Source: ruby3.2
Version: 3.2.3-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: clone -1 -2
Control: reassign -2 src;ruby3.1 3.1.2-8
Control: retitle -2 ruby3.1: CVE-2024-27282
Control: found -2 3.1.2-7
Hi,
Source: ruby3.1
Version: 3.1.2-8
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 3.1.2-7
Hi,
The following vulnerability was published for ruby3.1.
CVE-2024-27280[0]:
| Buffer overread
Source: freerdp3
Version: 3.5.0+dfsg1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for freerdp3.
CVE-2024-32658[0]:
| FreeRDP is a free implementation of the Remote Desktop Protocol.
|
Source: freerdp2
Version: 2.11.5+dfsg1-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for freerdp2.
CVE-2024-32039[0]:
| FreeRDP is a free implementation of the
Hi,
On Mon, Apr 22, 2024 at 12:25:45PM -0400, Milan Kupcevic wrote:
> forwarded 1069681 https://github.com/gwsw/less/issues/503
> thanks
Thanks. For now I will hold-back the prepared security update to see
if there is something else which needs to be done here.
Regards,
Salvatore
Hi,
On Sat, Apr 20, 2024 at 07:54:13AM -0400, P. J. McDermott wrote:
> On 2024-04-19 at 15:55, Salvatore Bonaccorso wrote:
> > Hi,
> >
> > FWIW, I'm actually preparing a security update for the two CVEs and
> > for bookworm I was first planning to do a 590-2.1 re
FWIW, I will try to work on the new available upstream version in the
next days and see if the two RC bugs on lnav can be addressed along.
it does not make sense to investigate the testsuite failure right now
without rebasing to the new version.
Control: tags -1 + moreinfo
Hi Jeremy,
On Fri, Apr 19, 2024 at 05:37:41PM +0200, Jeremy Lainé wrote:
> Package: src:linux
> Version: 6.1.85-1
> Severity: important
> X-Debbugs-Cc: jeremy.la...@m4x.org
>
> Dear Maintainer,
>
> After upgrading from linux-image-6.1.0-18-amd64 to
>
contains a newline (CVE-2024-32487)
+(Closes: #1068938)
+
+ -- Salvatore Bonaccorso Fri, 19 Apr 2024 15:09:49 +0200
+
less (590-2) sid; urgency=medium
* d/control: set standards version to 4.6.2
diff -Nru less-590/debian/patches/Fix-bug-when-viewing-a-file-whose-name-contains-a-ne.patch
Hi,
FWIW, I'm actually preparing a security update for the two CVEs and
for bookworm I was first planning to do a 590-2.1 reaching unstable,
and so then 590-2.1~deb12u1 for bookworm.
But if you want to override it with a NMU and proposing to salvage the
package this is equally fine.
Regards,
Hi Kari,
On Thu, Apr 18, 2024 at 05:31:33AM +, Kari Lempiäinen wrote:
> Hi,
>
> I think I spoke too soon. I removed 'noserverino' options from all
> my cifs mounts yesterday and u/remounted them. From last night
> syslog I can still find the "directory entry name would overflow
> frame end
Source: libreswan
Version: 4.14-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/libreswan/libreswan/issues/1665
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 4.10-2+deb12u1
Control: found -1 4.10-2
Control: found -1 4.3-1+deb11u4
Control:
Source: glibc
Version: 2.37-17
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 2.37-15
Control: found -1 2.36-9+deb12u5
Control: found -1 2.36-9+deb12u4
Control: found -1 2.36-9
Control: found -1 2.31-13+deb11u8
Control: found -1
On Tue, Apr 16, 2024 at 10:49:54PM +0200, Salvatore Bonaccorso wrote:
> Hi,
>
> On Tue, Apr 16, 2024 at 05:46:33PM +0200, Salvatore Bonaccorso wrote:
> > Control: tags -1 + moreinfo
> >
> > Hi
> >
> >
> > On Tue, Apr 16, 2024 at 02:17:49P
Hi,
On Tue, Apr 16, 2024 at 05:46:33PM +0200, Salvatore Bonaccorso wrote:
> Control: tags -1 + moreinfo
>
> Hi
>
>
> On Tue, Apr 16, 2024 at 02:17:49PM +0200, Manfred Larcher wrote:
> > Package: src:linux
> > Version: 6.1.85-1
> > Severity
Control: forwarded -1
https://lore.kernel.org/regressions/zh7flxvnddfat...@eldamar.lan/T/#u
Hi both,
On Tue, Apr 16, 2024 at 08:31:23PM +0200, Roland Rosenfeld wrote:
> Hi Salvatore and Diederik!
>
> On Di, 16 Apr 2024, Salvatore Bonaccorso wrote:
>
> > If you revert
Source: python-idna
Version: 3.6-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for python-idna.
CVE-2024-3651[0]:
| potential DoS via resource consumption via specially crafted inputs to
|
Source: gunicorn
Version: 20.1.0-6
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for gunicorn.
CVE-2024-1135[0]:
| Gunicorn fails to properly validate Transfer-Encoding headers,
| leading to HTTP
Control: tags -1 + moreinfo
Hi
On Tue, Apr 16, 2024 at 02:17:49PM +0200, Manfred Larcher wrote:
> Package: src:linux
> Version: 6.1.85-1
> Severity: important
>
> Dear Maintainer,
>
>* What led up to the situation?
> kernel update from version 6.1.0-18 to 6.1.0-20
>
>* What exactly
Control: tags -1 + moreinfo
Hi Roland,
On Tue, Apr 16, 2024 at 09:29:28AM +0200, Roland Rosenfeld wrote:
> Package: src:linux
> Version: 6.1.85-1
> Severity: important
>
> Dear Maintainer,
>
> when upgrading from 6.1.76-1 to 6.1.85-1 my USB ethernet device
> ID 0b95:1790 ASIX Electronics
Hi Martin,
On Tue, Apr 16, 2024 at 09:26:02AM +0200, Martin Pitt wrote:
> Control: tag -1 upstream fixed-upstream patch
> Control: forwarded -1 https://github.com/cockpit-project/cockpit/pull/19790
>
> Hello Salvatore and Santiago,
>
> Salvatore Bonaccorso [2024
Source: cockpit
Version: 287.1-0+deb12u1
Severity: serious
Justification: missing binary builds, FTBFS
X-Debbugs-Cc: t...@security.debian.org, a...@debian.org, car...@debian.org
Hi
The update for cockpit in DSA 5655-1 had problems with the
test-sshbridge test, causing FTBFS:
>From the tail of
Source: openexr
Version: 3.1.5-5
Severity: important
Tags: security upstream
Forwarded: https://github.com/AcademySoftwareFoundation/openexr/issues/1680
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for openexr.
CVE-2024-31047[0]:
| An
Source: less
Version: 590-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for less.
CVE-2024-32487[0]:
| less through 653 allows OS command execution via a newline character
| in the name of a
Hi Sebastian,
On Tue, Apr 09, 2024 at 06:18:13PM +0200, Sebastian Andrzej Siewior wrote:
> On 2024-04-07 23:46:28 [+0200], To Adam D. Barratt wrote:
> > On 2024-03-24 20:06:12 [+], Adam D. Barratt wrote:
> > >
> > > Sorry for not getting to this sooner. Is this still the case?
> >
> > So.
2.6/debian/changelog
--- yapet-2.6/debian/changelog 2022-03-14 14:19:11.0 +0100
+++ yapet-2.6/debian/changelog 2024-04-11 20:40:18.0 +0200
@@ -1,3 +1,16 @@
+yapet (2.6-2~deb12u1) bookworm; urgency=medium
+
+ * Rebuild for bookworm
+
+ -- Salvatore Bonaccorso Thu, 11 Apr 2024 20:4
Control: tags -1 + confirmed pending
Control: found -1 6.1.82-1
Hi,
On Wed, Apr 10, 2024 at 12:16:21PM -0700, LW wrote:
> Package: src:linux
> Version: 6.1.76-1
> Severity: critical
> Tags: upstream security
> Justification: root security hole
> X-Debbugs-Cc: lw-deb-...@greyskydesigns.com,
Control: tags -1 + upstream
Hi,
On Wed, Apr 10, 2024 at 07:00:14PM +0200, Cyril Brulebois wrote:
> Cyril Brulebois (2024-04-10):
> > Intermediate results based on upstream stable releases: v6.1.80 is good,
> > v6.1.81 is bad. Still ~200 commits to bisect.
>
> Final results:
>
>
On Wed, Apr 10, 2024 at 03:42:44PM +0200, Salvatore Bonaccorso wrote:
> Control: tags -1 - moreinfo
> Control: tags -1 + confirmed
>
> hi Cyril,
>
> On Wed, Apr 10, 2024 at 03:32:02PM +0200, Cyril Brulebois wrote:
> > Cyril Brulebois (2024-04-10):
> > >
Control: tags -1 - moreinfo
Control: tags -1 + confirmed
hi Cyril,
On Wed, Apr 10, 2024 at 03:32:02PM +0200, Cyril Brulebois wrote:
> Cyril Brulebois (2024-04-10):
> > Salvatore Bonaccorso (2024-04-10):
> > > On Tue, Apr 09, 2024 at 03:33:09PM +0200, Diederik de Haas w
Control: tags -1 + moreinfo
Cyril,
On Tue, Apr 09, 2024 at 03:33:09PM +0200, Diederik de Haas wrote:
> Hi Cyril,
>
> On Tuesday, 9 April 2024 01:06:43 CEST Cyril Brulebois wrote:
> > Upgrading from linux-image-6.1.0-18-amd64 to linux-image-6.1.0-19-amd64
> > leads to losing some SMART
Control: tags -1 + moreinfo
Hi,
On Thu, Mar 14, 2024 at 09:41:18PM +, Tj wrote:
> Source: linux
> Severity: important
>
> Same as: Bug #1061262
>
> I've been seeing this with builds since 6.7 cycle started. It seems to
> show up mostly for hosts with bluetooth hardware since the bluetooth
Hi,
Disclaimer, this is not an authoritative answer as I'm not part of the
stable release managers.
On Mon, Apr 08, 2024 at 12:27:50PM +0300, Maytham Alsudany wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> User: release.debian@packages.debian.org
> Usertags: pu
>
Source: openssl
Version: 3.2.1-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 3.1.5-1
Control: found -1 3.0.11-1~deb12u2
Hi,
The following vulnerability was published for openssl.
CVE-2024-2511[0]:
| Issue summary: Some
Control: tags -1 + moreinfo
Hi,
On Mon, Apr 08, 2024 at 04:44:12PM +0800, dada007 wrote:
> Package: src:linux
> Version: 6.6.15-2
> Severity: important
> X-Debbugs-Cc: peter_malmb...@proton.me
>
> Dear Maintainer,
>
> *** Reporter, please consider answering these questions, where appropriate
Hi Sebastian,
On Mon, Apr 08, 2024 at 06:43:01PM +0200, Sebastian Andrzej Siewior wrote:
> control: tags -1 patch
> control: reassign -1 yapet 2.6-1
>
> On 2024-04-08 08:32:58 [+0200], Kurt Roeckx wrote:
> > There might be a related change that doesn't allow restarting the
> > operation with the
Source: node-express
Source-Version: 4.19.2+~cs8.36.21-1
- Forwarded message from Debian FTP Masters
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 07 Apr 2024 07:52:14 +0400
Source: node-express
Architecture: source
Version: 4.19.2+~cs8.36.21-1
Distribution:
_proc_files[i] != NULL; i++) {
retval = junction_write_time(junction_proc_files[i], flushtime);
>From 774394df352c249775d51d5d6e3effa775096b4f Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso
Date: Sat, 6 Apr 2024 20:48:43 +0200
Subject: [PATCH] junction: export-cache: cast to a type with a known size to
Hi Sean,
On Sat, Apr 06, 2024 at 04:54:14PM +0800, Sean Whitton wrote:
> control: reassign -1 libssl3,yapet
> control: found -1 libssl3/3.1.5-1
> control: found -1 yapet/2.6-1
> control: retitle -1 libssl3,yapet: YAPET cannot decrypt YAPET1.0-format DB
>
> Hello,
>
> On Sat 30 Mar 2024 at
Hi,
On Thu, Mar 21, 2024 at 09:09:02AM +0100, Salvatore Bonaccorso wrote:
> Hi Vladimir,
>
> On Thu, Mar 21, 2024 at 08:39:32PM +1300, Vladimir Petko wrote:
> > Package: yapet
> > Followup-For: Bug #1064724
> > User: ubuntu-de...@lists.ubuntu.com
> > Usertags:
Hi,
On Tue, Apr 02, 2024 at 12:36:53PM +0200, Petter Reinholdtsen wrote:
>
> Btw, what is the timeline for approval or rejection for this security
> upload proposal?
Note that if you are confident that the upload is accepted as it, you
*could* already upload according to the improved workflow.
Hi Marco,
On Thu, Apr 04, 2024 at 11:05:03AM +0200, Marco d'Itri wrote:
> On Apr 04, Salvatore Bonaccorso wrote:
>
> > While I do agree (and it was filled with this severity), the bug
> > severity would not be RC, varnish currently seem to lack active
> > maintainershi
Source: apache2
Source-Version: 2.4.59-1
- Forwarded message from Debian FTP Masters
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Fri, 05 Apr 2024 08:08:11 +0400
Source: apache2
Built-For-Profiles: nocheck
Architecture: source
Version: 2.4.59-1
Distribution:
Source: rust-openssl
Version: 0.10.64-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/sfackler/rust-openssl/issues/2171
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for rust-openssl.
CVE-2024-3296[0]:
| A
Source: trafficserver
Version: 9.2.3+ds-1+deb12u1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 8.1.9+ds-1~deb11u1
Hi,
The following vulnerability was published for trafficserver.
CVE-2024-31309[0].
If you fix the vulnerability
Source: nghttp2
Version: 1.60.0-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for nghttp2.
CVE-2024-28182[0]:
| nghttp2 is an implementation of the Hypertext
Source: nodejs
Source-Version: 18.20.1+dfsg-1
- Forwarded message from Debian FTP Masters
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 03 Apr 2024 16:50:38 +0200
Source: nodejs
Architecture: source
Version: 18.20.1+dfsg-1
Distribution: unstable
Urgency:
Hi Marco,
[CC'ing security team]
On Mon, Apr 01, 2024 at 04:25:05PM +0200, Marco d'Itri wrote:
> Control: found -1 5.0.0-1
> Control: fixed -1 7.4.2
>
> On Nov 17, Salvatore Bonaccorso wrote:
>
> > CVE-2023-44487[0]:
> > | The HTTP/2 protocol allows a denial
Hi,
On Wed, Apr 03, 2024 at 02:31:01PM +0700, ValdikSS wrote:
> Package: bpfcc-tools
> Version: 0.26.0+ds-1
> Severity: normal
> Tags: security
> X-Debbugs-Cc: i...@valdikss.org.ru
>
> Dear Maintainer,
>
> Last year there was a Debian fix for the upstream issue of bpfcc package
>
Hi Alexander,
On Tue, Apr 02, 2024 at 10:27:40PM +0300, Alexander Gerasiov wrote:
> On Sun, 31 Mar 2024 22:00:58 +0200
> Salvatore Bonaccorso wrote:
>
> > Source: minidlna
> > Version: 1.3.3+dfsg-1
> > Severity: important
> > Tags: security upstream
> &g
Control: reassign -1 src:linux 6.7.9-2
Hi Niels,
On Mon, Apr 01, 2024 at 05:19:43PM +0200, Niels Thykier wrote:
> Salvatore Bonaccorso:
> > Source: debhelper
> > Version: 13.15
> > Severity: serious
> > Tags: ftbfs
> > Justification: Regression for other packa
Source: debhelper
Version: 13.15
Severity: serious
Tags: ftbfs
Justification: Regression for other package builds, FTBFS
X-Debbugs-Cc: car...@debian.org,debian-ker...@lists.debian.org
Control: affects -1 + src:linux,src:linux-signed-amd64,src:linux-signed-arm64
Hi Niels,
Not fully investigated,
Source: cimg
Version: 3.2.1+dfsg-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/GreycLab/CImg/issues/403
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for cimg.
CVE-2024-26540[0]:
| A heap-based buffer overflow
Source: ruby-carrierwave
Version: 1.3.2-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for ruby-carrierwave.
CVE-2023-49090[0]:
| CarrierWave is a solution for file uploads for Rails, Sinatra and
Source: minidlna
Version: 1.3.3+dfsg-1
Severity: important
Tags: security upstream
Forwarded: https://sourceforge.net/p/minidlna/bugs/361/
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for minidlna.
CVE-2023-47430[0]:
|
Source: pcp
Version: 6.2.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for pcp.
CVE-2024-3019[0]:
| A flaw was found in PCP. The default pmproxy configuration exposes
| the Redis server
Source: wireshark
Version: 4.2.2-1
Severity: important
Tags: security upstream
Forwarded: https://gitlab.com/wireshark/wireshark/-/issues/19695
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for wireshark.
CVE-2024-2955[0]:
| T.38 dissector
Source: netty
Version: 1:4.1.48-9
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for netty.
CVE-2024-29025[0]:
| Netty is an asynchronous event-driven network application framework
| for rapid
Control: severity -1 serious
Control: found -1 3.6.0-1
Hi Russ,
On Fri, Mar 29, 2024 at 07:24:13PM -0700, Russ Allbery wrote:
> Package: libarchive13t64
> Version: 3.7.2-1.1
> Severity: important
> X-Debbugs-Cc: r...@debian.org
>
> So far it looks like no one has been able to figure out an
Reinhard,
On Thu, Mar 28, 2024 at 07:30:00AM -0400, Reinhard Tartler wrote:
> I've uploaded a fixed version of buildah to sid yesterday, and a new
> upstream version of libpod that builds against the fixed buildah just now.
>
> thanks for filing this report, I believe we should be all set now
Source: util-linux
Version: 2.39.3-11
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 2.38.1-5
Control: found -1 2.36.1-8+deb11u1
Control: found -1 2.36.1-8
Control: found -1 2.33.1-0.1
Hi,
The
Source: node-katex
Version: 0.16.4+~cs6.1.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for node-katex.
CVE-2024-28243[0]:
| KaTeX is a JavaScript library for TeX math rendering on the web.
Source: ruby3.2
Version: 3.2.3-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: clone -1 -2
Control: reassign -2 src:ruby3.1 3.1.2-8
Control: retitle -2 ruby3.1: CVE-2024-27281
Control: found -2 3.1.2-7
Hi,
The following vulnerability
Source: golang-github-containers-buildah
Version: 1.33.5+ds1-4
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for golang-github-containers-buildah.
CVE-2024-1753[0]:
| A flaw was found in Buildah
Source: wolfssl
Version: 5.6.6-1.2
Severity: important
Tags: security upstream
Forwarded: https://github.com/wolfSSL/wolfssl/issues/7089
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for wolfssl.
CVE-2024-0901[0]:
| Remotely executed SEGV
Source: ldap-account-manager
Source-Version: 8.7-1
On Sun, Mar 24, 2024 at 08:59:47PM +, Debian FTP Masters wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Format: 1.8
> Date: Sat, 16 Mar 2024 07:35:21 +0200
> Source: ldap-account-manager
> Architecture: source
> Version:
Source: python-djangorestframework-simplejwt
Version: 5.3.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for
python-djangorestframework-simplejwt.
CVE-2024-22513[0]:
|
Source: commons-configuration2
Version: 2.8.0-2
Severity: important
Tags: security upstream
Forwarded: https://issues.apache.org/jira/browse/CONFIGURATION-841
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for commons-configuration2.
Source: commons-configuration2
Version: 2.8.0-2
Severity: important
Tags: security upstream
Forwarded: https://issues.apache.org/jira/browse/CONFIGURATION-840
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for commons-configuration2.
Control: severity -1 serious
Hi Andreas,
On Thu, Mar 14, 2024 at 09:08:50PM +0100, Salvatore Bonaccorso wrote:
> Hi Andreas,
>
> On Thu, Mar 14, 2024 at 03:22:58PM +0100, Andreas Beckmann wrote:
> > Control: severity -1 important
> > On Sun, 21 May 2023 20:43:40 +0200
Source: gnutls28
Version: 3.8.3-1
Severity: important
Tags: security upstream
Forwarded: https://gitlab.com/gnutls/gnutls/-/issues/1516
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for gnutls28.
CVE-2024-28834[0]:
| A flaw was found in
Source: gnutls28
Version: 3.8.3-1
Severity: important
Tags: security upstream
Forwarded: https://gitlab.com/gnutls/gnutls/-/issues/1525
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for gnutls28.
CVE-2024-28835[0]:
| A flaw has been
Source: libvirt
Version: 10.1.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libvirt.
CVE-2024-2494[0]:
| A flaw was found in the RPC library APIs of libvirt. The RPC server
|
Hi Vladimir,
On Thu, Mar 21, 2024 at 08:39:32PM +1300, Vladimir Petko wrote:
> Package: yapet
> Followup-For: Bug #1064724
> User: ubuntu-de...@lists.ubuntu.com
> Usertags: origin-ubuntu noble ubuntu-patch
> Control: tags -1 patch
>
> Dear Maintainer,
>
> The package fails to build due to the
Source: fastdds
Version: 2.11.2+ds-6
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for fastdds.
CVE-2024-28231[0]:
| eprosima Fast DDS is a C++ implementation of the
Hi
[disclaimer, not an authoritative answer as not part of the stable
release managers]
On Sat, Mar 16, 2024 at 09:09:05AM +0100, Petter Reinholdtsen wrote:
>
> Package: release.debian.org
>
> The https://tracker.debian.org/pkg/newlib > package got an open
> security problem with malloc and
Hi Adrian,
On Sat, Mar 16, 2024 at 12:12:01AM +0200, Adrian Bunk wrote:
> On Wed, Mar 13, 2024 at 08:39:47PM +0100, Salvatore Bonaccorso wrote:
> > Hi Adrian,
>
> Hi Salvatore,
>
> > On Fri, Mar 08, 2024 at 02:03:55AM +0200, Adrian Bunk wrote:
> > > Control: t
Hi Mathias,
On Sun, Mar 17, 2024 at 05:41:30PM +, Mathias Gibbens wrote:
> On Sun, 2024-01-28 at 08:44 +0100, Salvatore Bonaccorso wrote:
> > Thanks for the update. Do you know of any plans of making
> > distrobuilder available?
>
> distrobuilder is now avai
Source: gross
Version: 1.0.2-4
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for gross.
CVE-2023-52159[0]:
| A stack-based buffer overflow vulnerability in gross
Hi Sebastian,
On Sat, Mar 16, 2024 at 11:34:23PM +0100, Sebastian Ramacher wrote:
> Source: lnav
> Version: 0.11.2-1
> Severity: serious
> Tags: ftbfs
> Justification: fails to build from source (but built successfully in the past)
> X-Debbugs-Cc: sramac...@debian.org
>
>
Hi,
On Sat, Mar 16, 2024 at 08:13:44PM +0100, Harald Dunkel wrote:
> Package: nfs-common
> Version: 1:2.6.4-3
>
> Restarting rpc-statd.service (e.g via needrestart at upgrade time)
> runs into a timeout:
>
> Mar 16 20:06:58 lola.afaics.de systemd[1]: rpc-statd.service: State
> 'stop-sigterm'
Source: node-follow-redirects
Version: 1.15.3+~1.14.2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/psf/requests/issues/1885
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-follow-redirects.
Source: libcrypt-openssl-rsa-perl
Version: 0.33-3
Severity: important
Tags: security upstream
Forwarded: https://github.com/toddr/Crypt-OpenSSL-RSA/issues/42
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 0.31-1
Hi,
The following vulnerability was published for
Hi Adrian,
On Sat, Mar 16, 2024 at 12:12:01AM +0200, Adrian Bunk wrote:
> On Wed, Mar 13, 2024 at 08:39:47PM +0100, Salvatore Bonaccorso wrote:
> > Hi Adrian,
>
> Hi Salvatore,
>
> > On Fri, Mar 08, 2024 at 02:03:55AM +0200, Adrian Bunk wrote:
> > > Control: t
Source: zookeeper
Version: 3.9.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for zookeeper.
CVE-2024-23944[0]:
| Information disclosure in persistent watchers handling in Apache
| ZooKeeper
Hi,
On Fri, Mar 15, 2024 at 11:22:52AM -0700, Vagrant Cascadian wrote:
> On 2024-03-13, Vagrant Cascadian wrote:
> > On 2024-03-12, Vagrant Cascadian wrote:
> >> On 2024-03-12, Salvatore Bonaccorso wrote:
> > I have now tested an updated 1.4.x package on bookworm
Hi Andreas,
On Thu, Mar 14, 2024 at 03:22:58PM +0100, Andreas Beckmann wrote:
> Control: severity -1 important
> On Sun, 21 May 2023 20:43:40 +0200 Salvatore Bonaccorso
> wrote:
> > Source: virtuoso-opensource
> > Version: 7.2.5.1+dfsg1-0.3
> > Severity: grave
>
&g
Source: rpyc
Version: 5.3.1-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/tomerfiliba-org/rpyc/issues/551
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for rpyc.
CVE-2024-27758[0]:
| In RPyC before 6.0.0, when
Source: tomcat10
Version: 10.1.16-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for tomcat10.
CVE-2024-23672[0]:
| Denial of Service via incomplete cleanup vulnerability in Apache
| Tomcat. It
Source: tomcat10
Version: 10.1.16-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for tomcat10.
CVE-2024-24549[0]:
| Denial of Service due to improper input validation vulnerability for
| HTTP/2
Source: python-aiosmtpd
Version: 1.4.4.post2-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for python-aiosmtpd.
CVE-2024-27305[0]:
| aiosmtpd is a reimplementation of the Python stdlib smtpd.py
Hi Adrian,
On Fri, Mar 08, 2024 at 02:03:55AM +0200, Adrian Bunk wrote:
> Control: tags 1064967 + patch
> Control: tags 1064967 + pending
>
> Dear maintainer,
>
> I've prepared an NMU for fontforge (versioned as 1:20230101~dfsg-1.1) and
> uploaded it to DELAYED/2. Please feel free to tell me if
Control: clone -1 -2
Control: reassign -2 src:nix 2.18.1+dfsg-1
Control: retitle -2 nix: CVE-2024-27297
Hi,
On Tue, Mar 12, 2024 at 04:01:26PM -0700, Vagrant Cascadian wrote:
> Control: found 1066113 1.4.0-3
> Control: tags 1066113 pending
>
> On 2024-03-12, Salvatore Bona
Source: 389-ds-base
Version: 2.4.4+dfsg1-3
Severity: important
Tags: security upstream
Forwarded: https://github.com/389ds/389-ds-base/issues/5647
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for 389-ds-base.
CVE-2024-1062[0]:
| A heap
Source: fastdds
Version: 2.11.2+ds-6.1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 2.11.2+ds-6
Hi,
The following vulnerability was published for fastdds.
CVE-2023-50716[0]:
| eProsima Fast DDS (formerly Fast RTPS) is a C++
Source: guix
Version: 1.4.0-5
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1.2.0-4+deb11u1
Hi,
Vagrant, knowing that you are awaere already, but filling for having a
Debian bug tracking reference.
The following
Source: intel-microcode
Version: 3.20231114.1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 3.20231114.1~deb12u1
Control: found -1 3.20231114.1~deb11u1
Hi,
The following vulnerabilities were
Source: libreswan
Version: 4.12-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 https://github.com/libreswan/libreswan/issues/1609
Control: found -1 4.10-2+deb12u1
Control: found -1 4.10-2
Control: found -1 4.3-1+deb11u4
Source: libvirt
Version: 10.0.0-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 9.0.0-4
Control: found -1 7.0.0-3+deb11u2
Control: found -1 7.0.0-3
Hi,
The following vulnerability was published for libvirt.
CVE-2024-1441[0]:
Source: expat
Version: 2.6.1-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/libexpat/libexpat/pull/842
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for expat.
CVE-2024-28757[0]:
| libexpat through 2.6.1 allows
1 - 100 of 11127 matches
Mail list logo
