@packages.debian.org
Control: affects -1 + src:php-league-uri-src
Control: affects -1 + src:php-league-uri
User: ftp.debian@packages.debian.org
Usertags: remove
Hi,
The php-league-uri binary package is now built by
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: php-league-uri-...@packages.debian.org
Control: affects -1 + src:php-league-uri-src
User: ftp.debian@packages.debian.org
Usertags: remove
Hi,
Please remove the
signature.asc
Description: PGP signature
Package: php-text-wiki
Version: 1.2.1-3.1
Severity: serious
php-text-wiki has no reverse dependencies anymore. We should probably
not ship this package in Trixie (not sure if we actually want to remove
it from Bookworm).
I intend to follow up with an RM request in a few months if nobody
objects
Package: php-net-dime
Version: 1.0.2-3.1
Severity: serious
php-net-dime has no reverse dependencies anymore. We should probably not
ship this package in Trixie (not sure if we actually want to remove it
from Bookworm).
I intend to follow up with an RM request in a few months if nobody
objects
Package: php-net-nntp
Version: 1.5.0-2.1
Severity: serious
php-net-nntp has no reverse dependencies anymore. We should probably not
ship this package in Trixie (not sure if we actually want to remove it
from Bookworm).
I intend to follow up with an RM request in a few months if nobody
objects
Package: php-letodms-core
Version: 3.4.2-1.1
Severity: serious
php-letodms-core has no reverse dependencies anymore. We should probably
not ship this package in Trixie (not sure if we actually want to remove
it from Bookworm).
I intend to follow up with RM requests in a few months if nobody
Package: php-http-webdav-server
Version: 1.0.0RC8-1.1
Severity: serious
php-http-webdav-server has no reverse dependencies anymore. We should
probably not ship this package in Trixie (not sure if we actually want
to remove it from Bookworm).
I intend to follow up with RM requests in a few months
Package: php-net-whois
Version: 1.0.5-3.2
Severity: serious
X-Debbugs-Cc: Debian PHP PEAR Maintainers
[ Filled as RC by a Debian PHP PEAR Maintainers team member to see this
package auto-removed from testing. ]
php-net-whois has no reverse dependencies anymore. We should probably
not ship
Package: debpear
Version: 0.5+nmu1
Severity: serious
[ Filled as RC by a team member to see this package auto-removed from
testing. ]
debpear has no reverse dependencies, not seen any development in the
last ten years, and has a decreasing popcon (probably in link with the
decreasing interest
Package: php-validate
Version: 0.8.5-4.2
Severity: serious
X-Debbugs-Cc: Debian PHP PEAR Maintainers
[ Filled as RC by a Debian PHP PEAR Maintainers team member to see this
package auto-removed from testing. ]
php-validate has no reverse dependencies anymore. We should probably not
ship this
control: tags -1 serious
Hi Benjamin,
Thank you for the report, and apologies nobody came back to you sooner.
Le Wed, Jul 19, 2023 at 11:24:44AM +, Benjamin Renard a écrit :
> Package: php-net-ftp
> Version: 1:1.4.0-2.1
[…]
> This package seem not compatible with the PHP 8.2 version
Package: libphp-snoopy
Version: 2.0.0-3
Severity: serious
[ Filled as RC by a team member to see this package auto-removed from
testing. ]
libphp-snoopy has no reverse dependencies anymore. We should probably
not ship this package in Trixie (not sure if we actually want to remove
it from
Package: php-mdb2
Version: 2.5.0b5-2.1
Severity: serious
[ Filled as RC by a team member to see this package auto-removed from
testing. ]
php-mdb2 has no reverse dependencies anymore (except for
php-mdb2-driver-pgsql and php-mdb2-driver-mysql that are also targeted
by this bug report). We
Hi,
Le Wed, Feb 21, 2024 at 08:19:06AM +0100, David Prévot a écrit :
> […] I wish to
> proceed with the transition during the next MiniDebCampHamburg happening
> early March (in less than two weeks).
>
> https://wiki.debian.org/DebianEvents/de/2024/MiniDebCampHamburg
Hi Sunil,
Le Tue, Mar 05, 2024 at 02:47:18PM -0800, Sunil Mohan Adapa a écrit :
> On Tue, 5 Mar 2024 14:48:49 +0100 David =?iso-8859-1?Q?Pr=E9vot?=
> wrote:
> > Package: php-klogger
> > Version: 1.2.2-2
> > Severity: important
[…]
> > Please, test your package with php-psr-log 3 and […]
> > […]
Package: php-klogger
Version: 1.2.2-2
Severity: important
Hi James, Sunil,
AFAICT, php-klogger is the only blocker preventing php-psr-log 3 upload
to unstable. php-psr-log 3 is available in experimental since 2021, and
recent php-psr-log will be needed for the php-monolog 3 transition.
Please,
control: severity -1 serious
control: found -1 4.1.15+dfsg-1
Hi,
Le Sun, Feb 11, 2024 at 07:30:39PM +0100, Axel a écrit :
> Package: spip
> Version: 4.1.9+dfsg-1+deb12u4
> Severity: important
[…]
> after the upgrade, I could not log in to my site anymore. […] …/ecrire shows:
>
> “This
Le Sat, Mar 02, 2024 at 11:22:22AM +0100, David Prévot a écrit :
[…]
> [x] attach debdiff against the package in oldstable
Second try.
diff -Nru php-phpseclib-2.0.30/debian/changelog php-phpseclib-2.0.30/debian/changelog
--- php-phpseclib-2.0.30/debian/changelog 2023-12-31 15:36:22.00
Package: release.debian.org
Severity: normal
Tags: bullseye
X-Debbugs-Cc: phpsec...@packages.debian.org, t...@security.debian.org
Control: affects -1 + src:phpseclib
User: release.debian@packages.debian.org
Usertags: pu
Hi,
This issue is simalar to #1065264 for bookworm
I’d like to see
Package: release.debian.org
Severity: normal
Tags: bullseye
X-Debbugs-Cc: php-phpsec...@packages.debian.org, t...@security.debian.org
Control: affects -1 + src:php-phpseclib
User: release.debian@packages.debian.org
Usertags: pu
Hi,
This issue is similar to #1065263 for bookworm
I’d like to
[CVE-2024-27355]
+- BigInteger: fix getLength()
+ * Force system dependencies loading
+
+ -- David Prévot Mon, 26 Feb 2024 22:58:32 +0100
+
phpseclib (1.0.20-1+deb12u1) bookworm-security; urgency=medium
* Track Bookworm
diff -Nru phpseclib-1.0.20/debian/patches/0011-BigInteger-put
]
+- Tests: updates for phpseclib 2.0
+- BigInteger: phpseclib 2.0 updates
+- BigInteger: fix getLength()
+
+ -- David Prévot Mon, 26 Feb 2024 23:23:19 +0100
+
php-phpseclib (2.0.42-1+deb12u1) bookworm-security; urgency=medium
* Track bookworm
diff -Nru php-phpseclib-2.0.42/debian
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: php-phpsecl...@packages.debian.org, t...@security.debian.org
Control: affects -1 + src:php-phpseclib3
User: release.debian@packages.debian.org
Usertags: pu
Hi,
Iâd like to see CVE-2024-27354 and CVE-2024-27355
Le Thu, Feb 29, 2024 at 03:06:35PM +0100, David Prévot a écrit :
> [x] attach debdiff against the package in (old)stable
One more time…
diff -Nru php-doctrine-annotations-1.11.2/debian/autoload.php.tpl php-doctrine-annotations-1.11.2/debian/autoload.php.tpl
--- php-doctrine-annotations-1.1
Package: release.debian.org
Severity: normal
Tags: bullseye
X-Debbugs-Cc: php-doctrine-annotati...@packages.debian.org,
t...@security.debian.org
Control: affects -1 + src:php-doctrine-annotations
User: release.debian@packages.debian.org
Usertags: pu
[6/6 for bullseye]
This is a follow up
Package: release.debian.org
Severity: normal
Tags: bullseye
X-Debbugs-Cc: php-zend-c...@packages.debian.org, t...@security.debian.org
Control: affects -1 + src:php-zend-code
User: release.debian@packages.debian.org
Usertags: pu
[5/6 for bullseye]
This is a follow up from composer/DSA-5632-1,
Package: release.debian.org
Severity: normal
Tags: bullseye
X-Debbugs-Cc: php-proxy-mana...@packages.debian.org, t...@security.debian.org
Control: affects -1 + src:php-proxy-manager
User: release.debian@packages.debian.org
Usertags: pu
[4/6 for bullseye]
This is a follow up from
Package: release.debian.org
Severity: normal
Tags: bullseye
X-Debbugs-Cc: symf...@packages.debian.org, t...@security.debian.org
Control: affects -1 + src:symfony
User: release.debian@packages.debian.org
Usertags: pu
[3/6 for bullseye]
This is a follow up from composer/DSA-5632-1, similar to
/debian/changelog 2020-09-15 22:17:37.0 +0200
+++ php-symfony-contracts-1.1.10/debian/changelog 2024-02-18 11:57:14.0 +0100
@@ -1,3 +1,9 @@
+php-symfony-contracts (1.1.10-2+deb11u1) bookworm; urgency=medium
+
+ * Force system dependencies loading
+
+ -- David Prévot Sun, 18 Feb 2024
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: php-composer-xdebug-hand...@packages.debian.org,
t...@security.debian.org
Control: affects -1 + src:php-composer-xdebug-handler
User: release.debian@packages.debian.org
Usertags: pu
[1/6 for bullseye]
This is a follow
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: php-doctrine-deprecati...@packages.debian.org,
t...@security.debian.org
Control: affects -1 + src:php-doctrine-deprecations
User: release.debian@packages.debian.org
Usertags: pu
[9/9 for bookworm]
This is a follow up
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: php-doctrine-le...@packages.debian.org, t...@security.debian.org
Control: affects -1 + src:php-doctrine-lexer
User: release.debian@packages.debian.org
Usertags: pu
[8/9 for bookworm]
This is a follow up from
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: php-doctrine-annotati...@packages.debian.org,
t...@security.debian.org
Control: affects -1 + src:php-doctrine-annotations
User: release.debian@packages.debian.org
Usertags: pu
[7/9 for bookworm]
This is a follow up
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: php-zend-c...@packages.debian.org, t...@security.debian.org
Control: affects -1 + src:php-zend-code
User: release.debian@packages.debian.org
Usertags: pu
[6/9 for bookworm]
This is a follow up from composer/DSA-5632-1.
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: php-proxy-mana...@packages.debian.org, t...@security.debian.org
Control: affects -1 + src:php-proxy-manager
User: release.debian@packages.debian.org
Usertags: pu
[5/9 for bookworm]
This is a follow up from
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: php-proxy-mana...@packages.debian.org, t...@security.debian.org
Control: affects -1 + src:php-proxy-manager
User: release.debian@packages.debian.org
Usertags: pu
[5/9 for bookworm]
This is a follow up from
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: symf...@packages.debian.org, t...@security.debian.org
Control: affects -1 + src:symfony
User: release.debian@packages.debian.org
Usertags: pu
[4/9 for bookworm]
This is a follow up from composer/DSA-5632-1 and similar
; urgency=medium
+
+ * Track debian/bookworm-security
+ * Force system dependencies loading
+
+ -- David Prévot Thu, 15 Feb 2024 22:48:06 +0100
+
php-symfony-contracts (2.5.2-1) unstable; urgency=medium
[ Nicolas Grekas ]
diff -Nru php-symfony-contracts-2.5.2/debian/clean php-symfony-contracts
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: php-composer-xdebug-hand...@packages.debian.org,
t...@security.debian.org
Control: affects -1 + src:php-composer-xdebug-handler
User: release.debian@packages.debian.org
Usertags: pu
[2/9 for bookworm]
This is a follow
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: php-composer-class-map-genera...@packages.debian.org,
t...@security.debian.org
Control: affects -1 + src:php-composer-class-map-generator
User: release.debian@packages.debian.org
Usertags: pu
[1/9 for bookworm]
This
control: severity 1039731 serious
control: severity 1051989 serious
control: severity 1051985 serious
control: severity 1039733 serious
Le Wed, Feb 21, 2024 at 08:19:06AM +0100, David Prévot a écrit :
> Le Wed, Jan 03, 2024 at 07:04:12PM +0100, David Prévot a écrit :
> […]
> > I
Package: php-sql-formatter
Version: 1.2.17+dct1.1.3-1
Severity: serious
Tags: sid trixie
[ Filled as an RC-bug by the maintainer to see the package auto-removed
from testing. ]
I packaged php-sql-formatter as used by php-doctrine-bundle, but
php-doctrine-bundle got removed a while ago from
Hi,
Le Wed, Jan 03, 2024 at 07:04:12PM +0100, David Prévot a écrit :
[…]
> I’m in favour of raising the severity of bugs blocking this transition
> to RC level ASAP: Symfony 6 has been in experimental for a while now
I intend to do so early next week: symfony 6 was introduced in
experi
Control: severity -1 serious
Le Mon, Feb 12, 2024 at 06:15:27PM -0700, skizz...@skizzerz.net a écrit :
> Seems the current version is causing errors due to using syntax removed in
> PHP 8. I'm seeing the following error message:
> TypeError: implode(): Argument #2 ($array) must be of type ?array,
Control: retitle -1 bookworm-pu: package spip/4.1.9+dfsg-1+deb12u4
Le Sat, Dec 30, 2023 at 12:06:56PM +0100, Salvatore Bonaccorso a écrit :
> On Fri, Dec 22, 2023 at 01:28:00PM +0100, David Prévot wrote:
[…]
> > This issue is similar to #1059289 for oldstable.
> >
> > Ano
control: block -1 with 1051989
control: severity 1051989 important
control: severity 1051988 important
Le Sun, Sep 17, 2023 at 07:57:03PM +0530, David Prévot a écrit :
> […] roughly, the
> following end user packages (families) are not yet ready.
>
> civicrm (#1051988)
> kan
Le Fri, Dec 22, 2023 at 01:21:56PM +0100, David Prévot a écrit :
[…]
> [x] attach debdiff against the package in oldstable
For real now (the usual running gag of the missing attachement)… Merry
Christmas.
Cheers.
taffit
diff -Nru spip-3.2.11/debian/changelog spip-3.2.11/debian/change
+deb12u3) bookworm; urgency=medium
+
+ * Backport security fix from 4.1.13
+- fix XSS when calling some templates
+
+ -- David Prévot Thu, 21 Dec 2023 19:24:13 +0100
+
spip (4.1.9+dfsg-1+deb12u2) bookworm; urgency=medium
* Backport security fix from 4.1.11
diff -Nru spip-4.1.9+dfsg/debian
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: s...@packages.debian.org, t...@security.debian.org
Control: affects -1 + src:spip
Another upstream release fixed a security (XSS) issue. The last two
updates of this
Source: libphp-swiftmailer
Version: 6.3.0-3
Severity: important
Control: affects -1 php-mockery
Hi,
The latest (1.6.7-1) php-mockery introduced some deprecations, displayed
during the testsuite of libphp-swiftmailer:
> 2x: shouldNotReceive(), never(), times(0) chaining additional invocation
>
Package: fonts-jetbrains-mono
Severity: wishlist
Control: affects -1 php-symfony-web-profiler-bundle
X-Debbugs-Cc: Debian PHP PEAR Maintainers
Hi!
The php-symfony-web-profiler-bundle package since the recent symfony 6.4
version is shipping JetBrainsMono.woff2. If it can be properly built
from
]
+(Closes: #1057008)
+
+ -- David Prévot Tue, 28 Nov 2023 08:33:28 +0100
+
php-phpseclib3 (3.0.19-1) unstable; urgency=medium
[ Alexander Vlasov ]
diff -Nru php-phpseclib3-3.0.19/debian/control php-phpseclib3-3.0.19/debian/control
--- php-phpseclib3-3.0.19/debian/control 2023-03-06 08:00
Source: ldap-account-manager
Version: 8.5-1
Severity: important
Tags: security
X-Debbugs-Cc: Debian PHP PEAR Maintainers
, Debian Security Team
Hi,
Just noticed via #1057008 and especially [CVE-2023-49316] notes, that
ldap-account-manager includes an insane amount of third party package in
escape their input
+ [CVE-2023-46734] (Closes: #1055774)
+
+ -- David Prévot Sat, 11 Nov 2023 19:09:20 +0100
+
symfony (4.4.19+dfsg-2+deb11u3) bullseye; urgency=medium
* Drop dependency bump.
diff -Nru symfony-4.4.19+dfsg/debian/patches/Mime-regenerate-test-certificates.patch symfony
: #1055774)
+- [Security] Fix possible session fixation when only the *token* changes
+ [CVE-2023-46733] (Closes: #1055775)
+
+ -- David Prévot Sat, 11 Nov 2023 18:59:39 +0100
+
symfony (5.4.23+dfsg-1) unstable; urgency=medium
[ Fabien Potencier ]
diff -Nru symfony-5.4.23+dfsg/debian
Hi,
Le Thu, Oct 24, 2019 at 05:50:50PM +0200, Kurt Roeckx a écrit :
> Package: apache2
> Version: 2.4.38-3
>
> Hi,
>
> I was expecting TLS 1.0 and 1.1 to be disabled
Same here. Four years later, RFC 8996 (Deprecating TLS 1.0 and TLS 1.1)
has been published and most clients have been updated,
Hi,
Le 24/10/2023 à 19:55, Bastian Germann a écrit :
I am uploading a NMU to DELAYED/10 in order to fix this. The changes are
in the git repo and atttached as debdiff.
Thanks a lot! Feel free to reschedule your upload to DELAYED/0.
Regards
taffit
Hi Michael,
First of all thanks a lot for your bug report!
Le Fri, Oct 06, 2023 at 09:11:32AM +0200, Michael Banck a écrit :
> Package: check-patroni
> Version: 1.0.0-1
> Severity: normal
> Tags: patch
>
> Hi,
>
> since version 3.0.4, Patroni displays "streaming" as state if a node is
>
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: php-psr-log-t...@packages.debian.org, Debian PHP PEAR Maintainers
Control: affects -1 + src:php-psr-log-test
Hi,
Seems like I missed that Athos already packaged php-fig-log-test
Source: sphinxcontrib-phpdomain
Version: 0.11.2-2
Severity: wishlist
Hi,
I introduced this package more than ten years ago, and got it removed a
few years after that, so I’m not in a position to actually maintain this
package (I don’t even have write access to the currently declared VCS).
Hi,
> Le 24/06/2023 à 01:29, William Desportes a écrit :
[…]
> Great, #1041982 does not have much blockers anymore, maybe we can schedule
> the transition then.
FYI, we had a workshop during DebConf with Athos in order to try and
determine what other packages (and relevant blockers) need to be
Package: civicrm-common
Version: 5.53.0+dfsg1-1
Severity: normal
X-Debbugs-Cc: Debian PHP PEAR Maintainers
User: pkg-php-p...@lists.alioth.debian.org
Usertags: symfony
Control: affects -1 + src:symfony
Control: blocks 1041982 by -1
Hi,
civicrm-common is declared to be compatible with Symfony 4
Control: clone -1 -2
Control: reassign -2 php-laravel-framework 8.83.26+dfsg-2
Control: retitle -2 Uninstallable with symfony 6: unsatisfiable dependencies
Hi Robin,
Le Wed, Jun 28, 2023 at 03:41:28PM -0300, Athos Ribeiro a écrit :
> Source: php-laravel-lumen-framework
[…]
> We are about to
Hi,
Le 24/06/2023 à 01:29, William Desportes a écrit :
As far as I understand, there was no more change than the composer bump change
needed for phpMyAdmin.
So I could introduce an OR to allow both versions.
That would be nice.
And tests pass you said.
Great, #1041982 does not have much
Hi,
Le Wed, Jun 28, 2023 at 03:41:28PM -0300, Athos Ribeiro a écrit :
> Source: php-laravel-lumen-framework
> Version: 8.3.4-1
[…]
> We are about to start the symfony 6 transition in unstable. During a test
> rebuild, php-laravel-lumen-framework was found to fail to build with symfony
> 6.
Just
Hi James,
Le Wed, Jun 28, 2023 at 03:42:21PM -0300, Athos Ribeiro a écrit :
> Source: php-oscarotero-gettext
> Version: 4.8.7-1
[…]
> We are about to start the symfony 6 transition in unstable. During a test
> rebuild, php-oscarotero-gettext was found to fail to build with symfony 6.
Looking at
Hi,
Le Wed, Jun 28, 2023 at 03:41:55PM -0300, Athos Ribeiro a écrit :
[…]
> Relevant part (hopefully):
> > There were 2 failures:
> >
> > 1)
> > Monolog\Handler\StreamHandlerTest::testWriteNonExistingAndNotCreatablePath
> > with data set "/foo/bar/…" ('/foo/bar/9033/4989')
> > Failed asserting
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
X-Debbugs-Cc: symf...@packages.debian.org, pkg-php-p...@lists.alioth.debian.org
Control: affects -1 + src:symfony
Control: block -1 by 1039731 1039732 1039733 1039734 1039735
Hi,
We’d
Hi,
Le Fri, Jul 14, 2023 at 08:56:36AM +0200, David Prévot a écrit :
> tags 1039747 + patch
> forwarded 1039747
> https://salsa.debian.org/php-team/pear/doctrine/-/merge_requests/1
AFAICT, this change (that I already had locally commited BTW), requires
PHPUnit 10 and breaks under PHPU
+++ spip-3.2.11/debian/changelog 2023-07-08 20:38:26.0 +0200
@@ -1,3 +1,11 @@
+spip (3.2.11-3+deb11u9) bullseye; urgency=medium
+
+ * Backport security fix from 4.1.11
+- use an auth_desensibiliser_session() function to centralize extended
+ authentification data filtering.
+
+ -- David
an auth_desensibiliser_session() function to centralize extended
+ authentification data filtering.
+
+ -- David Prévot Sat, 08 Jul 2023 20:29:04 +0200
+
spip (4.1.9+dfsg-1+deb12u1) bookworm; urgency=medium
[ David Prévot ]
diff -Nru spip-4.1.9+dfsg/debian/patches/0009-security-Utiliser-une
Hi,
Le 29/06/2023 à 00:24, Athos Ribeiro a écrit :
On Wed, Jun 28, 2023 at 10:31:53PM +0100, Adam D. Barratt wrote:
On Wed, 2023-06-28 at 17:57 -0300, Athos Ribeiro wrote:
[…]
Severity: serious
Justification: FTBFS
Tags: trixie sid ftbfs
User: pkg-php-p...@lists.alioth.debian.org
Usertags:
2023-06-11 15:38:54.0 +0200
@@ -1,3 +1,19 @@
+spip (4.1.9+dfsg-1+deb12u1) bookworm; urgency=medium
+
+ [ David Prévot ]
+ * Add CVE to previous changelog entry
+ * Update documented branch
+ * Backport security fixes from 4.1.10
+- Limit recursion depth in protege_champ() function
screen
+- Properly block hidden files in provided htaccess
+- Update security screen to 1.5.3
+
+ -- David Prévot Sun, 11 Jun 2023 15:47:39 +0200
+
spip (3.2.11-3+deb11u7) bullseye-security; urgency=medium
* Backport security fixes from v3.2.18
diff -Nru spip-3.2.11/debian/patches
Le 24/05/2023 à 21:07, David Prévot a écrit :
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: php-finder-fac...@packages.debian.org, Debian PHP PEAR Maintainers
Control: affects -1 + src:php-finder-facade
[ Forgot to add
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: php-doctrine-bun...@packages.debian.org, Debian PHP PEAR
Maintainers
Control: affects -1 + src:php-doctrine-bundle
Hi,
As explained two years ago in #996108, this package is not
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: php-token-str...@packages.debian.org, Debian PHP PEAR Maintainers
Control: affects -1 + src:php-token-stream
Hi,
As explained three years ago in #977802, this package is not used
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: php-finder-fac...@packages.debian.org, Debian PHP PEAR
Maintainers
Control: affects -1 + src:php-finder-facade
signature.asc
Description: PGP signature
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: php-finder-fac...@packages.debian.org, Debian PHP PEAR
Maintainers
Control: affects -1 + src:php-finder-facade
Hi,
As explained three years ago in #977801, this package is not used
Hi Paul,
Thanks for the report.
Le 25/04/2023 à 21:43, Paul Gevers a écrit :
Source: symfony
[…]
Your package has an autopkgtest, great. However, it fails since April
2023.
Meh, between 3 and 19 on Sid and between 11 and 21 on Bookworm.
[…]
Targeted fixes are still welcome.
[…]
7)
Hi,
Le 22/04/2023 à 12:59, David Prévot a écrit :
[…]
[x] attach debdiff against the package in stable
For real now.diff --git a/debian/changelog b/debian/changelog
index bd0b1d7..a0c6ab8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+php-nyholm-psr7 (1.3.2-2
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: php-nyholm-p...@packages.debian.org, t...@security.debian.org
Control: affects -1 + src:php-nyholm-psr7
Hi,
Please note that this request is very similar to
--git a/debian/changelog b/debian/changelog
index 8635876..0093037 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+php-guzzlehttp-psr7 (1.7.0-1+deb11u2) bullseye; urgency=medium
+
+ * Fix improper input validation [CVE-2023-29197] (Closes: #1034581)
+
+ -- David Prévot Sat, 22
Hi Salvatore,
Le 19/04/2023 à 08:33, Salvatore Bonaccorso a écrit :
On Wed, Apr 19, 2023 at 08:29:49AM +0200, Salvatore Bonaccorso wrote:
[…]
FWIW, I do not know (yet) if myholm-psr7 will get a own CVE for it.
php-slim-psr7 did in fact got one (see #1034580).
Okay, actually the project is
Control: -1 unreproducible
Hi,
Thank you for your interest in reporting a bug.
Le 01/04/2023 à 11:01, DorianCoding a écrit :
Package: php-symfony-cache
Version: 5.4.21+dfsg-1
[…]
*** Reporter, please consider answering these questions, where appropriate ***
It would have been nice to
Source: apt-setup
Severity: wishlist
Hi,
Thank you for maintaining d-i!
I may be late to the bookworm party but… It would be nice if d-i could
provide deb822-style sources.list (by default) for newly installed
machines.
Apologies in advance if I missed a duplicate in a more appropriate
module.
Hi,
Le 27/02/2023 à 08:18, David Prévot a écrit :
Le 26/02/2023 à 21:54, Paul Gevers a écrit :
On 08-02-2023 13:53, David Prévot wrote:
[ Tests ]
I didn’t test it thoroughly (I doubt to have much time for at least
another week), but it passes
There are issues with the installability
Hi Paul,
Le 26/02/2023 à 21:54, Paul Gevers a écrit :
On 08-02-2023 13:53, David Prévot wrote:
[ Tests ]
I didn’t test it thoroughly (I doubt to have much time for at least
another week), but it passes
There are issues with the installability of src:symfony packages as can
be seen from
Package: debmirror
Version: 1:2.35+deb11u1
Severity: normal
X-Debbugs-Cc: dpre...@evolix.fr
Hi,
Trying to mirror several suites from extended-lts currently fails with
the following output.
> The directory for a dist should be its codename, not a suite.
> Use --allow-dist-rename to have
Le 08/02/2023 à 13:53, David Prévot a écrit :
Package: release.debian.org
Severity: normal
Tags: bullseye
[…]
[ Tests ]
I didn’t test it thoroughly (I doubt to have much time for at least
another week), but it passes
… its (updated upstream) testsuite at buildtime, which is the same
/Http] Remove CSRF tokens from storage on successful login
+ [CVE-2022-24895]
+
+ -- David Prévot Wed, 01 Feb 2023 19:38:41 +0100
+
symfony (4.4.19+dfsg-2+deb11u1) bullseye; urgency=medium
* Prevent CSV injection via formulas [CVE-2021-41270]
diff -Nru symfony-4.4.19+dfsg/debian/patches
Package: inotify-tools
Version: 3.22.6.0-3
Severity: important
Tags: upstream patch
Hi!
We’ve noticed that fsnotifywait didn’t work as expected: even if the
kernel is notified, fsnotifywait was not. The following upstream commit
actually fixes the issue, I’ve tested it also on a bullseye server
Control: forcemerge 976673 -1
Le 02/02/2023 à 03:14, Tianyu Chen a écrit :
On Wed, Feb 01, 2023 at 10:40:08PM +0100, David Prévot wrote:
[…]
$ dget apt
no repository found in /etc/apt/sources.list or sources.list.d at /usr/bin/dget
line 378.
Is this a duplicate with #976673?
Indeed
Package: devscripts
Version: 2.22.2
Severity: normal
Control: user devscri...@packages.debian.org
Control: usertags -i + dget
Hi,
dget parser assumes one-line-style format of sources.list:
$ dget apt
no repository found in /etc/apt/sources.list or sources.list.d at /usr/bin/dget
line 378.
1 - 100 of 2625 matches
Mail list logo
