Hi Antonio,
On Sun, Sep 10, 2023 at 01:05:31PM +0200, Antonio Radici wrote:
> On Sat, Sep 09, 2023 at 10:23:32PM +0200, Salvatore Bonaccorso wrote:
> > Source: mutt
> > Version: 2.2.9-1
> > Severity: grave
> > Tags: security upstream
> > Justification: user se
Control: tags -1 + moreinfo
Hi
On Sun, Sep 10, 2023 at 10:38:45AM +0200, Timo Sigurdsson wrote:
> Package: linux
> Version: 6.1.52-1
> Severity: grave
>
> Dear Maintainers,
>
> linux-image-6.1.0-12-amd64 causes a serious regression in nftables.
> After upgrading one of my machines, nftables
Source: mutt
Version: 2.2.9-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for mutt.
CVE-2023-4874[0]:
| Null pointer dereference when viewing a specially crafted
Hi,
Thanks for the report.
On Sat, Sep 09, 2023 at 12:38:21PM +0100, Tj wrote:
> Source: linux
> Severity: normal
>
> Working with a Debian user in Matrix channel #Debian where they report
> that the TPM hardware random number generator that was available in
> v5.10* series is missing from
Source: redis
Version: 5:7.0.12-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for redis.
CVE-2023-41053[0]:
| Redis is an in-memory database that persists on disk. Redis does not
| correctly
Source: lua-http
Version: 0.4-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for lua-http.
CVE-2023-4540[0]:
| Improper Handling of Exceptional Conditions vulnerability in
| Daurnimator lua-http
Source: salt
Version: 3004.1+dfsg-2.2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for salt.
CVE-2023-20897[0]:
| Salt masters prior to 3005.2 or 3006.2 contain a
Source: axis
Version: 1.4-28
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for axis.
CVE-2023-40743[0]:
| ** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in
| an application, it
Source: trafficserver
Source-Version: 9.2.2+ds-1
This fixes #1043430.
On Tue, Sep 05, 2023 at 12:22:05PM +, Debian FTP Masters wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Format: 1.8
> Date: Mon, 04 Sep 2023 16:38:33 +0200
> Source: trafficserver
> Architecture: source
>
Source: linux
Version: 6.5~rc4-1~exp1
Severity: serious
Tags: ftbfs
Justification: FTBFS
X-Debbugs-Cc: car...@debian.org
linux/6.5~rc4-1~exp1 onwards in experimental FTBFS for s390x:
https://buildd.debian.org/status/fetch.php?pkg=linux=s390x=6.5%7Erc4-1%7Eexp1=1691173177=0
Regards,
Salvatore
Source: timg
Version: 1.4.5-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/hzeller/timg/issues/115
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for timg.
CVE-2023-40968[0]:
| Buffer Overflow vulnerability in
Source: libxml2
Version: 2.9.14+dfsg-1.3
Severity: important
Tags: security upstream
Forwarded: https://gitlab.gnome.org/GNOME/libxml2/-/issues/535
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libxml2.
CVE-2023-39615[0]:
| Xmlsoft
Source: shiro
Version: 1.3.2-5
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for shiro.
CVE-2023-34478[0]:
| Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to
| a path traversal
Control: tags -1 + upstream
On Sat, Sep 02, 2023 at 12:49:35PM +0100, James Youngman wrote:
> Package: nfs-common
> Version: 1:2.6.2-4
> Severity: minor
> Tags: patch
>
> There is a spurious phrase "mount option" at the beginning of the
> EXAMPLES section.
>
> This patch fixes it:
Can you
Source: linux
Source-Version: 6.4.13-1
Hi
On Sun, Sep 03, 2023 at 10:20:15PM +0800, Mad Horse wrote:
> The fix
> https://patchwork.freedesktop.org/patch/msgid/20230804084600.1005818-1-jani.nik...@intel.com
> has been merged to upstream and backported to 6.4.13, so it is
> available in
Source: borgbackup
Source-Version: (1.2.6-2
- Forwarded message from Debian FTP Masters
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Fri, 01 Sep 2023 14:37:27 +0200
Source: borgbackup
Built-For-Profiles: noudeb
Architecture: source
Version: 1.2.6-2
Distribution:
Source: php8.2
Source-Version: 8.2.10-1
This upload fixes as well #1043477, tracking bug for CVE-2023-3823 and
CVE-2023-3824.
- Forwarded message from Debian FTP Masters
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sat, 02 Sep 2023 08:31:05 +0200
Source: php8.2
Source: rust-vm-memory
Version: 0.12.0-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for rust-vm-memory.
CVE-2023-41051[0]:
| In a typical Virtual Machine Monitor (VMM) there are several
|
Source: libtommath
Version: 1.2.0-6
Severity: important
Tags: security upstream
Forwarded: https://github.com/libtom/libtommath/pull/546
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libtommath.
CVE-2023-36328[0]:
| Integer Overflow
Source: shadow
Version: 1:4.13+dfsg1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1:4.8.1-1
Hi,
The following vulnerability was published for shadow.
CVE-2023-4641[0]:
| gpasswd(1) password leak
If you fix the
Source: xrdp
Version: 0.9.21.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for xrdp.
CVE-2023-40184[0]:
| xrdp is an open source remote desktop protocol (RDP) server. In
| versions prior to
Source: rails
Version: 2:6.1.7.3+dfsg-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for rails.
CVE-2023-28362[0]:
| Possible XSS via User Supplied Values to redirect_to
If you fix the
Source: rails
Version: 2:6.1.7.3+dfsg-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for rails.
CVE-2023-38037[0]:
Active Support Possibly Discloses Locally Encrypted Files
If you fix the
Source: open-vm-tools
Version: 2:12.2.5-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for open-vm-tools.
CVE-2023-20900[0]:
| VMware Tools contains a SAML token signature bypass vulnerability. A
Source: borgbackup
Version: 1.2.5-4
Severity: normal
X-Debbugs-Cc: car...@debian.org
Hi Gianfranco
Thanks for adding a note in NEWS.Debian file for the compact and
CVE-2023-36811. Unfortunately the NEWS.Debian file is tough not
installed by dh_installchangelogs because it searches by default
Source: borgbackup
Version: 1.2.5-1
Severity: normal
X-Debbugs-Cc: car...@debian.org, t...@security.debian.org
Control: clone -1 -2
Control: reassign -2 release-notes
Hi
borgbackup/1.2.5-1 contained a fix for CVE-2023-36811. But
additionally to the package upgrades, users need to follow the
Control: tags -1 + moreinfo
On Tue, Aug 22, 2023 at 03:45:08PM +0200, Stijn Segers wrote:
> Package: linux-image-6.1.0-11-amd64
> Version: 6.1.38-4
>
> Using kernel linux-image-6.1.0-11-amd64, my Windows 10 VM loses network
> connectivity. Linux VMs still work (tested with an Xubuntu 23.04 and
Hi,
On Sun, Aug 13, 2023 at 02:12:34PM +0200, Salvatore Bonaccorso wrote:
> Source: ovn
> Version: 23.03.0-1
> Severity: important
> Tags: security upstream
> Forwarded: https://github.com/ovn-org/ovn/issues/198
> X-Debbugs-Cc: car...@debian.org, Debian Securit
Source: python-pyramid
Version: 2.0+dfsg-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for python-pyramid.
CVE-2023-40587[0]:
| Pyramid is an open source Python web framework. A path traversal
|
Source: nodejs
Version: 18.13.0+dfsg1-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for nodejs.
CVE-2023-32002[0]:
| The use of `Module._load()` can bypass the
Hi Simon,
On Sat, Aug 19, 2023 at 06:57:30PM +0200, Salvatore Bonaccorso wrote:
> Hi Simon,
>
> On Sun, Jul 30, 2023 at 09:48:57PM +0100, Simon McVittie wrote:
> > On Sun, 30 Jul 2023 at 22:04:24 +0200, Salvatore Bonaccorso wrote:
> > > For bullseye I think we should
Source: prometheus-alertmanager
Source-Version: 0.26.0+ds-1
On Sat, Aug 26, 2023 at 04:06:58PM +, Debian FTP Masters wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Format: 1.8
> Date: Sat, 26 Aug 2023 15:50:44 +
> Source: prometheus-alertmanager
> Architecture: source
>
Hi Martin,
On Sun, Aug 13, 2023 at 11:27:57AM +0100, Martin Johnson wrote:
> Package: linux-image
>
> Version: 6.1.0-11-amd64
>
> When latest Debian kernel is installed it is causing a problem with KVM
> virtual machine and the current version of QEMU on Bookworm. This is when
> swtpm is used
Source: cairosvg
Version: 2.5.2-1.1
Severity: important
Tags: upstream fixed-upstream
Forwarded: https://github.com/Kozea/CairoSVG/issues/383
X-Debbugs-Cc: Joe Burmeister , car...@debian.org
Control: done -1 2.7.1-1
Control: found -1 2.5.0-1.1+deb11u1
Control: affects +
Source: gerbv
Version: 2.9.8-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/gerbv/gerbv/issues/191
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for gerbv.
CVE-2023-4508[0]:
| A user able to control file input
Source: prometheus-alertmanager
Version: 0.25.0+ds-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for prometheus-alertmanager.
CVE-2023-40577[0]:
| Alertmanager handles alerts sent by client
Control: tags -1 + fixed-upstream
On Sat, Aug 05, 2023 at 12:40:24PM +0200, Diederik de Haas wrote:
> Control: forwarded -1
> https://lore.kernel.org/dri-devel/20be6650-5db3-b72a-a7a8-5e817113c...@kravcenko.com/
>
> https://lore.kernel.org/dri-devel/20230805101813.2603989-1-kher...@redhat.com/
Control: tags -1 + moreinfo
Hi Guido,
On Wed, Aug 16, 2023 at 03:34:45PM +0200, Guido Berhoerster wrote:
> Package: linux-image-6.1.0-10-amd64
> Version: 6.1.38-2
>
> rename(2) on a symlink on an overlayfs where the lower filesystem is NFS
> fails with ENXIO.
>
> It can be reproduced as
Source: rust-webpki
Version: 0.22.0-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi
Please see https://rustsec.org/advisories/RUSTSEC-2023-0052.html .
FWIW, there is a fix in the rustls-webpki is a fork, which
Source: rust-rustls-webpki
Version: 0.101.3-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi
Please see https://rustsec.org/advisories/RUSTSEC-2023-0053.html .
Regards,
Salvatore
Source: qemu
Version: 1:8.0.4+dfsg-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for qemu.
CVE-2023-4135[0]:
| A heap out-of-bounds memory read flaw was found in the virtual nvme
| device in
Source: qemu
Version: 1:8.0.4+dfsg-1
Severity: important
Tags: security upstream
Forwarded: https://gitlab.com/qemu-project/qemu/-/issues/1815
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for qemu.
CVE-2023-40360[0]:
| QEMU through 8.0.4
Source: faad2
Version: 2.10.1-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/knik0/faad2/issues/173
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for faad2.
CVE-2023-38858[0]:
| Buffer Overflow vulnerability
Source: faad2
Version: 2.10.1-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/knik0/faad2/issues/171
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for faad2.
CVE-2023-38857[0]:
| Buffer Overflow vulnerability
Hi Simon,
On Sun, Jul 30, 2023 at 09:48:57PM +0100, Simon McVittie wrote:
> On Sun, 30 Jul 2023 at 22:04:24 +0200, Salvatore Bonaccorso wrote:
> > For bullseye I think we should simply pick the upstream commit?
>
> Yes: we didn't keep up with upstream 2.50.x so there are a bunch
Hi,
On Sat, Aug 19, 2023 at 10:04:40PM +0900, YOKOTA Hiroshi wrote:
> Package: unrar
> Version: 1:6.0.3-1+deb11u1
> Severity: normal
> X-Debbugs-Cc: yokota.h...@gmail.com, a...@debian.org, t...@security.debian.org
>
>
> CVE-2022-48579 was fixed at unrar-nonfree/1:5.6.6-1+deb10u2 in Debian 10
>
Source: puma
Version: 5.6.5-4
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 6.0.2-1
Hi,
The following vulnerability was published for puma.
CVE-2023-40175[0]:
| Puma is a Ruby/Rack web server built for parallelism. Prior to
Hi Santiago,
On Sat, Aug 19, 2023 at 02:23:03PM +0200, Santiago Vila wrote:
> Thanks for the report.
>
> I'm going to apply the two patches which Petr Písař
> has recently posted in Savannah.
Thanks!
> After that: Should I prepare packages for security
> (stable and oldstable) for you to
and Breaks against
+libesmtp5 (<< 1.0.6-1~) (Closes: #1043058)
+
+ -- Salvatore Bonaccorso Sat, 19 Aug 2023 12:04:32 +0200
+
libesmtp (1.1.0-3) unstable; urgency=medium
* debian: Clean up build environment
diff -Nru libesmtp-1.1.0/debian/control libesmtp-1.1.0/debian/c
Hi
Disclaimer, not the maintainer here, but maintainer of a package which
would get autoremoved.
On Sat, Aug 05, 2023 at 02:17:53PM +0200, Andreas Beckmann wrote:
> Package: libesmtp6
> Version: 1.1.0-3
> Severity: serious
> User: debian...@lists.debian.org
> Usertags: piuparts
Source: clamav
Version: 1.0.1+dfsg-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 0.103.8+dfsg-0+deb11u1
Hi,
The following vulnerabilities were published for clamav.
CVE-2023-20197[0]:
| A vulnerability in the filesystem
Hi Martin,
On Thu, Aug 17, 2023 at 05:10:44PM +0100, Martin Johnson wrote:
> Hi Salvadore,
>
> Thanks for getting in contact regarding this issue,
>
> Yes I did mean to reference the two bugzilla entries, since it seems to be
> the same patch that's causing issues with the emulated TPM, at
Control: tags -1 + moreinfo upstream
Hi Martin,
On Wed, Aug 16, 2023 at 07:16:58PM +0100, Martin Johnson wrote:
> Package: linux-image-amd64
>
> Version: 6.1.0-11-amd64
>
> Update of this recent issue - I might not have specified the package
> correctly, sorry for that - its the first bug I
Hi Guillem,
Nice to read from you.
On Thu, Aug 17, 2023 at 01:19:34AM +0200, Guillem Jover wrote:
> Hi!
>
> On Mon, 2023-08-14 at 20:42:10 +0200, Salvatore Bonaccorso wrote:
> > Source: inetutils
> > Version: 2:2.4-2
> > Severity: important
> > Tags: securi
Source: efibootguard
Source-Version: 0.15-1
On Wed, Aug 16, 2023 at 10:20:07AM +, Debian FTP Masters wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Format: 1.8
> Date: Mon, 14 Aug 2023 16:59:53 +0200
> Source: efibootguard
> Architecture: source
> Version: 0.15-1
>
Source: gst-plugins-ugly1.0
Source-Version: 1.22.5-1
On Tue, Aug 15, 2023 at 03:06:19PM +, Debian FTP Masters wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Format: 1.8
> Date: Tue, 15 Aug 2023 10:46:22 -0400
> Source: gst-plugins-ugly1.0
> Built-For-Profiles: noudeb
>
Hi Adam,
On Tue, Aug 15, 2023 at 10:48:35PM +0200, Salvatore Bonaccorso wrote:
> Control: tags -1 + upstream
>
> Hi Adam,
>
> On Tue, Aug 15, 2023 at 10:06:16PM +0200, Salvatore Bonaccorso wrote:
> > Hi Adam,
> >
> > On Tue, Aug 15, 2023 at 09:37:36PM
Control: tags -1 + upstream
Hi Adam,
On Tue, Aug 15, 2023 at 10:06:16PM +0200, Salvatore Bonaccorso wrote:
> Hi Adam,
>
> On Tue, Aug 15, 2023 at 09:37:36PM +0200, Salvatore Bonaccorso wrote:
> > Control: tags -1 + confirmed
> >
> > Hi Adam,
> >
> > O
Hi Adam,
On Tue, Aug 15, 2023 at 09:37:36PM +0200, Salvatore Bonaccorso wrote:
> Control: tags -1 + confirmed
>
> Hi Adam,
>
> On Tue, Aug 15, 2023 at 06:26:59PM +0100, Adam D. Barratt wrote:
> > On Sun, 2023-08-13 at 18:21 +0100, Adam D. Barratt wrote:
> > > Sinc
Control: tags -1 + confirmed
Hi Adam,
On Tue, Aug 15, 2023 at 06:26:59PM +0100, Adam D. Barratt wrote:
> On Sun, 2023-08-13 at 18:21 +0100, Adam D. Barratt wrote:
> > Since the kernels on both the host and guests were upgraded to
> > 5.10.179-5 (from 5.10.179-3), the guests on one of our Ganeti
Source: efibootguard
Version: 0.13-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for efibootguard.
CVE-2023-39950[0]:
| efibootguard is a simple UEFI boot loader with support for safely
|
Control: tags -1 - moreinfo
Hi,
On Mon, Aug 14, 2023 at 09:18:02AM +0800, Mad Horse wrote:
> > Control: tags -1 + moreinfo
> >
> > Hi
> >
> > On Wed, Aug 09, 2023 at 11:26:01AM +0800, Mad Horse wrote:
> >> The bug has been reported to upstream (
> >>
Source: indent
Version: 2.2.13-2
Severity: important
Tags: security upstream
Forwarded: https://savannah.gnu.org/bugs/index.php?64503
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 2.2.12-4+deb12u1
Control: found -1 2.2.12-1
Hi,
The following vulnerability was published
Source: inetutils
Version: 2:2.4-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for inetutils.
CVE-2023-40303[0]:
| GNU inetutils through 2.4 may allow privilege escalation because of
| unchecked
Control: tags -1 + moreinfo
Hi,
On Sun, Aug 06, 2023 at 05:08:08PM +0200, наб wrote:
> Package: src:linux
> Version: 6.3.11-1
> Severity: normal
>
> Dear Maintainer,
>
> On boot I get:
> -- >8 --
> Aug 06 14:49:47 szarotka kernel: [ cut here ]
> Aug 06 14:49:47 szarotka
Control: tags -1 + moreinfo
Hi
On Wed, Aug 09, 2023 at 11:26:01AM +0800, Mad Horse wrote:
> The bug has been reported to upstream (
> https://gitlab.freedesktop.org/drm/intel/-/issues/8991 ), and a fix
> is available there, though it may need backport.
Were you able to confirm that the upstream
Source: ovn
Version: 23.03.0-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/ovn-org/ovn/issues/198
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for ovn.
CVE-2023-3153[0]:
| service monitor MAC flow is not rate
Source: linux
Source-Version: 6.3.11-1
Hi,
On Fri, Aug 11, 2023 at 03:11:31PM +0200, Jan Ries wrote:
> Dear Maintainers,
>
> the aformentioned bug is fixed as of linux-image-amd64 6.1.38-1.
>
> Thanks a lot!
Can you confirm that this is as well fixed in 6.3.11-1 or later? I'm
already
Control: tags -1 + confirmed upstream fixed-upstream pending
Hi,
On Sat, Aug 12, 2023 at 10:40:09PM -0400, Jesse Rhodes wrote:
> Source: linux
> Severity: important
> Tags: patch
> X-Debbugs-Cc: je...@sney.ca
>
> Dear debian kernel team,
>
> The upstream commit "drm/i915: Disable DC states for
Source: cargo
Version: 0.66.0+ds1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: clone -1 -2
Control: reassign -2 src:rust-cargo 0.66.0-4
Control: retitle -2 rust-cargo: CVE-2023-38497
Hi,
The following vulnerability was published
Source: fastdds
Version: 2.10.1+ds-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for fastdds.
CVE-2023-39945[0]:
| eprosima Fast DDS is a C++ implementation of the Data Distribution
| Service
Hi,
On Sat, Aug 12, 2023 at 03:19:05PM +0200, Bastian Germann wrote:
> Package: ftp.debian.org
> Severity: normal
> User: ftp.debian@packages.debian.org
> Usertags: remove
> Control: affects -1 + src:tuxcmd
>
> Please remove tuxcmd. It is unmaintained upstream (last release in 2009) and
>
Source: python-git
Version: 3.1.30-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/gitpython-developers/GitPython/pull/1609
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for python-git.
CVE-2023-40267[0]:
|
Source: haproxy
Version: 2.6.14-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/haproxy/haproxy/issues/2237
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for haproxy.
CVE-2023-40225[0]:
| HAProxy through 2.0.32,
Source: gst-plugins-ugly1.0
Version: 1.22.4-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
There are two gst-streamer-ugly1.0 reports from ZDI (not yet public)
tracked as
https://gstreamer.freedesktop.org/security/sa-2023-0004.html
Source: php8.2
Version: 8.2.7-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 8.2.7-1~deb12u1
Hi,
The following vulnerabilities were published for php8.2.
CVE-2023-3823[0]:
| In PHP versions
On Fri, Aug 11, 2023 at 12:33:54AM -0500, Caleb McKay wrote:
> Package: linux-headers-amd64
> Version: 6.1.38-3
> Severity: important
> X-Debbugs-Cc: ca...@candj.us
>
> Dear Maintainer,
>
> *** Reporter, please consider answering these questions, where appropriate ***
>
>* What led up to
Source: linux
Source-Version: 6.3.1-1~exp1
Hi Thorsten,
On Fri, Aug 11, 2023 at 07:23:57AM +0200, Thorsten Glaser wrote:
> Package: src:linux
> Version: 5.10.179-3
> Severity: wishlist
> Tags: upstream
> X-Debbugs-Cc: t...@mirbsd.de
>
> I have this in dmesg:
>
> [0.00] microcode:
Source: ruby-protocol-http1
Version: 0.14.6-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/socketry/protocol-http1/pull/20
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for ruby-protocol-http1.
Source: krb5
Version: 1.20.1-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for krb5.
CVE-2023-36054[0]:
| lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2
| and 1.21.x before
Source: trafficserver
Version: 9.2.1+ds-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 9.2.0+ds-2+deb12u1
Control: found -1 8.1.7+ds-1~deb11u1
Control: found -1 8.1.6+ds-1
Hi,
The following vulnerabilities were published for
Source: amd64-microcode
Version: 3.20230719.1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 3.20230414.1
Control: found -1 3.20230719.1~deb12u1
Control: found -1 3.20191218.1
Control: found -1 3.20230719.1~deb11u1
Hi Henrique,
Source: intel-microcode
Version: 3.20230512.1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 3.20220510.1~deb11u1
Control: found -1 3.20230214.1~deb11u1
Hi,
The following vulnerabilities were published for intel-microcode.
.1.7/debian/changelog 2023-08-08 10:31:29.0 +0200
@@ -1,3 +1,10 @@
+autofs (5.1.7-1+deb11u2) bullseye; urgency=medium
+
+ * use correct reference for IN6 macro call
+ * dont probe interface that cant send packet (Closes: #1041051)
+
+ -- Salvatore Bonaccorso Tue, 08 Aug 2023 10:
that cant send packet (Closes: #1041051)
+
+ -- Salvatore Bonaccorso Tue, 08 Aug 2023 10:27:23 +0200
+
autofs (5.1.8-2+deb12u1) bookworm; urgency=medium
* debian/patches:
diff -Nru
autofs-5.1.8/debian/patches/dont-probe-interface-that-cant-send-pac.patch
autofs-5.1.8/debian/patches
Source: golang-golang-x-net
Version: 1:0.10.0-1
Severity: important
Tags: security upstream
Forwarded: https://go.dev/issue/61615
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for golang-golang-x-net.
CVE-2023-3978[0]:
| Text nodes not in
Source: matrix-sydent
Version: 2.5.1-1.1
Severity: important
Tags: security upstream
Forwarded: https://github.com/matrix-org/sydent/pull/574
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for matrix-sydent.
CVE-2023-38686[0]:
| Sydent is an
Source: i2p
Version: 0.9.48-1.1
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for i2p.
CVE-2023-36325[0]:
| Attackers can de-anonymize i2p hidden services with a message replay
|
Source: golang-golang-x-image
Version: 0.7.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for golang-golang-x-image.
CVE-2023-29407[0]:
| A maliciously-crafted image can cause excessive CPU
Control: tags -1 + moreinfo
On Sat, Aug 05, 2023 at 12:45:18PM -0700, Corey Hickey wrote:
> Package: src:linux
> Version: 6.3.11-1
> Severity: normal
>
> Dear Maintainer,
>
> I was testing RAID-5 write-back journal (AKA cache) for the first time.
>
>
Source: ghostscript
Version: 10.01.2~dfsg-1
Severity: important
Tags: security upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=706897
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 10.0.0~dfsg-11+deb12u1
Control: found -1 10.0.0~dfsg-11
Control: found -1
Source: mozillavpn
Version: 2.9.0-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for mozillavpn.
CVE-2023-4104[0]:
| Privileged vpndaemon on Linux wrongly and incompletely implements
| Polkit
Source: rxvt-unicode
Source-Version: 9.31-1
On Thu, Aug 03, 2023 at 02:42:53PM +, Debian FTP Masters wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Format: 1.8
> Date: Thu, 03 Aug 2023 10:05:54 -0400
> Source: rxvt-unicode
> Architecture: source
> Version: 9.31-1
>
Hi Nilesh,
On Tue, Aug 01, 2023 at 09:33:16PM +0530, Nilesh Patra wrote:
> On Tue, Aug 01, 2023 at 05:10:10PM +0200, Salvatore Bonaccorso wrote:
> > On Tue, Aug 01, 2023 at 07:57:22PM +0530, Nilesh Patra wrote:
> > > I asked this upstream[1] and upstream thinks tha
Hi
On Tue, Aug 01, 2023 at 07:57:22PM +0530, Nilesh Patra wrote:
> Hi Salvatore,
>
> On Thu, 27 Apr 2023 22:06:36 +0200 Salvatore Bonaccorso
> wrote:
> > Source: singularity-container
> > Version: 3.11.0+ds1-1
> > Severity: important
> > Tags: security upst
Control: tags -1 + moreinfo
Hi,
On Tue, Aug 01, 2023 at 07:22:17PM +1000, AP wrote:
> Package: linux-image-6.1.0-10-amd64
> Severity: important
> Tags: patch
>
> Dear Maintainer,
>
> Current kernel failed to load modules for MASQUERADE nat rules giving the
> following
> in dmesg:
>
>
Source: poppler
Version: 22.12.0-2
Severity: important
Tags: security upstream
Forwarded: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1399
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for poppler.
CVE-2023-34872[0]:
| A
Hi Simon,
On Sun, Jul 30, 2023 at 04:07:50PM +0100, Simon McVittie wrote:
> On Sun, 23 Jul 2023 at 21:13:38 +0200, Salvatore Bonaccorso wrote:
> > The following vulnerability was published for librsvg.
> >
> > CVE-2023-38633[0]:
> > | A directory traversal problem in
Source: spectre-meltdown-checker
Version: 0.45-2
Severity: wishlist
X-Debbugs-Cc: car...@debian.org
Hi
The new 0.46 upstream adds:
feat: detect the vulnerability and mitigation of Zenbleed (CVE-2023-20593)
in particular. Can you update the package to the new upstream version?
(Might it be an
hi Vincent,
On Sat, Jul 29, 2023 at 12:33:35AM +0200, Vincent Blut wrote:
> Hello,
>
> Le 2023-07-13 23:10, jflf_ker...@gmx.com a écrit :
> > Package: src:linux
> > Version: 6.1.20-2~bpo11+1
> > Severity: normal
> > X-Debbugs-Cc: jflf_ker...@gmx.com
> >
> > Dear Maintainer,
> >
> > Currently
701 - 800 of 11185 matches
Mail list logo
