Bug#908678: Update on the security-tracker git discussion

Hi Daniel, On Thu, Jan 24, 2019 at 12:23:31PM +0100, Daniel Lange wrote: > Zobel brought up the security-tracker git discussion in the #debian-security > irc channel again and I'd like to record a few of the items touched there > for others that were not present: > > DLange has a running mirror

Bug#929829: [Pkg-javascript-devel] Bug#929829: Bug#929829: Bug#929829: gulp 4 cannot build node-babel 7 - Cannot convert undefined or null to object

Le 05/06/2019 à 22:48, Xavier a écrit : > Le 03/06/2019 à 22:23, Xavier a écrit : >> Le 01/06/2019 à 12:14, Pirate Praveen a écrit : >>> ... >>> gulp build >>> [15:37:17] Local modules not found in ~/forge/debian/git/js-team/node-babel >>> [15:37:17] Try running: npm install >>> [15:37:17] Using

Bug#930040: marked as done (umis: add Build-Depends-Arch: python3-pysam)

Your message dated Thu, 06 Jun 2019 05:18:25 + with message-id and subject line Bug#930040: fixed in umis 1.0.3-2 has caused the Debian Bug report #930040, regarding umis: add Build-Depends-Arch: python3-pysam to be marked as done. This means that you claim that the problem has been dealt

Bug#907135: [Box Backup] Debian now requires 2048bit RSA keys

Hi Reinhard, Could you have a look at this patch (documented here ) to see if it's something like what you were hoping for? Thanks, Chris. On Fri, 31

Bug#930017: updated merge-request with patches for PMASA-2019-{3,4}

I updated the merge-request https://salsa.debian.org/phpmyadmin-team/phpmyadmin/merge_requests/6 with patches for stretch of the two new PMASA-2019-{3,4} I also updated https://salsa.debian.org/phpmyadmin-team/phpmyadmin/merge_requests/5 for jessie and PMASA-2019-4 (CVE-2019-12616)

Processed: affects 846219, affects 926180, found 804369 in 0.22-2, affects 911569, affects 914352 ...

Processing commands for cont...@bugs.debian.org: > affects 846219 + fusionforge-plugin-admssw Bug #846219 [src:fusionforge] Missing runtime dependencies (former libarc-php, libgraphite-php and php-http) Added indication that 846219 affects fusionforge-plugin-admssw > affects 926180 + scilab-ann

Bug#930040: umis: add Build-Depends-Arch: python3-pysam

Source: umis Version: 1.0.3-1 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, please add a Build-Depends-Arch: python3-pysam to not generate binary packages that are uninstallable on platforms without python3-pysam. You'll have to file a RM: umis [armel armhf i386

Bug#926392: licensecheck chokes on long lines

Quoting gregor herrmann (2019-06-05 21:46:36) > On Wed, 17 Apr 2019 07:08:00 +, Niels Thykier wrote: > > > On Thu, 04 Apr 2019 18:13:43 +0200 Jonas Smedegaard wrote: > > > Quoting Sandro Mani (2019-04-04 13:36:28) > > > > $ wget > > > >

Bug#929829: [Pkg-javascript-devel] Bug#929829: Bug#929829: gulp 4 cannot build node-babel 7 - Cannot convert undefined or null to object

Le 03/06/2019 à 22:23, Xavier a écrit : > Le 01/06/2019 à 12:14, Pirate Praveen a écrit : >> ... >> gulp build >> [15:37:17] Local modules not found in ~/forge/debian/git/js-team/node-babel >> [15:37:17] Try running: npm install >> [15:37:17] Using globally installed gulp >> [15:37:17] Using

Bug#926392: licensecheck chokes on long lines

On Wed, 17 Apr 2019 07:08:00 +, Niels Thykier wrote: > On Thu, 04 Apr 2019 18:13:43 +0200 Jonas Smedegaard wrote: > > Quoting Sandro Mani (2019-04-04 13:36:28) > > > $ wget > > > https://files.pythonhosted.org/packages/source/x/xonsh/xonsh-0.8.12.tar.gz > > > $ tar xf xonsh-0.8.12.tar.gz >

Bug#924616: marked as done (CVE-2018-15587: Signature Spoofing in PGP encrypted email)

Your message dated Wed, 05 Jun 2019 17:33:40 + with message-id and subject line Bug#924616: fixed in evolution 3.30.5-1.1 has caused the Debian Bug report #924616, regarding CVE-2018-15587: Signature Spoofing in PGP encrypted email to be marked as done. This means that you claim that the

Bug#864299: marked as done (libclass-c3-perl: FTBFS due to base.pm changes in July 2016)

Your message dated Wed, 5 Jun 2019 16:46:28 +0100 with message-id <20190605154628.cijsags4eaxul...@urchin.earth.li> and subject line Fixed by upload of perl has caused the Debian Bug report #864299, regarding libclass-c3-perl: FTBFS due to base.pm changes in July 2016 to be marked as done. This

Bug#929567:

See https://debbugs.gnu.org/30045 (fixed in Emacs 26.2).

Bug#929283: zookeeper: CVE-2019-0201: information disclosure vulnerability

[adding 929...@bugs.debian.org to CC] Hi Moritz, > > Sure. Here's my updated patch: Uploaded zookeeper_3.4.9-3+deb9u2_amd64.changes to security-master. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org  chris-lamb.co.uk `-

Bug#929469: systemd-networkd: systemd-networkd: fails with "could not set address: Permission denied"

Am 05.06.19 um 14:03 schrieb Raphael Hertzog: > Hi, > > On Wed, 05 Jun 2019, Michael Biebl wrote: >> What's the status of this bug? > > No progress. > >> Can you reproduce it with v242 from experimental? > > Yes. > >> I guess upstream is waiting for your feedback: >>

Bug#930029: linux-image-4.19.0-5-amd64: Kernel stucks at load initramfs on ASUS KGPE-D16

Package: src:linux Version: 4.19.37-3 Severity: critical Justification: breaks the whole system Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation? * What exactly did you do (or not do) that was effective (or

Bug#929469: systemd-networkd: systemd-networkd: fails with "could not set address: Permission denied"

Hi, On Wed, 05 Jun 2019, Michael Biebl wrote: > What's the status of this bug? No progress. > Can you reproduce it with v242 from experimental? Yes. > I guess upstream is waiting for your feedback: > https://github.com/systemd/systemd/issues/12656#issuecomment-496293294 I will provide my

Bug#929469: systemd-networkd: systemd-networkd: fails with "could not set address: Permission denied"

On Fri, 24 May 2019 09:30:50 +0200 =?utf-8?q?Rapha=C3=ABl_Hertzog?= wrote: > Package: systemd > Version: 241-3 > Severity: serious > File: systemd-networkd > User: de...@kali.org > Usertags: origin-kali > > I upgraded an (OVH) dedicated server to Debian buster with systemd 241-3 and > while it

Bug#930004: fixed in gitlab 11.10.5+dfsg-1

On Wed, 05 Jun 2019 08:39:18 + Pirate Praveen wrote: > gitlab (11.10.5+dfsg-1) experimental; urgency=medium Uploading to experimental because of freeze and libgit2 transition (even though its a security update). signature.asc Description: OpenPGP digital signature

Processed: notfixed 929067 in 1:2.8+dfsg-6+deb9u6, found 929067 in 1:2.8+dfsg-6+deb9u6

Processing commands for cont...@bugs.debian.org: > notfixed 929067 1:2.8+dfsg-6+deb9u6 Bug #929067 {Done: Michael Tokarev } [qemu-system-x86] Support for MDS No longer marked as fixed in versions qemu/1:2.8+dfsg-6+deb9u6. > found 929067 1:2.8+dfsg-6+deb9u6 Bug #929067 {Done: Michael Tokarev }

Bug#930015: patroni: pg_createconfig_patroni writes unusable configuration for some ip-route outputs

Hi, On Wed, Jun 05, 2019 at 11:06:42AM +0200, Christoph Berg wrote: > Re: Michael Banck 2019-06-05 > <20190605090028.ga10...@nighthawk.caipicrew.dd-dns.de> > > if "ip -4 route get 8.8.8.8" reports additional output after the "src > > Is that the same bug as this one? > > Cluster 11/test

Bug#930018: phpmyadmin: should phpmyadmin removed from unstable?

Source: phpmyadmin Severity: serious Justification: unfit for a stable release Hi In meanwhile phpmyadmin could be removed from unstable without disturbing reverse dependencies. Should phpmyadmin be removed from the archive? Regards, Salvatore

Processed: phpmyadmin: CVE-2019-12616

Processing control commands: > found -1 4:4.6.6-5 Bug #930017 [src:phpmyadmin] phpmyadmin: CVE-2019-12616 Marked as found in versions phpmyadmin/4:4.6.6-5. -- 930017: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930017 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems

Bug#930017: phpmyadmin: CVE-2019-12616

Source: phpmyadmin Version: 4:4.6.6-4 Severity: grave Tags: security upstream Justification: user security hole Control: found -1 4:4.6.6-5 Hi, The following vulnerability was published for phpmyadmin. CVE-2019-12616[0]: | An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability |

Processed: Bug#930015 marked as pending in patroni

Processing control commands: > tag -1 pending Bug #930015 [patroni] patroni: pg_createconfig_patroni writes unusable configuration for some ip-route outputs Added tag(s) pending. -- 930015: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930015 Debian Bug Tracking System Contact

Bug#930015: marked as pending in patroni

Control: tag -1 pending Hello, Bug #930015 in patroni reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at:

Bug#929283: closing 929283

close 929283 3.4.13-2 thanks

Processed: closing 929283

Processing commands for cont...@bugs.debian.org: > close 929283 3.4.13-2 Bug #929283 [src:zookeeper] zookeeper: CVE-2019-0201: information disclosure vulnerability Marked as fixed in versions zookeeper/3.4.13-2. Bug #929283 [src:zookeeper] zookeeper: CVE-2019-0201: information disclosure

Bug#930016: patroni: pg_createconfig_patroni writes empty configuration file if default dcs.yml is used

Package: patroni Version: 1.5.5-1 Severity: serious Dear Maintainer, the default /etc/patroni/dcs.yml file includes some comments for othe DCS systems like etcd and consul. If those comments are not removed, pg_createconfig_patroni fails to write the configuration file and renders the package

Bug#930015: patroni: pg_createconfig_patroni writes unusable configuration for some ip-route outputs

Re: Michael Banck 2019-06-05 <20190605090028.ga10...@nighthawk.caipicrew.dd-dns.de> > if "ip -4 route get 8.8.8.8" reports additional output after the "src Is that the same bug as this one? Cluster 11/test doesn't exist yet. $ sudo pg_createconfig_patroni 11 test sed: -e Ausdruck #8, Zeichen

Processed: Re: Bug#929954: [python-reportlab] 3.5.21-1 breaks rst2pdf

Processing control commands: > reassign -1 rst2pdf Bug #929954 [python-reportlab] [python-reportlab] 3.5.21-1 breaks rst2pdf Bug reassigned from package 'python-reportlab' to 'rst2pdf'. No longer marked as found in versions python-reportlab/3.5.21-1. Ignoring request to alter fixed versions of

Bug#929954: [python-reportlab] 3.5.21-1 breaks rst2pdf

Control: reassign -1 rst2pdf not sure how that worked in the past, but flowables.py is using reportlab.Version without importing it. On 04.06.19 10:40, Sébastien Kalt wrote: > Package: python-reportlab > Version: 3.5.21-1 > Severity: grave > > --- Please enter the report below this line. --- >

Bug#930015: patroni: pg_createconfig_patroni writes unusable configuration for some ip-route outputs

Package: patroni Version: 1.5.5-1 Severity: serious Dear Maintainer, if "ip -4 route get 8.8.8.8" reports additional output after the "src " (e.g. "uid 0"), the pg_createconfig_patroni script (which runs the above command to determine the default interface) will not properly filter this out and

Bug#930004: marked as done (gitlab: CVE-2019-12428 CVE-2019-12431 CVE-2019-12432 CVE-2019-12433 CVE-2019-12434 CVE-2019-12441 CVE-2019-12442 CVE-2019-12443 CVE-2019-12444 CVE-2019-12445 CVE-2019-12446

Your message dated Wed, 05 Jun 2019 08:39:18 + with message-id and subject line Bug#930004: fixed in gitlab 11.10.5+dfsg-1 has caused the Debian Bug report #930004, regarding gitlab: CVE-2019-12428 CVE-2019-12431 CVE-2019-12432 CVE-2019-12433 CVE-2019-12434 CVE-2019-12441 CVE-2019-12442

Processed: user release.debian....@packages.debian.org, usertagging 558422, tagging 558422

Processing commands for cont...@bugs.debian.org: > user release.debian@packages.debian.org Setting user to release.debian@packages.debian.org (was ni...@thykier.net). > usertags 558422 buster-can-defer There were no usertags set. Usertags are now: buster-can-defer. > tags 558422 +

Processed: user release.debian....@packages.debian.org, usertagging 926699, tagging 926699

Processing commands for cont...@bugs.debian.org: > user release.debian@packages.debian.org Setting user to release.debian@packages.debian.org (was ni...@thykier.net). > usertags 926699 buster-can-defer There were no usertags set. Usertags are now: buster-can-defer. > tags 926699 +