On Wed, May 22, 2024 at 02:42:58PM -0300, Leandro Cunha wrote:
> Hi everyone,
>
> On Wed, May 22, 2024 at 12:39 PM Moritz Mühlenhoff wrote:
> >
> > Am Wed, Mar 06, 2024 at 06:39:01AM -0300 schrieb Leandro Cunha:
> > > Hi Christoph Berg,
> > >
> > > On Wed, Mar 6, 2024 at 5:42 AM Christoph Berg
On Thu, Apr 25, 2024 at 08:37:14AM +0200, Chris Hofstaedtler wrote:
> Hi Moritz,
>
> could we once again use the upstream release for stable?
> debdiff 4.8.7-1 -> 4.8.8-1 is attached.
Ack. Following the 4.8 releases has served us well. debdiff looks fine,
please build with -sa and upload to
On Sun, Apr 21, 2024 at 07:35:43PM +, Victor Seva wrote:
> Hi,
>
>
> I've just uploaded sngrep 1.8.1-1 to sid and prepared 1.6.0-1+deb12u1 for
> bookworms-security [0].
>
> Attached debdiff file.
>
> Waiting for you reply,
> Victor
>
> [0]
>
On Fri, Apr 05, 2024 at 08:16:43AM +0400, Yadd wrote:
> On 4/4/24 22:51, Moritz Mühlenhoff wrote:
> > Source: apache2
> > X-Debbugs-CC: t...@security.debian.org
> > Severity: grave
> > Tags: security
> >
> > Hi,
> >
> > The following vulnerabilities were published for apache2.
> >
> >
Hi Adrian,
> >...
> > > debdiffs contain only changes to debian/
> >
> > The bookworm/bullseye debdiffs looks good, please upload to
> > security-master, thanks!
>
> both are now uploaded.
DSA has been released, thanks!
> > Note that both need -sa, but dak needs some special attention when
>
Source: gtkwave
Version: 3.3.116-1
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team
A very thorough security audit of gtkwave unveiled a total of 82 security
issues in gtkwave, all fixed in 3.3.118:
CVE-2023-32650 CVE-2023-34087 CVE-2023-34436 CVE-2023-35004
CVE-2023-35057
On Wed, Dec 20, 2023 at 11:43:11AM +0900, Mike Hommey wrote:
> Version: 2:3.95-1
>
> On Tue, Dec 19, 2023 at 10:21:27PM +0100, Moritz Mühlenhoff wrote:
> > Source: nss
> > X-Debbugs-CC: t...@security.debian.org
> > Severity: grave
> > Tags: security
> >
> > Hi,
> >
> > The following
On Tue, Oct 31, 2023 at 10:29:55AM +0100, Bernd Zeimetz wrote:
>
> Both uploaded!
DSA has been released, thanks!
Cheers,
Moritz
On Mon, Oct 30, 2023 at 07:09:53PM +0100, Bernd Zeimetz wrote:
> Hi Moritz,
>
> as usual, stable/oldstable updates prepared, diffs are attached to this
> mail as salsa seems to have some issues right now.
>
> https://salsa.debian.org/vmware-packaging-team/pkg-open-vm-tools/ -
> bookworm/bullseye
Source: kino
Version: 1.3.4+dfsg0-1.1
Severity: serious
Your package came up as a candidate for removal from Debian:
- Dead upstream for a decade
- FTBFS with ffmpeg 5 since 1.5 years (Debian is at ffmpeg 6 by now)
- Depends on various legacy libs (GTK2, Glade)
If you disagree and want to
On Thu, Sep 07, 2023 at 11:43:27AM +0200, Bernd Zeimetz wrote:
> Hi Moritz,
>
> > Ack, that's perfectly fine!
> >
>
> Thanks!
>
> Here are the current diffs:
>
> bullseye:
>
On Wed, Jun 07, 2023 at 01:43:26PM +0530, Utkarsh Gupta wrote:
> Hi Chris,
>
> On Wed, Jun 7, 2023 at 12:56 PM Salvatore Bonaccorso
> wrote:
> > Can you please have a look, as this seems to be caused by the DLA
> > issued as DLA-3447-1.
>
> This has been caused by the ruby2.5 update.
It's
On Wed, May 31, 2023 at 09:28:02AM +0300, Timo Aaltonen wrote:
> Moritz Muehlenhoff kirjoitti 3.5.2023 klo 20.44:
> > Source: libdmx
> > Version: 1:1.1.4-2
> > Severity: serious
> >
> > The Xorg folks mentioned at
> > https://www.openwall.com/lists/oss-se
On Fri, May 26, 2023 at 12:10:18AM +0200, Markus Koschany wrote:
> First of all trapperkeeper-webserver-jetty9-clojure should add a build-
> dependency on logback to detect such regressions in advance.
>
> #1036250 is mainly a logback problem, not a tomcat problem. I still would like
> to hear
Source: dokuwiki
Version: 0.0.20220731.a-1
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team
No CVE yet:
https://huntr.dev/bounties/c6119106-1a5c-464c-94dd-ee7c5d0bece0/
https://github.com/dokuwiki/dokuwiki/pull/3967
Source: libdmx
Version: 1:1.1.4-2
Severity: serious
The Xorg folks mentioned at
https://www.openwall.com/lists/oss-security/2023/05/02/3:
| We have also announced that we plan to retire the following packages soon
| and while their gitlab repos are not yet archived, we expect they will be
|
Package: gpac
Version: 2.0.0+dfsg1-2+b1
Severity: serious
In some discussion between Reinhard, Sebastian and the Security team we've come
to the
conclusion that gpac isn't suitable to be included in a stable release. The
massive
influx of security issues makes that untenable (and there's no
Source: rust-const-cstr
Version: 0.3.0-1
Severity: serious
Hi,
there is https://rustsec.org/advisories/RUSTSEC-2023-0020.html which flags
that rust-const-cstr is unmaintained. Since there are no reverse deps in the
archive, let's exclude it from bookworm (or rather remove rightaway)?
Cheers,
Source: rust-boxfnonce
Version: 0.1.1-2
Severity: serious
Per https://rustsec.org/advisories/RUSTSEC-2019-0040.html rust-boxfnonce is
obsolete,
let's keep it out of bookworm (and remove from the archive).
Cheers,
Moritz
Source: rust-encoding
Version: 0.2.33-1
Severity: serious
Hi,
there is https://rustsec.org/advisories/RUSTSEC-2021-0153.html which flags
that rust-encoding is unmaintained. Since there are no reverse deps in the
archive, let's exclude it from bookworm (or rather remove rightaway)?
Cheers,
On Wed, Mar 08, 2023 at 07:09:20AM +0400, Yadd wrote:
> On 3/7/23 23:46, Salvatore Bonaccorso wrote:
> > Source: apache2
> > Version: 2.4.55-1
> > Severity: grave
> > Tags: security upstream
> > X-Debbugs-Cc: car...@debian.org, Debian Security Team
> >
> >
> > Hi,
> >
> > The following
On Wed, Mar 08, 2023 at 02:20:25PM +0100, Marco d'Itri wrote:
0;115;0c> On Feb 14, Moritz Muehlenhoff wrote:
>
> > > > Varnish should only be included in Bookworm with a reliable commitment
> > > > by the maintainers to backport/test security fixes across the t
Source: golang-github-labstack-echo.v3
Version: 3.3.10-2
Severity: serious
This is an older version of src:golang-github-labstack-echo. None of the
reverse deps are currently in bookworm, so golang-github-labstack-echo.v3
should be dropped as well (and post freeze the reverse deps fixed and
the
Source: golang-github-labstack-echo.v2
Version: 2.2.0-3
Severity: serious
This is an older version of src:golang-github-labstack-echo. None of the
reverse deps are currently in bookworm, so golang-github-labstack-echo.v2
should be dropped as well (and post freeze the reverse deps fixed and
the
On Sat, Feb 18, 2023 at 12:04:27PM +0100, Gabriel Corona wrote:
> I believe obtaining a CVE ID would be beneficial so that this issue may be
> tracked by downstream projects/distributions.
All those distros were notified via your post to oss-security. You can
try cveform, if there's no assignment
On Tue, Feb 14, 2023 at 02:48:43AM +0100, Marco d'Itri wrote:
> On Feb 02, Moritz Muehlenhoff wrote:
>
> > Varnish should only be included in Bookworm with a reliable commitment
> > by the maintainers to backport/test security fixes across the typical
> > three ye
Source: asterisk
Version: 1:20.1.0~dfsg+~cs6.12.40431414-1
Severity: serious
Asterisk should only be included in Bookworm with a reliable commitment
by the maintainers to backport/test security fixes across the typical
three year life cycle (two years of stable-security and one year of
Source: varnish
Version: 7.1.1-1.1
Severity: serious
Varnish should only be included in Bookworm with a reliable commitment
by the maintainers to backport/test security fixes across the typical
three year life cycle (two years of stable-security and one year of
oldstable-security).
Especially
On Sat, Jan 21, 2023 at 10:53:24PM +0100, Markus Koschany wrote:
> Hi Javier,
>
> Am Freitag, dem 20.01.2023 um 22:23 +0100 schrieb Javier Fernandez-Sanguino:
> > Dear Markus,
> >
> > Thank you for preparing. Could you please share the patch you are working
> > on?
> > Snort is available in
Source: salt
Severity: serious
salt is currently RC-buggy and not in testing, but regardless of
the remaining RC bugs getting fixed it should only get re-included
with a reliable commitment to backport/test security-updates across
the typical three year life cycle (two years of stable-security
On Fri, Jan 06, 2023 at 08:41:50AM +0100, Paul Gevers wrote:
> Dear Chromium team, Security team,
>
> On 27-01-2022 17:15, Moritz Muehlenhoff wrote:
> > On Wed, Jan 26, 2022 at 09:38:42PM +0100, Paul Gevers wrote:
> > > > So, I'm proposing the following: we unblock ch
Source: puppetdb
Version: 7.11.2-3
Severity: grave
Thanks for all the great work on Puppetdb!
I was trying to setup a test environment with Puppetdb 7.11.2 from current
testing and I noticed that it's using openjdk-11-jre-headless.
While openjdk-11 is currently still in testing, Bookworm will
Source: netatalk
Version: 3.1.13~ds-2
Severity: serious
netatalk should not enter bookworm unless it gets adopted and
actively maintained.
Cheers,
Moritz
Source: maradns
Version: 2.0.13-1.4
Severity: serious
The last maintainer upload was in 2015 and the version currently in the
archive is way behind current upstream releases (which is at 3.4.07),
we have plenty of maintained DNS servers, keep it out of testing (
and if noone picks it up, remove
Source: wolfssl
Version: 5.2.0-2
Severity: serious
wolfssl has no active maintainer, plenty of open security issues and we already
have too many TLS libraries in our releases. Keep it out of testing. I'm going
to file bugs against the handful of reverse deps.
Cheers,
Moritz
Source: viewmol
Version: 2.4.1-26
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2 (which will soon be removed)
- Dead upstream
- Dropped from testing for over two years
If you disagree and want to continue to maintain this package,
Source: fbpanel
Version: 7.0-4.3
Severity: serious
Your package came up as a candidate for removal from Debian:
- Depends on Python 2, which will soon be removed
- Last maintainer upload five years ago
- Dead upstream
If you disagree and want to continue to maintain this package,
please just
Hi Clément,
> Sadly, upstream rectified and confirms it affects 2.2 [0], and has been
> tested and reproduced on Bullseye. We do need to fix it. Upstream has a few
> suggestions, but I guess our choices are either uploading 2.5 to stable, if
> that's possible. python-stem at least will need to be
On Tue, Oct 18, 2022 at 06:09:42PM -0300, Antonio Terceiro wrote:
> Hi,
>
> On Thu, Oct 13, 2022 at 09:13:18PM +0200, Moritz Mühlenhoff wrote:
> > Source: lava
> > X-Debbugs-CC: t...@security.debian.org
> > Severity: grave
> > Tags: security
> >
> > Hi,
> >
> > The following vulnerability was
On Sat, Oct 15, 2022 at 09:27:33AM +0300, Adrian Bunk wrote:
> Package: firefox-esr
> Version: 102.3.0esr-1
> Severity: serious
> Tags: bookworm sid
> X-Debbugs-Cc: Carsten Schoenert ,
> debian-rele...@lists.debian.org, t...@security.debian.org,
> debian-...@lists.debian.org
>
> [ various
Source: snort
Version: 2.9.15.1-6
Severity: serious
Per https://blog.snort.org/2021/07/29150-has-reached-its-end-of-life.html
the version currently in sid is EOLed and no longer compatible with
current rule updates.
In general snort seems unsuitable for standard stable given that the
engine
Source: freeciv
Version: 2.6.6-1
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team
Quoting from the announcement posted to oss-security (no CVE is
available):
--
Just released freeciv-2.6.7 & freeciv-3.0.3 fix
Source: kross
Version: 5.96.0-1
Severity: serious
See #1017061, kross isn't useful without interpreters.
Cheers,
Moritz
Source: kross-interpreters
Version: 4:21.12.3-1
Severity: serious
Your package came up as a candidate for removal from Debian. On
IRC Sune mentioned that libkross is most probably unused these
days and on the KF6 removal list. And the Python bindings still
depend on Python 2 (without porting
On Thu, Aug 11, 2022 at 11:08:49PM +0200, Evangelos Ribeiro Tzaras wrote:
> Hi Moritz,
>
> On Wed, 2022-08-10 at 22:08 +0200, Moritz Mühlenhoff wrote:
> > Source: sofia-sip
> > X-Debbugs-CC: t...@security.debian.org
> > Severity: grave
> > Tags: security
> >
> > Hi,
> >
> > The following
Source: pd-py
Version: 0.2.2+git20170625.1.88fc77a-2
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2, which is finally being removed in Bookworm
- Last upload in 2018
If you disagree and want to continue to maintain this package,
please
Source: k3d
Version: 0.8.0.6-8
Severity: serious
Your package came up as a candidate for removal from Debian:
- Python 2 will finally be removed in Bookworm and there's no
upstream porting activity
- Last upload four years ago
- Multiple other FTBFS issue
If you disagree and want to continue to
On Wed, Aug 10, 2022 at 05:05:12PM +1000, Craig Small wrote:
> > Do you have capacity to prepare updates for bullseye?
> >
> Yes, see attached debdiff for review. It's just those two patches.
Looks good, thanks! Please upload to security-master.
Cheers,
Moritz
Source: caldav-tester
Version: 7.0+20190225-4
Severity: serious
Your package came up as a candidate for removal from Debian:
The plan is to remove Python 2 in Bookworm and there's no
porting activity towards Python 3.
If you disagree and want to continue to maintain this package,
please just
Source: pd-aubio
Version: 0.4-1
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2
- Last upload in 2014
If you disagree and want to continue to maintain this package,
please just close this bug (and fix the open issues).
If you agree with
Source: grokmirror
Version: 1.0.0-1.1
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2
- Last maintainer upload in 2016
If you disagree and want to continue to maintain this package,
please just close this bug (and fix the open issues).
Source: python-unshare
Version: 0.2-1
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2
- Last upload in 2016
If you disagree and want to continue to maintain this package,
please just close this bug (and fix the open issues).
If you
Source: falcon
Version: 1.8.8-1
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2
- Dropped from testing in 2018
- Last upload in 2017
If you disagree and want to continue to maintain this package,
please just close this bug (and fix the
Source: vland
Version: 0.8-1
Severity: serious
Your package came up as a candidate for removal from Debian,
it's one of the few remaining packages still depending on
Python 2 and there're no visible upstream activity to port
it to vland?
If you disagree and want to continue to maintain this
Source: vmm
Version: 0.6.2-2
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2
- Last upload in 2017, removed from testing since 2019
If you disagree and want to continue to maintain this package,
please just close this bug (and fix the
Source: python-neuroshare
Version: 0.9.2-1
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2
- Last upload in 2014
- Dead upstream (last commits from 2016)
If you disagree and want to continue to maintain this package,
please just close
Source: gnat-gps
Version: 19.2-3
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2
- Removed from testing since 2019
If you disagree and want to continue to maintain this package,
please just close this bug (and fix the open issues).
If
Source: xdeb
Version: 0.6.7
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2
- No upload since five years
If you disagree and want to continue to maintain this package,
please just close this bug (and fix the open issues).
If you agree
On Wed, Jun 08, 2022 at 07:51:28PM +0200, Yadd wrote:
> Hi,
>
> those CVEs are tagged low/moderate by upstream, why did you tag this bug as
> grave ?
Anything moderate or above should get fixed by the next Debian release IOW RC
severity.
Cheers,
Moritz
Source: sox
Version: 14.4.2+git20190427-3
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1434
The report states that upstream was notified, but we need to figure out
whether this was addressed by upstream already
Source: live-wrapper
Version: 0.10
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2 and thus removed from testing since 2019
- Depends on vmdebootstrap which was removed
- It's not included in Bullseye, but we did release live images so
Source: cinfony
Version: 1.2-4
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2 and thus removed from testing since 2019
- Dead upstream
- No reverse dependencies
If you disagree and want to continue to maintain this package,
please just
Source: python-passfd
Version: 0.2-3
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2 and thus removed from testing since 2020
- No reverse dependencies
- Last upload in 2016
If you disagree and want to continue to maintain this package,
Source: fsl
Version: 5.0.8-6
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2 and thus removed from testing since two years
- Also FTBFSes with GCC 10
- Last upload in 2019
If you disagree and want to continue to maintain this package,
Source: python-keepkey
Version: 0.7.3-1
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2 and thus removed from testing since 2019
- Last upload back in 2016
If you disagree and want to continue to maintain this package,
please just close
Source: sphinx-patchqueue
Version: 0.5.0-2
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2 and thus removed from testing since 2019
- No remaining reverse dependencies
- Last upload in 2015
If you disagree and want to continue to
Source: vmtk
Version: 1.3+dfsg-2.3
Severity: serious
Your package came up as a candidate for removal from Debian:
- Depends on Python 2 and thus removed from testing since 2019 (current
upstream 1.4 is fixed, though)
- Last maintainer upload in 2016
If you disagree and want to continue to
Source: googlefontdirectory-tools
Version: 20120309.1-1.1
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2 and thus removed from testing since 2019
- Last maintainer upload in 2015
If you disagree and want to continue to maintain this
Source: astk
Version: 1.13.1-2.1
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2 and thus removed from testing since 2019
- Last maintainer upload in 2014
If you disagree and want to continue to maintain this package,
please just close
Source: sortsmill-tools
Version: 0.4-2
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python and thus removed from testing since 2019
- Last upload in 2013
If you disagree and want to continue to maintain this package,
please just close this
Source: ketchup
Version: 1.0.1+git20111228+e1c62066-2
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2 and thus removed from testing since 2019
- Last upload in 2017
- Seems dead upstream (last commit from eight years ago)
- Per #946203
Source: broctl
Version: 1.4-1
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still uses Python 2.7 and thus removed from testing since 2019
- Last upload in 2015
If you disagree and want to continue to maintain this package,
please just close this bug (and fix
Source: geda-gaf
Version: 1:1.8.2-11
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2 and thus removed from testing since 2019
- Also uses outdated Guile
- Last upload in 2018
If you disagree and want to continue to maintain this
Source: undertaker
Version: 1.6.1-4.2
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2 and thus removed from testing since 2019
- Last maintainer upload in 2016
If you disagree and want to continue to maintain this package,
please just
Source: neard
Version: 0.16-0.1
Severity: serious
Your package came up as a candidate for removal from Debian:
- Last maintainer upload in 2013
- Depends on Python 2 and thus removed from testing since 2019
If you disagree and want to continue to maintain this package,
please just close this
Source: hgsubversion
Version: 1.9.3+git20190419+6a6ce-5
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2 and removed from testing since 2020
- Dead upstream (no commits after 2019)
If you disagree and want to continue to maintain this
Source: zorp
Version: 7.0.1~alpha2-3
Severity: serious
Your package came up as a candidate for removal from Debian:
- Last upload in 2019, removed from testing since 2017
- Still depends on Python 2.7 and thus RC-buggy
If you disagree and want to continue to maintain this package,
please just
Source: nglister
Version: 1.0.2
Severity: serious
Your package came up as a candidate for removal from Debian:
- Last upload in 2016
- Removed from testing since 2019
- Multiple RC bugs
If you disagree and want to continue to maintain this package,
please just close this bug (and
Source: sandsifter
Version: 1.04-1
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still uses Python 2.7 and thus RC buggy
- Last upload in 2019 and not in testing since 2019
If you disagree and want to continue to maintain this package,
please just close this
Source: python-nemu
Version: 0.3.1-1
Severity: serious
Your package came up as a candidate for removal from Debian:
- Last upload in 2016 and dropped from testing in 2019
- Still uses Python 2.7 and not fixed upstream either
If you disagree and want to continue to maintain this package,
please
Source: postnews
Version: 0.7-1
Severity: serious
Your package came up as a candidate for removal from Debian:
- Removed from testing for ~ two years, no followup to RC bugs
- Also no changes upstream since 2017
If you disagree and want to continue to maintain this package,
please just close
Source: arriero
Version: 0.6-1
Severity: serious
Your package came up as a candidate for removal from Debian:
- Last upload in 2017
- Still uses Python 2.7 and thus RC buggy
- Missed the last two stable releases and removed from testing since 2018
If you disagree and want to continue to
Source: zlib
Version: 1:1.2.11.dfsg-2
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team
This was assigned CVE-2018-25032:
https://www.openwall.com/lists/oss-security/2022/03/24/1
https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
Cheers,
Source: pluxml
Version: 5.6-1
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team
CVE-2022-25020:
https://github.com/MoritzHuppert/CVE-2022-25020/blob/main/CVE-2022-25020.pdf
CVE-2022-25018:
https://github.com/MoritzHuppert/CVE-2022-25018/blob/main/CVE-2022-25018.pdf
On Fri, Feb 18, 2022 at 02:41:57PM -0800, Bill Poser wrote:
> I am the developer of redet. I don't understand this bug report. redet does
> not use anything called dpatch so far as I know. Is this something added in
> the Debianization of redet downstream from me?
Yes, exactly. It's a legacy
Source: dpatch
Version: 2.0.41
Severity: serious
dpatch has been obsoleted by source format 3.0 (quilt), there's only
19 reverse dependencies in the archive (5 of them in testing), for
which bugs have been filed.
Cheers,
Moritz
Source: mgetty
Version: 1.2.1-1.1
Severity: serious
dpatch is deprecated and will be removed before the bookworm release.
Please migrate to source format 3.0 (quilt) instead.
Source: dvbsnoop
Version: 1.4.50-5
Severity: serious
dpatch is deprecated and will be removed before the bookworm release.
Please migrate to source format 3.0 (quilt) instead.
Source: scim-skk
Version: 0.5.2-7.2
Severity: serious
dpatch is deprecated and will be removed before the bookworm release.
Please migrate to source format 3.0 (quilt) instead.
Source: scim-canna
Version: 1.0.0-4.3
Severity: serious
dpatch is deprecated and will be removed before the bookworm release.
Please migrate to source format 3.0 (quilt) instead.
Source: myspell
Version: 1:3.0+pre3.1-24.2
Severity: serious
dpatch is deprecated and will be removed before the bookworm release.
Please migrate to source format 3.0 (quilt) instead.
Source: redet
Version: 8.26-1.4
Severity: serious
dpatch is deprecated and will be removed before the bookworm release.
Please migrate to source format 3.0 (quilt) instead.
Source: elscreen
Version: 1.4.6-5.3
Severity: serious
dpatch is deprecated and will be removed before the bookworm release.
Please migrate to source format 3.0 (quilt) instead.
Source: syrep
Version: 0.9-4.3
Severity: serious
dpatch is deprecated and will be removed before the bookworm release.
Please migrate to source format 3.0 (quilt) instead.
Source: vdk2
Version: 2.4.0-5.5
Severity: serious
dpatch is deprecated and will be removed before the bookworm release.
Please migrate to source format 3.0 (quilt) instead.
Source: efax
Version: 1:0.9a-20
Severity: serious
dpatch is deprecated and will be removed before the bookworm release.
Please migrate to source format 3.0 (quilt) instead.
Source: libde265
Version: 1.0.8-1
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team
CVE-2020-21602:
https://github.com/strukturag/libde265/issues/242
CVE-2020-21600:
https://github.com/strukturag/libde265/issues/243
CVE-2020-21598:
On Sat, Jan 01, 2022 at 01:23:09PM -0500, Andres Salomon wrote:
> How should I handle this? NMU to sid, let people try it out, and then
> deal with buster/bullseye?
Yeah, let's proceed with unstable first in any case.
> Upload everything all at once? I'm also
> going to try building for buster,
On Sun, Jan 02, 2022 at 06:53:51PM +0100, Mattia Rizzolo wrote:
> Correlated, do you know how long do they plan on keeping using python2?
> That's plainly unsuitable, it really is not going to last much longer in
> debian.
Current state of the Python 3 upstream migration can be found here:
On Sun, Dec 12, 2021 at 08:11:00PM -0500, Andres Salomon wrote:
> On 12/5/21 6:41 AM, Moritz Mühlenhoff wrote:
> > Am Sun, Dec 05, 2021 at 10:53:56AM +0100 schrieb Paul Gevers:
> > Exactly that.
> >
> > I'd suggest anyone who's interested in seeing Chromium supported to first
> > update it in
1 - 100 of 2325 matches
Mail list logo
