Bug#1008032: O: parprouted -- transparent IP (Layer 3) proxy ARP bridging tool

Package: wnpp Severity: normal I'm orphaning all of my packages in Debian because I have decided to retire. The description reads: transparent IP (Layer 3) proxy ARP bridging tool This is useful for creation of transparent firewalls and bridging networks with different MAC protocols. Also,

Bug#1008029: O: dirdiff -- Display and merge changes between two directory trees

Package: wnpp Severity: normal I'm orphaning all of my packages in Debian because I have decided to retire. The description reads: Dirdiff can handle up to 5 trees. It displays a main window with a list of the files which are different between the trees, with colored squares to indicate

Bug#1008027: O: mrtgutils -- Utilities to generate statistics for mrtg

Package: wnpp Severity: normal I'm orphaning all of my packages in Debian because I have decided to retire. MRTGutils is relative low-maintenance package, probably a good choice for a first-package. The description reads: MRTGutils is a collection of simple utilities to generate output useful

Bug#1008007: O: ieee-data -- OUI and IAB listings

Package: wnpp Severity: normal I'm orphaning all of my packages in Debian because I have decided to retire. ieee-data is relative low-maintaince and has a high popcon count. The description reads: Provide the Organizationally Unique Identifier (OUI) and Individual Address Block (IAB)

Bug#1008001: O: davfs2 -- mount a WebDAV resource as a regular file system

Package: wnpp Severity: normal I'm orphaning all of my packages in Debian because I have decided to retire. Davfs2 is a relative popular package that has a very responsive upstream team. The description reads: Web Distributed Authoring and Versioning (WebDAV), an extension to the

Bug#932711: 404 for http://standards.ieee.org/regauth/oui/oui.txt

On 5/24/20 5:56 AM, Stefan Pietsch wrote: > I suppose the bug won't be fixed in Debian 8. NMU are welcomed. RL is keeping me extremely busy right now... /l

Bug#913450: RM: ibmquantumexperience/1.9.2-1

Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm The code in this package now is part of qiskit-terra[1]. Upstream decided to merge it[2]. Therefore, it can be removed from all Debian dists. Thanks, luciano [1]

Bug#912822: ppp-EAP-TLS patch: new version available 1.102

Package: ppp Version: 2.4.5-5.1+deb7u2 Severity: important Tags: upstream patch JJK just released a new version of the ppp-EAP-TLS patch, v1.102, that this package is using. See https://www.nikhef.nl/~janjust/ppp/download.html for details. Patches for 2.4.5, 2.4.6 and 2.4.7 are available.

Bug#907524: [python-guess-language] Support for python 2.7

On 09/09/18 07:31, Tomasz Buchert wrote: > would it be possible to create an official release/download on > bitbucket so that I can pull it? Otherwise I will have to import a > semi-random git hash. That is upstream's call. What do you think spirit? :) Otherwise, the PR was merged in the default

Bug#907524: Support for python 2.7

Source: python-guess-language Version: 0.5.2-4 Severity: normal Tags: patch upstream In an attempt to put w3af back into sid, we need support for Python 2 in guess-language. I opened a PR into upstream with it. Please, take a look

Bug#904895: #904895: standards.ieee.org should be accessed over https

I just uploaded the fix to unstable. In the past, TLS AIA were a problem for some downloaders (IIUC, they should be solved at this point tho): https://bugs.debian.org/783096 I will wait a bit before updating old/stable to catch similar issues. Thanks for your report /luciano

Bug#901412: ITP: ibmquantumexperience -- A Python library for the IBM Quantum Experience API (Python 3)

On 06/12/18 16:55, Guus Sliepen wrote: > If it's a Python 3 library, the package name should have the python3- prefix, > and you > might want to consider naming it (python3-)qiskit instead of > (python3-)ibmquantumexperience. I just realize that python2 is supported too. This is not qiskit, but

Bug#901412: ITP: ibmquantumexperience -- A Python library for the IBM Quantum Experience API (Python 3)

Package: wnpp Severity: wishlist Owner: Luciano Bello * Package name: ibmquantumexperience Version : 1.9.2 Upstream Author : QISKit * URL : https://github.com/QISKit/qiskit-api-py * License : Apache 2.0 Programming Lang: Python Description : A Python

Bug#856928: #856928: Davfs2 cannot write

Hi Spányik, This bug had been tagged with "moreinfo" for a year already. Do you still have the issue? Otherwise, I will close it in some weeks. Thanks! /luciano

Bug#892520: libpodofo: CVE-2018-8000 CVE-2018-8001 CVE-2018-8002

Package: libpodofo X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, the following vulnerabilities were published for libpodofo. CVE-2018-8000[0]: | In PoDoFo 0.9.5, there exists a heap-based buffer overflow | vulnerability in PoDoFo::PdfTokenizer::GetNextToken() in |

Bug#889892: mpv: fix for CVE-2018-6360 breaks youtube playlists

On 2018-02-08 09:01, James Cowgill wrote: > I think the attached patch will fix this (which I have also just > uploaded to unstable). Uploaded. Thanks! /luciano signature.asc Description: OpenPGP digital signature

Bug#888654: mpv: CVE-2018-6360

On 2018-02-03 09:13, James Cowgill wrote: > Unlike the backport for 0.27 which was fairly straightforward, the > backport for 0.23 required significant changes and I ended up rewriting > half of it. This means I am less confident about catching all the cases > to fix this bug. It would be good if

Bug#882620: [CVE-2017-16879] ncurses: Stack-based buffer overflow

Package: ncurses X-Debbugs-CC: t...@security.debian.org secure-testing-t...@lists.alioth.debian.org Severity: grave Tags: security Hi, the following vulnerability was published for ncurses. CVE-2017-16879[0]: | Stack-based buffer overflow in the _nc_write_entry function in | tinfo/write_entry.c

Bug#880994: RFP: qiskit -- Quantum information software kit

Package: wnpp Severity: wishlist * Package name: qiskit Version : 0.3.9 Upstream Author : QISKit Development Team * URL : http://qiskit.org * License : Apache Software License Description : Quantum information software kit The Quantum

Bug#694756: setfacl w/ default ACL doesn't always set set-gid bit in newly created sub-directories

Ok, this bug needs some clarifications: Neal, the original poster [1], refers to a different problem than Julien[2]. The Julien problem looks rooted in the kernel and was reported in a different bug [3]. Anibal, probably the best path of action is to recheck with Neal if his problem is still

Bug#872844: connman: [CVE-2017-12865] stack overflow in dns proxy feature

Package: connman X-Debbugs-CC: t...@security.debian.org secure-testing- t...@lists.alioth.debian.org Severity: grave Version: 1.33-3 Tags: security patch Hi, the following vulnerability was published for connman. CVE-2017-12865[0]: stack overflow in dns proxy feature If you fix the

Bug#872517: ffmpeg: CVE-2017-7206: heap-based buffer over-read in embed libav

Package: ffmpeg X-Debbugs-CC: t...@security.debian.org secure-testing- t...@lists.alioth.debian.org Severity: grave Tags: security Hi, the following vulnerability was published for libav (which is embed in ffmpeg). CVE-2017-7206[0]: | The ff_h2645_extract_rbsp function in libavcodec in libav

Bug#872515: apt: upgrade the binaries for a particular source package

Package: apt Severity: wishlist Hello, The security team releases a DSA when a package is vulnerable, with the recommendation "[...] upgrade your XX packages". The thing is, XX is a source package. The users should be able to upgrade the binaries from XX that are installed in their

Bug#869153: aa-exec is not longer in /usr/sbin and now apparmor is silently scraped

Source: tor Version: 0.2.9.11-1~deb9u1 Severity: important Tags: security patch Hi Peter, I got this report[1] aa-exec is not in /usr/sbin anymore, at least not in every arch [2]. Cheers, luciano [1] https://twitter.com/pissquark/status/888142796414226432 [2]

Bug#848698: RFS: imagemagick/8:6.9.7.0+dfsg-1 [RC,Security][experimental]

I will upload it today/tomorrow. /l

Bug#817175: ITP: how2 -- stackoverflow from the terminal

Hi Ondřej, Do you still need a sponsor for this? Cheers, luciano

Bug#846017: jessie-pu: package ieee-data/20150531.1~deb8u1

/debian/changelog 2016-11-27 14:21:34.0 -0500 @@ -1,3 +1,9 @@ +ieee-data (20150531.1~deb8u2) stable; urgency=high + + * Crontab update disable. Closes: #826104 + + -- Luciano Bello <luci...@debian.org> Sun, 27 Nov 2016 14:21:34 -0500 + ieee-data (20150531.1~deb8u1) stable; urgency=

Bug#838249: RM: python-pypdf -- ROM; It was replaced by python-pypdf2

On Friday, 14 October 2016 08:47:13 EST Scott Kitterman wrote: > There is also rst2pdf (it's a reverse build-depends). Please remove the > moreinfo tag once it's fixed. Done. See #840801 Thanks! /luciano

Bug#840801: python-pypdf is deprecated

On Saturday, 26 November 2016 16:53:56 EST Elena ``of Valhalla'' wrote: > If you can sponsor me the upload is already ready in git (including > s/UNRELEASED/unstable/ in changelog, done this afternoon). uploading! Thanks Elena! /l

Bug#840801: python-pypdf is deprecated

On Sunday, 30 October 2016 00:02:18 EST Elena ``of Valhalla'' wrote: > Ok, from the delay in the answer I'm assuming that it's ok to delay > a few other days (I won't have time for it this long weekend) and then > I'll submit the package to my usual sponsor. Any news here? Do you prefer a NMU? I

Bug#845308: Sponsoring imagemagick/8:6.8.9.9-5+deb8u6

On Friday, 25 November 2016 17:42:13 EST Bastien Roucaries wrote: > Can i add a newer patch fixing the last cve ? Do you think you can upload it for tomorrow? Let me unroll everything on this end (I already asked for a DSA id, but I think I can put it back). Let me know if you can upload to

Bug#845308: Sponsoring imagemagick/8:6.8.9.9-5+deb8u6

Hi, I will sponsor imagemagick/8:6.8.9.9-5+deb8u6 and release the DSA. Thanks for you effort of keeping imagemagick secure! /luciano

Bug#844121: Remote crash in MaraDNS 2.0.13

Source: maradns Severity: grave Version: 2.0.13-1.2 Tags: security upstream Hi, The following vulnerability was published for MaraDNS: http://seclists.org/oss-sec/2016/q4/411 No CVE is was assigned yet, but the request was made in that thread. If you fix the vulnerability please also make sure

Bug#840801: python-pypdf is deprecated

On Sunday, 30 October 2016 00:02:18 EDT Elena ``of Valhalla'' wrote: > Ok, from the delay in the answer I'm assuming that it's ok to delay > a few other days (I won't have time for it this long weekend) and then > I'll submit the package to my usual sponsor. Great! Thanks a lot! /luciano

Bug#840801: python-pypdf is deprecated

Hi Elena, pypdf2 worked fine with other users of pypdf and should be fully compatible. See: bookletimposer: #763974 kraft: #763980 pdfposter: #763977 pdfshuffle: #763973 pisa: #763981 w3af: #763975 I really really would like to remove pypdf asap. I think is worthy to upload a new version

Bug#840801: python-pypdf is deprecated

Package: rst2pdf Severity: normal Please, consider depend on python-pypdf2 instead of python-pypdf. Upstream says: " I've stopped maintaining pyPdf, and a company named Phaseit has forked the project and continued development and maintenance with my blessing as pyPdf2 (

Bug#838249: RM: python-pypdf -- ROM; It was replaced by python-pypdf2

Package: ftp.debian.org Severity: normal Hi there, python-pypdf was replaced by python-pypdf2. The reverse dependencies had been patched for that porpoise already: bookletimposer: #763974 kraft: #763980 pdfposter: #763977 pdfshuffle: #763973 pisa: #763981 w3af: #763975 Thanks! /luciano

Bug#838248: unadf: CVE-2016-1243 and CVE-2016-1244

Source: unadf Version: 0.7.11a-3 Severity: important Tags: security patch Hi, Tuomas Räsänen discovered the following vulnerabilities for unadf. CVE-2016-1243[0]: stack buffer overflow caused by blindly trusting on pathname lengths of archived files. CVE-2016-1244[1]: execution of unsanitized

Bug#835111: ITP: python-watson-developer-cloud -- Client library to use the IBM Watson Services

Package: wnpp Severity: wishlist * Package name: python-watson-developer-cloud Version : 0.18.0 Upstream Author : Jeffrey Stylos * URL : https://pypi.python.org/pypi/watson-developer-cloud * License : Apache 2.0 Programming Lang: Python

Bug#835112: ITP: python-watson-developer-cloud -- Client library to use the IBM Watson Services

Package: wnpp Severity: wishlist * Package name: python-watson-developer-cloud Version : 0.18.0 Upstream Author : Jeffrey Stylos * URL : https://pypi.python.org/pypi/watson-developer-cloud * License : Apache 2.0 Programming Lang: Python

Bug#763980: [patch] python-pypdf is deprecated

nmu-ed, with 15 days delay. /l

Bug#763980: [patch] python-pypdf is deprecated

nmu-ed, with 15 days delay. /l

Bug#831635: RFP: touchandgo -- Touchandgo is a CLI application and python library to download and stream torrents

Package: wnpp Severity: wishlist * Package name: touchandgo Version : 0.12 Upstream Author : Felipe Lerena and Nicolás Demarci * URL : https://github.com/touchandgo-devs/touchandgo * License : GPL Programming

Bug#761083: #761083 - debsources: inject binary packages metadata into the DB

On Friday 24 June 2016 16.41.57 Raphael Hertzog wrote: > I thought the same when I saw this report... and the reason is likely that > the tracker has almost no REST API at all right now and that it thus looked > harder to implement there. Indeed. That's the reason :) /l

Bug#763980: [patch] python-pypdf is deprecated

here is the patch. I would really love to remove python-pypdf. Shall I NMU? /ldiff -Naur kraft-0.59.orig/debian/control kraft-0.59/debian/control --- kraft-0.59.orig/debian/control 2016-06-09 13:52:42.929484554 +0200 +++ kraft-0.59/debian/control 2016-06-09 13:58:20.962913229 +0200 @@ -21,7 +21,7

Bug#826845: RFP: texttop -- A fully interactive X Linux desktop rendered in TTY and streamable over SSH

Package: wnpp Severity: wishlist * Package name : texttop Version : 0.0 Upstream Author : Thomas Buckley-Houston * URL : https://github.com/tombh/texttop * License : GPLv3 Description : Texttop is simply a way to have the power of a remote server running a desktop, but interfaced through the

Bug#761083: #761083 - debsources: inject binary packages metadata into the DB

In the security team we would like to give information about which packages you should update when we release a DSA (currently, we give to the user the source package name). It would be easier for us if we have a way to get the binaries for packages in (old)stable. Sources.d.n is the way to go,

Bug#826775: RFP: texttop -- A fully interactive X Linux desktop rendered in TTY and streamable over SSH

Package: wnpp Severity: wishlist * Package name : texttop Version : 0.0 Upstream Author : Thomas Buckley-Houston * URL : https://github.com/tombh/texttop * License : GPLv3 Description : Texttop is simply a way to have the power of a remote server running a desktop, but interfaced through the

Bug#763974: [patch] python-pypdf is deprecated

here is the patch. I would really love to remove python-pypdf. Shall I NMU? /l--- a/lib/pdfimposer.py +++ b/lib/pdfimposer.py @@ -53,9 +53,7 @@ import sys import os import types -import pyPdf -import pyPdf.generic -import pyPdf.pdf +import PyPDF2 as pyPdf # XXX: Fix these translatable

Bug#826104: ieee-data: standards-oui.ieee.org is unavailable on the 1st of the month

On Thursday 02 June 2016 11.34.52 Geert Lorang wrote: > So it looks like standards.ieee.org is being DoS'd every 1st of the month, not > unlikely if all Debian systems connect on the same day at the same time to > standards.ieee.org ? Thanks for the heads-up on this. Probably I will disable the

Bug#825799: [Pkg-gmagick-im-team] Bug#825799: imagemagick: CVE-2016-5118

On Wednesday 01 June 2016 01.26.17 Emilio Pozuelo Monfort wrote: > I haven't had the time to look at jessie but the change should be similar. I just released DSA 3591-1 to fix jessie. > @maintainers: Would you like to upload this fix yourself or want me to do it? > Just for wheezy/jessie or

Bug#792806: jessie-pu: package ieee-data/20150531.1

On Saturday 19 December 2015 19.39.26 Adam D. Barratt wrote: > That's not quite what you meant. :-) The reversed diff looks okay, other > than the version should be 20150531.1~deb8u1, please. With that change, > feel free to upload. done! thanks for your help and patience. /l

Bug#806394: Update the homepage

Package: medusa Severity: normal Note to myself. Update the website homepage to http://foofus.net/?page_id=51 /luciano

Bug#792806: jessie-pu: package ieee-data/20150531.1

Package: release.debian.org User: release.debian@packages.debian.org Usertags: pu Tags: jessie Severity: normal Following the recommendation from https://bugs.debian.org/783096 /luciano -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (990, 'unstable'),

Bug#783096: ieee-data: update-oui fails every time because standards.ieee.org uses TLS AIA instead of intermediate certs

On Saturday 30 May 2015 23.17.42 Luciano Bello wrote: The two possible options are: - include the certificate (--ca-certificate=) in the package. - disable SSL for that file. Oh, just noticed that affects all files (obviously). Remove the last option and replace it by - do not use wget

Bug#783096: ieee-data: update-oui fails every time because standards.ieee.org uses TLS AIA instead of intermediate certs

Hi, The two possible options are: - include the certificate (--ca-certificate=) in the package. - disable SSL for that file. What do you think is the best? /luciano signature.asc Description: This is a digitally signed message part.

Bug#778403: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability

On Tuesday 24 February 2015 23.24.25 Ola Lundqvist wrote: There could be really rare cases when some unprivileged user create a configuration file and then someone else use that configuration file to start the vnc server, but in that case the configuration file have to be pointed out

Bug#778410: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability

On Sunday 15 February 2015 19.57.22 Ralf Treinen wrote: I have to admit that my C is a bit rusty, so I cannot verify myself that the C pointer gymnastics in the patch is correct. Please do (Luciano, or someone else from the security team) send me a *signed* email to confirm that the patch is

Bug#778408: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability

Package: newlib Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the

Bug#778391: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability

Package: llvm-toolchain-3.4 Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at

Bug#778401: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability

Package: knews Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the

Bug#778404: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability

Package: ptlib Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the

Bug#778389: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability

Package: php5 Severity: important Tags: security The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the reason

Bug#778398: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability

Package: openrpt Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the

Bug#778414: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability

Package: efl Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the

Bug#778396: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability

Package: cups Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the

Bug#778397: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability

Package: librcsb-core-wrapper Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code

Bug#778394: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability

Package: llvm-toolchain-snapshot Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected

Bug#778395: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability

Package: haskell-regex-posix Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at

Bug#778403: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability

Package: vnc4 Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the

Bug#778406: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability

Package: clamav Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the

Bug#778411: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability

Package: sma Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the

Bug#778410: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability

Package: yap Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the

Bug#778390: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability

Package: olsrd Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the

Bug#778392: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability

Package: llvm-toolchain-3.5 Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at

Bug#778393: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability

Package: llvm-toolchain-3.6 Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at

Bug#778399: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability

Package: z88dk Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the

Bug#778402: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability

Package: radare2 Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the

Bug#778409: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability

Package: vigor Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the

Bug#778412: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability

Package: nvi Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the

Bug#778413: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability

Package: alpine Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the

Bug#749321: Poor transition path

On Sat, 27 Sep 2014 14:07:18 +0200 =?UTF-8?B?SmVyZW15IExhaW7DqQ==?= jeremy.la...@m4x.org wrote: I think the transition to pypdf2 was handled rather poorly. This issue manage to make the way up in my ToDo list this week, after way too much time. I'm sorry for the long delay. Since I'm a bit

Bug#774211: freeze exception for binutils 2.25-3

Hi guys, https://sourceware.org/bugzilla/show_bug.cgi?id=17512 is still growing, and porting all the patches to 2.24.90.20141023-1 is getting less and less trivial. If you short the distance with the upstream version, that will put a lot of work of the security-team off :) Thanks for your

Bug#777312: nmu (for stable): vlc (and mplayer?)

Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu Dear release team, I just dak-installed liblivemedia_2012.05.17-1+wheezy1 to release a DSA announcing fix for was recently updated in wheezy-security and wheezy-p-u to fix CVE-2013-6933.

Bug#776922: [CVE-2015-1419] Unspecified vulnerability in vsftp 3.0.2 and earlier allows remote ...

Package: vsftpd Version: 3.0.2-17 Severity: important Tags: security upstream Hi there, The following vulnerability was published http://seclists.org/oss-sec/2015/q1/389 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities Exposures) id in your

Bug#718362: Link to the documentation

For the record, here is the link to the documentation about this situation: http://security-team.debian.org/security_tracker.html#packages-in-experimental-only Cheers, luciano -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact

Bug#718362: workaround to #718362 (tracker/data/unknown-packages)

Hi, These two scripts might help as a workaround. This one uses sources.debian.net ./unknown-packages.py | grep WAT and this one packages.qa.debian.org ./unknown-packages-pts.py | grep WAT I think the tracker does not depend on any external elements now. Does it make sense to include

Bug#766962: quassel: diff for NMU version 0.10.0-2.1

On Sunday 02 November 2014 19.35.34 Salvatore Bonaccorso wrote: Note that Luciano Bello is planning to release a DSA for wheezy-security too. DSA released: https://lists.debian.org/debian-security-announce/2014/msg00251.html Cheers, luciano signature.asc Description: This is a digitally

Bug#765533: dependency libmimic is RM candidate

Package: gst-plugins-bad0.10 Severity: important After some discussion in the pkg-gstreamer-maintainers mailing list, I think it is a better to handle this issue as a bug :) For reference: - https://bugs.debian.org/759288 -

Bug#765534: dependency libmimic is RM candidate

Package: gst-plugins-bad1.0 Severity: important After some discussion in the pkg-gstreamer-maintainers mailing list, I think it is a better to handle this issue as a bug :) For reference: - https://bugs.debian.org/759288 -

Bug#763973: python-pypdf is deprecated

Package: pdfshuffler Severity: normal Please, consider depend on python-pypdf2 instead of python-pypdf. Upstream says: I've stopped maintaining pyPdf, and a company named Phaseit has forked the project and continued development and maintenance with my blessing as pyPdf2 (

Bug#763974: python-pypdf is deprecated

Package: bookletimposer Severity: normal Please, consider to depend on python-pypdf2 instead of python-pypdf. Upstream says: I've stopped maintaining pyPdf, and a company named Phaseit has forked the project and continued development and maintenance with my blessing as pyPdf2 (

Bug#763977: python-pypdf is deprecated

Package: pdfposter Severity: normal Please, consider to depend on python-pypdf2 instead of python-pypdf. Upstream says: I've stopped maintaining pyPdf, and a company named Phaseit has forked the project and continued development and maintenance with my blessing as pyPdf2 (

Bug#763976: python-pypdf is deprecated

Package: pdfshuffler Severity: normal Please, consider to depend on python-pypdf2 instead of python-pypdf. Upstream says: I've stopped maintaining pyPdf, and a company named Phaseit has forked the project and continued development and maintenance with my blessing as pyPdf2 (

Bug#763975: python-pypdf is deprecated

Package: w3af-console Severity: normal Please, consider to depend on python-pypdf2 instead of python-pypdf. Upstream says: I've stopped maintaining pyPdf, and a company named Phaseit has forked the project and continued development and maintenance with my blessing as pyPdf2 (

Bug#763979: python-pypdf is deprecated

Package: calibre Severity: normal Please, consider to depend on python-pypdf2 instead of python-pypdf. Upstream says: I've stopped maintaining pyPdf, and a company named Phaseit has forked the project and continued development and maintenance with my blessing as pyPdf2 (

Bug#763981: python-pypdf is deprecated

Package: python-pisa Severity: normal Please, consider to depend on python-pypdf2 instead of python-pypdf. Upstream says: I've stopped maintaining pyPdf, and a company named Phaseit has forked the project and continued development and maintenance with my blessing as pyPdf2 (

Bug#763980: python-pypdf is deprecated

Package: kraft Severity: normal Please, consider to depend on python-pypdf2 instead of python-pypdf. Upstream says: I've stopped maintaining pyPdf, and a company named Phaseit has forked the project and continued development and maintenance with my blessing as pyPdf2 (

Bug#762739: [CVE-2013-0334] Ruby dependency manager Bundler may install gems from a different source than expected

Package: bundler Version: 1.1.4-6 Severity: important Tags: security upstream patch fixed-upstream Hi there, the following vulnerability was published for bundler: CVE-2013-0334: Ruby dependency manager Bundler may install gems from a different source than expected If you fix the

Bug#762745: [CVE-2014-6051 to CVE-2014-6055] Multiple issues in libVNCserver

Package: libvncserver Severity: important Tags: security Hi there, the following vulnerabilities were published for libVNCserver: CVE-2014-6051 Integer overflow in MallocFrameBuffer() on client side. CVE-2014-6052 Lack of malloc() return value checking on client side. CVE-2014-6053 Server

  1   2   3   4   >