Hi Chris,
On Fri, Sep 15, 2023 at 8:09 PM Chris Frey wrote:
> Attached is a patch that applies to the unpackaged sources of Debian Buster's
> version of mutt 1.10.
>
> It includes 3 patches:
>
> upstream/Fix-rfc2047-base64-decoding-to-abort-on-illegal-char.patch
>
Hi Bernhard, Kees,
On Wed, Jun 7, 2023 at 6:58 PM Schmidt, Bernhard
wrote:
> > I've prepared a fix for the regression and uploaded the binaries at:
> > https://people.debian.org/~utkarsh/lts/ruby2.5/
> >
> > Can you please give these a try and see if that fixes the regression
> > you're seeing?
Hi Chris,
On Wed, Jun 7, 2023 at 9:01 PM Chris Lamb wrote:
> I see your 2.5.5-3+deb10u6 update on the debian/buster branch which
> fixes the broken +deb10u5 upload, but I don't see it in the archive
> yet.
>
> Although you mentioned you were going to wait a bit more, I'm just
> 100%-checking you
Hi Kees,
On Wed, Jun 7, 2023 at 6:53 PM Kees Meijs | Nefos wrote:
> I know you were asking Bernhard, but I downloaded and installed as well.
> Our Puppet agent seems to be happy again.
I had missed your comment in the bug but super, many thanks for
testing this out! I'll wait a bit more before
Hi Bernhard,
On Wed, Jun 7, 2023 at 4:16 PM Utkarsh Gupta wrote:
> Yep, I'm taking a look to prep something for 2.5.
I've prepared a fix for the regression and uploaded the binaries at:
https://people.debian.org/~utkarsh/lts/ruby2.5/
Can you please give these a try and see if that fi
Hiya,
On Wed, Jun 7, 2023 at 2:39 PM Moritz Muehlenhoff wrote:
> Specifically
> https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/
> states:
>
> | For Ruby 2.7: Update to uri 0.10.0.1
> | For Ruby 3.0: Update to uri 0.10.2
> | For Ruby 3.1: Update to uri 0.11.1
> | For
Hi Chris,
On Wed, Jun 7, 2023 at 12:56 PM Salvatore Bonaccorso wrote:
> Can you please have a look, as this seems to be caused by the DLA
> issued as DLA-3447-1.
This has been caused by the ruby2.5 update. Can you please TAL? This
is perhaps because of the URI version in buster v/s URI version
Hi Bastien,
Did you look at the following bug report?
- u
On Wed, Mar 15, 2023 at 8:09 PM Maxime Besson wrote:
>
> Package: imagemagick
> Version: 8:6.9.10.23+dfsg-2.1+deb10u2
> Severity: normal
>
> Dear Maintainer,
>
> After updating to 8:6.9.10.23+dfsg-2.1+deb10u2, libgd-securityimage-perl
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: s...@debian.org
Hello,
The package was already orphaned (#1001000) back in December 2021
and it has been unmaintained since then. The package is not in
testing either because of 2 RC
Package: release.debian.org
User: release.debian@packages.debian.org
Tags: bullseye
Severity: normal
Hello,
src:tomcat9 has been affected by debbug #1020948 which was fixed in
sid and thus would want to backport the fix to bullseye in the next
point release.
It was noticed that the
Hi Otto,
On Mon, Dec 5, 2022 at 5:33 AM Otto Kekäläinen wrote:
> I didn't get a reply to this, so asking again.
I could take care of the upload but if you'd like to do that, please
feel free to do so and I can take care of the paperwork. One quick
thing I spotted in the target in d/ch is
Source: redmine
Version: 5.0.2-2
Severity: wishlist
Hello,
Please consider updating src:redmine to 5.0.3. TIA.
- u
-- System Information:
Debian Release: bullseye/sid
APT prefers focal-updates
APT policy: (500, 'focal-updates'), (500, 'focal-security'), (500, 'focal')
Architecture: amd64
Source: redmine
Version: 5.0.2-2
Severity: normal
Hello,
The package update performs a recursive chown, unnecessarily
increasing the update time (for instance, the recursive chown is
unnecessarily applied to ~60 000 files in an instance).
Please TAL and fix this if possible. Thanks!
- u
--
Source: redmine
Version: 5.0.2-2
Severity: normal
Hello,
Activating cert-based authentication on PostgreSQL requires having
redmine on its own UID. However the current Debian package tries to
chown a Gemfile, making this UID approach incompatible with the current
package.
Please TAL and fix
Source: redmine
Version: 5.0.2-2
Severity: normal
Hello,
Redmine installed from its Debian package should be able to run from
its own (Linux) user. The REDMINE_INSTANCE_OWNERSHIP option in the
default configuration file (/etc/default/redmine/) seems to indicate
that such an execution mode is
Package: tomcat9
Version: 9.0.67-1
Hi Emmanuel,
Thanks for taking care of src:tomcat9. However, it was noticed that
the tomcat-locate-java.sh script which seems to be in charge of
identifying the Java version to use doesn't have version 17 listed;
cf:
Control: tags -1 - moreinfo
Hi Thorsten,
I've addressed the issue at hand and src:redmine/5.0.2-2 is in good
shape now. Can you please process the removal of
ruby-deckar01-task-list so that ruby-task-list and redmine can migrate
to testing? TIA! \o/
- u
Hello again,
On Fri, Jan 21, 2022 at 1:02 AM Utkarsh Gupta wrote:
> I don't think this was a problem in the patch that I attached to the
> bug but somehow it got introduced when some applied that and uploaded,
> maybe? I could be very wrong but I am trying to understand where did
&g
Hi Sergio,
On Wed, Jan 19, 2022 at 10:26 PM Sergio Durigan Junior
wrote:
> "Editing patches by hand considered evil" :-).
>
> This upload introduced a problem: the asterisk.service file doesn't
> contain the [Install] section anymore, which makes it be treated as a
> static unit by systemd.
Hi Dirk,
On Wed, Dec 29, 2021 at 10:59 PM Dirk Eddelbuettel wrote:
> Thanks for the *very* prompt response. I may still wait a day or two to also
> hear from Utkarsh who last NMUed.
+1 to what Adam said. Please upload directly, thanks for asking. :D
For the backstory, I was just a sponsor-er
Hi Ryan,
On Fri, Sep 3, 2021 at 11:33 PM Ryan Tandy wrote:
> As with previous releases, I am looking for a sponsor to perform the
> initial upload of openldap to bullseye-backports since it will be NEW. I
> am DM for the package and can take care of future uploads myself.
Uploaded, will
Package: release.debian.org
User: release.debian@packages.debian.org
Tags: buster
Severity: normal
Hello,
src:libpam-tacplus has been affected by CVE-2020-13881 which is fixed
in sid & stretch. Thus this -pu update for buster. This update also
helps in fixing the versioning problem because
Hi Sebastian,
On Tue, Aug 3, 2021 at 10:35 PM Sebastian Ramacher wrote:
> Unstable and bullseye contain the same version of libjdom2-java. Are you
> sure that the upload reached unstable?
There was a bit of a fiasco and processing delay from dak (see my mail
at -devel for more information) but
Hi Paul,
On Tue, Aug 3, 2021 at 9:46 PM Paul Gevers wrote:
> On 03-08-2021 10:46, Utkarsh Gupta wrote:
> > src:libpam-tacplus
>
> ... is not in testing.
>
> closing this bug as there's nothing to do (no, we're not going to let it
> in now).
Ugh, my bad for n
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hey,
src:libpam-tacplus has been affected by CVE-2020-13881 which is fixed
in sid & stretch. -pu update for buster is also being filed. This
update also helps in fixing the versioning
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hey,
src:libjdom2-java has been affected by CVE-2021-33813 which is fixed
in sid & stretch. -pu update for buster is also being filed.
Since this is just a CVE fix, I'd request you to
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hey,
src:libjdom1-java has been affected by CVE-2021-33813 which is fixed
in sid & stretch. -pu update for buster is also being filed.
Since this is just a CVE fix, I'd request you to
Hi Paul,
[CC'ed team@s.d.o]
On Sat, Jul 10, 2021 at 1:34 AM Paul Gevers wrote:
> Unblocked the latest version in unstable.
Awesome, thank you so much!
Just as a heads up, I'll be also filing unblock requests for ruby2.7
(already uploaded) and libjdom1-java & libjdom2-java (yet to upload).
All
Source: postfix
Version: 3.5.6-1
Severity: important
Hello,
This bug was originally reported in Ubuntu here[1]. The reporter had a
valid hostname, "saturn", but due to another bug (also reported in
Ubuntu here[2]), the hostname is changed to "saturn.." (that is, 2
dots are added) and this causes
Hi Jose,
On Thu, Jun 10, 2021 at 11:08 PM Jose Antonio Jimenez Madrid
wrote:
> Thank you so much Utkarsh for the patch,
Of course, no problem! :)
> Please, upload it to unstable, as I have to upload it by Debian Mentors
> so it will reach testing faster if you upload it to fix this security
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hey,
src:eterm has been affected by CVE-2021-33477 which is fixed in sid &
stretch. -pu update for buster has also been filed.
Since this is just a CVE fix, I'd request you to unblock
Package: release.debian.org
User: release.debian@packages.debian.org
Tags: buster
Severity: normal
Hello,
src:eterm has been affected by CVE-2021-33477 which is fixed in sid &
stretch. Since the version in stretch & buster is the same, I'd like
to get this update into -pu in the next release
Hi Jose,
Patch attached. Please let me know if I can upload to unstable
directly? This also needs to go to buster-pu.
Let me know if you have questions or concerns.
- u
--- a/src/term.c
+++ b/src/term.c
@@ -1176,6 +1176,11 @@
case 'E':
scr_add_lines((unsigned char *)
Hi Paul,
On Fri, Jun 4, 2021 at 1:38 AM Paul Gevers wrote:
> > You haven't answered my question: "does rails still work with the old
> > version of ruby-marcel and can the version bump be reverted"
>
> Ping. Without a proper answer, I can't decide.
Thanks, I'm yet to figure that out and
Hi Alex,
On Mon, May 24, 2021 at 11:22 PM Alexander Wirt wrote:
> > Ack, please send me the gpg encrypted list of subscribers and I will
> > provide the new list asap.
> jftr, I created the list, it is ready to use. I will import the
> subscribers as soon as I receive them.
Thanks a bunch! \o/
Hi Paul,
On Wed, 19 May 2021 22:12:59 +0200 Paul Gevers wrote:
> This new rails version renewed its versioned dependency on ruby-marcel.
> The new ruby-marcel version doesn't look like a targeted fix, so it
> doesn't fit the freeze policy. If I read the changelog correctly, this
> dependency is
Hi Alex,
On Wed, 10 Mar 2021 14:23:10 -0800 Elana Hashman wrote:
> On 2021-03-10 11:34, Alexander Wirt wrote:
> > [...]
> > Uh, oh. Yeah, please.
>
> There's been no objections since this email was last sent -- anyone on
> the list who does not want to be migrated over to the new list, speak
>
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: debian-r...@lists.debian.org
Hello,
Rails was recently affected by 3 CVEs (CVE-2021-2290{2,4} and CVE-2021-22885).
I'm attaching a filtered diff for your review; the diff is
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: debian-r...@lists.debian.org
Hello,
We had to bump ruby-marcel to a newer version because the mimemagic
dependency - which relies on GPL-licensed mime type data from
Hello Simon,
Just slightly pinging this to get your attention.
There's a bug on Launchpad as well, which got an interesting comment
from one of the user who debgugged this further:
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1778073.
Hoping that'd help. Thanks!
- u
Hi Håvard,
On Wed, May 12, 2021 at 9:05 PM Håvard Flaget Aasen
wrote:
> Thanks for the sponsoring Utkarsh!
You're very welcome! :)
> I made a package for stretch as well, and uploaded it to mentors. [0]
> Though I'm not sure about this lts stuff. So far this package I made
> just targets
Hi Håvard,
On Wed, May 12, 2021 at 2:11 AM Håvard Flaget Aasen
wrote:
> I've got the release ready for buster and uploaded it to mentors [0]. I
> also sent a request to the RM, for buster-pu, but haven't got any
> response yet [1].
Thanks for the buster update; uploaded! \o/
You'll not receive
Hi Håvard,
On Tue, May 11, 2021 at 3:09 AM Håvard Flaget Aasen
wrote:
> I wasn't aware this versioning could be a problem.
Yep, a big one sometimes :)
> I can make a release to buster if you want. I would need a sponsor
> though, so if your determined, I won't rip it out of your hands.
That'd
Hello,
That's pretty unfortunate what happened. Since I fixed this in jessie
(back when it was LTS), I'll take care of stretch (now that it's LTS)
and subsequently buster as well. Thanks!
Hi Seunghun,
> Thank you for the notification. I am still working on this and
> would finish it soon.
Let me know if you need some kind of help or something. I'll be happy
to help and thanks for working on this!
- u
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: pu
User: debian-rele...@lists.debian.org
Usertags: bsp-2021-04-at-salzburg
X-Debbugs-Cc: t...@security.debian.org
Tags: buster
Severity: normal
Hello,
src:opendmarc has been affected by CVE-2020-12460, which is
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock bsp-2021-04-AT-Salzburg
Hello,
This upload fixes #987113 and is actually a one-liner change:
```
- project_path = Pathname.new(__FILE__).expand_path
+
Package: release.debian.org
User: release.debian@packages.debian.org
X-Debbugs-Cc: t...@security.debian.org, a...@debian.org
Usertags: pu bsp-2021-04-AT-Salzburg
Tags: buster
Severity: normal
Hello,
src:fluidsynth has been affected by CVE-2021-28421 which is fixed in
sid and unblocked for
Package: release.debian.org
User: release.debian@packages.debian.org
X-Debbugs-Cc: t...@security.debian.org, a...@debian.org
Usertags: pu bsp-2021-04-AT-Salzburg
Tags: buster
Severity: normal
Hello,
src:jackson-databind has been affected by 18 CVEs which are fixed in
unstable and bullseye
user debian-rele...@lists.debian.org
usertags -1 + bsp-2021-04-AT-Salzburg
thank you
Hi Praveen,
On Fri, Apr 16, 2021 at 3:24 PM Pirate Praveen wrote:
> I think the separate package was introduced by mistake without seeing
> the copy embedded in ruby. I think the right way is to fix this in ruby
> and remove this separate package. But I'd like someone from ruby team
> to confirm
Hi Sebastian,
On Sat, Apr 17, 2021 at 3:08 PM Sebastian Ramacher wrote:
> Thanks, please go ahead and remove the moreinfo tag once the version is
> available in unstable.
Uploaded to unstable, thanks. And removed the tag as well.
- u
Hello,
On Wed, Apr 14, 2021 at 12:32 AM Sebastian Andrzej Siewior
wrote:
> Usually yes, I let it slide (unfortunatelly) and was checking best
> options moving forward. After all I need reasons to present to the
> release team.
I just noticed that the only CVE that affects buster is
Hi Sebastian,
Sebastian Andrzej Siewior wrote:
> My plan is to get 103.2 into Buster after I spent the day today
> to look what should be backported and what not.
Do we not generally backport clamav as-is to buster (of course, after
thoroughly checking) so as to get the latest release there?
I
Hello,
Awesome, thanks for this upload, Thomas.
I can confirm that this is a pure bug-fix release only and indeed
fixes the problems raised, thereby making this package even better for
bullseye.
A huge +1 for unblocking.
- u
Awesome, thank you for the confirmation. I've rolled out the
announcement and published the website update.
Thanks, everyone! \o/
- u
Source: at
Version: 3.1.23-1.1
Severity: normal
Tags: patch
Hello,
Since at is missing DEP8 tests, I'd like to add them. I wanted to
propose an MR on salsa but the git history isn't in sync with what's
uploaded to the archive, so asking here.
I've prepared the basic testing script to ensure
escription: Set default config to avoid console output
to syslog.
Author: Utkarsh Gupta
Bug: https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/1909816
Last-Update: 2021-03-16
--- a/debian/patches/systemd.patch
+++ b/debian/patches/systemd.patch
@@ -96,6 +96,12 @@
+RestartSec=1
+WorkingDir
On Sun, Mar 7, 2021 at 10:49 PM Utkarsh Gupta wrote:
> On Sun, Mar 7, 2021 at 10:15 PM Pirate Praveen
> wrote:
> > It looks like we will have to remove ruby-vcr and we will have to
> > disable tests for the following packages. I don't think there is
> > another way, t
Hi Praveen,
On Sun, Mar 7, 2021 at 10:15 PM Pirate Praveen wrote:
> It looks like we will have to remove ruby-vcr and we will have to
> disable tests for the following packages. I don't think there is
> another way, thoughts?
Maybe worth opening an issue upstream and discuss the cons of this
Hi Thorsten
On Sat, Mar 6, 2021 at 2:25 AM Thorsten Glaser wrote:
> debian/patches/CVE-2021-27135.patch changes button.c line (after
> patching) 3747 to:
>
>line = realloc(line, screen->selection_size);
>
> But “line” is a local variable, the address of the buffer must
> be stored in the
/changelog2019-01-04 16:57:45.0 +0530
+++ ruby-mechanize-2.7.6/debian/changelog2021-02-19 22:47:27.0 +0530
@@ -1,3 +1,10 @@
+ruby-mechanize (2.7.6-1+deb10u1) buster; urgency=medium
+
+ * Team upload for buster-pu.
+ * Add patch to prevent OS command injection. (Fixes: CVE-20
Hi Axel, Salvatore,
On Fri, Feb 19, 2021 at 2:44 PM Axel Beckert wrote:
> No issue popped up so far during production use on Stretch and Buster.
> I'd say, we can publish these in good conscience.
Perfect, thanks for all your work on this! \o/
I've uploaded to stretch-security (& pushed the
Hi Axel,
Sorry for the late reply, I was a bit occupied with my school homework.
On Wed, Feb 17, 2021 at 8:59 AM Axel Beckert wrote:
> > So I created one with the latest dsc (4.2.1-3+deb8u1) and added 2
> > commits on top of it.
>
> Thanks for the effort, but this seems to have a separate git
Hi Axel,
On Tue, Feb 16, 2021 at 11:12 PM Axel Beckert wrote:
> I'm running these patches (as in git) now for about 1.5 days on
> Stretch and Buster in production. I'd say if I don't find any
> regression until Wednesday evening (i.e. in 1 day), feel free to
> finalise the packages as needed
Hi Axel,
On Mon, Feb 15, 2021 at 12:13 PM Axel Beckert wrote:
> Please slow down!
>
> What so far was in git in the stretch and buster branches was
> incomplete and did FTBFS for multiple reasons. (Just pushed a bunch of
> fixes. It at least builds now on both releases.)
>
> And in Stretch the
Hi,
On Sun, Feb 14, 2021 at 9:03 PM Axel Beckert wrote:
> > Since it's been ~3 days, do you think now would be the time to prepare
> > and upload to buster and stretch?
>
> While I prepared the uploads in git, I haven't yet tested them on
> Stretch and Buster. Currently still running the patch
Hi Axel,
On Fri, Feb 12, 2021 at 11:07 AM Salvatore Bonaccorso wrote:
> Thanks for all your coordinaton, investigation, work on this!
Seconded! Thanks for all your awesome and super fast work, really! \o/
> Sounds good. I propose to have the potential final patch as well first
> slightly
Hi Thorsten,
On Fri, Feb 12, 2021 at 2:03 PM Andrej Shadura wrote:
> > It was observed that Debian's wpa_supplicant is not able to connect to
> > connect to networks with key_mgmt WPA-EAP-SUITE-B and/or
> > WPA-EAP-SUITE-B-192 (aka WPA3-Enterprise 192-bit mode). The upstream
> > wpa_supplicant
Hello,
On Wed, Feb 10, 2021 at 6:56 PM Utkarsh Gupta wrote:
> I'll take care of fixing stretch and jessie and I am aware of all this
> since I was the one who got this CVE assigned! :D
Somewhat related, I also got CVE-2021-27135 assigned for xterm.
I'll take care of the updates when the
On Wed, Feb 10, 2021 at 6:56 PM Utkarsh Gupta wrote:
> I'll take care of fixing stretch and jessie and I am aware of all this
> since I was the one who got this CVE assigned! :D
Oh, I forgot to mention, I say this with my LTS and ELTS hat on!^
But in case if you want to work on the p
Hi Axel,
On Wed, Feb 10, 2021 at 5:17 PM Axel Beckert wrote:
> Thanks for the heads up! Hadn't notice that upstream bug report
> yesterday, but I do have it in my inbox.
>
> https://savannah.gnu.org/bugs/?60030 got locked down in the meanwhile
> as it seems.
>
> Can you keep me in the loop wrt.
Hello,
On Tue, Feb 2, 2021 at 5:09 PM Utkarsh Gupta wrote:
> On Mon, Feb 1, 2021 at 9:48 PM Julien Cristau wrote:
> > stretch is EOL, so I am not planning on touching it myself.
> > Cc:ing the team that looks after stretch-lts in case they want to handle
> > this.
>
>
Hi,
On Mon, Feb 1, 2021 at 9:48 PM Julien Cristau wrote:
> stretch is EOL, so I am not planning on touching it myself.
> Cc:ing the team that looks after stretch-lts in case they want to handle
> this.
Thanks, I'll start to take a look at it.
IIUC, this commit[1] needs a backport to stretch,
;` anymore. (Fixes: CVE-2020-28473)
+
+ -- Utkarsh Gupta Thu, 28 Jan 2021 20:22:22 +0530
+
python-bottle (0.12.15-2) unstable; urgency=medium
* Update tox dependency (Closes: #924836)
diff -Nru python-bottle-0.12.15/debian/patches/CVE-2020-28473.patch
python-bottle-0.12.15/debian/patches/CVE-
On Thu, Jan 21, 2021 at 12:50 PM Sébastien Delafond wrote:
> I'm not expecting upstream to fix it either, but it'd feel more
> comfortable to close this bug on our side while still linking to an
> existing upstream issue.
Of course. Here it is: https://github.com/samwoods1/in-parallel/issues/8
Hi Sébastien,
On Thu, Jan 21, 2021 at 12:42 PM Sébastien Delafond wrote:
> > Aah, okay. So I ran sbuild + autopkgtest 10 times, all passed for me.
> > But when I ran these tests locally with rake, it failed for me exactly
> > like the report just for the first time. And then passed all 9 times
>
Hi Sébastien,
On Thu, Jan 21, 2021 at 11:51 AM Utkarsh Gupta wrote:
> I've started to look into it already but I wasn't able to reproduce
> it. All tests pass for me + autopkgtest (which is what I fixed last
> time). So I am not sure what's going wrong here.
Aah, okay. So I r
Hi Sébastien,
On Thu, Jan 21, 2021 at 11:37 AM Sébastien Delafond wrote:
> since you took care of the last upload, do you also plan to fix this
> FTBFS? If not, please let me know and I'll look into it.
I've started to look into it already but I wasn't able to reproduce
it. All tests pass for
Hi Salvatore,
On Sun, Jan 3, 2021 at 1:34 AM Salvatore Bonaccorso wrote:
> Not any right now. Well there is CVE-2020-26247 but that one might be
> too risky at this stage (AFAIU it is a breaking change, and thus ws
> moved to the 1.11.x version).
Lucas uploaded a new version, thereby fixing
Package: wnpp
Severity: wishlist
Owner: Utkarsh Gupta
* Package name : ruby-rake-ant
Version : 1.0.4
Upstream Author : Charles Oliver Nutter
* URL : https://github.com/jruby/rake-ant
* License : EPL-1.0
Programming Lang : Ruby
Description : Ant
Package: wnpp
Severity: wishlist
Owner: Utkarsh Gupta
* Package name : ruby-scanf
Version : 1.0.0
Upstream Author : Yukihiro Matsumoto
* URL : https://github.com/ruby/scanf
* License : BSD-2-clause
Programming Lang : Ruby
Description
Hi Salvatore,
On Sat, Jan 2, 2021 at 5:55 PM Salvatore Bonaccorso wrote:
> > Of course. Uploaded a fix! :)
> > (thanks for the explicit CC, please do it next time as well if you
> > want me to take care of something which falls under the Ruby team).
>
> Thanks! About the explicit CC, well
Hello,
On Sat, Jan 2, 2021 at 2:02 AM Salvatore Bonaccorso wrote:
> While strictly speaking this issue is no-dsa for buster, I'm raising
> the severity to RC, would it be possible to address this issue for
> unstable (and so bullseye) before the freeze?
Of course. Uploaded a fix! :)
(thanks for
Hi Hubert,
On Thu, Dec 31, 2020 at 3:21 AM Hubert Chathi wrote:
> binNMU requested at
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978722
>
> Apparently waiting for an update to spdlog.
Awesome, thanks for processing this!
- u
Hi Hubert,
On Tue, Dec 29, 2020 at 11:17 PM Hubert Chathi wrote:
> Hmm. Can you try installing libfmt7 (from sid) and see if that fixes
> it?
The issue could be fixed by rebuilding nheko against the newly updated
libfmt-dev version. I've prepared and pushed a fix to the salsa
repository. If
Package: nheko
Version: 0.7.2-3
Severity: grave
Dear maintainer,
Whilst trying to open nheko, it fails to open with the following message:
```
$ nheko
nheko: symbol lookup error: nheko: undefined symbol: _ZTIN3fmt2v612format_errorE
```
Is that known? Any idea what caused this regression or
Hi Cédric,
On Sun, Dec 27, 2020 at 2:57 AM Cédric Boutillier wrote:
> I've just created a merge request on salsa
> https://salsa.debian.org/debian/libgit2/-/merge_requests/3
> with a proposition.
> This adds an extra libgit2-fixtures binary package, shipping the
> examples under tests/resources
Hello,
On Fri, Dec 11, 2020 at 2:52 PM Pirate Praveen wrote:
> On Wed, 2 Dec 2020 22:11:27 +0100 Paul Gevers wrote:
> > I love tests. As one of the maintainers of the ci.debian.net
> > infrastructure, I really do. However, with my Release Team member hat
> > on, I'm asking you to stop
Hey,
On Wed, Dec 9, 2020 at 3:13 PM Utkarsh Gupta wrote:
> I'll take a look at python-pygit2 today as well. So leaves us with
> ruby-rugged. I'll come to that in next few days if no one beats me to
> it.
FWIW, I've uploaded both, thereby completing all the blockers.
Hopefully this t
Hello,
On Wed, Dec 9, 2020 at 2:23 AM Sebastian Ramacher wrote:
> > So I conclude that it's probably fine to upload libgit2 1.1.0 to unstable
> > now?
> Okay, then let's do this now. Please go ahead.
Awesome, uploaded!
I'll take a look at python-pygit2 today as well. So leaves us with
Hi Sebastian,
On Tue, Dec 8, 2020 at 3:30 PM Sebastian Ramacher wrote:
> v30 was accepted. Please perform a source-only upload for the arch: all
> packages.
That should be done now! \o/
> > The only reverse-{,build-}dependency is gitaly, it seems. So I'm CCing
> > Praveen so he gets a heads
Hi Peter,
On Sun, Dec 6, 2020 at 11:06 AM peter green wrote:
> In addition to the packages mentioned here, it seems there is another
> package involved: golang-gopkg-libgit2-git2go.v28 . It only builds
> arch-all packages and does not directly depend on the library, but it
> FTBFS and it's
Hi,
On Sat, Dec 5, 2020 at 1:41 AM Sebastian Ramacher wrote:
> Scheduled the binNMUs except for horizon-eda (involved in python3.9-defaults).
Great, thank you!
I've, meanwhile, uploaded python-pygit2 and libgit-raw-perl! Will
hopefully get on to ruby-rugged, as well! \o/
- u
Hi Sebastian,
On Fri, Dec 4, 2020 at 10:54 PM Sebastian Ramacher wrote:
> Please go ahead with the upload to unstable.
Great, thanks, I did an upload just now! :)
- u
Hi Praveen,
On Wed, Dec 2, 2020 at 8:06 PM Pirate Praveen wrote:
> I can see there is already a patch for relaxing faraday.
> https://salsa.debian.org/puppet-team/ruby-puppet-forge/-/blob/master/debian/patches/002_loosen_deps.patch
> This will need to be extended to cover ruby-faraday-middleware
Hi Eric,
On Tue, Nov 24, 2020 at 6:00 AM Eric Wong wrote:
> I've noticed libgit2 fails to handle relative paths for
> alternates properly when a relative path is nested from
> within another alternate. Regular git(1) works fine
> (as shown in the attached script).
>
> I initially hit this in
Hi Craig,
On Tue, Nov 3, 2020 at 12:00 PM Craig Small wrote:
> Hi Utkarsh, I've got Sid uploading now and will start on Buster in a moment.
Perfect! Thanks for your great work on wordpress!
- u
Hi Craig, Seb, Salvatore,
On Mon, 02 Nov 2020 08:01:44 +1100 Craig Small wrote:
> Debian LTS have released 4.7.19 which fixes this already.
Yep, I have already bumped the version and fixed these CVEs in stretch LTS.
Please let me know in case I can help with any of the other updates?
I don't
EBrick. (Fixes: CVE-2020-25613)
+
+ -- Utkarsh Gupta Tue, 13 Oct 2020 18:32:32 +0530
+
ruby2.5 (2.5.5-3+deb10u2) buster-security; urgency=high
* Non-maintainer upload by the Security Team.
diff -Nru ruby2.5-2.5.5/debian/patches/CVE-2020-25613.patch
ruby2.5-2.5.5/debian/patches/CVE-2020-25613.patch
--- ru
1 - 100 of 244 matches
Mail list logo
