Hi LTS team,
On Wed, Jun 07, 2023 at 08:44:53AM +0200, Bernhard Schmidt wrote:
> Package: libruby2.5
> Version: 2.5.5-3+deb10u5
> Severity: grave
>
> Hi,
>
> I can't quite figure out why, but the latest security upload of ruby2.5 in
> Buster breaks the ability of the puppet agent to pull files
Control: retitle -1 src/truetype/ttgxvar.c (tt_hvadvance_adjust): Integer
overflow.
Control: tags -1 - security
On Wed, Apr 19, 2023 at 09:20:48PM +0200, Salvatore Bonaccorso wrote:
> Source: freetype
> Version: 2.12.1+dfsg-4
> Severity: important
> Tags: security upstream
> X-
Source: kanboard
Version: 1.2.26+ds-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for kanboard.
CVE-2023-33956[0]:
| Kanboard is open source project management software that focuses on
| the
Control: tags -1 + unreproducible moreinfo
Hi Dylan,
On Tue, Jun 06, 2023 at 05:19:38AM -0400, Dylan Morrison wrote:
> Package: src:linux
> Version: 6.0.8-1
> Severity: normal
> Tags: ipv6
> X-Debbugs-Cc: dizzy@domad.science
First a note on the version, 6.0.8-1 is not in testing, please update
Control: retitle -1 dokuwiki: CVE-2023-34408: XSS in RSS syntax
Hi,
On Thu, May 18, 2023 at 03:19:05PM +0200, Moritz Muehlenhoff wrote:
> Source: dokuwiki
> Version: 0.0.20220731.a-1
> Severity: grave
> Tags: security
> X-Debbugs-Cc: Debian Security Team
>
> No CVE yet:
>
Hi,
On Sun, Jun 04, 2023 at 09:50:23PM +0200, Sebastian Ramacher wrote:
> retitle 1037079 bookworm-pu: configobj/5.0.8-2
> tags 1037079 bookworm moreinfo
> user release.debian@packages.debian.org
> usertags 1037079 + pu - unblock
> thanks
>
> Hi Stefano
>
> On 2023-06-03 16:28:41 -0400,
Source: cpp-httplib
Version: 0.11.4+ds-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for cpp-httplib.
CVE-2023-26130[0]:
| Versions of the package yhirose/cpp-httplib before 0.12.4 are
|
Hi Moritz,
On Sun, Jun 04, 2023 at 08:40:19PM +0200, Salvatore Bonaccorso wrote:
> Hi Moritz,
>
> On Sun, Jun 04, 2023 at 07:22:47PM +0200, Moritz Muehlenhoff wrote:
> > On Sun, Jun 04, 2023 at 12:06:01PM -0400, Andres Salomon wrote:
> > > Hi Security Team,
> > &g
Hi Moritz,
On Sun, Jun 04, 2023 at 07:22:47PM +0200, Moritz Muehlenhoff wrote:
> On Sun, Jun 04, 2023 at 12:06:01PM -0400, Andres Salomon wrote:
> > Hi Security Team,
> >
> > Looking at https://security.debian.org/debian-security/pool/main/c/chromium/
> > , I see that chromium-l10n built for
Source: libarchive
Version: 3.6.2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/libarchive/libarchive/issues/1876
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libarchive.
CVE-2023-30571[0]:
| Libarchive
Source: erofs-utils
Version: 1.6-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for erofs-utils.
CVE-2023-33551[0]:
| Heap Buffer Overflow in the erofsfsck_dirent_iter function in
|
Source: imagemagick
Version: 8:6.9.11.60+dfsg-1.6
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: fixed -1 8:6.9.12.20+dfsg1-1
Hi,
The following vulnerability was published for imagemagick.
CVE-2021-3610[0]:
| A heap-based buffer
Hi David,
On Sun, Jun 04, 2023 at 08:34:18AM -0300, David Bremner wrote:
> Nicholas D Steeves writes:
>
> > fixed 1033341 org/mode/9.5.2+dfsh-5
> > fixed 1033341 org-mode/9.6.6+dfsg-1~exp1
> > thanks
>
> Are you sure about that? It depends on emacs 28.2, which afaik has the
> vulnerable
Hi Daniel,
On Sat, Jun 03, 2023 at 02:56:00PM -0700, Daniel Markstedt wrote:
> > -- Forwarded message --
> > From: Markus Koschany
> > To: Daniel Markstedt , 1036740-d...@bugs.debian.org
> > Cc: debian-...@lists.debian.org
> > Bcc:
> > Date: Thu, 01 Jun 2023 19:54:55 +0200
> >
Hi,
On Sat, Jun 03, 2023 at 10:02:43PM -0400, Nicholas D Steeves wrote:
> fixed 1033341 org/mode/9.5.2+dfsh-5
> fixed 1033341 org-mode/9.6.6+dfsg-1~exp1
> thanks
>
> Dear Salvatore and Security Team,
>
> Salvatore Bonaccorso writes:
>
> > Source: org-
Hi Paul,
On Sat, Jun 03, 2023 at 06:12:04AM +, Debian Bug Tracking System wrote:
[...]
>
> Hi,
>
> On 02-06-2023 22:50, Ervin Hegedüs wrote:
> > And these are the generated lines:
> >
> > https://github.com/SpiderLabs/ModSecurity/blob/v3/master/src/parser/Makefile.am#L36-L42
>
> And
Hi Daniel,
On Fri, Jun 02, 2023 at 06:59:35PM -0400, Daniel Kahn Gillmor wrote:
> Hi Salvatore--
>
> On Fri 2023-06-02 21:20:50 +0200, Salvatore Bonaccorso wrote:
> > Thanks for having a closer look and for your assessment. Then I
> > believe we can have a fix scheduled
Source: minidlna
Version: 1.3.2+dfsg-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for minidlna.
CVE-2023-33476[0]:
| ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable
| to Buffer
Hi Daniel,
On Thu, Jun 01, 2023 at 05:19:06PM -0400, Daniel Kahn Gillmor wrote:
> Control: found 1035542 4.3-1+deb11u3
> Control: tags 1035542 + patch
>
> Thanks for the documentation of CVE-2023-30570 on
> https://bugs.debian.org/1035542, Salvatore.
>
> fwiw, i don't think this is particularly
Control: tags -1 + moreinfo
Hi,
On Wed, May 31, 2023 at 09:40:54AM +0200, Hans-Christoph Steiner wrote:
>
> Package: src:linux
> Version: 6.3.2-1~exp1
> Severity: important
>
> Dear Maintainer,
>
> I installed Debian on a Dell XPS 17 9720:
>
Control: forcemerge 1036755 -1
Hi Alfred,
On Fri, Jun 02, 2023 at 03:51:53PM +0200, Alfred Agrell wrote:
> Package: src:linux
> Version: 6.1.27-1
> Severity: normal
> Tags: upstream
> X-Debbugs-Cc: blub...@gmail.com
>
> Dear Maintainer,
>
> Please run this program 20 times:
>
>
> #include
Hi Paul,
On Thu, Jun 01, 2023 at 09:52:06PM +0200, Paul Gevers wrote:
> control: tags -1 moreinfo
>
> Hi,
>
> On 28-05-2023 21:30, Alberto Gonzalez Iniesta wrote:
> > 2) The risks on the release quality are almost zero. Only
> > libnginx-mod-http-modsecurity depends on it (being modsecurity a
>
Source: opensc
Version: 0.23.0-0.2
Severity: important
Tags: security upstream
Forwarded: https://github.com/OpenSC/OpenSC/issues/2785
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for opensc.
CVE-2023-2977[0]:
| A vulnerbility was found in
Source: rust-buffered-reader
Version: 1.1.4-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1.0.1-1
Hi
RUSTSEC-2023-0039 affects rust-buffered-reader (no CVE assigned):
[1]
Hi Ryan,
On Wed, May 31, 2023 at 04:34:31PM -0700, Ryan Tandy wrote:
> Hi, thanks for the report. If I've understood the issue correctly (DoS/crash
> if malloc fails), it does not look too urgent.
Correct, agreed.
> Although the fixes look safe enough, I think we could wait until after
>
Source: imagemagick
Version: 8:6.9.11.60+dfsg-1.6
Severity: important
Tags: security upstream
Forwarded: https://github.com/ImageMagick/ImageMagick/issues/6341
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for imagemagick.
Hi Yadd,
On Wed, May 31, 2023 at 03:13:06PM +0400, Yadd wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bullseye
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: jquer...@packages.debian.org
> Control: affects -1 + src:jqueryui
>
> [ Reason ]
>
Source: openldap
Version: 2.5.13+dfsg-5
Severity: important
Tags: security upstream
Forwarded: https://bugs.openldap.org/show_bug.cgi?id=9904
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: fixed -1 2.6.4+dfsg-1~exp1
Hi,
The following vulnerability was published for openldap.
Source: jquery-minicolors
Source-Version: 2.3.5+dfsg-4
- Forwarded message from Debian FTP Masters
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 31 May 2023 16:44:37 +0400
Source: jquery-minicolors
Architecture: source
Version: 2.3.5+dfsg-4
Distribution:
Hi Hilmar, hi Markus,
On Tue, May 30, 2023 at 11:32:24PM +0200, Preuße, Hilmar wrote:
> On 30.05.2023 20:37, Salvatore Bonaccorso wrote:
>
> Hi Salvatore, hi Markus,
>
> > No, buster is under LTS support which does not have point releases.
> > But as I understand this
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
X-Debbugs-Cc: matrix-syna...@packages.debian.org,
matrix-syna...@packages.debian.org, t...@security.debian.org, Andrej Shadura
, car...@debian.org
Control: affects -1 + src:matrix-synapse
Dear
Hi Hilmar,
On Tue, May 30, 2023 at 05:25:33PM +0200, Preuße, Hilmar wrote:
> On 28.05.2023 20:52, Philippe SWARTVAGHER wrote:
>
> Hello,
>
> > (not sure if this bug report should be against texlive-luatex or
> > texlive-binaries...)
> >
> > I upgraded texlive-binaries (and other related
Hi Andrej,
On Sun, May 28, 2023 at 02:17:36PM +0200, Salvatore Bonaccorso wrote:
> Hi
>
> For those following the bugreport:
>
> On Fri, May 26, 2023 at 09:19:59PM +0200, Salvatore Bonaccorso wrote:
> > Hi Andrej,
> >
> > On Fri, May 26, 2023 at 08:51:13PM +020
230529 12:51]:
> > > > * Mario Limonciello [230529 10:14]:
> > > > > On 5/28/23 19:56, Nick Hastings wrote:
> > > > > > Hi,
> > > > > >
> > > > > > * Mario Limonciello [230528 21:44]:
> > > > > &g
Hi,
On Tue, May 30, 2023 at 06:18:33AM +0200, Anton Gladky wrote:
> MR is merged
>
> https://salsa.debian.org/security-tracker-team/security-tracker/-/merge_requests/114
Thanks for properly closing the bug, I forgot to do it when deploying
the changes on the live instance.
Regards,
Salvatore
Source: python-tornado
Version: 6.2.0-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for python-tornado.
CVE-2023-28370[0]:
| Open redirect vulnerability in Tornado versions 6.3.1 and earlier
|
Source: kanboard
Version: 1.2.26+ds-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for kanboard.
CVE-2023-32685[0]:
| Clipboard based cross-site scripting (blocked with default CSP)
If you fix
Source: ghostscript
Version: 10.0.0~dfsg-11
Severity: serious
Justification: commitment for maintenance
X-Debbugs-Cc: car...@debian.org, t...@security.debian.org
Hi
ghostscript is orphaned and unter the Debian QA group. ghostscript
beeing a package with recurring need of maintenance and in
Hi
For those following the bugreport:
On Fri, May 26, 2023 at 09:19:59PM +0200, Salvatore Bonaccorso wrote:
> Hi Andrej,
>
> On Fri, May 26, 2023 at 08:51:13PM +0200, Andrej Shadura wrote:
> > Hi,
> >
> > On Fri, 26 May 2023, at 19:28, Salvatore Bonaccorso wrote:
>
Hi Samuel,
On Sun, May 28, 2023 at 12:17:21PM +0100, Samuel Henrique wrote:
> Hello Salvatore,
>
> > After a short discussion with Paul, wouldn't that imply though that
> > there is an soname bump needed? Do you know has upstream considered
> > this and if/or why not? Is there enough assurance
Hi Mario
Nick Hastings reported in Debian in https://bugs.debian.org/1036530
lockups from his system after updating from a 6.0 based version to
6.1.y.
#regzbot ^introduced 24867516f06d
he bisected the issue and tracked it down to:
On Sun, May 28, 2023 at 10:14:51AM +0900, Nick Hastings wrote:
Source: qt6-base
Version: 6.4.2+dfsg-9
Severity: important
Tags: security upstream
Forwarded: https://codereview.qt-project.org/c/qt/qtbase/+/477644
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for qt6-base.
CVE-2023-33285[0]:
| An issue
Source: sofia-sip
Version: 1.12.11+20110422.1+1e14eea~dfsg-5
Severity: grave
Tags: security upstream
Forwarded: https://github.com/freeswitch/sofia-sip/pull/214
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for sofia-sip.
CVE-2023-32307[0]:
Hi Alberto,
On Wed, May 24, 2023 at 12:26:33PM +0200, Paul Gevers wrote:
> control: tags -1 moreinfo
>
> Hi,
>
> On Mon, 08 May 2023 18:16:51 +0200 Alberto Gonzalez Iniesta
> wrote:
> > A new upstream version of modsecurity fixes a security bug
> > (CVE-2023-28882, #1035083).
> > We also fixed
Hi,
On Sat, May 27, 2023 at 09:36:42PM +0200, Martin Hostettler wrote:
> tags -1 + unreproducible
> thanks
>
> On Thu, 25 May 2023 21:00:18 +0200 Bastian Germann wrote:
> > I cannot reproduce this.
> >
>
> I can't reproduce this either.
>
> I tried 2 variants and both build fine (using an up
Hi Otto,
On Wed, May 24, 2023 at 05:47:58PM +0200, Paul Gevers wrote:
> Hi Otto,
>
> On 24-05-2023 17:44, Otto Kekäläinen wrote:
> > The CI
> > detected a couple days ago a regression in Piuparts, potentially due
> > to recent adduser 1.133 upload, which I still need to debug and decide
> > what
Control: reassign -1 src:lxcfs 5.0.3-1
Control: forwarded -1 https://github.com/lxc/lxcfs/issues/553
Control: affects -1 src:mariadb
Hi,
On Sat, May 27, 2023 at 11:51:26AM +0200, Salvatore Bonaccorso wrote:
> Hi,
>
> On Sat, May 27, 2023 at 11:50:06AM +0200, Salvatore Bonaccorso wrot
Hi Helge, hi Otto,
On Sat, May 27, 2023 at 09:26:06AM +0200, Helge Deller wrote:
> Just wondering / guessing:
>
> Are the ARM machines on ci.debian.net (ci-worker-arm??-??)
> physical machines, or are they running on qemu-user VMs?
>
> If they run qemu, this bug report
>
Hi,
On Sat, May 27, 2023 at 11:50:06AM +0200, Salvatore Bonaccorso wrote:
> Hi Helge, hi Otto,
>
> On Sat, May 27, 2023 at 09:26:06AM +0200, Helge Deller wrote:
> > Just wondering / guessing:
> >
> > Are the ARM machines on ci.debian.net (ci-worker-arm?
Hi Samuel,
[not member of the release team, but was going trough some potential
unblock requests with CVE fixes]
On Fri, May 26, 2023 at 06:03:13PM +0100, Samuel Henrique wrote:
> Package: release.debian.org
> Control: affects -1 + src:curl
> X-Debbugs-Cc: c...@packages.debian.org
> User:
Hi Gregor,
On Tue, May 23, 2023 at 02:56:41PM +0200, Salvatore Bonaccorso wrote:
> Hi Gregor,
>
> On Tue, May 23, 2023 at 08:44:48AM +0200, Gregor Jasny wrote:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian@packages.debian.org
Hi Andrej,
On Fri, May 26, 2023 at 08:51:13PM +0200, Andrej Shadura wrote:
> Hi,
>
> On Fri, 26 May 2023, at 19:28, Salvatore Bonaccorso wrote:
> > I believe matrix-synapse is still in the same status as for #982991
> > back for the bullseye release, and not su
Source: matrix-synapse
Version: 1.78.0-1
Severity: serious
Tags: upstream security
X-Debbugs-Cc: Andrej Shadura ,
debian-rele...@lists.debian.org, car...@debian.org, Debian Security Team
Hi Andrej,
I believe matrix-synapse is still in the same status as for #982991
back for the bullseye
Control: tags -1 + moreinfo
Hi Nick,
On Fri, May 26, 2023 at 09:25:23AM +0900, Nick Hastings wrote:
> Hi Salvatore,
>
> thanks for your help. However, I'm now not sure if I really have
> identified the commit that causes my problems. I fear I may have made
> one or more mistakes when setting
hey all,
I was involved with a discussion on site here in Hamburg with Paul
about it.
On Fri, May 26, 2023 at 10:58:48AM +0200, Moritz Muehlenhoff wrote:
> On Fri, May 26, 2023 at 12:10:18AM +0200, Markus Koschany wrote:
> > First of all trapperkeeper-webserver-jetty9-clojure should add a build-
Hi Apollon,
On Thu, May 25, 2023 at 10:14:57PM +0300, Apollon Oikonomopoulos wrote:
> Hi Salvatore,
>
> Thanks for the quick response!
>
> On 19:12 Thu 25 May , Salvatore Bonaccorso wrote:
> > Control: tags -1 + confirmed pending
> >
> > I'm not yet certain
On Thu, May 25, 2023 at 07:12:47PM +0200, Salvatore Bonaccorso wrote:
> Control: tags -1 + confirmed pending
>
> Hi Apollon,
>
> On Thu, May 25, 2023 at 03:26:50PM +0300, Apollon Oikonomopoulos wrote:
> > Source: linux
> > Version: 6.1.27-1
> > Severity: critic
Control: tags -1 + confirmed pending
Hi Apollon,
On Thu, May 25, 2023 at 03:26:50PM +0300, Apollon Oikonomopoulos wrote:
> Source: linux
> Version: 6.1.27-1
> Severity: critical
> Tags: upstream
> Affects: ganeti
> Justification: breaks unrelated software
>
> Dear Kernel Maintainers,
>
> A
Hi Nick,
On Thu, May 25, 2023 at 08:23:15AM +0900, Nick Hastings wrote:
> Hi,
>
> * Salvatore Bonaccorso [230524 19:26]:
> >
> > Given you were able to bisect it so far, can you try to isolate the
> > commit from the merge commit causing it?
>
> I guess I c
Control: tags -1 - moreinfo
Control: tags -1 + confirmed
Hi Ben,
On Thu, May 25, 2023 at 03:07:24PM +0200, Ben Hutchings wrote:
> On Thu, 2023-05-25 at 10:37 +0200, Salvatore Bonaccorso wrote:
> > Hi Florian,
> >
> > [dropping a typoed mail from my to not cause further bou
Hi Florian,
[dropping a typoed mail from my to not cause further bounces]
On Thu, May 25, 2023 at 10:18:46AM +0200, Florian Bezdeka wrote:
> On Thu, 2023-05-25 at 10:03 +0200, Salvatore Bonaccorso wrote:
> > Control: tags -1 + moreinfo
> >
> > On Thu, May 25, 2023 at 07:2
Control: tags -1 + moreinfo
On Thu, May 25, 2023 at 07:21:41AM +, Bezdeka, Florian wrote:
> Package: linux-image-amd64
> Version: 6.1.27-1
>
> Hi all,
>
> we did some investigations regarding time synchronization on Debian.
> Background is industrial communication on Linux in general.
>
Control: forwarded -1 https://github.com/Netatalk/netatalk/pull/174
Hi Daniel,
On Wed, May 24, 2023 at 10:50:41PM -0700, Daniel Markstedt wrote:
> Package: netatalk
> Version: 3.1.12~ds-3+deb10u1
> X-Debbugs-Cc: t...@security.debian.org
>
> The code that addressed CVE-2022-23123 introduced
Hi Otto,
On Sun, Apr 09, 2023 at 03:30:35PM -0700, Otto Kekäläinen wrote:
> > > > Paul Gevers asked if the issues are gone as well with 6.1.12-1
> > > > (or later 6.1.y series versions, which will land in bookworm). That
> > > > would be valuable information to know as well to exclude we do not
>
Hi Paul,
On Sun, Jul 03, 2022 at 09:57:59PM +0200, Paul Gevers wrote:
> Hi all,
>
> Just a minor follow-up. I just had to restart one of my arm64 workers again.
>
> root@ci-worker-arm64-05:~# uname -a
> Linux ci-worker-arm64-05 5.10.0-15-arm64 #1 SMP Debian 5.10.120-1
> (2022-06-09) aarch64
Source: xerial-sqlite-jdbc
Version: 3.40.1.0+dfsg-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for xerial-sqlite-jdbc.
CVE-2023-32697[0]:
| SQLite JDBC is a library for accessing and creating
Source: requests
Version: 2.28.1+dfsg-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 2.25.1+dfsg-2
Control: found -1 2.21.0-1
Hi,
The following vulnerability was published for requests.
CVE-2023-32681[0]:
| Unintended leak
Source: wordpress
Version: 6.2.1+dfsg1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi Craig,
There is a new wordpress security release 6.2.2 available:
https://wordpress.org/news/2023/05/wordpress-6-2-2-security-release/
Regards,
Hi release team,
On Wed, May 24, 2023 at 12:46:45PM +0200, Sebastian Ramacher wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
>
> Please unblock package ffmpeg
>
> [ Reason ]
> ffmpeg releases stable updates with
Control: tags -1 + moreinfo
Hi Nick,
On Mon, May 22, 2023 at 08:56:12AM +0900, Nick Hastings wrote:
> Source: linux-signed-amd64
> Severity: important
> Tags: upstream
> X-Debbugs-Cc: nicholaschasti...@gmail.com
>
> Dear Maintainer,
>
> after upgrading from a 6.0.0 kernel to a 6.1.0 kernel I
Hi,
On Wed, May 24, 2023 at 11:22:29AM +0200, intrigeri wrote:
> Hi,
>
> Salvatore Bonaccorso (2019-06-04):
> > The following vulnerability was published for apparmor. This is
> > already siscussed in the upstream bug, so this bug is really to track
> > the
Control: tags -1 + moreinfo
Hi Olivier,
On Tue, May 23, 2023 at 06:49:00PM +0200, Olivier Berger wrote:
> Package: src:linux
> Version: 6.1.27-1
> Severity: normal
>
> Hi.
>
> I'm experiencing crashes (computer reset or completely shutting down) without
> much details available on why. It
Package: src:linux
Version: 6.1.27-1
Severity: wishlist
Hi
On Sat, May 20, 2023 at 10:50:02PM +0100, Qais Yousef wrote:
> Hi
>
> Debian kernels don't ship with CONFIG_UCLAMP_TASK and CONFIG_UCLAMP_TASK_GROUP
> configs enabled in the kernel, is there any reason for that?
>
> These configs
Hi Daniel,
On Tue, May 23, 2023 at 06:29:43PM -0400, Daniel Kahn Gillmor wrote:
> In https://bugs.debian.org/1034558, Salvatore Bonaccorso wrote:
>
> > Source: rnp
> > Version: 0.16.2-1
> > Severity: grave
> > Tags: security upstream
> > Justification: user
Hi Release team,
On Mon, May 22, 2023 at 09:57:13AM +0900, Mike Hommey wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
>
> Please unblock package firefox-esr
>
> [ Reason ]
> Security update for Firefox. The same package
Dear release team,
On Sun, May 21, 2023 at 10:02:25PM +0200, Maximilian Engelhardt wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> X-Debbugs-Cc: x...@packages.debian.org, t...@security.debian.org,
> m...@daemonizer.de
Source: bitcoin
Version: 22.0-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for bitcoin.
CVE-2023-33297[0]:
| Bitcoin Core before 24.1, when debug mode is not used, allows
| attackers to cause a
Hi Andrea,
On Sun, May 21, 2023 at 12:37:17PM +0200, Andrea Bolognani wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> X-Debbugs-Cc: libv...@packages.debian.org
> Control: affects -1 + src:libvirt
>
> Please unblock
Hi,
On Tue, May 23, 2023 at 03:55:26PM +0200, Salvatore Bonaccorso wrote:
> Hi,
>
> On Mon, May 22, 2023 at 09:39:34AM +, Thorsten Alteholz wrote:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian@packages.debian.org
> >
Hi,
On Mon, May 22, 2023 at 09:39:34AM +, Thorsten Alteholz wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
>
> Please unblock and age package cups-filters
>
> [ Reason ]
> CVE-2023-24805 (RCE due to missing input
-17 23:34:35.0 +0100
+++ c-ares-1.18.1/debian/changelog 2023-05-23 14:34:52.0 +0200
@@ -1,3 +1,11 @@
+c-ares (1.18.1-2.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Buffer Underwrite in ares_inet_net_pton() (CVE-2023-31130)
+ * 0-byte UDP payload Denial of Servic
) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * check for input buffer size on datastream::gets (CVE-2021-32142)
+(Closes: #1031790)
+ * do not set shrink flag for 3/4 component images (CVE-2023-1729)
+(Closes: #1036281)
+
+ -- Salvatore Bonaccorso Sat, 20 May 2023 21:44:42
Hi Hilmar!
On Sun, May 21, 2023 at 09:54:30PM +0200, Preuße, Hilmar wrote:
> On 21.05.2023 21:06, Salvatore Bonaccorso wrote:
>
> Hello Salvatore,
>
> > The following vulnerability was published for texlive-bin.
> >
> > CVE-2023-32668[0]:
> > | LuaTeX befor
Source: imagemagick
Version: 8:6.9.11.60+dfsg-1.6
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for imagemagick.
CVE-2023-2157[0]:
| heap overflow vulnerability
No description was found (try on a
Source: texlive-bin
Version: 2022.20220321.62855-5
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for texlive-bin.
CVE-2023-32668[0]:
| LuaTeX before 1.17.0 allows a document (compiled with the
Source: virtuoso-opensource
Version: 7.2.5.1+dfsg1-0.3
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for virtuoso-opensource.
CVE-2023-31607[0]:
| An issue in the
Control: severity -1 important
On Thu, May 18, 2023 at 10:17:39AM +0200, 255.255.255.255 wrote:
> Package: firmware-iwlwifi, firmware-realtek, firmware-misc-nonfree
> Version: 20190114+really20220913-0+deb10u1
> Severity: Critical
>
> Kernel: 4.19.0-24-amd64 #1 SMP Debian 4.19.282-1 (2023-04-29)
Control: retitle -1 libtpms: New upstream version
Control: tags -1 - security
Hi
On Wed, Mar 01, 2023 at 11:32:15AM +0100, Bastian Germann wrote:
> Source: libtpms
> Version: 0.9.2-3
> Severity: important
> Control: tags -1 security
>
> Please import the latest upstream version 0.9.6 which has
upload.
+ * check for input buffer size on datastream::gets (CVE-2021-32142)
+(Closes: #1031790)
+ * do not set shrink flag for 3/4 component images (CVE-2023-1729)
+(Closes: #1036281)
+
+ -- Salvatore Bonaccorso Sat, 20 May 2023 21:44:42 +0200
+
libraw (0.20.2-2) unstable; urgency=medium
+1,10 @@
+texlive-bin (2022.20220321.62855-5.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Fix improperly secured shell-escape in LuaTeX (CVE-2023-32700)
+
+ -- Salvatore Bonaccorso Thu, 18 May 2023 23:15:13 +0200
+
texlive-bin (2022.20220321.62855-5) unstable; urgency=medium
Hi,
On Fri, May 19, 2023 at 04:19:20PM -0400, Chris Frey wrote:
> Severity: grave
>
> Updating severity as suggested on the debian-lts mailing list.
Leaving the severity judgement to Michael. I have as well merged
your bug with the #982300 one.
>
> Do you think this bug warrants a
Control: fixed -1 9.1-1
Hi,
On Thu, May 04, 2023 at 10:55:59PM -0400, Chris Frey wrote:
> Package: coreutils
> Version: 8.32-4+b1
>
> This bug exists in both Debian Buster and Debian Bullseye.
>
> It has been fixed in upstream.
>
> It can be reproduced by splitting a file such that size of
.
+ * EncodeAlphaInternal: clear result->bw on error (CVE-2023-1999)
+(Closes: #1035371)
+
+ -- Salvatore Bonaccorso Fri, 19 May 2023 14:50:58 +0200
+
libwebp (1.2.4-0.1) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru
libwebp-1.2.4/debian/patches/EncodeAlphaInternal-clear-res
(1.2.4-0.2) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * EncodeAlphaInternal: clear result->bw on error (CVE-2023-1999)
+(Closes: #1035371)
+
+ -- Salvatore Bonaccorso Fri, 19 May 2023 14:50:58 +0200
+
libwebp (1.2.4-0.1) unstable; urgency=medium
* Non-maintainer upload.
d
Source: xen
Version: 4.17.0+74-g3eac216e6e-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for xen.
CVE-2022-42336[0]:
| Mishandling of guest SSBD selection on AMD hardware The current logic
| to set
Hi Christian,
On Tue, May 16, 2023 at 11:39:52AM +0200, Christian Kastner wrote:
> Control: tags -1 - moreinfo
>
> On 2023-05-15 22:12, Sebastian Ramacher wrote:
> > Please go ahead and remove the moreinfo tag once the package is
> > available in unstable.
>
> Done (this time with the right
Source: libvirt
Version: 9.0.0-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: fixed -1 9.3.0-1
Hi,
The following vulnerability was published for libvirt.
CVE-2023-2700[0]:
| A vulnerability was found in libvirt. This security flaw
Source: wordpress
Version: 6.2+dfsg1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 6.1.1+dfsg1-1
Hi,
The following vulnerability was published for wordpress.
CVE-2023-2745[0]:
| WordPress Core is vulnerable to Directory
Source: etcd
Version: 3.4.23-4
Severity: important
Tags: security upstream
Forwarded: https://github.com/etcd-io/etcd/pull/15656
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for etcd.
CVE-2023-32082[0]:
| etcd is a distributed key-value
Source: sysstat
Version: 12.6.1-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/sysstat/sysstat/pull/360
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for sysstat.
CVE-2023-33204[0]:
| sysstat through 12.7.2
901 - 1000 of 11181 matches
Mail list logo